Author Topic: Unauthorised SCAN activated.  (Read 37375 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #60 on: August 16, 2008, 03:11:44 AM »
I think I mentioned Windows Defender is my firewall but I think you are probably suggesting a firewall other than that.  If this is the case then I need suggestions.
Tech has answered that and I agree, PC tools possibly being a little more user friendly for the newer complex firewall user.

OK, I am switched to standard user but I think for it to be effected the computer needs to restart.  I had to creat a new account to assign it admin status.  I think this now means if I want to be admin again I have to go into Admin to make those changes. 

There are times when you need to have administrator privileges but for most you don't but it can be a pain. But is handy for Kids accounts, etc. so they have limited permissions.

You can run some things as the administrator when necessary, right clicking on the file you want to run in windows explorer and selecting Run As Administrator (that option is only there if you aren't running as an administrator. I don't use Vista but if something needs Admin privileges you can enter the admin password and you are in business. I believe all Vista accounts are Standard even those with admin privileges as the UAC would still challenge some functions and you would still be prompted for the admin password (something which you should also consider changing). Unfortunately I can't be a lot of help in regard of Vista as I absolutely have been avoiding it like the plague, so yuo probably have more experience than I in that regard ;D

David, I have so many things with passwords - from bank accounts, ebay, online stores, skype, emails, paypal, phone company, ISP,  etc.  Is your suggestion applicable to them all? I reckon you are going to say yes  but I need to hear it.

Well you guessed right, my answer is yes, especially where is concerns money or the ability to pass themselves off as you, which I guess takes care of them all.

The reason I say this is because of the debit on your credit card, if you didn't get the details of you then somehow they got off your system and the most likely is a key logger. This can log all your keystrokes and sites you visit, etc. and can then pass that information to the crooks that place the key logger malware (why its important to have a firewall to challenge unauthorised outbound internet connections).

Though from the detections made in all the scans you did there didn't appear to have been a key logger, but I'm airing on the side of safety based on the unknown/unauthorised debit on your credit card.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #61 on: August 16, 2008, 04:37:56 AM »
Quote
UPDATE NUMBER 2.  I have also just verified the charge on my credit card.  It is legitimate.

Apologies David, I made what in hindsight is an unclear statement back in post #16.  I did, in fact, legitimately use my card for that amount with a trading company of another registered as THG Enterprises.  I went through my bookmarks sifting through some sites until I came to one I recognised (they never sent an email confirming purchase) and I called them.   Had I done that first rather than google the name then I would have coasted on not attending to my "housekeeping" until a real disaster happened.  The owner of the company said that they hadn't put their registered name on the internet and when asked if it could be possible that their security was comprised I got an emphatic NO.

So in the light of this it would be OK to assume that my passwords are uncompromised afterall (I have already changed some so no bad thing there).  Would you keep changing them, though?   


wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #62 on: August 16, 2008, 04:50:34 AM »
GOOD that you got user accounts set up
Then the Firewall
there will be a learning curve but worth it
there are several other low impact steps we can take but let's walk before we try and run

We got a clean second opinion from SAS which is really good news
a second AV opinion can be done at any time

as to your credit cards and bank info
the 2008 virus is not known as a stealer
however it is hard to be sure nothing else was installed
you can either change all of your passwords
or monitor closely
some people overact and reformat their hard drive and reinstall their os
in your case, without getting a firewall in place, there would be no long term benefit in that

I'm going to list a few steps - for later
1   LOCK DOWN INTERNET EXPLORER- there are guides- after you do your firewall we can find one
2    install Javacool Spyware blaster
http://www.javacoolsoftware.com/spywareblaster.html
(Tony Kline maintains a list of CLSID- Active X baddies, several people use Tony's list plus their own to make blocklists.  The Atribune VUNDOFIX program I mentioned checks for the presence of several hundred as do many other programs
Spywareblaster sets a "Kill bit" in a list of ActiveX identifiers  If something tries to run them- well they Can't)
a reasonably foolprof tool

Enough already
I was not going to post the above till I saw your post about passwords
DAvidR may have additional info
but I do not see where we are in panic mode here


wyrmrider

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #63 on: August 16, 2008, 03:56:37 PM »
Quote
UPDATE NUMBER 2.  I have also just verified the charge on my credit card.  It is legitimate.

Apologies David, I made what in hindsight is an unclear statement back in post #16.  I did, in fact, legitimately use my card for that amount with a trading company of another registered as THG Enterprises. 
<snip>
So in the light of this it would be OK to assume that my passwords are uncompromised afterall (I have already changed some so no bad thing there).  Would you keep changing them, though?  

Well that is much better news as it doesn't appear your credit card security was compromised by something like a key logger or phishing site. It has been quite a long topic so it is possible that you made it clear at that time, but I simply didn't remember it.

With the additional scans that you have done is also no bad thing as you can be reasonably confident your system is clean, so it isn't time wasted as you have to have confidence in your system.

Whilst there is not so much of a risk, it is worthwhile to change your passwords now and again, but now the urgency isn't such a high priority.

It has been a journey, but one that hopefully you have learned a lot.

Ready to try sending that file in the chest to avast ?
Open the chest, User Files section, Right click on the file and select email to Alwil Software.

You should get a pop-up window (leave any default settings), type 'Undetected Malware' in the text window, give a brief description that it was found by MalwareBytes AntiMalware and give the malware name given by MBAM.
« Last Edit: August 16, 2008, 03:58:55 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #64 on: August 16, 2008, 04:17:12 PM »
I downloaded PCTools Firewall Plus which came with ThreatFire.  I hope these are the correct selections.  Anyway both are now running

Learning curve statement is noted!!!??!! with the following query to which I couldn't find assistance in the quickstart help guide

A PCT Firewall Plus window has appeared with "bonjour service" is trying to act as a server and accept incoming connections.  I googled it (safely this time) and it appears it came with Photoshop CS3 and as I don't have version Cue I don't need it.  This link gives instructions to delete it http://www.ajuaonline.com/2007/10/02/how-to-remove-bonjour-service/     OR

if I OK the block offered by PCTFplus will that deal with it superficially so that it doesn't pop up again?

wyrmrider -- Even with a firewall in place I am really reluctant to reformat (knowing full well the benefits of the procedure) because I discovered recently that the Adobe CS2 programme I have is a forgery and Adobe have told me (kindly I might add) that if I ever need to do reformat it will be impossible to register the CS3 upgrade again.  I don't fully understand how their system allowed the upgrade registration in the first place but it works and of course now I don't want it not to work.

************************

David, I have just read your post and will perform the avast action and report back.  I agree it has been a journey and I really am grateful for the help I have received along it especially from you. 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #65 on: August 16, 2008, 04:46:52 PM »
wyrmrider, was not suggesting that you reformat, in fact the reverse.

Quote from: wyrmrider
some people overact and reformat their hard drive and reinstall their os
in your case, without getting a firewall in place, there would be no long term benefit in that

I have made bold the relevant parts of the statement.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #66 on: August 16, 2008, 04:52:14 PM »
right
do not panic and reformat-
David and I are users like you- volunteers however he has been at avast much longer than I have
I have been doing Windows security for over 10 years but not avast.  It is really hard to keep up with all the latest threats when you are supposed to be retired

What I was trying to say was without a firewall you are so vulnerable that reformatting would be a big waste of time
The firewall will take some getting used to but it will settle down and be a background issue soon
grin and bear it
I like the way you google and ask questions
Like the Carpenter  measure twice -cut once

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #67 on: August 16, 2008, 05:15:43 PM »

I'm going to list a few steps - for later
1   LOCK DOWN INTERNET EXPLORER- there are guides- after you do your firewall we can find one

wyrmrider

wyrmrider : I googled Lock Down IE and perused a few sites.  Am I correct in thinking that this prodedure is specific to those who use IE as their browser?  My preferred browser is Firefox and until yesterday there was only one programme installed on my computer that defaulted to IE automatically - Picasa (to upload photos).  Now I notice that PCTFplus also defaults to IE when the upgrades tab is clicked.  What I would like to do is default these to Firefox if such a setup step is possible.


2    install Javacool Spyware blaster
http://www.javacoolsoftware.com/spywareblaster.html
(Tony Kline maintains a list of CLSID- Active X baddies, several people use Tony's list plus their own to make blocklists.  The Atribune VUNDOFIX program I mentioned checks for the presence of several hundred as do many other programs
Spywareblaster sets a "Kill bit" in a list of ActiveX identifiers  If something tries to run them- well they Can't) a reasonably foolprof tool

wyrmrider

I am a bit confused by further suggestions of anti spyware stuff.  On my system I currently have
avast!, SuperAntiSpyware, PCTools Firewall Plus (incl. ThreatFire), Malwarebytes and RogueRemover.  Some of which automatically run and others need regular activation to perform their tasks.  Are your suggestions for running in conjunction with the programmes insitu OR to replace the ones I have?

Can antispyware programmes like SuperAntiSpyware and SpywareBlaster run together, for example. 

As for CLSID - Active X baddies etc etc I confess that sounds way over my head even after a quick read on some google links.  I fear that that level of control/operation is way out of my league.

***************************************

my post here was in full composition while your posts came in....

Thank you for your compliment wyrmrider

I didn't mean to sound as though I was panicking (on the contrary I have felt in safe hands since this all began).  I just wanted to state my reasons upfront should it be suggested again now that the Firewall is in place.

--The email to AWIL went successfully.

wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #68 on: August 16, 2008, 05:47:57 PM »
FREE super-antispyware, rogue remover,malwarebytes (and ad-aware et all) all are passive- the provide no prevention - they only scan when you run them

threat fire is active but I am not that familiar with it
Threat-fire- should compliment your Avast AV
let someone else speak on this  If it works fine on your system it could help

I did not know you were using firefox
Now you can Really lock down IE
Why?
because some malware will start IE and then exploit it
Most do not uninstall IE but keep it around for windows update and those programs that require it
(although ther are now work-arounds for firefox)
however spyware blaster it totally inert- works with everything else but we can discuss it later as IE is not your primary browser

Not right away, and I would like DavidR to comment on this
but I think the installation of a hosts file would be next after you have digested the Firewall experience
personally I would download Spybot Search and Destroy and use the built in Immunize feature
The Spybot Scanner is similar to the other passive ones
there are other hosts file -I use MVPS hosts but there is also HPHosts


nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #69 on: August 16, 2008, 08:43:11 PM »
wyrmrider,

FREE super-antispyware, rogue remover,malwarebytes (and ad-aware et all) all are passive- the provide no prevention - they only scan when you run them


Well there is something else cleared up for me.  I thought SAS was on in the background.

..... download Spybot Search and Destroy and use the built in Immunize feature.
The Spybot Scanner is similar to the other passive ones
there are other hosts file -I use MVPS hosts but there is also HPHosts


Do SpywareBlaster and Spybot Search and Destroy do different things?  I have looked over them generally but I am not sure if they perform identical services or not.

I am at a complete loss with the rest of your information, wyrmrider (even after a brief read on Wikipedia I could see "hosts" is a concept that needs more understanding than I have available).  I would love to be able to discuss moderately knowledgeably the steps necessary to safeguard my computer.  However I confess that I am increasingly seeing things in a very fuzzy befuddled manner.   

Quote
....I think the installation of a hosts file would be next after you have digested the Firewall experience

I am unsure about the above statement...

.....am  I to familiarise myself with Firewall first (oh boy I love reading manuals) before other steps like locking down IE, installing Spybot and/or SpyBlaster and all those other things referred to your last few posts are carried out.  I don't think you would mean that but I am confused as to where to go next (start?). 

I can see that I was actually delusional because I thought things were close to being sorted out.    :D



wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #70 on: August 16, 2008, 09:03:18 PM »
They are close to being sorted out

lots of time for anything else

Take a break

Spybot Immunize and Spywareblaster are Complementary

Only the PAID version of SAS runs in background

Host file concept can take some time to understand
but you do not have to REALLY understand it
It just plain WORKS- the program loads a list of bad places into your C:\Windows\HOSTS file
your browser looks at HOSTS first before going out to the internet and since it's in hosts it NEVER goes to the internet- returns an empty file to whoever asked- SIMPLE
just watch for blank spots that say "site not found"  that's a clue your Hosts has blocked something
just remember that if something your really want wants to load and does not it might be HOSTS but most likely something else

If a bad program like- you know what- gets into your computer it can't phone home and invite all of its friends to the party- send off your personal info, etc

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #71 on: August 17, 2008, 12:30:19 AM »
Thanks for that wyrmrider.

So to recap

1.  Download Spybot and Spywareblaster now so that I have the proper antispyware operating whilst I am surfing.

Then at leisure and in good time

2.  Lock down IE

3.  Set up Host File

4.  Do this? 
Quote
(Tony Kline maintains a list of CLSID- Active X baddies, several people use Tony's list plus their own to make blocklists.  The Atribune VUNDOFIX program I mentioned checks for the presence of several hundred as do many other programs Spywareblaster sets a "Kill bit" in a list of ActiveX identifiers  If something tries to run them- well they Can't)
a reasonably foolprof tool

And what about another weapon mentioned in post #10 by DavidR --

5.  OpenDNS

I think that covers all the (unused) suggestions made by contributors to this thread.

Is this a plan?    8)


Rick F

  • Guest
Re: Unauthorised SCAN activated.
« Reply #72 on: August 17, 2008, 01:29:44 AM »
Nicla,

Congratulations on getting your PC cleaned.  It can be a lot of work.  I've been following this thread since I posted just once on the first page about the pop-ups you were seeing.  DavidR and wyrmrider have been really helpful.  (I just love this forum in how the user helps other users.)

When ever you get around to it and want to add a 'HOSTS' file, you can learn how they work by visiting this site:

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

I've been using the "MVPS Hosts file" for about 4 years now.  They update it about every two weeks and it's free. If you subscribe (also free), they'll send you an email telling you it's been updated and provide you with a few links.  One of which is a link for direct download with batch file so you can install it easily.  You can read how it works on that site which explains it pretty well.

Good luck, and happy and safe computing!

nicla

  • Guest
Re: Unauthorised SCAN activated.
« Reply #73 on: August 17, 2008, 03:32:03 AM »
Thanks Rick F for your comments and good wishes.  It is comforting to know that my problems/progress have been under the watchful eye of other concerned and caring forum members albeit from the sideline.

Your link has been bookmarked for future use.

wyrmrider

  • Guest
Re: Unauthorised SCAN activated.
« Reply #74 on: August 17, 2008, 05:27:41 PM »
www.OpenDNS.com   from first page of this thread

not familiar with this site but the idea is sound
there are several add ons which will alert if going to a bad site or in this case if a site is redirected

#1  great places to start- not perfect but easy to use
Spybot is not real time unless T-timer is turned on
when installing allow SD-Helper  T-timer is optional  try it and see if it is compatible with your system
how much memory did you say you have?

#4 Tony Klein is a comment on the Spywareblaster Technique of blocking Active X sites (since you are using fierfox as primary browser SPywareblaster is not as a high priority as Hosts

Another thing we have not mentioned is to check program updates
try the Secunia software inspector
http://secunia.com/software_inspector/

unpatched Java or having old versions of Java (even if disabled) is a major path for the bad guys
same with Word , Adobe , lots of programs

do these things one at a time then wait a couple of days that way if something hangs (unlikely but it does happen) you know what to uninstall