Computer is deeefinitely jacked up...
one234h
Downingtown, PA [USA]
... I've been away for the weekend and I came back to find my computer jacked up security-wise.
I noticed the issue when my movies were opening in VLC & WMP, but the video and audio were not happening.
Next I noticed that all my security programs are disabled: Microsoft Defender, Firewall, Norton 360 and ImmuneProtect. All of it. And it's not re-enabling well, either.
Also Solve PC Issues system tray icon said that Skype wasn't working properly.
... I don't even have Skype installed on my computer. I used the Solve PC Issues to send the problems it found to Microsoft for solutions and it came back saying it cannot connect properly to retrieve the solutions.
Oddly enough, other than the video playback and the Skype alert... there are no other manifestations yet. Which... worries me. lol
Thoughts?
I noticed the issue when my movies were opening in VLC & WMP, but the video and audio were not happening.
Next I noticed that all my security programs are disabled: Microsoft Defender, Firewall, Norton 360 and ImmuneProtect. All of it. And it's not re-enabling well, either.
Also Solve PC Issues system tray icon said that Skype wasn't working properly.
... I don't even have Skype installed on my computer. I used the Solve PC Issues to send the problems it found to Microsoft for solutions and it came back saying it cannot connect properly to retrieve the solutions.
Oddly enough, other than the video playback and the Skype alert... there are no other manifestations yet. Which... worries me. lol
Thoughts?
0
Comments
I got the info about the .NET framework critical patches from US Cert and SANS. I am on US-Cert Alert email list and their weekly list that links to the latest previous-week newly discovered vulnerability compendium.
If your box runs Office or Microsoft Works Suite, there are patches that Microsoft labels important that may apply to you in the most recent batches. Ignore that they say for Office 2007 as they patch legacy code in almost all versions of Office that was first written for use in Word or Office 2007. Again, the holes patched can potentially allow remote takeover of a box.
Yeah, that was one of the first things I'd done, though I knew I'd just installed a few a week ago.
That's pretty epic, actually. I'm signing up for that as soon as I'm done posting!:thumbup Thanks!
The only thing I don't do is install Silverlight. I don't need it and I don't want to put on my machine.
That said, as I was typing this Malwarebytes came up with some bad program called OpenCandy and I had it quarantine it. I found a similar recent thread to mine and followed some advice from that: CCleaner, combo-something but it didn't launch. I didn't have a command line file or something. And then a Malwarebytes scan, which turned up 3 things.
I also, no thanks to Lenovo, I got the updated drivers for my graphics chipset.
Not too sure about this case. I've only seen some adware come up in searches, though turning off all my security programs is pretty aggressive.
If there are any generic "good programs" or websites to recommend, that's good. Otherwise, I think this might be about done.
I'm still having trouble keeping Norton enabled.
IN RE Norton-- malware writers love to disable it. Norton comes out on CD and/or DVD annually because it is notorious for being easily disableable (though it is improved each year, Symantec tries to maintain backward compatibility which means they cannot fully take advantage of security features unique to the latest version of Windows). The above explains why tech support at Symantec so often says to manually uninstall Norton (and how can vary year by year as to when it is released so the support KB has uninstall articles) and reinstall it and reupdating it and its virus definitions during and after install is recommended strongly. You can get Norton in some suversions cheap at http://www.nothingbutsoftware.com/ as to the 2012 releases even. Nothingbutsoftware buys bulk and sells for a quite small markup individually.
Norton 360 is a mess, I think I speak for the whole community when I say try something else ... like Avast. If you uninstall Norton, make sure to use Symantec's removal tool.
You can get ESET home one-machine two-year subscription for software and def and ThreatSense updates for $74.95(they have two years discounted from $89.95-- one year is $59.95). This is less than Norton for 2 years. If you are heisitant, they have 30-day trials for both ESET Home Smart Security 4 and ESET Home Anti-Virus 4 available. Most reviewers ignore them now, there are fewer users for ESET than there are for Norton at the home user level (at the Enterprise level, ESET is internationally considered pre-eminent and has been for over a decade-- home is the enterprise version tuned for GUI except for auto-pickup of upgrades and what ESET considers pure program updates(even home will tell you when updates are available)).
I have had Windows Defender trigger once-- on a file t hat looks like so in Admin mode searching: iefl.dll.exe It had a nice rule that said a dll should not appear to it with an exe also, or it scanned the supposed dll and had a rule that said dll's should not be all hex code inside and try to run when opened from a file list. It checked with Microsoft after abending the run and possibly archiving it to keep it from being runnable. Microsoft had no record of that file, because it told me Microsoft wanted the file. Windows Defender and raw Microsoft Security Essentials are meant to be always-on-- MSRT runs when called only normally(therewith one flaw in the MSE bundle).
To stay curreent to new threats (malware) the defs have to be updated very frequently, which means someone has to run a limited set of monitoring programs on a box (or a custom secured virtual session on a server-grade box or blade within a blade set) and literally observe and then forensically take what is in the session apart)and/or programmatically/automatically record what the malware does. Then they update their latest new to-be-sent-out set of defs with a subset (hopefully unique) of the malware's code.Iit HAS to be a subset, because def-baseed AV needs to match as quick as possible and auto-remove and/or quarantine on match. It also needs (partly by matching against smaller snippets of non-runnable and small enough to very quickly compare files against a large database of defs to make scanning quicker) to be accurate subset to eliminate false positives in large amount(every AV will have some).
Virus Labs not only tests and archives confirmed malware, they test AV software for the publishers in return for fees paid by the publishers. One of the things that PCWorld rates on is what Virus Labs thinks after exposing AV to a box loaded with the complete zoo (set of collected viruses and other malware sometimes, of which Virus Labs keeps hundreds of thousands in its zoo). They also include some innocent files to test for false positives-- code snippets that do not really run should not be triggered on, so some of those are included. VL also tests for how AV keeps other things from being damaged and how fast it stops the malware program/process (which measures also the AV software's speed and effectiveness of deactivation and safetying malware). Virus Labs reports are statistical mostly. ESET gets hugely good Virus Labs reviews.