top Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

Free Anti-virus Software and Safe Surfing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Free Anti-virus Software and Safe Surfing

    I had a recent "scareware" attack that took over my computer. I still can't quite figure out where I got it, but my guess is that I got it from one of the links I clicked on from a Google search.

    The virus hijacked my computer so completely that I couldn't do anything with it. It kept trying to redirect me to a website, so I physically disconnected the internet connection by unplugging the modem. I couldn't even get to the "System Restore" area or even shut down the computer using my mouse. So, I unplugged the whole computer to shut it down.

    Fortunately, I had an old backup computer to use to surf the internet to try to figure out what to do.

    Now keep in mind I am very cheap and I absolutely refuse to pay for any anti-virus software at all. I also refuse to take my computer in to have it fixed or to pay someone to come here and fix it. I wanted to find out how to do it myself for free.

    I had been using Windows Defender, but it is set up to catch spyware, not trojans and other viruses.

    I didn't want to do a full system recovery because that would erase everything. I wanted to do system restore.

    I did a lot searching and reading on the internet, and here is what I discovered, if you want to fix it for free if you ever get in this situation.

    1. Turn back on the computer, and when the "boot" menu comes up, press the proper key to get into the boot menu. Then press the proper keys to select the "Safe Mode" option.

    2. Your computer will start up in safe mode and the virus will not be able to stop you from getting to the system restore option.

    3. Do a system restore.

    4. Your computer will probably be working fine now, but the virus is still on your computer because you did not do a full system recovery. You have two options at this point.

    A. Save all important files to a blank CD-R, and then do a system recovery to get rid of the virus. If you do this option, you're finished and can skip to the "safe surfing" section of my thread. To be safe, this is the only free way to make sure the virus is completely erased from your computer, but it destroys everything you have saved and built up over the years. If you do sensitive banking or other sensitive things on the internet, this is probably the way to go. Another thing to consider is to have two computers-- one for nothing but sensitive things like banking, and the other computer for surfing the internet.

    B. Get back on the internet, being careful to not access anything with passwords, such as any of your email or other online accounts. There may be keyloggers on your computer which will record what you type and send it to a hacker. Once you are back on the internet, go to Microsoft and download their latest version of the Malicious Software Removal Tool. It's free and it works pretty good. Once you download it, run a "Full Scan". It will take about 2 hours or so to run a full scan, but it is worth it. I tried just running the quick scan at first, but it didn't find anything. The full scan found and removed 3 viruses:

    PWS:win32/Fareit.A
    Rogue:win32/FakeRean
    Trojan:win32/FakeSysdef

    I looked these up on the Microsoft website and found out that these were responsible for exactly what happened to my computer-- the same symptoms, the same popups and everything.

    5. The Microsoft tool is great, but I have read that it does not catch everything, and it is best to scan your system with a few other free anti-virus software programs, like getting a second and third opinion. I decided to go with the editor's picks and the one picked most of the average consumers. So, I downloaded the free version of Malwarebytes Anti-malware and Trend Micro Housecall 7.1. Both of them were free and quick to download and quick to scan. Both of them found viruses that the other ones missed. So, just to be safe I tried two more free ones-- Panda Cloud Antivirus and Avast. Neither one of them found anything. I noticed that all of the viruses ended up in the TEMP folder: C:\users\GoingDown\AppData\Local\Temp\~!#93EF.tmp

    I started deleting the contents of my temp folder from then on.

    I felt fairly confident at this point. My computer was working normally again.

    But I knew I needed to reduce the chances of something like this ever happening again. I found out that if you're not going to pay for anti-virus software, then you had better stop using Internet Explorer.

    Which brings us to SAFE SURFING.

    I knew I needed some anti-virus real time protection, so I went with Microsoft Security Essentials (MSE), which is a free download from the Microsoft website. It takes a long time to download, update and configure. Hours! But once it is up and running, and seems to work quietly and efficiently in the background. There are other ones available out there, and I will post a link to more information about them. The reason I went with MSE is because it works with Windows Defender, the Microsoft Malicious Software Removal Tool, and with other Microsoft software to protect your computer from infections and to remove any that slip by. And it is constantly being updated. I manually update it every morning just to make sure. I also have the "Full Scan" option selected to run at 2 a.m., so it can take hours to do its thing, and I won't be inconvenienced by it.

    I still plan on running Malwarebytes and Trend Micro Housecall from time to time to catch anything that MSE fails to catch.

    As for browsers, I found out that most of the virus attacks are aimed at Internet Explorer, which relies heavily on Active X and Java scripts, which are also what viruses seem to use to infect your computer.

    So, I switched to Mozilla Firefox. It's free. It doesn't use Active X. And it has free add-ons like NoScripts and Adblocker Plus and WOT which block most popups, ads, and scripts unless you allow them. It puts you back in control. WOT gives you some idea of how safe a link is before you click on it. If you use it, when you do any search, it will have a colored ring beside the link telling the general safety of the link: red (high virus potential), yellow (moderate virus potential), green (low virus potential) and blue (unknown virus potential). I won't click on anything without a green circle.

    So, you can do it yourself for free, if you apply yourself and do your reading.

    I didn't put any links to the software in this thread because you need to make sure you get it directly from the original source to avoid it from being bundled with something like spyware. Just search for it and make sure you go directly to the company who produces the software.

    Here's a link to the magazine articles I read about it...


    Everyone needs antivirus and antispyware software, but not everyone wants to pay for them. The for-pay versions are the best, but some of the free security software is great, too—and some is terrible. We tell you which is which.


    Microsoft Defender isn't bad these days, but it's still not enough to fully protect your PC. You don't have to pay extra, though. We’ve tested and ranked the top free antivirus apps.
    Last edited by GoingDown; 03-15-2012, 10:19 AM.
    The world's simplest C & D Letter:
    "I demand that you cease and desist from any communication with me."
    Notice that I never actually mention or acknowledge the debt in my letter.

    #2
    sounds like you got the Google Redirect virus. ANYTHING but IE is better to surf with ... I use Mozilla also (have for years) but on top of its own security, if you use AVG, it has its own built in browser and email scan for security purposes. Best Free AV program out there - and I've had them all. Hands-down the best.

    For keeping your computer safe I highly suggest having the following programs and download ONLY from download.com

    Malwarebytes
    AVG
    Glary Utilities

    Put at least ONE of the following on your computer

    ATF cleaner
    TFC

    Get these as well:

    Rkill
    Hijack This
    CWShredder
    Tdsskiller

    Put EVERY PROGRAM on a USB drive so you'll have them should your computer go belly up.

    For the BEST top notch free tech support as well as computer fixes

    BleepingComputer is a premier destination for cybersecurity news, delivering breaking stories on the latest hacks, malware threats, and how to protect your devices.




    On a side note - while MS Security Essentials is ok - thats just it..it's just ok. There are better programs out there that dont have as many issues.

    Comment


      #3
      Originally posted by Pandora View Post

      For keeping your computer safe I highly suggest having the following programs and download ONLY from download.com

      Malwarebytes
      AVG
      Glary Utilities

      Put at least ONE of the following on your computer

      ATF cleaner
      TFC

      Get these as well:

      Rkill
      Hijack This
      CWShredder
      Tdsskiller

      Put EVERY PROGRAM on a USB drive so you'll have them should your computer go belly up.

      For the BEST top notch free tech support as well as computer fixes

      BleepingComputer is a premier destination for cybersecurity news, delivering breaking stories on the latest hacks, malware threats, and how to protect your devices.


      Having those programs on a USB drive is the BEST idea, Pandora! Imma gonna do that now - I have just always popped it from my laptop onto a thumbdrive but I like your idea better!

      bleepingcomputer.com is an AWESOME site when you need straight-talking help to get your computer back from the clutches of a virus! I love them!!
      ~~ Filed Over Median Income Chapter 7: 12/17/2010 ~~ 341 Held: 1/12/2011 ~~ Discharged: 03/16/2011 ~~
      Not an attorney - just an opinionated woman.

      Comment


        #4
        AVG Free antivirus. All the IT geeks at work swear by it. They won't pay for antivirus software either.
        10/27/11 - Filed Ch13 ------ 2/27/12 - Conversion to Non-Consumer Ch7 ----6/11/12 - Discharged!

        Comment


          #5
          Yes, very good ideas. Thanks! I'm going to try AVG, and I like the USB drive idea, too.

          I've been using Malwarebytes in addition to MSE since the incident, and they've both been working well.


          NoScripts-- which is an "add-on" from Mozilla Firefox-- seems to be very effective as well.
          The world's simplest C & D Letter:
          "I demand that you cease and desist from any communication with me."
          Notice that I never actually mention or acknowledge the debt in my letter.

          Comment


            #6
            Thanks GoingDown and everyone else!
            Filed/discharged/closed Chapter 7 in 2010!

            Comment


              #7
              I used to keep losing my work because of computer crashes, and I eventually learned to use USB drives to store everything in. You might want to also try Dropbox, which provides 2GB of storage space, and you can access it from any computer because you can download it anywhere.

              I got an invitation to Dropbox more than a year ago, and downloaded it 4 months later, was quite pleased with it, and invited all my family members in the same city. Nobody responded. That's just the way it goes. Darn! For every person you invite, Dropbox will give you an extra 500MG and you can accumulate up to 8GB, IIRC.

              So far I haven't used up 1MG yet.

              Comment


                #8
                One thing I wanted to add to this thread is the importance of protecting all of your important accounts-- from email accounts to bank accounts with a second layer of password protection.

                Gmail and Yahoo mail offer what is called Second Sign-in protection or 2 Step Verification. When someone tries to hijack your account, Gmail and Yahoo will not recognize the computer they are using to attempt to access your accounts, and they will be prompted to enter special password(s) in addition to your regular password, or even better, Gmail and Yahoo will send your cell phone a text message with a randomly generated password or number which must be entered before the account can be accessed. That makes it nearly impossible for a criminal to get access to your email accounts.

                Measure, monetize, advertise and improve your apps with Yahoo tools. Join the 200,000 developers using Yahoo tools to build their app businesses.




                With 2-Step Verification, also called two-factor authentication, you can add an extra layer of security to your account in case your password is stolen. After you set up 2-Step Verification, you can s





                Most banks offer a special password to protect your account from hijackers. You have to ask for it. They won't normally tell you about it. They will ask you for your password every time you call them on the phone, every time you go through the drive thru at the bank, and every time you go up to the teller counter at the bank. That makes it extremely difficult for someone to take over your account. Sometimes you need to tell them you think you are the victim of identity theft to get this extra layer of protection.

                As for online access of a bank, some offer second sign-in. Some offer other forms of protection. But personally speaking, I would never use an important checking account online, nor a debit card assigned to that checking account online. There is just too much risk involved.

                In fact, I know of a relative who cut up the debit card associated with her main checking account, so that its number is less likely to fall into the wrong hands. When she needs to do something online, she uses pre-paid gift cards to make purchases. With her main checking account, she does not do any online banking. She doesn't even have an online account for her main checking account.

                She also has a separate checking account at a separate credit union with very little money in it to use for online banking. She puts only the amount necessary to cover the online payments into the account and then uses up the amount quickly. I should point out that she has no debts and is not facing any lawsuits or judgments, so, it is no problem for her to have checking accounts. She's not worried about creditors taking her money. She's just worried about hackers and hijackers stealing her information online.

                She had a bad experience where someone got her old debit card number online and proceeded to make a series of small charges online to see if it was any good, and then started making some big charges to it, and these charges were coming from Romania. She has never been to Romania, and never bought anything from Romania. She was able to clear it up with her bank, but it was a huge hassle, and it took weeks to get it cleared up. Since then, she has been very cautious about what she does online and how she does online banking, etc.

                You can even protect your federal tax return from identity thieves. To get this protection you will need to file an affidavit with the I.R.S. which states that you believe your identity may have been compromised, and then the I.R.S. will issue you a special P.I.N. number to put on your tax return and on all correspondence with the I.R.S. It makes it much more difficult for someone to file a fraudulent tax return in your name, get your refund, and then leave you holding the bag.
                Last edited by GoingDown; 03-26-2012, 08:14 AM.
                The world's simplest C & D Letter:
                "I demand that you cease and desist from any communication with me."
                Notice that I never actually mention or acknowledge the debt in my letter.

                Comment


                  #9
                  Also a good computerish related idea:

                  For insurance claim purposes you should take some pics of your home's contents. It would help you to remember what you have lost in case of a tragedy as well as substantiate your claim for a speedier resolution with your adjustor.

                  Most folks store their pics on a computer BUT, in case of a fire or storm loss, it is very likely your computer could be ruined or the hard drive inoperable (simply from smoke!).

                  Everyone needs to make a gmail, yahoo or hotmail account and email pictures of your home and contents to your account there! They will be on their server and easy to access from any computer in case of an emergency. You can also store the pictures on a USB drive that you keep in your safety deposit box (if you have one).

                  /soapbox
                  ~~ Filed Over Median Income Chapter 7: 12/17/2010 ~~ 341 Held: 1/12/2011 ~~ Discharged: 03/16/2011 ~~
                  Not an attorney - just an opinionated woman.

                  Comment


                    #10
                    Originally posted by ValleYum View Post
                    Also a good computerish related idea:

                    For insurance claim purposes you should take some pics of your home's contents. It would help you to remember what you have lost in case of a tragedy as well as substantiate your claim for a speedier resolution with your adjustor..
                    Better yet - record it to video (digital, cd or tape - doesnt matter) and lock it in your fireproof / waterproof safe where all other important docs are stored (ya'll do have one *or two...* of those right? )

                    Comment


                      #11
                      Originally posted by Pandora View Post
                      Better yet - record it to video (digital, cd or tape - doesnt matter) and lock it in your fireproof / waterproof safe where all other important docs are stored (ya'll do have one *or two...* of those right? )
                      I have one - but my bestie back home had a fire and all of her media melted/warped inside her little fireproof safe. Her documents survived. The FD said it was the heat. Weird, huh?

                      You could upload a video to a private YouTube and email your self the link and the original, too!!



                      OMG - the clothes!!! LOLOLOL
                      ~~ Filed Over Median Income Chapter 7: 12/17/2010 ~~ 341 Held: 1/12/2011 ~~ Discharged: 03/16/2011 ~~
                      Not an attorney - just an opinionated woman.

                      Comment


                        #12
                        VY you crack me up woman Yeah isnt it amazing how that can happen with a "fireproof" safe? I think most merely buy you an hour of time in order to rescue it LOL. Crazy...

                        Just a note on those "online storage" places (for all your computer info...) I personally would never PAY a company (of whom I do not know who owns it / runs it) with any of my personal information, period. For $50, I'd rather buy an external harddrive and back up all of my information myself - that way I know who sees it and who doesnt.

                        Should you have your own external harddrive I highly suggest password protecting and/or encrypting it also. Word of caution - never ever ever store passwords and accounts on your computer. Write them down and put them in your safe, attach them to your bill book (budgeting monthly expenses, etc) or some where else. You never know when you take your computer to a Tech what info they may take off of it nor will you know if someone has hacked into your system through your ISP - until its too late.

                        Better to be safe than sorry!

                        Comment


                          #13
                          Originally posted by ValleYum View Post
                          Also a good computerish related idea:

                          For insurance claim purposes you should take some pics of your home's contents. It would help you to remember what you have lost in case of a tragedy as well as substantiate your claim for a speedier resolution with your adjustor.

                          Most folks store their pics on a computer BUT, in case of a fire or storm loss, it is very likely your computer could be ruined or the hard drive inoperable (simply from smoke!).

                          Everyone needs to make a gmail, yahoo or hotmail account and email pictures of your home and contents to your account there! They will be on their server and easy to access from any computer in case of an emergency. You can also store the pictures on a USB drive that you keep in your safety deposit box (if you have one).

                          /soapbox
                          Very good idea!

                          I email all of my important pictures, documents, digital keys for applications and software, as well as rare or important mp3s from my Gmail account to my Yahoo mail account, so I have two online backups just in case something happens to my computer. And of course, these email accounts are protected by 2nd sign-in/2 step verification to keep them all safe. With Yahoo, you must sign in to the account every 90 days to keep the emails from being deleted. To be on the safe side, I would make sure to sign in once a month.

                          It works for anything that is not an .exe file, or a huge file (10MB+). I keep back up copies of those (and everything I mentioned above as well) on CD-Rs and thumb drives. I use a relative's safe deposit box to store some of these things, just in case.

                          You have to figure than anything on your computer is merely temporary. It can all get wiped out in the blink of an eye, so you need somewhere to back up everything of importance to you.
                          The world's simplest C & D Letter:
                          "I demand that you cease and desist from any communication with me."
                          Notice that I never actually mention or acknowledge the debt in my letter.

                          Comment


                            #14
                            For those of you who have made the switch to Firefox, here is info about NoScripts, and how it can help protect you from viruses, etc...

                            The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!


                            The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

                            NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

                            NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

                            You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
                            Watch the "Block scripts in Firefox" video by cnet.

                            Staying safe has never been so easy!
                            Experts will agree: Firefox is really safer with NoScript!

                            Usable security

                            Operating NoScript is really simple.

                            When you install NoScript, JavaScript, Java, Flash Silverlight and possibly other executable contents are blocked by default. You will be able to allow JavaScript/Java/... execution (scripts from now on) selectively, on the sites you trust. You can allow a site to run scripts temporarily, if you're just surfing randomly, or permanently, when you visit it often and you really trust it. This means that NoScript learns from your own browser habits and tends to disappear in the background after a while, but it promptly comes back to save your day if you stumble upon a malicious web page.

                            When you browse a site containing blocked scripts a notification, similar to those issued by popup blocker, is shown.
                            Look at it or at the statusbar icon to know current NoScript permissions:

                            Forbidden Icon - this means that scripts and plugin contents are blocked for the current site and its subframes. Even if some of the 3rd party script sources imported by the page may be in your whitelist, no code could run because the hosting documents are not enabled.
                            Partially Allowed Subcontent Icon - this means the top level site is still forbidden but some active subcontent pieces (either frames or plugin objects) are allowed: some code may be running, but the page is likely not to work correctly yet because its main script source is still blocked.
                            Partially Allowed Icon - this means scripts are allowed for the top-level (main) document, but some other active content or script sources imported by this page are not allowed yet. This happens when there are multiple frames, or script elements linking code hosted on 3rd party hosts.
                            Since they're often unnecessary, the site is likely to work even in this "partially allowed" state. Furthermore, in most cases when a site is compromised with JavaScript malware, the malicious code is hosted on external "shady" sites. Even if you've previously allowed the top-level site, these external sites are still blocked and the attack fails anyway.
                            Allowed with Blocked Embedded Content Icon - this means that all the script sources for the page are allowed but some embedded content (frames or plugin objects) is blocked. You can check and allow the blocked content either by looking for yellow visual placeholders in the page or by examining the Allowed with Blocked Embedded Content Icon Blocked Objects sub-menu.
                            Partially Allowed / Partially Untrusted Icon - this means that scripts are allowed for some URLs, and all the other ones are marked as untrusted.
                            Allowed Icon - this means that script execution is allowed for the current site
                            Globally Allowed Icon - this means that scripts are globally allowed (why did you decide to browse with low protection??!)

                            NoScript: one click to enable/disable JavaScript globally or PER SITE The number of detected <script> tags for current page is shown in a tooltip when you fly over the icon with your mouse. If the "S" inside the icon is white rather than blue (Forbidden Icon - no active script Partially Allowed Icon - no active script Partially Allowed / Partially Untrusted Icon - no active script Allowed Icon - no active script Globally Allowed Icon - no active script), 0 script tags have been detected: this likely means you don't need to enable JavaScript in that page at all.

                            If you left click on the icon, you can change script permissions using a simple menu.
                            You can reach the same menu by right clicking over the document, so you can operate also in windows which don't provide a status-bar. Of course, if you don't like contextual menus, you can hide it.
                            Most menu items are in the form "Allow somesite.com", "Temporarily allow somesite.com", "Forbid somesite.com". The "Temporarily" permissions are in effect until you exit the browser.
                            Special commands:

                            Allow Scripts Globally (dangerous) switches NoScript in the (not recommended) "Default Allow" mode. Only sites and objects explicitly marked as untrusted will be disabled. Other important security features, like Anti-XSS protection, HTTPS enforcement, Clickjacking protection and ABE will still be effective, though.
                            Allow all this page and Temporarily allow all this page enable every site shown as allowable by NoScript's menu on the current page, unless already marked as untrusted.
                            Make page permissions permanent permanently enables every site shown as temporarily allowed by NoScript's menu on the current page.
                            Revoke temporary permissions cancels all the "Temporary allow" commands issued during this session.

                            A set of toolbar buttons is also provided:

                            Main NoScript toolbar button
                            By clicking it you will toggle the forbidden/allowed state of the top-most site in the current page, i.e. the one displayed in your address bar. Also, if you click the tiny arrow near the main NoScript toolbar button, the usual NoScript menu will be dropped down.
                            Temporarily allow all this page toolbar button
                            Revoke temporary permissions toolbar button

                            To install these buttons, just right click on any Firefox toolbar and select the Customize menu item, the drag the one(s) you want from the buttons palette onto your choosen toolbar.

                            If you're not a mouse lover, you will find these two keyboard shortcuts helpful:

                            CTRL + SHIFT + \ (backslash) toggles allowance status for the current top-level site - temporarily by default, to make it permanent set the about:config noscript.toggle.temp preference to false.
                            CTRL + SHIFT + S opens the NoScript status bar menu, which lets you perform every NoScript related operation using the cursor keys.

                            Both these shortcuts can be changed using the about:config noscript.key.* preferences.

                            Every NoScript menu includes a command to open the Options dialog: you use it to allow or forbid many sites at once, to customize user interface and to decide if you want to automatically reload current site when you change permissions. Other useful options are also available there.
                            Site matching

                            For each site you can decide to allow the exact address, or the exact domain, or a parent domain. If you enable a domain (e.g. mozilla.org), you're implicitly enabling all its subdomains (e.g. www.mozilla.org, addons.mozilla.org and so on) with every possible protocol (e.g. http and https). If you enable an address (protocol://host, e.g. http://www.mozilla.org, you're enabling its subdirectories (e.g. http://www.mozilla.org/firefox and http://www.mozilla.org/thunderbird), but not its domain ancestors nor its siblings, i.e. mozilla.org and addons.mozilla.org will not be automatically enabled.
                            By default only the 2nd level (base) domain is shown (e.g. mozilla.org) is shown in the menus, but you can configure appearance to show full domains and full addresses as well.

                            NoScript recognizes two kinds of "shorthand" patterns, to be manually entered in the NoScript Options|Whitelist panel:

                            Jolly port matching - an address with a 0 (zero) port specification will match every site with the same protocol, domain and any non-standard port: if one is met during navigation, it gets temporarily enabled. For instance, http://acme.org:0 matches http://acme.org:8080 and http://acme.org:9999, but not https://acme.org:9999 (different protocol) nor http://acme.org (standard 80 port, omitted). Since protocol specification is mandatory, regular subdomain matching with rightmost components comparison couldn't work for multiple subdomain. You can specify subdomain matching patterns using an asterisk in place of the leftmost domain component: for instance, you need to match all the subdomains of acme.org for all ports with the HTTPS protocol, you can whitelist https://*.acme.org:0. This is the ONLY situation where asterisk is considered a wildcard.
                            Subnet matching - an address with a partial numeric IPv4 IP will match all the subnet. You must specify at least the 2 leftmost bytes, e.g. 192.168 or 10.0.0. Again, matching sites will be temporarily allowed on demand.

                            Important notice: the asterisk character (*) have NO special meaning to NoScript, other than subdomain matching in Jolly port matching patterns (see above). Asterisk is NOT a general wildcard, so if you're typing it while manually adding a site to your whitelist, double check you know what you're doing. By the way, most of the time you prefer not to fiddle with your whitelist manually: just use the NoScript "Allow" and "Forbid" menu items, it's much simpler and error free!
                            Beyond JavaScript: blocking Java, Silverlight, Flash and other embedded content

                            While its primary aim is preventing malicious JavaScript from running, NoScript effectively blocks Java™, Silverlight™, Flash®, and other plugins and embeddings (such HTML video/audio elements and downloadable fonts) on sites you didn't explicitly whitelisted. Java Applets, Flash movies/applications, Quicktime clips, PDF documents and other content won't be even downloaded from sites where you consider them annoyances or dangers, saving your bandwidth and increasing your navigation speed. While in early NoScript versions only JavaScript and Java were blocked by default, this restriction has been extended to Flash and the other embeddable content, in order to prevent Flash-based XSS and other plugin-based attacks. Anyway you can configure the kinds of content you want to forbid using the NoScript Options|Embeddings panel. The status bar tooltip and the message bar display the total count of detected embeddings (<OBJECT>) next to the <script> count. Keep in mind that some sites use Java applets, Silverlight embedded objects or Flash movies to deliver rich content and applications, hence if you meet some web page you need to use but you find some functionality is missing, consider the possibility that you're blocking some essential applet or movie.

                            On a non-whitelisted site you can still temporarily allow an individual embedded object with just one left click on its placeholder (screenshot). The movie/applet/clip will stay enabled until the end of the session or until you Revoke Temporary Permissions.
                            Middle clicking on an object placeholder opens it in a window of its own.
                            Right clicking on an object placeholder opens the context menu for links, allowing you to save the content with Save Link As....
                            Holding down the Shift key and clicking on an object placeholder temporarily hides it.

                            You can also use the Blocked Objects menu to find out which content instances you're blocking even if their placeholder is not easily visible, and/or enable them individually, per site or per type.

                            It's worth noticing that while early NoScript versions used to block plugin content objects checking exclusively their origin, i.e. the site where they were downloaded from, most recent NoScript versions check also the parent site which is embedding the content: a non-whitelisted site won't be able to run a plugin content piece, even if coming from a trusted site, unless you explictly unblock it through its placeholder or the Blocked Objects menu.
                            This behavior is meant to provide effective protection against Flash-based XSS. Reverting to the old behavior is possible, even if not recommended: just switch the noscript.forbidActiveContentParentTrustCheck about:config preference to false.

                            The same blocking treatment can be reserved to IFRAMEs as well, especially to defeat clickjacking. Please read this FAQ for more details.

                            Finally, toggling NoScript Options/Embeddings/Apply these restrictions to whitelisted sites too extends the embedded content restrictions set for untrusted sites also to "trusted" pages which are in your whitelist, turning NoScript in a general content blocker for Java, Silverlight, Flash and other embeddings, functionally similar to FlashBlock.

                            You can configure some exception to the Forbid Other Plugins option by setting the noscript.allowedMimeRegExp about:config preference to a pattern matching the content types you want to allow. For instance, setting it to "application/pdf" will let PDF document load automatically on every site. That said, are you sure you need to? Adobe Acrobat Reader plugin got its share of vulnerabilites so far, and after all, you can still allow individual PDF documents from untrusted sites just clicking on their placeholders.
                            Untrusted blacklist

                            Some sites, especially those serving ads, can appear in your "Allow ..." menu more often than you like, making it too much long and noisy.

                            If you know you don't want to allow a certain site now and in the foreseeable future, you can permanently mark it as untrusted: just click the NoScript icon, open the Untrusted menu and select the Mark bad-site.com as Untrusted menu item.

                            NoScript won't even propose you to allow it again and your NoScript will be even more clean and usable.

                            If you later change your mind, don't worry: just open the Untrusted menu again (on the same page), and you'll find the Allow bad-site.com command there.

                            This feature is especially useful if you decided to use the (not recommended) Temporarily allow top level sites by default or Allow Scripts Globally modes, because sites marked as untrusted won't be allowed anyway.

                            Advanced users: even though the untrusted sites blacklist has no listing UI of its own, you can mass-edit it either modifying the noscript.untrusted about:config preference or using the Import/Export functionality of the NoScript Options|Whitelist panel, knowing that the untrusted entries are exported under an [UNTRUSTED] header.
                            Anti-XSS protection

                            Cross-Site Scripting (XSS) vulnerabilities are usually programming errors made by web developers, which allow an attacker to inject his own malicious code from a certain site into a different site. They can be used, for instance, to steal your authentication credentials and, more in general, to impersonate you on the victim site (e.g. your online banking or your web mail).

                            This kind of vulnerability, often overlooked, is very widespread and becoming highly popular among hackers: someone even bothered to write a JavaScript-based bot, called Jikto, turning your browser into a zombie which relentlessly sends automated XSS attacks all around. Of course this tool has been built "for research purpose", but its code unfortunately appears to be leaked in the wild, so anybody can take advantage of it, now...

                            NoScript XSS notification and its menu NoScript features unique Anti-XSS counter-measures against XSS Type 0 (DOM based) and XSS Type 1 (Reflective, absolutely the most common) attacks targeted to whitelisted sites.

                            Whenever a certain site tries to inject JavaScript code inside a different trusted (whitelisted and JavaScript enabled) site, NoScript filters the malicious request neutralizing its dangerous load.

                            Then a yellow notification bar displays a message like
                            "NoScript filtered a potential cross-site scripting (XSS) attempt from [some-evil-url.com]. Technical details have been logged to the Console."
                            On the left side of this bar there's also an "Options..." button: if you click it, you can choose among the following actions:

                            Show Console, displaying the Error Console where further technical details about the actions taken by NoScript are logged.
                            Please notice that the Error Console is a standard Firefox component reporting every JavaScript-related message from any source: the explanatory messages specifically coming from NoScript and related to XSS are only the ones marked with a [NoScript XSS] label.
                            Unsafe Reload, which will "replay" the request bypassing XSS filters. Use this command only if you're absolutely sure that NoScript detected a false positive.
                            Suppress the XSS-related notifications (you will still be able to operate through the standard NoScript menu).
                            Open the XSS Options panel.
                            Navigate to the XSS FAQ web page.

                            The specific Anti-XSS counter-measures are controlled by the NoScript Options|Advanced|XSS options.
                            Both these options are enabled by default for your maximum protection.

                            By default, Anti-XSS protection automatically filters the requests from untrusted origins to trusted destinations, considering trusted either "Allow"ed or "Temporary allow"ed sites. If you prefer "Temporarily allow"ed sites to be still considered as untrusted origins from the XSS point of view, you just need to set about:config noscript.xss.trustTemp preference to false.

                            Furthermore, NoScript's sophisticated InjectionChecker engine checks also all the requests started from whitelisted origins for suspicious patterns landing on different trusted sites: if a potential XSS attack is detected, even if coming from a trusted source, Anti-XSS filters are promptly triggered.

                            This feature can be tweaked by changing the value of the noscript.injectionCheck about:config preference as follows:

                            0 - never check
                            1 - check cross-site requests from temporary allowed sites
                            2 - check every cross-site request (default)
                            3 - check every request

                            NoScript's Anti-XSS filters have been deeply tested and proved their ability to defeat every known reflective XSS technique, but their power is a double-edged sword: sometime they may detect a weird looking but legitimate request as a "potential XSS attempt". This should almost never be a show stopper, since the filter most of the time doesn't prevent you from navigating the filtered page, but the aforementioned Unsafe reload command and the XSS Advanced Options have been made easily accessible so you can work-around if you hit a false positive with side effects. Just please notify me when it happens, possibly reporting the messages NoScript logged (the lines starting with "[NoScript XSS]" in the Error Console), so I can keep tweaking NoScript's "XSS sensibility" as needed.

                            NoScript also protects against most XSS Type 2 (Persistent) attacks: in facts, the exploited vulnerabilities usually impose space constraints, therefore the attacker is often forced to rely on the inclusion of external scripts or IFrames from origins which are already blocked by default.

                            While Cross-Site Scripting (XSS) vulnerabilities need to be fixed by the web developers, users can finally do something to protect themselves: NoScript is the only effective defense available to "web-consumers", waiting for "web-providers" to clean up their mess.

                            See also the NoScript XSS FAQ.
                            Options

                            Most NoScript options are quite simple and self explanatory.

                            Default values are almost always OK, however you may find useful knowing about these:

                            General
                            Temporarily allow top-level sites by default, not recommended and disabled by default, grants permissions "on the fly" to the address of the main page (the one usually displayed in the location bar), excluding subframes, embedded objects and sites marked as untrusted.
                            Allow sites opened through bookmarks, grants permissions "on the fly" to sites you open clicking on a bookmark of yours.
                            Left clicking on NoScript toolbar button toggles permissions for current top level site, action reachable also using the CTRL+SHIFT+S keyboard shortcut.
                            Whitelist
                            An interface to manually manage the list of your trusted sites, adding or removing web addresses. This panel contains also "Import" and an "Export" buttons to backup/restore your whitelist as a plain text file.
                            Embeddings
                            A list of content blocking and anti-clickjacking options.
                            Appearance
                            Contains preferences to hide/show UI elements.
                            Notifications
                            Contains preferences to enable/disable various notifications (message bars and sound alerts).
                            Advanced
                            Untrusted
                            Contains additional restrictions and policies for untrusted (unknown) sites:
                            Attempt to fix JavaScript links ( enabled by default): this means that NoScript will try to turn javascript: links into normal ones on untrusted sites as you click them, improving usability of the most unfriendly pages.
                            Hide <noscript> elements prevents the replacement content from being displayed on JavaScript disabled sites.
                            Forbid "Web Bugs" blocks Web Bugs (tracking images) found inside <noscript> tags, used as a (less effective) fall-back to spy on user's behavior when scripts are not available.
                            Forbid META redirections inside <noscript> elements, which are often used to send the unwilling user to a dumb "Please enable JavaScript" page. Notice that this option may interfere with the RefreshBlocker extension.
                            Forbid bookmarklets, disabled by default, prevents JavaScript bookmarks (also known as bookmarklets) from working on untrusted sites.
                            Forbid <a ping...> (enabled by default), controls the controversial "ping" feature on untrusted sites.
                            Trusted
                            Contains additional permissions and bonuses for trusted sites:
                            Show the <noscript> element which follows a blocked <script> forces the nearest replacement content to be shown for blocked 3rd party script tags even if the main page has JavaScript enabled.
                            Allow <a ping...> (disabled by default), controls the controversial "ping" feature on trusted sites.
                            Allow rich text copy and paste from external clipboard is an additional permission you can grant to trusted sites, e.g. on Web Mail or CMS user interfaces where you may want to copy inside an editor box styled text content from outside the browser.
                            Allow local links (disabled by default) allows linking local resources from web pages, as required by some gaming on line sites.
                            XSS
                            Preferences for the Anti-XSS protection system:
                            Sanitize cross-site suspicious requests* - potentially dangerous characters, why may be used to inject malicious JavaScript code, are stripped out from both the URL and the REFERER header.
                            Turn cross-site POST requests into data-less GET requests - the request is sent but no malicious data is uploaded.
                            Anti-XSS Protection Exceptions, a list of regular expressions (one on each line) used to identify web addresses which you deem do not need to be protected against XSS.
                            * "Cross-site suspicious requests" are requests from untrusted origins to trusted destinations, considering trusted either "Allow"ed or "Temporary allow"ed sites, unless the cross-site request is found to contain HTML or JavaScript injections. If you prefer "Temporarily allow"ed sites to be still considered as untrusted origins from the XSS point of view, even for requests which does not seem to contain injections, you just need to set about:config noscript.xss.trustTemp preference to false.
                            JAR
                            Notice: NoScript 2.0.9 and above removed this feature because the same protection is now available by means of other more transparent countermeasures, both from Firefox >= 3.0 and from NoScript itself
                            Preferences for JAR document blocking:
                            Block JAR remote resources being loaded as documents - jar: URLs which are loading from remote in a context which will lead to document building are blocked. This prevents XSS attacks like the one described in this article.
                            JAR document blocking Exceptions, a list of regular expressions (one on each line) matching JAR urls which you want to bypass blocking.
                            HTTPS
                            Preferences for enhancing HTTPS behavior and cookies:
                            Forbid active web content unless it comes from a secure (HTTPS) connection:
                            Never - every site matching your whitelist gets allowed to run active content.
                            When using a proxy (recommended with Tor) - only whitelisted sites which are being served through HTTPS are allowed when coming through a proxy. This way, even if an evil node in your proxy chain manages to spoof a site in your whitelist, it won't be allowed to run active content anyway.
                            Always - no page loaded by a plain HTTP or FTP connection is allowed.
                            Force the following sites to use secure (HTTPS) connections - a space-separated list of site patterns
                            Never force secure (HTTPS) connections for the following sites - a space-separated list of site patterns (taking precedence over the above)
                            Enable Secure Cookie Management - countermeasures against HTTPS cookie hijacking, see this FAQ for more details.
                            ABE
                            Preferences to control the Application Boundaries Enforcer (ABE) module.
                            The world's simplest C & D Letter:
                            "I demand that you cease and desist from any communication with me."
                            Notice that I never actually mention or acknowledge the debt in my letter.

                            Comment


                              #15
                              Another little update on this...

                              Even with the use of Firefox and NoScripts, I did manage to get another trojan downloader virus. MSE caught it during a full scan and removed it before it got a chance to do much. This is why it is very important to run a full scan several times a week, at least, to remove even things you don't know are on your computer.

                              I also have learned to delete all "TEMP" files, and remember, there may be more than one temp folder. Mine had one under "system32" (that will vary from 32 bit to 64 bit computers, by the way) and another one under my own user partition which has the "AppData" files.

                              An easy way to find a lot of these temp files is to hit your "start" button and then in the search box type: %temp% and then hit enter.

                              When you mouse over these files it will tell you who made them. If they're from Microsoft, it will say so. The anonymous ones may be virus files.

                              And you can sort them by date. The more recent ones may be associated with the virus on your computer. I copied the file name of the most recent ones and entered them into a Google search and was able to determine that they were in fact trojan downloader virus files. I deleted them immediately. And I did this AFTER my scan supposedly found the virus and removed it. Obviously, it didn't remove all of them.

                              But anyways, searching by date tells you a lot. If you notice recent files anywhere on your computer and you haven't recently installed any new software, it should be investigated. Just copy the file name and do a Google search of it to see what other people have to say about it. And of course, do the mouse-over trick to see if it is from someone you trust like Microsoft. If it's not, it may be a virus file.

                              And it is always a good idea to do several other full scans from Malwarebytes, Tdss Killer, HouseCall, etc., to catch anything that MSE didn't catch.
                              The world's simplest C & D Letter:
                              "I demand that you cease and desist from any communication with me."
                              Notice that I never actually mention or acknowledge the debt in my letter.

                              Comment

                              bottom Ad Widget

                              Collapse
                              Working...
                              X