trojan from wi- fi

Just my brother experienced that his notebook computer was infected
with a trojan which I suspected to coming from a wifi connection he
regulary connects.

I reformatted the hard drive and reinstalled the OS and the other
wares.
Now...
I wouldl like to know what is the best defense for such in the future?
Does the Norton Internet Security offers enough protection for such ?
Thanks!

"Roy" <(E-Mail Removed)> wrote:
>I wouldl like to know what is the best defense for such in the future?

Turn on a firewall. The WinDoze firewall is probably good enough, as
long as he's not prone to clicking on stupid things.

"Roy" <(E-Mail Removed)> hath wroth:

>Just my brother experienced that his notebook computer was infected
>with a trojan which I suspected to coming from a wifi connection he
>regulary connects.
>
>I reformatted the hard drive and reinstalled the OS and the other
>wares.

Oh, this is great. Catch a virus, worm, or whatever, and wipe
everything and start over. I remove such things almost daily from
various users machines. I rarely have to wipe the machine and start
over. What's he going to do if it happens again? Wipe the machine
again (without a backup)?

>Now...

Correct. Do it right NOW.

>I wouldl like to know what is the best defense for such in the future?
>Does the Norton Internet Security offers enough protection for such ?

1. Learn to use System Restore:
Start -> Programs -> Accessories -> System Tools -> System Restore

2. Learn to do image backups. I suggest Norton Ghost 2003 (not Ghost
version 10) to a DVD drive or an external USB drive or burner.

3. Organize your hard disk so that backups are easy. Locate the well
hidden directories where Microsoft buries its data files for Outlook,
Outlook Express, Windoze Address Book, Favorites, etc. Those should
also be backed up regularly. You can also use a USB dongle for
current work backups.

4. Turn on the Windoze Firewall. Don't mess with the exceptions
unless you know what you're doing.
Start -> Settings -> Control Panel -> Windoze Firewall
Norton Internet Security comes with a replacement firewall which has
additional features (blocking outgoing traffic), but is pure hell to
configure.

5. Get an Anti-Virus program. I use:
http://free.grisoft.com
Norton Internet Security includes Norton Anti-Virus which is fine.
However, my experience with 2004 thru 2005 is that it slows the
machine down drastically and often self destructs while trying to
remove or block a virus. Fragile would be kind description. No clue
on 2006 as I current remove the 90 day demo version before the
customer even notices.

6. Get an Anti-Spyware program. I use Microsoft Defender Beta 2. A
good alternative is Spybot S&D 1.4.

7. Don't use Internet Exploder 6 for anything except Windoze Updates.
Download and install Mozilla Firefox, Mozilla Thunderbird, Opera,
Eudora, or any other browser that knows how to *NOT* run ActiveX
controls from the web browser or email attachment. My observed level
of infections and attacks has decreased drastically since I abandoned
IE6 and OE6.

8. Do updates regularly and often. In particular, do the Micrsoft
updates, Office Updates, Mozilla updates, Acrobat Updates, Anti-Virus
Updates, Anti-Spyware Updates, ad nausium. There are also a bunch of
applications which offer automagic updates. If you deploy a machine
with known vulnerability on the internet, it will get attacked. Last
year, I setup an XP SP1 box without any updates and connected it
directly to the internet (no firewall). It was attacked an
compromised within 15 minutes.

There's lots of other things you should do, but these are the basics.



--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"William P.N. Smith" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Roy" <(E-Mail Removed)> wrote:
>>I wouldl like to know what is the best defense for such in the future?
>
> Turn on a firewall. The WinDoze firewall is probably good enough, as
> long as he's not prone to clicking on stupid things.

The Windows XP firewall is no good as certain files and programs configure
the registry to allow permissions - so defeating the object!
Use a third party firewall and virus scanner, then teach him not to click on
make money quick type links or sites full of filth !

Roy wrote:
> Just my brother experienced that his notebook computer was infected
> with a trojan which I suspected to coming from a wifi connection he
> regulary connects.
>
> I reformatted the hard drive and reinstalled the OS and the other
> wares.
> Now...
> I wouldl like to know what is the best defense for such in the future?
> Does the Norton Internet Security offers enough protection for such ?
> Thanks!
>

http://www.claymania.com/safe-hex.html

Duane

Jeff Liebermann <(E-Mail Removed)> hath wroth:

Forgot an important item.

9. Learn to read the screen. When a box appears on the screen that
says "click here to do whatever...", think about:
- Where did the message originate? If it came from a local program
that was being installed, it's probably safe to click ok. However,
if it came from some dubious web page, it's probably trying to trick
you into installing something evil.
- Move the mouse over the box and see if the "action" in the lower
left of the browser screen makes sense.
- Don't hit the "cancel" button. Use the [X] in the upper right hand
corner of the box to dispose of it. The cancel button often does the
same thing as the OK button. Even the [X] can be a trap. If there
are multiple boxes within boxes on the screen, always hit the
outermost box.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Ian C" <(E-Mail Removed)> wrote:
>"William P.N. Smith" <(E-Mail Removed)> wrote:
>> Turn on a firewall. The WinDoze firewall is probably good enough, as
>> long as he's not prone to clicking on stupid things.

>The Windows XP firewall is no good as certain files and programs configure
>the registry to allow permissions - so defeating the object!

The XP firewall is simple enough that it's best for most users. It
won't prevent outbound traffic, but there won't be any outbound
traffic if the user didn't click on "bad stuff".

>Use a third party firewall and virus scanner, then teach him not to click on
>make money quick type links or sites full of filth !

IME it's easier to teach them not to click on "bad stuff" than it is
to teach them to parse "ksiej.dll requests access to the internet,
allow or deny?", and Murphy sez they'll _always_ make the wrong
choice.

One service call to determine why a virus scanner isn't updating (you
know when those are happening, right?) only to discover that they've
blocked it using the "if I don't understand it, block it" rule will
cure you of the belief that anyone can consistently make the right
choice on an outbound firewall.

Thank you very much for all the informative replies....!
> >> Turn on a firewall. The WinDoze firewall is probably good enough, as
> >> long as he's not prone to clicking on stupid things.
>
> >The Windows XP firewall is no good as certain files and programs configure
> >the registry to allow permissions - so defeating the object!
>
> The XP firewall is simple enough that it's best for most users. It
> won't prevent outbound traffic, but there won't be any outbound
> traffic if the user didn't click on "bad stuff".

I understand that one of the difference between WinXP SP1 and SP2 is
the latter has an effective firewall which provides and additional
protection but the problem is one you install the Internet Security
software there is the need to inactivate their firewall.?
Why is that?
I have noticed that If I activate the Norton Internet Security personal
firewall in version 2005 and 2006 there is a need to inactivate the
Windows XP firewall. Is it not possible to have it activated
simultaneously ?
Which is much better ...the Norton Internet Security personal firewall
or the WinXP SP2 firewall?
Another thing is they Norton Internet security have its own spyware
remover, what are you comments about this?
>Organize your hard disk so that backups are easy. Locate the well
>hidden directories where Microsoft buries its data files for Outlook,
>Outlook Express, Windoze Address Book, Favorites, etc. Those should
>also be backed up regularly. You can also use a USB dongle for
>current work backups

Wait, I had a question regarding this matter....in one of my notebooks
the 100 Gig HD has been partitioned into C and D partition having file
size of approximately 20 and 80 gigs respectively.
I was surprised that in the C drive the declared empty space is 7.5gig
and the filled portions is roughly12 Gig...but when I looked at the
file size of the different folders and summed it up it only amounts to
about 8 gig...what stuff fills up the remaining 4 gig or more.?

>Do updates regularly and often. In particular, do the Micrsoft
>updates, Office Updates, Mozilla updates, Acrobat Updates, Anti-Virus
>Updates, Anti-Spyware Updates, ad nausium

Another question about the windows update...one of my notebooks that
was loaded with Win XP2 used to do this regularly in the fast several
months but have stopped doing it lately, is that considered normal or
it was inactivated by some means that I am unaware of.? I don't see
anything abnormal in this unit except for that...

>One service call to determine why a virus scanner isn't updating (you
>know when those are happening, right?) only to discover that they've
>blocked it using the "if I don't understand it, block it" rule will
>cure you of the belief that anyone can consistently make the right
>choice on an outbound firewall

Well in this particular area Norton regularly updates its antivirus
definitions but I am not sure if they are also doing the same with the
spywares etc..?
Does anybody have any ideas about this?

Regards

On 10 Jun 2006 13:45:17 -0700, "Roy" <(E-Mail Removed)> wrote in
<(E-Mail Removed). com>:

>Just my brother experienced that his notebook computer was infected
>with a trojan which I suspected to coming from a wifi connection he
>regulary connects.
>
>I reformatted the hard drive and reinstalled the OS and the other
>wares.
>Now...
>I wouldl like to know what is the best defense for such in the future?
>Does the Norton Internet Security offers enough protection for such ?

<http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security>

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Sat, 10 Jun 2006 16:52:20 -0400, William P.N. Smith
<(E-Mail Removed)> wrote in
<(E-Mail Removed)>:

>"Roy" <(E-Mail Removed)> wrote:
>>I wouldl like to know what is the best defense for such in the future?
>
>Turn on a firewall. The WinDoze firewall is probably good enough, as
>long as he's not prone to clicking on stupid things.

Good advice in general, but won't protect you from most trojan
infections, and is no substitute for running good anti-virus and good
anti-spyware.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>