Prelim MAL-Breach Question(s)...

WIN~7 Home Premium SP 1

WIN~7 Firewall

MS Security Essentials (AV & AS)

Asus Eee PC (64-Bit)

Out of necessity, I've been having to access PUBLIC Networks lately, though also using the "Public" setting in the Network-Sharing Center. However, I "think" this (please see screenshot) came-about as a result...

Not found in a Quick Scan by MMSE, but was found in the Full Scan.

I quarantined it, but pretty certain I should STRENGTHEN my Firewall to screen my OUT-bound transmissions (shouldn't I?) which Windows does "NOT" do by default (for some reason that I just simply do not understand) . . .

I'm trying to be calm, and "not" tie-up Chasling, Kestral or anyone in the Malware Forum ... I KNOW they are often swamped, and I think I can handle this on my own.

Thanks in advance,
g . . .

 

RealVNC is a pretty standard Remote Access tool, have you used/received any form of remote support recently Glenn?

 

Thanks...now I think I know what it could be!

I did do a quick internet "chat" with a sales consultant, reference the purchase of a product online - that could be it, yes?

 

Yes, that certainly fits the bill did you allow anything like an ActiveX installer to run during the chat?

FYI: many A/V's will flag all RAT's as potential riskware/trojans, if you have one installed that you regularly use, add it to the A/V exclusion list.

 

Thanks again MUCH!

I did not "allow" anything (was not prompted by the system or browser - alternating between Chrome and Firefox - both updated) ... so I believe. as you have indicated, this seems rather benign.

I am "not" a tech-guy (I tell myself this CONSTANTLY so as not to get too "smart"), so I have to do my best, and attempt to play-it-safe - before, and at times after, the fact(s).

Blessings to you!

 

Hmm, I find it strange that you didn't get any kind of prompt to allow or run that software; also, if MSE were running at the time and judging by the output from it's scan, it should have flagged it up while it was in memory.

 

Just seeing your last post here...

Yeah, there always and forever seem to be GAPS (GAPING HOLES?!?) in my "security", try though I may to cover them.

I have pushed a time or two here for some sort of a bit more pro-active, and/or more PRE-emptive type of "Security" sub-forum, to no avail.

It's been explained a time or two to me (to us), but I still feel more could be done. Somewhere . . . somehow. Yes, I "could" take a class - if I were not on a "fixed", disability income . . .

PS~~~ And no ... no "Flag" and no prompt.

I think if I had been in Firefox I would have been warned by No-Script (or something?), but Chrome, though fast/quick to load, is just not as tight (not as secure by default, it seems). I am just now seeing that my Chrome "Extensions/Add-ons" (which normally I only add security types) have all somehow mysteriously "disappeared". And I'm pretty sure I was in Chrome during the chat . . .

 

There are a number of ways that you can increase the security passively, depending on your needs and circumstances:
Externally:
Use a filtered DNS, I use OpenDNS with a free account that allows me to choose types of sites to block, these include sites known to be involved in foisting malware. If you are not on a fixed IP, you'll need to run their OpenDNS Updater tool (so not 100% passive).
Ensure that your router is set up correctly. This is a big variable but if you have a common type of router, someone will know how to best set it.
Internally:
SpywareBlaster, the passive protection (Immunize and SDHelper) from SpyBot (not the Teatimer), even Peerblock (easy to enable/disable on the fly but updating on start can be a pain if you're in a rush) with a few good lists if there might be any surfing around unusual sites.

There are other similar options that won't increase the load on your computer, but any of them can cause unexpected denial of access to sites you thought were safe - OpenDNS currently still blocks CNET because they were recently bundling toolbar-type installs with clean software - and could make connection troubleshooting difficult. Get used to running with one or two of them before adding a new one, learn how to config. them.


I'n not a great lover, or user, of Chrome, I prefer to have easy access to security settings, plugins etc. It even comes with it's own Flash and PDF reader - it's like a parallel to MSE, you know it's there because you're using it, but you never feel happy that it's always doing what it should in the background.


Sticking with browsers, whenever I start a browser, I check and turn off all the Java, PDF, codec plugins, only using Flash and Google Earth plugins for my daily use, if I need to use say, Java to check my 'net speed, I enable it and refresh the test page, once completed, I turn it off again. These 'auto activated' plugins are about the biggest route for malware ingress, if you don't need them, disable them.

There's a lot to learn, little steps, ok?

Or boot from a Live Linux distro

 

WOW! Hah . . . LOTS of great stuff in this post, with "little steps" the main key for me - THANK YOU as always ...

Have "had" OpenDNS, at least on my Desktop (not sure but I "suppose" it's still active there?), and "had been" using Comodo's version of the same (which is "built-in", or, "available" in their Free Firewall), on this Mobile-Netbook, however ...

I have since reverted to WIN7 Firewall on the Netbook, so I uninstalled all of Comodo.

I think I REALLY need to learn more about what these type (OpenDNS) programs/systems actually "do" - and how, exactly, to check my machines to see that they are: 1.) actually "there", and; 2.) "doing what they are supposed to do".

Good News - I have been a BIG supporter (devotee!) of JavaCool's SpywareBlaster since probably 2005/2006? `07 for certain.

Thanks again . . . the "little steps" I "well understand" - now...these days. I think I'll begin reading-up on; 'bootinng from a Live Linux distro' (and the whole "DNS/Open"/etc. thAng ... ;- ]

 

Here's what ccleaner picked-up ... appears to be my culprit in this case, eh?

 

Hmm, not sure, if those entries are ActiveX, I don't think it ties with you using Chrome.