NOT OFF TOPIC! - W32.BeagleM Virus

Grazie wrote on 6/14/2004, 9:07 AM

Well Guys 'n Gals, Grazie had this nasty virus on a G: .. . It re-infected C: to the point where the registry was screwed . . NOW I've got a Virus protector on the MONSTA! and being very very careful . . . MONSTA! squeeky clean . . NIS and NAV doing their thing!

Hello Sony!

All the best . ..

Grazie

Back to post

Comments

craftech wrote on 6/17/2004, 6:47 PM

OK Grazie. The following is a compromise between High Security and Functionality:

1. Open IE and go to Tools/Internet Options. Clear History, Delete Cookies, Delete Files (temp) including Offline content. Under Settings View Objects and get rid of Active X Components (unless you need Shockwave or the like)
Leave only about 9MB for Temporary Internet Files
2. Click Security and Click on Internet and choose Custom Level.
First two regarding authenticode - enable
Both signed and unsigned Download Active X Controls - disable
Initialize and Script Unsafe Active X Controls - disable
Run Active X Controls and plugins - Disable
Script Active X Controls marked safe - disable
File Downloads - enable
Font Download - enable
Java permissions - high safety
Access data across domains - disable
Allow meta refresh - enable
Display mized content - prompt
Dont prompt for client certificate - disable
Drag and Drop Copy and paste - enable
Installation of Desktop items - Prompt
Launch programs in IFrame - Prompt
Navigate sub-frames - Prompt
Software channel permissions - Medium safety
Submit nonencrypted form data - enable
Userdata persistence - enable
Active scripting - enable
paste operations via script - Prompt
Script Java Applets - Prompt
User Authentication - Automatic only in Intranet Zone
3. Click Local Intranet - Custom Level
authenticode - first two - enable
Download signed and unsigned Active X Controls - First one - Prompt. Second one - disable
Initialize and Script Active X not marked safe - disable
Run Active X and Plugins - enable
Script Active X marked safe - enable
Download files and fonts - both enable
Java permissions - Medium safety
Access across domains - Prompt
Meta Refresh - enable
mixed content - prompt
don't prompt for client certificate - enable
Drag Drop etc - enable
Installation desktop items - Prompt
IFrame - Prompt
sub frames across domains - enable
software channel permissions - medium safety
non-encrypted form data - enableUserdata persistence - enable
paste via script - enable
script java applets - enable
logon - automatic in intranet zone
4. Trusted Sites - Choose LOW
Click on sites and put in the URL (such as Windows Update)
5. Restricted Sites - Choose High
Click on sites and put in the URLs if you have any Restricted sites
6. Click on Privacy tab and check Override Cookie Handling
Click on Advanced and choose Accept for First Party Cookies and Block for Third Party Cookies. Then Click on Edit and put in URLs for sites you want to Block or Allow cookies from. Unfortunately some sites such as Yahoo won't allow you in unless you Allow cookies for the site. In other words they are actively encouraging spam and worse. If you use Yahoo mail, put the Yahoo address in here and click ALLOW. After you are done using Yahoo Clear the cookies before you continue browsing.

Get in the following habit:
After an internet session close your browser, then click on Control Panel and Internet Options. Clear History and Temporary Internet Files and Cookies.
Then go to Start - Find - Files or Folders and type in Temp. Clear all temp files before exiting. The only one that you can't delete is the single Zone Alarm file in current use. If you have other ones they really shouldn't be there and NONE should be hidden files. Make sure that in your Folder under View you have "Show all files" checked

John

Grazie wrote on 6/17/2004, 10:37 PM

John - that is a staggering piece of work - THANK YOU!

I do have to ask though .. how on Earth was I to know this? What I'm meaning would the "average" pc/internet bloke know this? Who has the insight and knowledge to keep . . .well me. . safe? I would never have known all this without you! . . . I'm amazed and somewhat overawed.

What is now clear to me is that it is people like me who understand enough to get on the Internet, thus allowing potential "problems" to escalate - ie worms and viruses creeping all over the NET in general - and making a nuisance of the Internet community, WHO DO KNOW how to keep things in pristine-ish condition.

Back to the actuals: I've noticed that my OE has picked up ActiveX as a non compliant or rather not allowed programme, and I'm assuming presently blocks it .. I'm loathe to speak any further for the simple reason that I wouldn't want any "fiendish" individual to start annoying me, John? See why I wanted to contact you OFF-Fourm?

But in any event, the steps and stages to assisting are quite comprehensive . .. The Close down procedure is new to me .. You do this every time you kleave surfing? WOW .. I'm impressed . ..

Grazie

craftech wrote on 6/18/2004, 3:58 AM

You're welcome Grazie. Yes, that's how I close each session. In terms of Office Express and the scripting attacks and prevention you can probably have most of your questions answered here.
It also explains the downloads and service packs you should have installed. I would still recommend a different e-mail client with a limited mailing list and an internet based e-mail for ordering, etc
The vendors "share" your e-mail addresses as do sites such as Yahoo, etc. Companies like Microsoft could do more in terms of security, but anything that impacts their monopolistic way of conducting business they won't do. True protection includes spam protection. Neither Microsoft nor the US government wants that because it hurts big business. In Europe they adopted "Opt In" whereby you have to ask to be spammed. The US opposed it here and instead adopted "Opt out" where YOU are responsible for telling whomever that you don't want to be spammed. Why? Because it hurts business spam and this present government would never do anything to interrupt that. That leaves Europeans vulnerable as well through no fault of their own. But that, as evidenced by our general attitude toward the rest of the world, doesn't seem to matter much.
So , to shorten this story, you need an e-mail account to act as a spam hole. That would be a Yahoo or Hotmail account. They have spam filters which block some of it up to a limit. Since they themselves generate much of the spam they purport to block through "sharing" and mandatory cookies their spam filters are kind of hypocritical. However, you can always change your account when it gets overloaded with spam and hacker attempts. Just delete cookies and temp files after you close a session in your internet based account. If you just got finished at the Vegas forums and want to go back you will have to log in again.
With the settings I gave you, you will get a lot of warnings about pages possibly not displaying properly because you have disabled active x components, but I don't notice it being a real problem. To me it is worth the peace of mind.

John