Hi Eric, Tomas and all
It is only a few days since Eric concluded one of my topic threads in the Barca section (Empty Barca Folders) by giving me advice on general security. I wonder if we might start a 'Security' section on here that we can all contribute to and benefit from?
If this is of interest, I can start the ball rolling with reference to this very useful webpage I have come across, which has good advice on security layering - the topic that Eric raised with me:
http://www.dslreports.com/faq/8463
The issues Eric helped me sort out in relation to Barca 2.8 all began after I received a Trojan attack via a website I innocently opened in my browser. This was a "FakeAlert" Trojan. Not long before that I had been attacked by the dreaded "Virtumonde" Trojan. Last night, I experienced another such attack!! This time from the Win32 /Rootkit.agent.ODG Trojan - a very nasty item indeed.
I was surfing (using the latest version of Firefox) on the subject of email synchronisation (an old chestnut for Poco/Barca/MITG users!) and a site I clicked on was infected and things went wild immediately!
The Trojan disabled my ESET Smart Security (one of the best AV & firewall options around, which I had just upgraded to the latest version), took over the computers memory, and overrode all my anti-malware .exe files (including the wonderful Malware Bytes and the long respected Spybot S&D) so I couldn't go on the counter attack.
A very nasty experience, having just thoroughly cleaned the PC after my last problem, moved from XP sp2 to sp3 and installed all the latest Windows updates and security fixes, and downloaded the latest versions of my ESET, Browser and security software as mentioned above.
Fingers crossed, I have now got the latest Trojan killed off, but it has taken me 24 hours and I had to take the day off work to find a solution and go through all the procedures needed! I got rid of the Trojan by using a serious bit of software called "CombiFix" (see www. bleepingcomputer. com / combifix / how-to-use .. etc), plus Malware bytes, and HijackThis.
By searching help forums I found some of the 'bad' registry entries associated with this Trojan and I used HJT to 'fix' the one I could see in my registry.
The next problem was how to get the CombiFix .exe file dowloaded to my Desptop (you have to save it there with a changed name, or the Trojan 'sees' it and stops you)? I phoned a mate who works in IT. He downloaded it to his Desktop with the fake name "Notmalware" and used remote viewing of my PC to deposit it on my Desktop. Fortunately, I managed to open and run it from there, and CombiFix creates a 'restore point' before it does its work. You have to leave it completely alone to move through over 50 stages of analysis, deletions, resettings etc.
Once the Trojan was disabled and my various .exe files could be activated, I did a full scan with Malware Bytes and it presented me with a large number of the Trojan's infections for zapping.
All seems OK now, but I'm left feeling shaken and very disturbed that these Trojans have become so capable of disarming our well regarded security defences! I spoke with ESET and they said some of these Trojans revise themselves several times a day and keep attacking, so it is quite a challenge for AV companies to keep up with them, let alone get ahead and into a 'prevention' position.
I first switched to Firefox because everyone said Microsoft's Internet Explorer was vulnerable. I'm now going to start my learning curve on how to shore up Firefox's defences.
What's that "Sandboxie" thing you were trying to tell me about Eric?! It's more than a 'walk on the beach' I hope ... ('8)')