Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

Security How To

Introduction

I don't get the opportunity to do much virus, spyware or malware fighting here at SmallNetBuilder HQ. There are no kids downloading and "exploring" the Internet, my wife and I seldom (if ever) copy in files from off-network computers and both of us are well-versed in safe Internet practices (and follow them).

But my neighbors and family members are not so fortunate. My holiday-time trips home usually involve a half-day session with one of my sister's computers to make it stop "running slow", although that has ceased to be a regular thing now that all of her kids have moved to places (and computers) of their own.

Her problems usually haven't been bad, however. Removing some adware that came along with Party Poker and a general cleanout of temp and unused applications were enough to get her back to a nicely responsive system.

This weekend, however, one of my neighbors was not so lucky when they got hit with a variant of the Zlob trojan. Fortunately, they didn't complicate the problem and fall prey to Zlob's multiple exhortations to download and install fake malware fix tools that would have further complicated the problem. As it was, Zlob was perfectly capable of installing enough malware on its own.

In the end, I took the safe route of doing a clean reinstall of XP after spending an afternoon making several unsuccessful attempts at removal. But I learned a few things along the way that I thought might be useful to pass along.

Lesson #1: Know Your Anti-Virus Program

The most important thing in preventing a malware, virus or adware infection, besides observing good Internet hygiene, is to know the state of your anti-virus program. If you are running an Internet-connected system without good, automatically-updated anti-virus protection at a minimum, you're not just exposing yourself to risk, but you're also potentially part of the world-wide epidemic of infected computers.

AVG continues to provide its free Anti-Virus edition for "private" use, i.e. individuals, not businesses. So there is no excuse for not having effective anti-virus on every system that you own. Of course, AVG would also appreciate it if you would buy either the Pro or Internet Security versions, which add rootkit and additional protection features.

In my neighbors' case, they had a different anti-virus program installed. But they didn't know that it wasn't providing any protection, because it had expired months ago. The problem was that the program looked like it was running because it was spinning its little logo continuously down in the System Tray. But what my neighbor thought was the program's way of showing that it was working, turned out to be its way of saying it needed attention!

The fault here is shared between the program's designers and my neighbors' complacency and lack of curiousity. The program designers should have provided continuous non-ambiguous indications that the program was not doing its intended job.

With AVG, the tray icon changes to superimpose an international alert symbol on top of its normal icon when it is not running or hasn't been able to perform its daily update (Figure 1). It would be even better, however, if it also provided a pop-up or other obvious indication of what the problem is that is causing the alert.

AVG problem indication

Figure 1: AVG problem indication

But my neighbors are also at fault. Just as you must know what your car's dashboard trouble lights mean (if you want to avoid expensive repairs...or worse!), so must you know the status of your anti-virus. If they had known what their previous anti-virus program was trying to tell them, they would have saved themselves (and me) a lot of time.

Lesson #2: Know When You're Being Scammed

The most important thing in surviving a malware infection is knowing that you have one. Fortunately, zlob isn't shy about announcing itself. But the way it announces its presence can panic unknowledgeable users into doing things that they shouldn't

Zlob changes your desktop wallpaper to display a warning similar to that in Figure 1 and pops up a warning balloon in your Windows System Tray / Notification Area similar to those in Figure 2.

Zlob desktop wallpaper warning

Figure 2: Zlob desktop wallpaper warning
From community.ca.com

The wallpaper change is a good tipoff, since there is no normal Windows behavior that I know of that causes Windows to change your desktop wallpaper and prevents you from changing it back. But the tray popup is much more subtle and easier to fall prey to. Windows frequently uses Tray popups to provide warnings and alerts and allows you to take action by clicking on the alert balloon.

Zlob tray popups

Figure 2: Zlob tray popups
From spynomore.com

Fortunately, the desktop wallpaper change was enough to raise suspicion that something was wrong and caused him to call for help.

More Stuff

Win This!

TP-LINK Archer C9 AC1900 Router

 

You could win a TP-LINK Archer C9 AC1900 Router

Learn How!

Top Performing Routers

AC3200
AC2350
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

Just replaced an e3000 with dd-wrt with an rt-ac68p which I flashed with merlin 378.50. I've had port forwarding configured with the e3000 and working for a long time, so I...
An observation on IPv6 operation. In order to provide some network services to the wider internet it is necessary to put pin holes in the IPv6 firewall such that...
LATEST RELEASE: Update-07 20-January-2015 Merlin fork 374.43_2-07j9527 Download http://1drv.ms/1uChm3J =============================== For those of you not yet ready to update to the latest 376 or 378 releases, I have created an incremental update (fixpack) to 374.43_2....
here's the changelog: ASUS RT-AC68U Firmware version 3.0.0.4.378.4376 Security related - Upgrade OpenSSL library to 1.0.0q - Fixed CVE-201301813 - Fixed the XSS vulnerability on page Main_Analysis_Content.asp AiProtection fixes - Fixed router reboot issue when disabled...
Hello How to install oscam on the Asus RT-N16 (merlin 378.50) ? thanks