Tutorial Blog – Online Free Tutorial Free online Tutorial blog

How do I Combat the Dangerous Threats to My Computer and My Data?

Just think, malware (malicious code) has been around for almost 25 years already. Every year, millions of people and businesses lose substantial sums of money in terms of lost and, many times, irrecoverable data. To top it all, some viruses hog system resources and Internet connections making it impossible to work or play. And this does not include the frustration and anger at not being able to pinpoint the source of the problem.

This article explains what you should do to protect yourself against viruses, worms, Trojans, spyware and other forms of malware.

Fighting Viruses, Worms and Trojans
One of the very first steps to protecting your PC is to make sure that the operating system (OS) is updated. This is critical as OS manufacturers such as Microsoft Windows update security features of their products continuously to cover any potential and actual loopholes.

For a full explanation of viruses, Trojans and worms and the damage that may be done to your system read Malware: Wading through the Jargon.

Secondly you should have an updated anti-virus software running on your system. Make sure to choose one of the better ones on the market today - a few dollars wont break you but a virus will. Make sure that the anti-virus software is updated frequently (sometimes even daily if needs be) with fixes to the actual engine and to the database files that contain the latest cures against new viruses, worms and Trojans. The anti-virus software must have the ability of scanning email and files as they are downloaded from the Internet to help prevent malware reaching your system.

Many users are using a third component for their home and/or computer system security - processlibrary.com. This website is a free resource library containing a comprehensive description of over 3000 that may be running on your computer. Searching for the processes is similar to using a search engine - type in the process name and processlibrary.com returns the full description including information on security threat levels if any and ways on removing the malicious code.

You should also consider installing firewall software. A good system prevents unauthorised use and access to your computer from external sources (e.g. hackers or hijackers) plus giving you additional protection against the more common Trojans and worms. A firewall on its own will not get rid of the virus problem but when used in conjunction with your OS updates, anti-virus software and processlibrary.com information, it will give you deeper system security and protection.

Fighting Spyware, Adware and Other Forms of Malware
In some cases, it is not that easy to realise that spyware and related forms of malware are installed on your system. For a full explanation of spyware, adware, related forms of malware and the damage that may be done to your system read What are Spyware, Adware, Keyloggers, Diallers and Root Kits?.

In other cases, you will almost immediately notice changes to your web browser that you didn't make. These changes include toolbars that you didn't want installed, different homepage settings or changes to your security settings and favourites list.

Other signs of spyware include advert pop-ups which are not related to the website being viewed at the time. Many such adverts usually relate to pornography or emoticons or performance/security optimizers and are not displayed as they are usually shown on legitimate adverts. Adverts may also appear when you are not surfing the web. Spyware is not only annoying but it slows your system performance, causes start-up time to increase, hogs your Internet connection and on occasion will lead to system crashes.

You should install an anti-spyware software package. There are some good ones on the market and many experts go as far as suggesting installing two or three since any single package may not be powerful enough to find all the entries and changes to your registry and other files made by spyware. Such malware is installed like any other application on your system thus leaving traces of itself on the registry files of and other places with your system. Anti-spyware works by looking for these traces and deleting them.

Also beware of what you download from the Internet. Make sure that the sources that you download stuff from are know to you - and even here you have to pay extreme attention. For example, not all companies who claim their software contains adware are really offering adware only! There's always the possibility that there is spyware disguised in the program. Make sure that you read privacy policies and licence agreements. Also firewalls should help you greatly in the fight against spyware and malware.

Another source that helps you combat spyware is processlibrary.com. As stated earlier, this free site contains valuable information and suggestions on what to do if your system is infected.

Source:  http://www.liutilities.com/news/articles/article12

Top 5 Common Security Threats

In the previous one (Lsass.exe, cidaemon.exe: Invisible Threats or Legitimate Processes?) I looked at the ten most common processes that are searched on processlibrary.com. With over 300,000 individual searches per day, I am pretty sure that this reflects the situation of most users world wide.

This article looks at the top 5 most common security threats searched by the same users on our site. I think you are in for a few surprises!

• BACKWEB.EXE:
  Process Name: Backweb Adware
  backWeb.exe is an adware by Backweb Technologies which offers news and entertainment services in exchange for personal usage information regarding the PC being sent back to BackWeb's servers for analysis. Many high range computer manufactorers have entered into an agreement with backweb to install this product by default on work-stations in exchange for other services from the backweb application. This program is a registered security risk and should be removed immediately. Security Threat Rating is 2.
• MSBB.EXE:
  Process Name: 180Solutions Web3000 Spyware Application
  msbb.exe is an advertising program by 180 Solutions. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately.
  Security Threat Rating is 2.
  
• SCVHOST.EXE:
  Process Name: W32/Agobot-S virus. scvhost.exe is a process which is registered as the W32/Agobot-S virus. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
  Security Threat Rating is 4.
• GMT.EXE:
  Process Name: Gator Spyware Component.
  gmt.exe is an advertising program by Gator. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately.
  Security Threat Rating is 2.
• RUNDLL.EXE:
  Process Name: usually this relates to Microsoft's RunDLL
  rundll.exe is a Windows System process belonging to the Windows 95, 98 and ME range of Microsoft Windows products. This is an important system process and should not be terminated. HOWEVER, rundll.exe can also be the LOXOSCAM and Backdoor.SchoolBus.B trojans depending on Operating System and file path; this is always a virus on Windows XP and 2000 operating systems however. Both are a backdoor Trojan that allow hackers to gain access to the computer. These program is a registered security risk and should be removed immediately. If found on your system make sure that you have downloaded the latest update for your antivirus application. Please consult the file path to distinguish between this and the system process.

Source:  http://www.liutilities.com/news/articles/article10

Lsass.exe, cidaemon,exe: Invisible Threats or Legitimate Processes?

Since we launched this section on our website we have received a good number of emails asking us which, in our experience are the ten most common processes running on computers. I've taken the liberty to answer you all through this article.

While you are reading this article, your computer is most definitely running lsass.exe, several instances of svchost.exe, and alg.exe. Are these invisible threats or legitimate processes? They're legitimate all right but, in some instances, there are serious security breaches that disguise themselves as legitimate processes. Well, here goes our top ten - you'll find the full descriptions on processlibrary.com:

• LSASS.EXE:
  Process Name: Local Security Authority Service
  Process Description: lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. Again, lsass.exe also relates to the Windang.worm, irc.ratsou.b, Webus.B, MyDoom.L, Randex.AR, Nimos.worm which spread via floppy disk drives, mass-mailing and peer-to-peer sharing.
• ALG.EXE:
  Process Name: Application Layer Gateway Service
  Process Description: alg.exe is a part of the Microsoft Windows operating system. It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall. This program is important for the stable and secure running of your computer and should not be terminated
• SVCHOST.EXE:
  Process Name: Microsoft Service Host Process
  Process Description: svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. It should be noted that svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To determine whether the process is legitimate or not, review file path and make sure it is not in your system folder. If it is it is ok, if not then this is a registered security risk and should be removed immediately.
• CSRSS.EXE:
  Process Name: Microsoft Client/Server Runtime Server Subsystem
  Process Description: csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem. This process manages most graphical commands in Windows. This program is important for the stable and secure running of your computer and should not be terminated. csrss.exe is also process which is registered as the W32.Netsky.AB@mm worm, the W32.Webus Trojan, Win32.Ladex.a and more. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it's hostile attachment. The worm has it's own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
• SMSS.EXE:
  Process Name: Session Manager Subsystem
  Process Description: smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager SubSystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated. Note: smss.exe is also a process which is registered as the Win32.Ladex.a Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
• SCVHOST.EXE
  Process Name: W32/Agobot-S virus
  Process Description: scvhost.exe is a process which is registered as the W32/Agobot-S virus. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
• WDFMGR.EXE:
  Process Name: Windows Driver Foundation Manager
  Process Description: wdfmgr.exe is part of Microsoft Windows media player 10 and above. This process decreases compatibility problems whilst the product is in use. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.
• CTFMON.EXE:
  Process Name: Alternative User Input Services
  Process Description: ctfmon.exe is a part of the Microsoft Office suite. It activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.
• SERVICES.EXE:
  Process Name: Windows Service Controller
  Process Description: services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of services during the computers boot-up and the stopping of servicse during shut-down. This program is important for the stable and secure running of your computer and should not be terminated. Note: services.exe is also a process which is registered as the W32.Randex.R (stored in %systemroot%\system32\ directory) and Sober.P (stored in %systemroot%\Connection Wizard\Status\ directory) Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
• SPOOLSV.EXE:
  Process Name: Microsoft Printer Spooler Service
  Process Description: spoolsv.exe is a Microsoft Windows system executable which handles the printing process to your local printers. Note: spoolsv.exe is also a process which is registered as the Backdoor.Ciadoor.B Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.

Source:  http://www.liutilities.com/news/articles/article9

Do You Really Know What’s Running on Your PC?

Question: Is there a sure-fire method to prevent security threats that have been missed out by anti-virus, anti-spyware products or firewall?

In this article I will answer this critical question by sharing a recent experience with you. I will also give you the sure-fire method to prevent grave security threats that have been missed out by your anti-virus, your anti-spyware or firewall software.

I am not saying that you should do away with these crucial components of your security: just that sometimes malicious code (malware) may be insidious enough to trick all or one of these components and reside itself on your system. And, it becomes almost impossible to remove.

To top it all, the rate of development and proliferation of malware is always greater than the rate of updates of your anti-virus and anti-spyware (usually on a weekly basis). You just don't know what is brewing on the Internet. Your firewall and antispyware/virus software isn't always enough.

When you suspect that your computer is running slower than usual, you should immediately see what processes are running on your computer. As suggested in last month's article (Maximising PC Security with WinTasks and Processlibrary.com), your first instinct is to call up Windows Task Manager.

Despite the short-comings of this in-built Windows utility, you may still use Windows Task Manager to identify the name of the processes. The next step should be to look up these processes on processlibrary.com (read also Information is King: What are Process Libraries).

A few weeks ago, I remember battling with my computer's CPU and MEM Usage resting at 100% all the time. Running any application was a nightmare - I just felt like kicking my notebook out of the window (and that's only four floors up!). I downloaded and run the latest Trend Micro anti-virus and Adaware anti-spyware programs.

My PC was infected and I managed to clear most of the stuff I had contracted through the Internet. However, my computer was still as slow as ever. I said it just can't be - do you have to upgrade my memory? The computer was just fine a couple of days ago. Wasssup?!!

I noticed about 30 processes running while my computer was officially not running any applications whatsoever. I logged on to processlibrary.com and started searching them one by one (for the ten most common processes running on your computer read "Lsass.exe, cidaemon.exe: Invisible Threats or Legitimate Processes?").

One by one the processes seemed legitimate enough until I found MSAA.exe. MSAA.EXE is registered as the Dldr.WinSh.AC.02 downloader. This process came bundled with a virus and its main role is to do nothing other than download other viruses to your computer. Great! To make matters worse googling "MSAA.EXE" returned only results from process library sites and none from anti-virus sites.

Does this mean that anti-virus software does not completely remove this component of a virus? My case seems like it. This has made me wonder what is really happening and how safe I would be with my anti-virus alone. To be sure, if I didn't know about processlibrary.com, I would have surely reinstalled my system.

I will keep my anti-virus and other security software I have installed in my system because process library only gives you information on which you have to act. However, I need that information to have a sure-fire method of securing my system before it is too late - do you?