Results 1 to 14 of 14
  1. #1
    Joined
    Feb 2004
    Location
    Music City, TN
    Age
    64
    Posts
    361

    Secure This Box!

    Ok guys...I've tried my best with this and now I need your help. Here's the story....

    My friend has an HP desktop which connects to Bellsouth DSL for an ISP. He has 8 kids, yes 8, ranging from 3 yrs. to 17 yrs. old. He came to me about 6 months ago with a computer that wouldn't do anything but display pop-ups and reboot. Someone had told him his HDD was bad.

    I opened the box and found 3+ years of dust and pet hair in everything. Cleaned all the fans and heatsinks and stopped the rebooting. I also found so many viruses, worms, and trojans that I decided to do a HDD reformat and re-load his OS. I also loaded Systemworks 2003, Spybot S&D, Ad-Aware SE, and Zone Alarm. When I took his box back to him it worked like a charm.

    3 months later he calls reporting he can't connect to the internet to check his mail and pop-ups are rampant. I go to his house and find all kinds of stuff has been downloaded onto his computer by the kids. I run Ad Aware and it find 250+ items which I remove. I also go thru Add/Remove and take out a bunch of programs that no one claims to have DLed. All the while I am admonishing the kids to not click on everything that flashes or beeps or looks "cool". By the time I leave things are working normally but I'm uneasy because I just know there is stuff I couldn't find.

    Now a month later, the computer has locked up again. I don't want to go thru this endless cycle with this computer. I've tried to provide these folks with what protection I can for free....even donated the Systemworks software.

    The only thing I can think of that might help would be a router between the cable modem and the computer. Would that stop most of this stuff???? (Obviously, it won't stop the kids from inviting the baddies in). Help me get out of this nightmare!!!!

    CoachB

    DFI Ultra II-M2, AM2 x2 5200+

  2. #2
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,104

    Re: Secure This Box!

    The router would help. So would keeping the on-access part of the AV program on. Something different to try might be to make the account everyone uses a limited account. Make sure any account with administrator permissions has a password, maybe one that only you know.

  3. #3
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Secure This Box!

    Welcome to your worst nightmare

    As you've correctly identified, even with a fair amount of measures in place, if the kids are inviting the stuff in, then there's not much you can do to stop it.

    Unfortunately, using restricted accounts doesn't really help as it's all too easy for a virus to obtain escalated priviledges to install itself But of course that's a good place to start. Password protect the admin account and set up restricted user accounts for ALL users forcing them to log on with a username and password, including Dad.

    First up, I'd get a router with a true Stateful Packet Inspection (SPI) firewall. Next up, get a decent real time AV package (like Kaspersky) and keep it running constantly. Obviously make sure Windows is fully patched all the time.

    Read the Sticky thread in this forum - particularly the post on Prevention. Show Dad how to regularly (once per week) run Windows update, full virus scan, Ad-Aware, Spybot etc. Install SpywareBlaster - it's supposedly good at preventing some of this stuff in the first place. Also set up a hosts file and update it regularly. It's as much about educating the user as any measures you can put in place

    You'll still get stuff that will get through, but if you can stay on top of it on a weekly basis, you stand half a chance of breaking this re-occurring nightmare cycle every month.

    Ned

  4. #4
    Joined
    Feb 2004
    Location
    Music City, TN
    Age
    64
    Posts
    361

    Re: Secure This Box!

    Ned and Senor,

    Thanks for your replies and suggestions. Reformatted the HDD last night and went thru the Protection steps you suggested. I like the HOSTS file thing..hadn't run across that before.
    Loaded AVG, Spybot, and AD-Aware. Set up limited accounts for all the kids. Passworded the admin account. Disabled un-necessary, risky services. We are looking for an inexpensive router to add to the system.

    Only took me about 3 1/2 hours to get them up and running again, including downloading AVG and stuff. Ohh...added a third stick of Ram to the box to speed things up a bit, they now have 768 MB.

    Spybot caught a program called "BackWeb???". I think I've read that is something HP uses to monitor users of their systems. Is that something that needs to be removed???? Does it open up a vulnerability???

    Again, thanks for your help. I'll keep you posted!

    CoachB

    DFI Ultra II-M2, AM2 x2 5200+

  5. #5
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Secure This Box!

    Quote Originally Posted by CoachB
    Spybot caught a program called "BackWeb???". I think I've read that is something HP uses to monitor users of their systems. Is that something that needs to be removed???? Does it open up a vulnerability???
    Yes, you have to be a little careful with Backweb (and Backweb lite). Some software companies use it for legitimate purposes - for example, F-Secure use it as part of their notification and updates procedure. Equally, it can be used for malicious purposes. So ideally you need to identify which program installed it and is using it. If it's an application you trust then it's safe to set Spybot to ignore it, otherwise get rid of it.

    Ned

  6. #6
    Joined
    Jul 2004
    Location
    Texan
    Age
    48
    Posts
    1,419

    Re: Secure This Box!

    You can get all the drivers now for HP systems, so I would suggest doing so and putting them on CD. Then, see if you can wipe your drive and, before re-installing Windows, see if you can kill the harddrive partition with backweb on it. (Unless you actually use it, which it doesn't sound like you do.) There's a way to do it, but I don't remember right off-hand. I used to use pre-built systems until I got edjucateded.

  7. #7
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Secure This Box!

    Spybot S&D! will detect and remove BackWeb. Like I said abve though, some programs do use it legitimately, so you realy need to find out what's using it. A browse through the registry should tell you

    Ned

  8. #8
    Joined
    Feb 2004
    Location
    Music City, TN
    Age
    64
    Posts
    361

    Re: Secure This Box!

    Thanks for the continuing suggestions!
    It's been 6 days since I re-formatted and re-loaded. No complaints so far. Spybot S&D did catch Backweb and I think I had it remove it. As far as I know, it is not needed for anything currently on the box.
    The more holes I can plug, the better!

    CoachB

    DFI Ultra II-M2, AM2 x2 5200+

  9. #9
    Joined
    Nov 2002
    Location
    TN
    Posts
    771

    Re: Secure This Box!

    I'd format it, reload it, give him a bootable ghost restore cd(s) and let him restore it after his kids screw it up.

    BM
    www.milbrathnet.net

  10. #10
    Joined
    Jul 2003
    Location
    Minnesota
    Age
    55
    Posts
    662

    Re: Secure This Box!

    Quote Originally Posted by Ned Slider
    Welcome to your worst nightmare
    You got that right!

    Setting up a nice system for the computer illiterate is nice, but do yourself and them a favor by saving your work. As Milbrath said, Ghost is your key to avoiding those emergency tech support housecalls. I build comps for friends and family, and no matter what the budget, a secondary hard drive for storing data and Ghost images is part of the cost, period. When they hose the system drive, they can just pop a floppy into the drive, couple of clicks, and they're back up and running in 15 minutes, and you go fishing.

    The pcper guide to backups:

    http://forums.pcper.com/showthread.php?t=325010

    Here's a guide to using Ghost, and moving system folders to an alternate location to avoid losing personal data when restoring a Ghost image. (Email folders, My Documents, etc.)

    http://ghost.radified.com/

    Using Ghost or not, you should move these folders off of C: as described under the paragraph: Effects of Image Restoration

    http://ghost.radified.com/ghost_1a.htm

    Hope this helps!

  11. #11
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Secure This Box!

    ^^ nice post Regent. I'm a huge fan of Ghost - probably the best $30 you'll ever spend on a piece of software

    Ned

  12. #12
    Joined
    Jul 2003
    Location
    Minnesota
    Age
    55
    Posts
    662

    Re: Secure This Box!

    Thanks, Ned!

  13. #13
    Joined
    Feb 2004
    Location
    Music City, TN
    Age
    64
    Posts
    361

    Re: Secure This Box!

    Ned and Regent,

    More Thanks!

    You both put your finger on the problem....my friend has very little computer savvy! The HP restore disk creates one usable partition with no option to do anything else. It functions much like a Ghost image of the factory machine setup including XP Home. I thought about a ghost image on CDs but, honestly, I doubt my friend could successfully manage that. A second HDD would be nice but using it appropriately would, again, require more understanding on their part.

    I talked with the Dad yesterday and he reports all is working well. I'm sure we are not totally immunized but the things you had me put in place seem to be warding off the baddies. Good thing is I'm learning a lot about protecting systems....just wish it weren't necessary.

    CoachB

    DFI Ultra II-M2, AM2 x2 5200+

  14. #14
    Joined
    Nov 2004
    Posts
    70

    Re: Secure This Box!

    I had a similar problem with my parents computer. I got rid of internet explorer and put Firefox on instead. Thurned off pop-ups, disabled all that Java crap. I get far fewer calls from them now. IE is just too vulnerable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •