I'm making this because I see so many threads about how someone has fallen vulnerable to malware or spyware.
Honestly, it's a situation which will make you freak out, and I can speak from personal experience, however I'm here to help prevent that from happening with some programs that'll aid you in deciding whether a program is malicious or not and aid in securing your system.
Honestly, it's a situation which will make you freak out, and I can speak from personal experience, however I'm here to help prevent that from happening with some programs that'll aid you in deciding whether a program is malicious or not and aid in securing your system.
A quick tip - If you have been RAT'd and the controller is sending you messages/pop-ups or even playing with your webcam I'd recommend you to turn the wifi on your computer OFF this will break connection with the controller and allow you to scan for the Spyware without being constantly shutdown.
Sandboxie - I can not recommend this program enough.. This program allows you to run a program in a sandbox which will prevent rogue software (Malware, Spyware) from making permanent changes to your system.
Malwarebytes - This program is incredibly good for removing Spyware, the database is updated nearly every day with new programs which are found to contain malware. I have recommended this program to multiple people in the past and it has removed their RAT in the first scan.
VirusTotal - This is a free website in which you can upload files or enter a URL and it will scan for virus's which can be found in either. Although it's not the best way to go around scanning your system, it can be a quick factor to determine if you should run a program or not.
Avast/Norton - Please download one of these. If you're into blackhat shenanigans then there will be programs that'll be picked up but you can add these to your "whitelist" before scanning and then they won't be removed from your system. If you aren't running virus scans constantly then you're just asking to be infected.
Eicar String - This is a text file which every antivirus should pick up no matter how it's compressed or wrapped. This is a quick and simple way to determine if your antivirus is good/up to date.
Comodo Firewall - This program is life, it will tell you when incoming connections are coming or when a program is trying to modify something on your system. This program is honestly the best thing you'll ever download, if you get infected while running this then please just stop using the internet. It may get tiresome at the beginning since you'll be allowing every program to modify your system, but it's worth it.
Strong Passwords - I don't care what it is, just don't make your password "12345" or your first-name. Also, don't use the same password for every single account you use, if one is compromised they'll all be compromised. If you really have doubts, use a password generator and store them somewhere on a piece of paper. If your system is compromised, it won't matter if you have a password vault, it's very likely that the controller will already have everything they need to open your vault.
Update - Always update your software, you'd be surprised at how many programs contain security vulnerabilities and leave you open to attack, developers put out updates for a reason, and if you read the change log you'd also be surprised at how many of these are purely for a security update.
Secunia PSI - This is an amazing program which will close any small little holes that malware can enter through, it basically scans through programs which are out of date and vulnerable and will patch them itself, basically the tool for a lazy man.
WinPatrol - This program will constantly monitor your registry files, telling you which were modified or deleted at what times. This program also allows you to disable auto-run programs when you start up Windows, potentially allowing you to disable malware which you didn't know about.
Phising - Don't be social engineered into clicking something for a website, especially if it's something to do with a video-game, it's very likely that person just wants to gain access to your account. Think before you click, it may just be the difference in losing your account or keeping it.
Website Stores - This goes without saying but a reminder is always useful. NEVER use an online store that doesn't offer a secure and encrypted connection. You're entering data that could be stolen so easily and you'll highly regret it.
Site Advisor - Maybe your "friend" has linked you to something which guarantees you unlimited spins in Runescape, or even a glitch for gold in WoW. Well, this is the internet and they may not be telling the truth. This website is a simple and quick tool which will allow you to type in a website browser and it will scan through for malware, telling you if the website is safe or not.
Fully Undetectable Virus's [FUD] - These are a little tricky to take care of. They're fully undetectable for a reason, your best bet is to do a system restore if you want to take care of the problem quickly, however there are also numerous ways to take care of them. Comodo Firewall and Rkill can be used to prevent them starting up, that's most likely your best bet in taking care of them. However, these will not be detected by your anti-virus so it should always be your best interest to be extremely careful when you've downloaded something suspicious.
Key Scrambler - This is a good counter to FUD key loggers or anything that could've infected your computer. This program encrypts your keystrokes in real time to prevent information theft. This program is also extremely easy to monitor so you'll always know when it's activated.
RKill - RKill is a program made to terminate known malware processes which will then allow your security program to delete them. When RKill runs it will kill malware processes and then removes incorrect executable associations. Basically, this program could save you from a lot of trouble that you could potentially run into.
Public Networks - This goes without saying. Never submit important information over a public network. Some friends of mine have previously set up a public network in a Starbucks or hotel to gain access to important data. Always be careful when using a public network, there's a reason why your computer will ask you if you want data to be sent over a public or private network.
Public Computers - Always surf the web in a private browser, don't leave anything open. Make sure you delete anything such as autocomplete and even download a key scrambler if you need to. You never know what could be on the computer, especially since it could just be a common computer in the library. Always be sure to erase your tracks, the last thing you want is some stranger in a library gaining access to your more confidential information.
Potentially Unwanted Programs (PUP's) - Don't download random programs to your computer from sites you don't know too well. If you're planning to install something blackhat it's likely people are putting up false downloads that are actually malicious files. I won't name any specific programs but just be cautious. Programs used for blackhat purposes will usually be detected as a virus and therefore people think they can mask their own malware as one of these programs.
Firewall Logs - Firewalls will keep track of what traffic they have rebuffed. Sometimes it's good to check these out and see if a certain port is spewing out traffic. This could be a dead giveaway of finding a malicious program on your computer.
Know Your Internet Browser - Always make sure your browser is being updated, browsers such as IE6 are no longer being updated by the developer and are therefore left open for attack. Browsers which are left unsupported are going to be riddled with security flaws. Although this isn't such a problem because hardly anybody uses IE6, always make sure you're updating your browser, something I addressed earlier in this tutorial.
System Restore - People may not think anything of this, they have the mindset that they'll never use it. However, when it comes down to being infected and a restore being needed, they don't have the correct restore point or snapshot. This leaves them with having to completely restore their computer to its factory settings when it could've been avoided by checking everything is up to date and functioning properly.
Command Prompt - This program is easily one of the most helpful things on your computer and can sometimes be the answer instead of an anti-virus. I have written a guide on how to delete basic malware with command prompt below.
Start by pressing the "Windows" Key and "R" key on your keyboard, this should bring up a pop-up window. Type in "CMD" and press enter:
You should now have a window open looking something like this:
Go ahead and type in one of your drives, and example of this would be "dir :c"
Don't hit enter once you've typed this in, continue typing your end switch. A common example of this would be "s -h *. * /s /d" then press the "enter" key.
You should now have a list of everything on your drive. If you see anything suspicious such as "Autorun.inf" and "Autorun.exe" then congratulations you've just found an infected file.
Rename this file now that you've found it, this means when you open it the virus won't be activated. To do this just type "ren auto run.inf auto run.zip"
All you have to do now is just find the infected file which you renamed and delete it and.. Congratulations! You have just removed a malicious file all by yourself.
You should now have a window open looking something like this:
Go ahead and type in one of your drives, and example of this would be "dir :c"
Don't hit enter once you've typed this in, continue typing your end switch. A common example of this would be "s -h *. * /s /d" then press the "enter" key.
You should now have a list of everything on your drive. If you see anything suspicious such as "Autorun.inf" and "Autorun.exe" then congratulations you've just found an infected file.
Rename this file now that you've found it, this means when you open it the virus won't be activated. To do this just type "ren auto run.inf auto run.zip"
All you have to do now is just find the infected file which you renamed and delete it and.. Congratulations! You have just removed a malicious file all by yourself.
The most helpful tip I can give you to making sure your computer is secure is simple: COMMON SENSE! If something sounds too good to be true, it probably is.
If you're doubtful about being infected or you have a program which you can't fix, shoot me a private-message. I'll be happy to assist you however I can, especially if it's removing Spyware or Malware. I will be constantly updating this thread if I remember or find anything else to securing your system.
This is a link to my thread which provides the details on my computer securing service: http://www.forumkorner.com/thread-167381.html
Last Updated: 31/3/14
If you're doubtful about being infected or you have a program which you can't fix, shoot me a private-message. I'll be happy to assist you however I can, especially if it's removing Spyware or Malware. I will be constantly updating this thread if I remember or find anything else to securing your system.
This is a link to my thread which provides the details on my computer securing service: http://www.forumkorner.com/thread-167381.html
Last Updated: 31/3/14
