This thread tells of a hijacked homepage. How does this happen?
I have Norton Ant-Virus with Live Update. All incoming and outgoing e-mails are checked for viruses. I have Spamblocker on my internet-accessed webmail, and I delete every unrecognized e-mail. Also, legitimate senders must contact me through Spamblocker’s automated process to be added to my authorized sender list. Virus scans are run every week. I’m also running Windows 98, and many of the recent attacks seem to be aimed at XP and 2000.
So I think I’m fairly safe. But I’ve heard that one can be infected just by visiting a website with an embedded virus. True?
Browser hijackers are not viruses. They are usually Java scripts or Active-X programs that get loaded when you visit the site. Some people turn off Java and Active-X, but that will disable those functions on all sites, even the ones that use it productively. The best way to prevent browser hijackers is to use SpywareBlaster, a free program that configures your browser to selectively reject scripts from over 1100 known purveyors of spyware/adware.
On a related topic, I tried to visit a web site once and immediately upon clicking the link, I got a trojan alert. The web site’s owner says there’s nothing wrong with his site. Any ideas?
Most common way you get spyware are rogue Active-X controls; SpywareBlaster will protect you from a lot of them, but the spyware makers keep adding new versions. You can also pick them up when you use P2P programs, which often has spyware as part of the package.
Dragon – Several possibilities:
The Web site owner is lying.
You mistyped the site name and went to a “typo” site (e.g., “htomail.com” for “hotmail.com”) that had the trojan.
The trojan alert had nothing to do with the web page and only happened to occur when you were visiting it.
The website is probably lying, especially if you get an ActiveX security message for anything that isn’t obviously legitimate (such as Shockwave or a Microsoft ActiveX control).
One thing that annoys me about the ActiveX security dialog box is that it has a ‘Always trust content from…’ checkbox but doesn’t have a ‘Never trust content from…’ box. Most Explorer dialogs have ‘Yes to all’ and ‘No to all’, and many security dialogs have ‘Always trust’ and ‘Never trust’. There are many situations where a user should opt never to install content from a certain corporation – Gator/GAIN, for example. Many users have probably accidentally decided to always trust ActiveX controls from spyware companies just to avoid the constant messages asking if they want to install a FREE 10 SECOND DOWNLOAD.
I do not have and never had any antivirus or anti-other-junk programs installed as they seem to give more problems than they are worth and yet I have never been infected. I have java and Active X set to “prompt” and just deny every request except when I very especifically want to see some flash animation which is not often. Simple and works for me.
Glad to hear that approach works for you. Personally, I would rather have my browser set to silently reject unwanted scripts automatically than be bothered with permission prompts every few minutes.
With regard to “anti-other-junk programs … seem to give more problems than they are worth”; I have been running AdAware, Spybot & Spywareblaster for two years, and have never had them cause any problems. To the contrary, they have cleaned up crapware that I wasn’t even aware of. YMMV.
If I ever need to run anything in my computer first I run it by any of the online checkers line PCPitstop or, my preferred one, Panda. You can scan your entire computer and it is free and always up to date. never had an infection. My experience with antivirus software is very bad in that it slows down the computer, creates conflicts and crashes so I prefer my system. YMMV.
This served me as a reminder and I am scanning as we speak.
You know, you can have AV software installed, but turn off the resource-hogging background scanning. This is what I’ve done. The software is there, and I can run a scan whenever I wish, but nothing is loaded until I start it.
How exactly would I get it? And maybe not getting online would be the least of my worries. Not to mention that I have three computers so I have an extra two but even if I had only one, I just don;t see that as a likely scenario. And, as I said, I have not had a single infection in all my years of computing. The best antivirus is free and is between your ears. In my experience people with AV software, not only have more computer problems but also get more infections because they do not follow safe computing as I do. But, again, i’m glad it works for you.
I’ve taken other Dopers advice, and downloaded both Opera and Mozilla Firebird, and both browsers are much better than Internet Explorer. From what I understand, when using one of these other browsers, you can’t get infected with spyware just by visiting web sites.(Of course viruses from downloads are another story.) Why bother with all the other programs for removing spyware or detecting it, when they’re not always up to date on new spyware anyway? Try either one; its the simplest and best solution.
I just ran the Panda and it said it had checked 160,000 files on my computer. 160,000 files!!?? What the friggin’ heck am I keeping? One of these days I’m gonna have to do a cleanup. Everything reported clean BTW.
I often like to check what’s running and I can recognize everything by name so anything new would trigger an investigation. That is also something I recommend because people have loads of unneeded crap running. Every program you install feels it needs to be running something in the background.
I had a panic scare a few months ago when I detected a very suspicious program I did not remember installing and I googled the name and got loads of bad information. Holy Crap! How did that get in there? It turns out I had installed it and forgotten about it and it did exactly what I wanted. It is revelation.exe
