Hi,

My desktop is running XP Pro SP3 and has McAfee A/V protection installed:

[Security Center 9.15, Virus Scan 13.15, Personal Firewall 10.15. Anti Spamware 10.15]

CPU Intel x86 PC with 4Gb main memory running on 945HCM-S mother board

BIOS American Megatrends P1.00 08/19/2008

Data Execution Prevention is active [essential Windows & services only].

Browser: IEP vrsn 8.0.6001.

Windows update facility reported that no high priority fixes were needed.

(However Belarc Advisor 8.1b shows that 3 critical & 13 important updates are missing!)

Malwarebytes Anti-Malware detected & removed "Security Shield" rogue Trojan introduced inadvertently by daughter (non administrator access rights) via email message.

How can I ensure that infection cannot recur (for any Trojan)?

Bob

The only way is to update your anti virus and scan for virus regularly. The other measure is to scan the email before accessing them and becarefull of the website you visit.

you need a firewall software.

you need a firewall software.

Thanks for your prompt reply...

I do not believe that a firewall will prevent receipt of virus or trojan messages.

What they will do is to prevent installed malware transmitting unauthorised data via the ports controlled by the firewall.

What I'm aiming to do is to prevent infection rather than detect its presence...

Cheers

Bob

The only way is to update your anti virus and scan for virus regularly. The other measure is to scan the email before accessing them and becarefull of the website you visit.

Thanks for being the first to respond.

The AV software is configured to update automatically, and to scan email messages on arrival.

So I am still perplexed as to how the infection occurred.

I appreciate your interest in the matter.

Bob

There is no way to completely proclued the possibility of infection unless you stop using the internet! All of Microsoft's operating systems are full of security holes, quite a number of which arise from advertizing "holes".

I feel a bit odd to suggest this. Maybe you can install Linux OS and dual boot with Window like what I am doing. Linux for the Internet and stuff. Window for games and entertainment. But you may need some technical skill or some read up on Linux to do it. To what I know so far my Linux have not been infected.

"I do not believe that a firewall will prevent receipt of virus or trojan messages."... Nope. Those you "invite" in, although mostly unintentionally.
"What they will do is to prevent installed malware transmitting unauthorised data"... Well, maybe. A firewall is of little use if it accepts the sending process is one from a white list ie.. the malware has infected a known process and taken it over. A firewall must operate in conjunction with a system monitor and the user. When installing software the user either tells the firewall that the installer is trusted else he monitors every single change an installer makes. When that new application runs he then again either tells the firewall its processes are trusted, else he monitors everything that starts/opens.
Try Comodo... or one other of its ilk. Comodo will either drive you nuts or you will appreciate what it does for you and you will then use it properly and correctly. Safety follows.

There is no way to completely proclued the possibility of infection unless you stop using the internet! All of Microsoft's operating systems are full of security holes, quite a number of which arise from advertizing "holes".

Hi Rik,

Thanks for your contribution.

The strategy I considered was to use a "mature" OS, that had sufficient exposure & time for its vulnerabilities to be identified and fixed via update patches. I appreciate that this is not a perfect approach, but short of developing a miltary type solution this would appear to be the most economic strategy.

At the heart of the problem I suspect is the weakness that allows the Registry to be modified by software instigated by users with non-administrative privileges.

Cheers,

Bob

I always say there is no substitute for sensible surfing. %99.9 of malware is self inflicted by people downloading or clicking on things when they are not sure about it.

A good stratergy would be to expect infection and be ready to deal with it as soon as it is spotted.

The reason that malware exists is that uncroupolous individuals can use it to make money. While this possibility exists, malware will exist unfortunately. A lot of malware is the product of greed!

"I do not believe that a firewall will prevent receipt of virus or trojan messages."... Nope. Those you "invite" in, although mostly unintentionally.
"What they will do is to prevent installed malware transmitting unauthorised data"... Well, maybe. A firewall is of little use if it accepts the sending process is one from a white list ie.. the malware has infected a known process and taken it over. A firewall must operate in conjunction with a system monitor and the user. When installing software the user either tells the firewall that the installer is trusted else he monitors every single change an installer makes. When that new application runs he then again either tells the firewall its processes are trusted, else he monitors everything that starts/opens.
Try Comodo... or one other of its ilk. Comodo will either drive you nuts or you will appreciate what it does for you and you will then use it properly and correctly. Safety follows.

Hi Gerbil,

I think you "hit the nail on the head" when you said "if ... the malware has infected a known process"! The Data Execution Prevention should inhibit the execution of surreptious code to preclude this.

Bob

I always say there is no substitute for sensible surfing. %99.9 of malware is self inflicted by people downloading or clicking on things when they are not sure about it.

A good stratergy would be to expect infection and be ready to deal with it as soon as it is spotted.

The reason that malware exists is that uncroupolous individuals can use it to make money. While this possibility exists, malware will exist unfortunately. A lot of malware is the product of greed!

I must beg to differ with your philosophy...surely "prevention is better than cure" according to the old adage.

Certainly, I agree that a secondary line of defence is prudent in case of new security breaches.

In this case my daughter opened an email from a known respondent, so there is no question of self inflicted infection from accessing dubious websites.

Bob

Prevention is better than cure is my usual philosophy, but, because of the nature of malware and of windows, %100 prevestion is just not possible.

I have spent a couple of years studying malware removal so I know just how persistant malware is. If I could wave a magic wand and kill off all malware I would, but, seeing as I can't, I believe being prepared to be the best line of defence!

Prevention is better than cure is my usual philosophy, but, because of the nature of malware and of windows, %100 prevestion is just not possible.

I have spent a couple of years studying malware removal so I know just how persistant malware is. If I could wave a magic wand and kill off all malware I would, but, seeing as I can't, I believe being prepared to be the best line of defence!

I respect your assessment of the scale of the problem, but a cursory analysis of the incident shows that the Registry entries for the Microsoft\Security Center\AntivrusDisableNotify and FirewallDisableNotify had been subverted preventing notification.

It seems obvious that modification of the secrity related registry entries should be restricted to administrator users whilst offline.

This may possibly be implemented in a later OS e.g. Windows 7: can anyone confirm this?

Cheers

Windows 7 seems just as vunerable as far as I can tell (I use it). One thing that may help you out in the future, once you have your registry the way you want it, click "export" in the regedit menu and it will create a backup of your registry. As long as you can access regedit, you can click "import" to restore it! I have been doing that on customers PC's for a few months and it has saved me some time fixing their malware problems.

"a cursory analysis of the incident shows that the Registry entries for the Microsoft\Security Center\AntivrusDisableNotify and FirewallDisableNotify had been subverted preventing notification." Maybe so, but these are the values that determine whether or not you get a Security Centre icon in the taskbar warning about your firewall or AV service status. I expect my AV or Firewall to manage something more significant of their own as a warning.
"my daughter opened an email from a known respondent, so there is no question of self inflicted infection from accessing dubious websites." Depends, of course, on the value of known as in known respondent... can you possibly know beforehand whether the serving computer is infected? It is mostly always self-infliction, and with little or much to do with foolishness. That is the nature of the internet beast. We accept that risk because of the overall advantages.
And to answer this... "How did trojan bypass my security countermeasures?"... simply because it was designed to do just that. Just like the original wooden horse. Always look a gift horse in the mouth; now who subverted that one?

you absolutely right that firewall first time inform that active any application to access the internet if you unblock then it's work otherwise its block.

try emisoft anti malware.......

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.