Updated on: 28th August 2008
Warning: This article is for informational purposes and contains no warranty whether express or implied.
Note: This document may change and updated from time to time depending upon the latest and new information available.
Introduction:
Security is the most important concept in computing. So everyone needs to be secure to make the data and application to avoid loss. The object of this article is to give some awareness to the computer users to protect the data, time and money. If you have any more information relating to this topic, please send to me or add those in a comment.
These are the security setting generally affected by some Viruses/malicious scripts/spywares. Following settings/components are affected:
>> Autorun Settings
>> Command Prompt (cmd)
>> Folder Options (control folders)
>> Registry Editor (regedit)
>> Startup Settings
>> Task manager (taskmgr)
>> Website blocking (e.g. Orkut, Gmail and may be other sites.)
>> Windows Automatic Update
>> Windows Installer
Step-1 (Recommended)
Methods to secure your system
First of all you have to clean the Viruses/malicious programs from your system by using a good AntiVirus/Antispyware/Rootkit cleaner.
Security Risks:
Adware
Backdoor
Botnet
Crimeware
Dialers
Downloader
Hack tools (keygens/cracks/patches)
Joke programs
Keylogger / Keystroke Recorder
Macrovirus
Malbot
Mass Mailer
Pop-ups
Pornware
Remote Access
Riskware
Rootkit
Spyware
Trackware
Trojan horse
Virus
Worm
Note: See the detailed glossary here.
Recommended programs to secure your Computer (recommended by bcdalai).
AntiVirus programs:
Norton Antivirus 2008 or Norton Internet Security 2008
F-Secure Client Security 2008
Note: If you are using any other program then check that the program is up-to-date means, Product license/subscription is valid, the definition and program is up-to-date, it is running with the Windows startup programs and if that program has Firewall then is it ON/OFF, always turns it ON. If that program has no firewall then turns ON the windows firewall from “Control Panel”. It is recommended to use the firewall that comes with that Antivirus software. You must update that program through internet.
Anti-spyware/anti-malware/anti-adware/anti-Rootkit programs:
Spybot Search & Destroy
Spyware Doctor
Webroot Spy Sweeper 5.5
Lavasoft Ad-Aware 2007
Sophos Anti-Rootkit
Microsoft Malicious Software Removal Tool
Windows Defender
Now major antivirus software are comes with some additional protection feature, such as spyware/adware protection, Rootkit detector, Anti-spam etc. There are some products providing all-round protection like Norton 360.
When you are buying any of the security products, check all these feature to sure that these are present in that software.
Step-1
Restore your settings to default system settings
After cleaning the viruses, spywares and other security problem you should check the system settings whether they are affected or not. If the system settings are not restored by the antivirus or the software used to clean the security risks, then you have to do those manually.
1- Autorun Settings: This setting is affected and the symptoms are, when you click a drive (whether fixed/removable) it will not open. It will run a script from a file running “Microsoft Windows Based Script Host” (wscript.exe/wwscript.exe) and Microsoft Console Based Script Host (cscript.exe) and you can’t end these processes from “Task Manager”. If you will right-click that device/drive, then you will see “Autoplay” as the default action instead of “open”.
Step-1: First show hidden and system files and folders from “Folder Options” from control panel. Go to each drive and manual delete the “Autorun.inf” hidden file. Now log off and log on. If the problem is not solved then update the antivirus and scan the system (run complete scan).
Step-2: After scanning the system if the problem is not solved then use group policy to disable the auto run settings.
Go to Start > Run type "gpedit.msc" press Enter.
Expand "Computer Configuration" and navigate to "Administrative Templates\System"
Then open “Turns off Autoplay" option and click the enabled option to disable autoplay on all drives.
2- Command Prompt: Some times Command Prompt is disabled and you cannot open from Start > All Programs > Accessories or by typing cmd from Run box.
You may see this message when trying to open command prompt.
Step-1: Now re-enable the command prompt.
Go to Start > Run type "gpedit.msc" press Enter.
Expand "User Configuration" and navigate to "Administrative Templates\System"
Then open “Prevents access to command prompt" option and click the disabled option to enable access to command prompts.
3- Folder Options: Many viruses and spywares disable folder options and even if the option is not disabled then also you cannot see the hidden files and system files. If the folder option is disabled then you will not see the folder option from the tools menu and from the control panel.
Step-1: Enable “Folder Option- using Group Policy Editor.
1. Go to Start > Run type "gpedit.msc" press Enter.
2. Expand "User Configuration" and navigate to "Administrative Templates\Windows Components\Windows Explorer"Then open “Removes the Folder Options menu item from the Tools menu” option and click the disabled option to enable folder options.
Step-2: To view hidden files and folders: Often you can not see the hidden files even the two options “Show hidden files and folders” turned ON and “Hide protected operating system files (Recommended)” turn OFF. To see all the files even if these options are OK then use the following scripts: Download the files “SecuritySettings.rar”, extract and run the file ”ShowHiddenFiles.bat” & “showhiddenfiles.vbs”. Download the RAR file here.
4- Registry Editor: Registry editor is also disabled by many viruses and spywares. You will saw the message like “Registry editing has been disabled by your administrator”.
Step-1: Enable registry editor using Group Policy Editor.
1. Go to Start > Run type "gpedit.msc" press Enter.
2. Expand "User Configuration" and navigate to "Administrative Templates\System"
3. Then open “Prevent access to registry editing tools” option and click the disabled option to enable this option.
5- Startup Setting: After cleaning viruses and spywares, you have to clean the startup entries. If you don’t know how to delete the startup program then use the tool Ccleaner or use “System Configuration Editor (msconfig)” to delete the unnecessary program at startup. You have to know which program to delete and which not to delete.
6- Task Manager: If the task manager is disabled by any virus and spyware the follow the following steps to enable it.
Step-1: Enable registry editor using Group Policy Editor.
1. Go to Start > Run type "gpedit.msc" press Enter.
2. Expand "User Configuration" and navigate to "Administrative Templates\System\ Ctrl+Alt+Del Options"
3. Then open “Remove Task Manager” option and click the disabled option to enable this option.
7- Website blocking: When a web site is blocked then you have to scan with a good antispyware/antispyware and then reset your internet options to default. To do this go to “Control Panel” then open “Internet Option” go to “Advanced” tab, in the “Reset Internet Explorer Settings” click “Reset” button to reset all settings to default.
8- Windows Automatic Update: If “Windows Automatic Update” setting is disabled then follow these steps.
Step-1: Enable “Windows Automatic Update” using Group Policy Editor.
1. Go to Start > Run type "gpedit.msc" press Enter.
2. Expand "User Configuration" and navigate to "Administrative Templates\Windows Components\Windows Update"
3. Then open “remove access to use all Windows Update features” option and click the disabled option to enable this option.
9- Windows Installer: If you find that Windows explorer is not starting or problems while running installer based programs then do these to restore the default settings for windows installer.
Step-1: Enable “Windows Installer” using Group Policy Editor.
1. Go to Start > Run type "gpedit.msc" press Enter.
2. Expand "Computer Configuration" and navigate to "Administrative Templates\Windows Components\Windows Installer"
3. Then open “Disable Windows Installer” option and click the disabled option to enable this option.
If the “windows installer” service is not running then start the windows installer service. Go to “Control Panel > Administrative Tools > Services” then open “Windows Installer” in the service status area click “Start” button.
When every thing is restore you can use your system safely.
Appendix:
Meaning of Group Policy Editor options:
"Not Configured" means the option is OFF by default.
"Enabled" means the option is ON.
"Disabled" means the option is Off manually.
Download PDF version of this article from the link below:
http://www.box.net/shared/lrz474e58f
Additional References:
http://bcdalai.blogspot.com/2007/11/security-glossary.html
http://bcdalai.blogspot.com/2007/10/005-windows-command-guide-2007.html
http://bcdalai.blogspot.com/2007/10/007-administrative-power-tricks.html
http://bcdalai.blogspot.com/2007/11/010-controlling-ie7-temp-files-and.html
Article By: bcdalai
-----------------------------------------------------------------------------------
1 comment:
This is the most amazing description i've ever seen abt getting rid of this problem. simply superb.
Post a Comment