Windows Security Tips
It's no fun to go into the Windows Task Manager (Ctrl-Alt-Delete) and discover that a bunch of mysterious processes are running on your PC. You may ask yourself how much of this stuff you actually want running. Or more seriously, if anything running on your machine is doing harm.
Even if you run a firewall, use up-to-date antivirus and anti-spyware scanners, and maintain strict download discipline, you can still end up with the latest and meanest infectious agents in your PC. Antivirus and other security tools need frequent and detailed updates to work effectively; they can't block a piece of malware that they haven't seen before.
Safety First
First, and most important, remember this is your PC's operating system you're dealing with, so don't leap into your system files, deleting things willy-nilly as soon as you suspect trouble. If you blow it, you may render Windows unbootable.
Second, cover your behind at every step. System Restore (in
Windows XP and Me) can safely return you to the point just before you crashed. Click Start, Programs (All Programs in XP), Accessories, System Tools, System Restore, select "Create a restore point," and step through the wizard. Make a new restore point before each change.
You may also need to make your system files visible. Open Explorer or any folder window, and click Tools, Folder Options, View. Click "Show hidden files and folders," and make sure that both "Hide extensions for known file types" and "Hide protected operating system files (Recommended)" are unchecked. Click Yes if you see any Windows warnings. (More on warnings later.) Run your up-to-date antivirus and anti-spyware apps. Delete a file only if you strongly believe it's part of a malware infestation.
Find Out What's Running
Now you're ready to determine what programs and services are currently running on your PC. Windows' Task Manager can't authenticate each of your running apps, so download and install a copy of the free Process Explorer from Sysinternals. Process Explorer is the sumo wrestler of Task Manager replacements: It may not look pretty, but it's dependable and very effective. And it does its job for free.
With Process Explorer, you can select any process and see the dynamic link libraries that the program uses. DLLs are executable functions or data used by Windows programs--including malware. You can also find out the hard-drive location of every running program.
Any processes running from the Temp folder should raise a red flag. Spyware tends to install itself in and run from such out-of-the-way nooks as the Temp folder. Likewise, if a running process points to a DLL in the Temp folder, be wary. The only occasion when something should be running from the Temp folder is when you are installing an application that uses an installer program such as InstallShield. In addition to Explorer.exe, Windows XP users will likely find other processes running, including smss.exe, winlogon.exe, services.exe, alg.exe, and lsass.exe. All of these are critical Windows files. Don't delete any of them.
Identify Mystery Processes
You likely have several other Windows program files running in addition to these OS files, including ones for applications and services running in the background, and drivers for your hardware. These files normally start up when Windows does. Examine the Description, Company Name, and Command Line information for each process. You should be able to identify most of the programs associated with processes as software you installed or that was preinstalled on your PC.
Follow these steps to identify all of your running services and background apps. The tricky part comes when something you find doesn't identify itself and doesn't seem to serve a purpose. That's when it's time to look to the Internet for answers.
If I suspect a DLL might be bogus, the first place I check is Microsoft's DLL Help Database, which lets me search for information about a DLL by name. If I suspect a file may be connected to spyware, I'll dig around in Computer Associates' Spyware Information Center. Another great resource is the Pest Encyclopedia at the PestPatrol Center for Pest Research, which provides information about more than 27,000 forms of malware.
If I can't tell whether a file is legitimate, I check the Task List Programs pages at AnswersThatWork.com for info about legitimate software as well as spyware and viruses. Tools such as WinPatrol and Uniblue's WinTasks 5 Professional offer insight into whether a program or DLL is malware. Both offer an online database containing information about thousands of DLLs and apps you might encounter, though WinTasks also can "blacklist" specific processes so that they can't run again.
If you hunt for malware on a regular basis, Neuber Software's Security Task Manager lets you evaluate every executable, driver, or DLL, whether or not it's running.
You can't always trust the first few results when you research an unknown file on the Web. Even if a hundred small sites post data about a suspected piece of malware, one page on a Microsoft site that explains the legitimate use of the file can trump those analyses. The more you find out about a file before you search online, the less likely it is that you'll kill a legitimate program or DLL.
source: http://news.yahoo.com/s/ttpcworld/122619;_ylt=AkmmkaODGODK7U_DoB__zvYjtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
Even if you run a firewall, use up-to-date antivirus and anti-spyware scanners, and maintain strict download discipline, you can still end up with the latest and meanest infectious agents in your PC. Antivirus and other security tools need frequent and detailed updates to work effectively; they can't block a piece of malware that they haven't seen before.
Safety First
First, and most important, remember this is your PC's operating system you're dealing with, so don't leap into your system files, deleting things willy-nilly as soon as you suspect trouble. If you blow it, you may render Windows unbootable.
Second, cover your behind at every step. System Restore (in
Windows XP and Me) can safely return you to the point just before you crashed. Click Start, Programs (All Programs in XP), Accessories, System Tools, System Restore, select "Create a restore point," and step through the wizard. Make a new restore point before each change.
You may also need to make your system files visible. Open Explorer or any folder window, and click Tools, Folder Options, View. Click "Show hidden files and folders," and make sure that both "Hide extensions for known file types" and "Hide protected operating system files (Recommended)" are unchecked. Click Yes if you see any Windows warnings. (More on warnings later.) Run your up-to-date antivirus and anti-spyware apps. Delete a file only if you strongly believe it's part of a malware infestation.
Find Out What's Running
Now you're ready to determine what programs and services are currently running on your PC. Windows' Task Manager can't authenticate each of your running apps, so download and install a copy of the free Process Explorer from Sysinternals. Process Explorer is the sumo wrestler of Task Manager replacements: It may not look pretty, but it's dependable and very effective. And it does its job for free.
With Process Explorer, you can select any process and see the dynamic link libraries that the program uses. DLLs are executable functions or data used by Windows programs--including malware. You can also find out the hard-drive location of every running program.
Any processes running from the Temp folder should raise a red flag. Spyware tends to install itself in and run from such out-of-the-way nooks as the Temp folder. Likewise, if a running process points to a DLL in the Temp folder, be wary. The only occasion when something should be running from the Temp folder is when you are installing an application that uses an installer program such as InstallShield. In addition to Explorer.exe, Windows XP users will likely find other processes running, including smss.exe, winlogon.exe, services.exe, alg.exe, and lsass.exe. All of these are critical Windows files. Don't delete any of them.
Identify Mystery Processes
You likely have several other Windows program files running in addition to these OS files, including ones for applications and services running in the background, and drivers for your hardware. These files normally start up when Windows does. Examine the Description, Company Name, and Command Line information for each process. You should be able to identify most of the programs associated with processes as software you installed or that was preinstalled on your PC.
Follow these steps to identify all of your running services and background apps. The tricky part comes when something you find doesn't identify itself and doesn't seem to serve a purpose. That's when it's time to look to the Internet for answers.
If I suspect a DLL might be bogus, the first place I check is Microsoft's DLL Help Database, which lets me search for information about a DLL by name. If I suspect a file may be connected to spyware, I'll dig around in Computer Associates' Spyware Information Center. Another great resource is the Pest Encyclopedia at the PestPatrol Center for Pest Research, which provides information about more than 27,000 forms of malware.
If I can't tell whether a file is legitimate, I check the Task List Programs pages at AnswersThatWork.com for info about legitimate software as well as spyware and viruses. Tools such as WinPatrol and Uniblue's WinTasks 5 Professional offer insight into whether a program or DLL is malware. Both offer an online database containing information about thousands of DLLs and apps you might encounter, though WinTasks also can "blacklist" specific processes so that they can't run again.
If you hunt for malware on a regular basis, Neuber Software's Security Task Manager lets you evaluate every executable, driver, or DLL, whether or not it's running.
You can't always trust the first few results when you research an unknown file on the Web. Even if a hundred small sites post data about a suspected piece of malware, one page on a Microsoft site that explains the legitimate use of the file can trump those analyses. The more you find out about a file before you search online, the less likely it is that you'll kill a legitimate program or DLL.
source: http://news.yahoo.com/s/ttpcworld/122619;_ylt=AkmmkaODGODK7U_DoB__zvYjtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
Google for Related Stuff:
posted by sikandar at 11:15 AM
3 Comments:
Hi blogger:)
I had a tough time to find some information related on this matter... for my school purposes. Websites do not offer as much information as blogs. My opinion. Thank You.
Regards,
remove adware
Thanks for a marvelous read! I often wonder about these things when I start to get back into
it. Where do you think the desire comes from? Doesn't it seem like a natural human thing to
want something like that?
Jojo
cd rw backup software
I'm the sort of guy who loves to taste radical things. Presently I'm manufacturing my hold photovoltaic panels. I'm doing it all alone without the assistance of my men. I am utilizing the internet as the only way to acheive that. I stumbled upon a truly brilliant website which explains how to make photovoltaic panels and so on. The place explains all the steps needed for solar panel construction.
I am not sure bout how precise the data given there is. If some guys over here who had xp with these works can have a see and give your feedback in the page it would be grand and I would really appreciate it, cauze I truly like [URL=http://solar-panel-construction.com]solar panel construction[/URL].
Thanks for reading this. You guys are the best.
Post a Comment
<< Home