How did I get a virus???

[alfaniner]

Norton in the last couple days has found two "keylogger" viruses on my computer. I haven't downloaded any suspicious programs or done anything out of the ordinary. I have been to a few web sites that I had not visited before. Can you get a virus just by looking at a web page?

Should I be concerned about a keylogger virus? I may have logged into my bank during the time it was there. I have ZoneAlarm and AdAware but got no alerts from them.

 

[Earthborn]

Can you get a virus just by looking at a web page?

Yes, especially if you use Internet Explorer.

Should I be concerned about a keylogger virus?

Yes, very much so: it records all everything you type in and possibly sends out over to someone else, or if there is someone else who uses your computer, it may store everything you type into a file for that person to spy on you. Everything you type including passwords and everything.

I may have logged into my bank during the time it was there.

If your bank gives you access with a self-chosen password, I suggest you change it NOW! And keep an eye on any suspicious transactions.

 

[Angus McPresley]

I highly recommend installing SiteAdvisor, which plugs into your browser and tells you if the site you're visiting is notorious for any malicious behavior.

 

[CFLarsen]

If your bank gives you access with a self-chosen password, I suggest you change it NOW!

...using another computer, of course...

 

[kevin]

personally, i'd do a ground up rebuild if it's found that many keyloggers. You really can't trust anything on your computer at this point. and installing Opera or Firefox would be the first thing I'd do after the rebuild. And changing online passwords would be the second.

 

[MetalPig]

Norton in the last couple days has found two "keylogger" viruses on my computer.
[...]
I have ZoneAlarm and AdAware but got no alerts from them.

I would expect alerts from Norton rather than ZoneAlarm or AdAware.

I use McAfee for virus detection, and that does give me alerts when I open sites with potentially harmful scripts.

 

[alfaniner]

personally, i'd do a ground up rebuild if it's found that many keyloggers. You really can't trust anything on your computer at this point. and installing Opera or Firefox would be the first thing I'd do after the rebuild. And changing online passwords would be the second.

I use Firefox mostly for web surfing, only going to IE for those pages that need it, like Amazon. I did change passwords after clearing the virus, but just did it again from another computer. So, while stuff may be logged somewhere, shouldn't ZoneAlarm tell me if something is trying to send something out?

I'm not sure about the "scripting" settings in IE options. Any recommendations? I usually set them to Prompt, unless they come up a lot.

 

[Mongrel]

I use Firefox mostly for web surfing, only going to IE for those pages that need it, like Amazon.

I've used Firefox for a couple of years and never had any problems between it and Amazon.com or co.uk, my bank was a bit slow on the uptake but now I have no problems there either. It's probably worth re checking your bookmark list

 

[alfaniner]

Oops, not Amazon, but Netflix and YouTube for sure.

 

[kevin]

So, while stuff may be logged somewhere, shouldn't ZoneAlarm tell me if something is trying to send something out?

Unless Zone Alarm has been compromised. it's one of the more well-known security products so you may be infected with something that can know zone alarm out. For most viruses I wouldn't worry, for a keylogger I'd get real paranoid.

 

[kevin]

Oops, not Amazon, but Netflix and YouTube for sure.

i've never had problems with YouTube and FireFox, or YouTube and Camino on a Mac. I've never posted anything but viewing seems to work fine.

 

[Starthinker]

Does anyone else use your computer? Could anyone else use your computer without you knowing? Maybe your mom put a program on there to see where you've been.

 

[lofgoernost]

Were they two separate keyloggers, or did Norton just not fully clean the first one?

You may want to try submitting a HijackThis log at tomcoyote or geekstogo or a similar forum. They've helped me clear off remnants of spyware before, but I haven't consulted them on anything as dangerous as a keylogger.
The wait can be a hassle. Once it was a week before I received a response. But the last couple of times I used tomcoyote I was helped within an hour of posting the problem.

It may be insightful to google the name of the keylogger and see how others may have successfully (or unsuccessfully) dealt with it.

 

[MortFurd]

So, while stuff may be logged somewhere, shouldn't ZoneAlarm tell me if something is trying to send something out?

Don't bet on Zone Alarm getting everything. All the keylogger has to do is get an allowed program (IE) to do its communications chores for it and ZA won't notice a thing.

Personal firewalls aren't all they're cracked up to be.
h t t p : / / w w w . xatrix.org/article.php?s=815

You'll have to take the extra spaces out of that address to get it to work. I'm not allowed to post URLs yet.

 

[jimlintott]

Don't bet on Zone Alarm getting everything. All the keylogger has to do is get an allowed program (IE) to do its communications chores for it and ZA won't notice a thing.

Personal firewalls aren't all they're cracked up to be.
h t t p : / / w w w . xatrix.org/article.php?s=815

You'll have to take the extra spaces out of that address to get it to work. I'm not allowed to post URLs yet.

I can.

http://www.xatrix.org/article.php?s=815


Everyday I find my security strategy of doing nothing important from a Windows box, ever, to make sense. I simply refuse to do any financial business on the web on a Windows box. Might be a bit knee jerk, but.

 

[MortFurd]

Everyday I find my security strategy of doing nothing important from a Windows box, ever, to make sense. I simply refuse to do any financial business on the web on a Windows box. Might be a bit knee jerk, but.

Nah. I don't do any online banking under Windows, either. And when I do, I do it using a dedicated program and a really good encryption system. The way this system works, I can be sure that my program is talking to the bank, and the bank can be sure that I am really who I claim to be.

Look up GnuCash and HBCI (I'm in Germany.)

 

[opqdan]

Oops, not Amazon, but Netflix and YouTube for sure.

Oops, not Amazon, but Netflix and YouTube for sure.

That is odd as both NetFlix and YouTube work fine in Firefox for me. Actually, they also work fine in Opera and Konqueror. Might you be using an out of date version? (although it would need to be majorly out of date, I can't remember it ever not working for NetFlix).

It's probably been over a year now since I have come across a page that would not load improperly in Firefox. Sure, there is an occational gaff with positioning of elements, and sometimes (rarely), a page may not look as beautifull as intended, but I don't know of any sites that won't work in Firefox.

Also, as long as you are using Windows, you are open to the possibility that a virus could exploit a security vulnerability in the operating system and get into you computer without any help from you. I see that you are already using ZA, and virus software, so that it good. Make sure to keep your definitions up to date.

Have you thought of switching to Linux or another operating system? It isn't a perfect solution, but the system is designed from the ground up with security in mind (separate userspace from the rest of the system, user permissions etc). Plus, nobody really writes viruses that work in Linux.

 

[MortFurd]

Have you thought of switching to Linux or another operating system? It isn't a perfect solution, but the system is designed from the ground up with security in mind (separate userspace from the rest of the system, user permissions etc). Plus, nobody really writes viruses that work in Linux.

You know what's farking sad? Windows NT, Windows 2000, and Windows XP all have user and file permissions and a separate user space and damned near NOBODY makes effective use of them to protect theier PCs.

XP Home completely hides the entire concept from the user. You have to boot into safe mode to get at the files permisions tab or install a third party addon to get the blinking security tab to show up on the file properties.

A good many programs won't run properly if you restrict the user access. The only way for the average user to make them work right is to log in using an account with admin rights, and the whole concept of security goes right out the window with it. Games are especially bad about this, but there are many other programs that just expect to be allowed to write to the system areas.

The thing about a Unix type systems (which Linux is) is that the programmers usually regard user and file permissions as a good thing and work with them. They design their programs responsibly to use only the minimum level of access. The only time any program should need to write to a system s are is when installing, removing, or changing global settings. These are things that only the system administrator should do. After installing, programs don't expect to be allowed out their box, so they behave themselves and restrict their actions to areas where they are allowed access. Since they are also aware of the permissions problems, they are also usually much better about telling the user what is wrong when the user tries to do soemthing for which he doesn't have access.

I've got two PCs at home. Both run Linux for doing any kind of real work, and one dual boots XP Home so the kids can play games - and XP has the network disabled so that it can't access the internet. No computer viruses in this house.

 

[Hellbound]

It isn't a perfect solution, but the system is designed from the ground up with security in mind (separate userspace from the rest of the system, user permissions etc).

Just a small correction...can be designed. THere are hundreds of Linix distributions, and some are more secure than others, depending on the focus and intent. THe variability of Linix is one if it's best features.

Also, Linix has the advantage of being based on UNIX, which is a very mature operating system. They've had a lot of time to refine processes and work out the security bugs. The lack of viruses for Linix, though, I wouldn't rely on that for security. It's an advantage now, but with the proliferation of Linix in business environments I feel it's going to be a target before long. Probably never as much as Windows, but I expect we'll start seeing more attempts at Linix-based viruses (as well as OSX viruses on the Mac side).

Windows, as MF has stated, has a lot of these security features that would be great, but software developers don't write for them. They're still writing for Windows 9x type boxes. And this is generally because home users (not all, but a majority) claim they care about securoty but don't want to take the steps to learn about things to do, reconfigure basic systems/software, or the inconvenience of (for example) having to do a "Run As" command to install a bit of software or hardware.

Windows can be a secure OS, if properly configured. I've run a 24-hour Internet-connected Windows box for over two years now with no infections, and it really doesn't take a lot to keep it clean. But most people don't know how to protect it or don't want to take the time.

 

[RayG]

Windows can be a secure OS, if properly configured. I've run a 24-hour Internet-connected Windows box for over two years now with no infections, and it really doesn't take a lot to keep it clean. But most people don't know how to protect it or don't want to take the time.

I'm in a similar situation with four systems connected 24/7, and I've got 8 kids accessing the systems, though they don't like my Linux box as much. The other three systems are running WinXP and I've yet to have a problem with viruses/trojans/worms/spyware/adware.

How do you keep your system secure?

RayG