Need your opinions

[JimH8189]

I'm usually pretty handy at cleaning my machine, actually, I'm in the process of removing W32.Beagle.W@mm as I'm typing this (the infected machine is off the network).  While searching the web I keep finding myself again and again reading post from this forum and to tell ya the truth, you guys rock!

So I'd like your opinions on the setup of my machines that I have running since the advice given here has been excellent to everyone that I've read.

I'm currently running: XP sp3

Windows FireWall - Basic configuration
Symantec Antivirus 10.1.7.000
Symantec Firewall 8.7.4.117
Webroot Spysweeper
I've also modified the IE settings to ask me every time before allowing cookies on my machine.

This has worked pretty well for me for a long time.  I'm comfortable working in the registry and do so on a regular basis and I do a lot of cleaning that way. But, one thing I've learned is that....there's always something better if ya just ask.  So from the considerable knowledge that I've seen here, what can I do to better protect my machines?

Thanks.............Jim

[Pureblood]

I use AVG Free for anti virus.
Also occasionally I run a spy bot search and destroy scan. And an Ad-Aware scan.  

If you think there is something wrong with your computer, you should post a HJT log. (High Jack This) Guestolo will look over it when and if he has time.

[guestolo]

If you would like to post a Hijackthis log, just as a second opinion, that is up to you
I'd be happy to look at it

It looks like your doing a great job with prevention tools
Did you just recently install those security applications?
I'm surprised it got infected with W32.Beagle.W@mm

I like to add a good Host file and a small tool
SpywareBlaster 4.1,
The Host file I use is MVP Host File
No sense explaining it, as the creater does a great job
Take a look HERE

One note however
mentioned on the Editors site:
   

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.

It's important to read thru that information
If you decide to go with MVP Host file
You can manually go to the Authors website, and check for updates
It won't need to update all that often, but take a look every month
Personally, I use a tool>>HostsXpert
to manage my Host file
You can check for to MVP Host updates within it. Download, modify, replace your Host file within it
Only when set to a Writeable state
   
It looks as if you have the next covered
It's also important to only have ONE of each in Active resident mode, more than one may conflict and slowdown the machine
1. An Active, up to date Virus scanner

2. Firewall protection>>If I have a software firewall installed, I usually disable the XP firewall
Most Software firewall will disable the XP one on installation
I haven't found a problem with having it active, but it could cause a  conflict
I suggest that you disable the XP firewall and keep Norton's Active

3. Anti-Spyware protection>>Spysweeper, it should do a great job

Pureblood suggested Ad-aware and Spybot
Those are both optional, all up to you
Take note: Spybot, when installing, will have TeaTimer ticked by default
If you decide to install it, I suggest that you untick the option, as you have SpySweeper for active
protection
In addition, Spybot has a feature that works much like SpywareBlaster protections
It add killbits to the registry, no need to run in the background, as with SpywareBlaster
Just simply check for updates occassionally, and reimmunize
Immunize> It's a great feature, but it will also add a long host file, when installing
I don't have it immunize right away
Since I'm using MVP Host as my custom host file
After updating, I simply click on Immunize, UNTICK Global hosts at the bottom, then click Immunize at the top green cross


Take a look at miekiemoes site with other ideas on How to prevent Malware:
In addition, on her page, it's worth checking out the link at the bottom of the page
Help! My computer is slow! - How to improve system performance after malware removal


Note on SpySweeper: It's not mentioned on Miekiemoes' site
This could be due to the fact that SpySweeper has started to add a Toolbar related to ASK toolbar
If it did install this toolbar, I would opt to uninstall it, the toolbar that is

I hope I haven't confused you  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />
Just some ideas

[JimH8189]

I've used the tools that I've mentioned above for a long time, of  course updating them as newer versions come out.  However, the Worm  that I'm currently infected with is proving to be very stubbern.  It's  the first that haven't been able to remove in a long time.  I've  cleaned the Drive (or thought I did)....twice, rebooted...re-wrote the master boot  record and when I booted back up it was still there.   So.......apparently, I missed somethin.  I'll post a HJT log later  today when I get up.  If I can't clean it, I'm just gonna re-image the  drive.....it's about time anyway.......But i hate to have those scum  suckers get the better of me!

Thanks..........Jim

[guestolo]

But i hate to have those scum suckers get the better of me!

Sounds like your like me
I have an image of a Clean install and updated to SP3 always kicking around
But I have to figure out what the heck is causing the problem, you should see my test box  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' />

If you would like to have a go at tracking down the problem
Please do post a Hijackthis log

Here's instructions just in case:
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

[JimH8189]

I just got home and I'll run the HTL in just a few.  Gotta question for ya.  Are there any tools that you know of that will allow me to create a boot disk or CD like the old Norton Anti virus use to that I can boot into and run a scan on an HPFS drive?

Had to ask.....

Thanks.....Jim

[JimH8189]

Have you guys heard of " winupgro.exe "?  There's not much on the web and this is a seriously smart worm, the more I mess with it the more it's getting pissed off.  It's shut off almost every service and I can't run any apps, they all say their not win32 apps.  I'm re-imaging......don't have the time to play with it.  If you guys have any comments, I'm all ears.  I found a description on Symantec's website: http://www.symantec.com/security_response/...-99&tabid=2,  I checked my machine against what the doc said the worm does and I can't find the worm in any of the locations that's described in it.  

.....Jim

[guestolo]

they all say their not win32 apps

Can you not run Hijackthis and post it's log?

It's your option to reimage, but I can't help you if you don't help me