Main Area and Open Discussion > General Software Discussion
In search of ... assistance with a tenacious BHO ...
Shades:
I couldn't agree more with the quote above "an ounce of prevention is better than a pound of cure" and apply this wherever I can, including my computing.
Sometimes it can be useful to take a look with the SysInternal tools Process Explorer and Process Monitor to take a look at what is actually happening when an application such as a BHO/virus/malware runs. One can even create and apply specific security rules in Windows itself that essentially block the execution of software. As you are already infected once, there is a good chance you will not be infected twice (with the same virus/malware).
Ok, remaining infected isn't a great strategy, but it does give you the resources of your PC back in almost all cases. I have successfully applied this on several occasions on different computers. Unfortunately, it is a lot of work and there is virus/malware code that can circumvent this. Although you are infected, you do disable the functionality of this code, rendering it (almost) useless.
However, in all cases this made the owner of the computer think they were "invincible" on the web as the method does allow for even more "adventurous" behavior.
Be warned though: this kind of thing does require that you have to know what you are doing, as you can seriously limit the functionality of your PC or even make it completely unusable.
Innuendo:
Yes, AV programs are horrible at this kind of thing. That's why when I asked my question I specifically asked what *security* software you are running.
Barney, regarding software that can detect outbound communications & the like, I suggest you take a look at Agnitum's offerings. Their security suite offers granular controls that you can enable so that you are alerted any time a component is changed/added to a trusted program (like an extension for Firefox) and other things. The 'leak' tests you hear about on the internet are designed to catch this 'piggy-backing' onto trusted programs and Agnitum's products always score highly.
I'd also be curious what version of Windows was infected and what level to which you had UAC set.
barney:
I'd also be curious what version of Windows was infected and what level to which you had UAC set.
-Innuendo (January 05, 2014, 10:40 PM)
--- End quote ---
Sorry, thought (erroneously) that was known. Win7 Ultimate, UAC maxed - inconvenient, but seems to be worth the inconvenience.
Agnitum is not something I've tried (that I recall, anyway) - way too many offerings - but I'll check it out.
Actually, I'm pretty miffed at most of the security software I've experienced. Most are all past tense, in that they work against known malware, but don't provide much protection against anything new. MalwareBytes seems to obviate that condition, at least so far, and a properly configured firewall helps. Right now I'm working with Comodo's product, but I'll change in a heartbeat if something better comes along.
Used to use Norton's products - actually had a few conversations with him on CompuServe - but stopped that when Symantec stepped in and bloated it. Also knew/conversed with Ron McAfee at the same time, but eschewed his product because of his attitude. I'd love to find some equivalent to the old Norton Utilities toolkit, but that seems unlikely.
All told, I'm pretty much a belt-and-suspenders type when it comes to security. My basic security mantra is that you never know how good your security is until it fails and you know that it failed!
tomos:
RE security - removing Java makes PC a lot more secure - but not everyone can do that (I've missed it once or twice in six months since I uninstalled, but it wasnt anything important).
Also a couple of good tips in this thread: CryptoLocker and CryptoPrevent.
May be other tips here Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?.
Both those are more to do with trojans though, I've no idea about BHO's.
joiwind:
There is this, but I know nothing about it !!!
BHO Remover
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version