virus

Stay Fully Protected Without Using An Anti-Virus Program – Part I

August 1, 2010 by Raj Agrawal 2 Comments

This article covers on How To Stay Completely Safe on the web.

From a very long time I wanted to share with you the fact behind our over dependence on anti-virus, anti-malware programs. It is one of the reasons why malware continues to disease the computer world. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.|Wiki|

Everyday hundreds, if not thousands of new malware are created intentionally. Anti-virus programs are constantly upgrading their virus signatures to protect their users from the latest infections. And the average user is convinced that the computer system is now protected with the newly updated anti-virus. They are totally unaware of something called ‘Zero Day viruses’ who exist like space black holes are wandering somewhere invisibly in the cyber space and attack the victim without the victim’s knowledge. A Zero day virus is a previously-unknown computer virus or other malware for which specific anti-virus software signatures are not yet available.|Wiki|

Nowadays there are anti-viruses that are designed and structured to protect the system from zero day attacks too. But, again they come at a price. Not every body prefer spending money on buying anti-virus products.

Now, i am sharing a tutorial to you that will help you keep your system fully protected, including from zero day viruses without any “realtime” anti-virus protection for FREE.
Freeware tools needed:

Sandboxie and,
Malwarebytes (This program “will not” run in your memory and automatically protect the system, but you can use it to scan directories and files for infections)

Points to Remember before we start:

Use this method for experimental purpose. If you are not comfortable implementing it then stop using this method right away and use an anti-virus program to stay safe.
Take responsibility for websites you visit, links you click on and things you download, if you wish to stay safe.
No virus can harm your system unless it is executed and running.
This article has nothing to do with using a firewall. If your computer is connected to any network like the internet itself, then it is 100% important to use a firewall.
Smarter techniques always require some effort for implementation.
Use Malwarebytes freeware as it does not run in the background thus saving your resources and use it to scan new media like USB drives, CDs, DVDs, e.t.c
Skills required to understand and implement this guide: Intermediate to Experienced user.
This tutorial is suitable only for Windows Operating Systems: Windows XP and later.
This tutorial will teach you to set up your computer to “not use anti-virus protection is background” and in such a way that you run applications, whether infected or not, in a safe and fake environment and whenever your end up executing a infected program, you can easily stop and reverse the actions of the program with just closing it.

Benefits of implementing this method:

You won’t have to buy anti-virus, anti-malware programs.
Your computer would be much safer than what you would get with the anti-malware programs.
Your computer will run faster as more RAM will be available without the anti-virus running in the background.

The Tutorial:

Perform a re-installation of windows or if not, you can still continue using the same windows setup, though i recommend a re-installation to stay clean.
Now that your system is ready, install the freeware Malwarebytes program, update the malware definitions and perform a full system scan.

Install Sandboxie. To know how Sandboxie works, click here to read the article on it. Now you can safely run all your programs infected or not infected in this way:

Watch the video demonstration of Sandboxie:

Run any program of your choice inside Sandboxie. Lets consider running an internet browser, since majority of the malware spread through the internet.

Even if you are surfing a malicious website that intends to infect your computer, you can easily ignore each downloaded file from bring copied to your “real system”. As soon as any file is downloaded into the “fake browsing environment” you will be asked for a path to recover the downloaded file, in case that file is important for you. If not important, select ‘Don’t prompt again…’ and close the recovery box. Any file downloaded from this browsing session will be simply deleted from the “fake environment”.

That is all to it!

Primarily, this article has a lot to cover and adding more factors and situations will make this article more lengthy and uncomfortable to read. This article might also be difficult to understand for some. If you have any questions about any part of this article, please drop in a comment. I will be happy to help you.

So, I am wrapping up the Part 1 of this tutorial and will introduce other possibilities and configurations to deal with in the 2nd part soon.

Stay tuned. 🙂

How To Safely Run Infected Files In Windows

October 11, 2009 by Raj Agrawal Leave a Comment

Apart from pirated programs, sometimes even the legitimate programs are reported to be infected by the Anti-viruses. This does not necessarily mean the reported program is really infected. It might be a false positive (False positive is a term to point out a faulty action by anti malware applications that report innocent programs as infected). You must have adequate knowledge and expertise to conclude the reported program as infected or not yourself, which might again not be a correct conclusion 🙂 All this is crazy and can be tolerated to an extent.

But, if you are keen to use the program, whether it is really infected or not, you can safely run it in an isolated environment created with the help of a freeware application called Sandboxie.

To run any program within Sandboxie, follow these step by step visual illustrations:

After running the concerned program with Sandboxie, all the files that will be created by the program will only be stored in an isolated space created by Sandboxie. All the actions taken by the infected program will be locked in that isolated space and hence keeping it’s actions away from your main system. This results in better security. Also, it’s a fact that there exist some malware that Sanboxie can’t take control of, so if you are unable to fool the infected file with Sandboxie, make sure you forget about running it and not let the anti-virus take control instead! 🙂

Sanboxie features:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

https://rajagrawal.com//wp-content/uploads/76617031.jpg

Kicking Out The Autorun Viruses Manually

November 8, 2008 by Raj Agrawal Leave a Comment

It’s not as difficult as it seems

Yesterday, my friend brought a 160GB Portable HD drive to get some good stuff from my HD. I plugged it into the port and what caught my attention was that, in the usual autorun window, there was something very unusual i.e the ‘Open folder to view files’ was mention two times. I ran a quick scan with Avira on the portable drive and “unsurprisingly” it was infected with ‘TR/Crypt.XPACK.Gen’. Again, unsurprisingly, the antivirus failed to disinfect, remove and even quarantine the virus!

A long time ago my OS was infected with a similar Autorun virus and i was forced to find my own way to deal with it and it took me almost 15 minutes to kick it out of my PC, though a short time, it was a real pain in a$$ as the virus was just multiplying!

The way can you deal with such stubborn virus is that if the antivirus fails to fix them, you have to manually remove them so as to avoid the boring procedure of formatting the drives and re-installing the OS.

My solution to deal with Autorun viruses

First of all, NEVER rush toward exploring the portable partitions,
If you find anything suspicious about the portable device, run a through antivirus scan and if still you are not satisfied, unhide all the folders and system files from the toolbar menu and check whether you see any stranger file hidden in the portable drive.
Install the Unlocker app (It helps to stop the active processes from using the drive/folder/file, thus making the drive/folder/file writable)
Right click on the portable drive, click on Unlocker, and kill all the processes using the infected portable drives.
If you are unable to unhide the folders, start the search window and set the options as ‘highlighted’ in the screen shot:

After you’ve selected the correct options, hit the search tab (Remember to set the searcha path to your portable drives).
If infected, you will find some suspicious hidden files like autorun.inf and others that are no supposed to be a part of the drive(beware, do not run the autorun file directly, it’s another way of getting your OS infected). Instead drag the .inf file in the notepad to check it’s contents.
Now, leave the search results window as it is and run the file shredder tool.
Go back to the search results window and drag all the stranger files including the ‘RECYCLER’ and ‘System Volume Information’ folder into the File Shredder window and hit the “Chop it away” button.
This will remove the infection from the portable device and will save your OS from being infected.
If your OS is also infected, follow the same steps but, in the this case the only difference will be that you will be dealing with your local drives (C: D: E: and so on).

Feel free to drop in a comment if you have any questions/suggestions.