[LINK] Question: How do you protect Windows?

Tue Dec 7 11:58:13 EST 2004

I was perusing through my machine's directories last night, being that I 
installed Win2K about a year ago and very little other software other than 
my standard suite of applications, I was surprised to find lots of unusual 
things all over the place.

Yes, most are trojans, key loggers, adpoppers and other nasty 
things.  Strangely other than the few I caught in action at the time they 
installed, the others were all dormant and non functional.

I guess that means my habit of reviewing the registry and regularly 
replacing the registry with my backup from the last "clean install" forced 
many to be non-functional.

I did notice one thing that was very sticky until I really got into the 
registry again - in Internet Explorer Security Settings, under TRUSTED 
SITES there were two really nasty sites:  topconverting.com and 
crazywinnings.com

They took a lot of effort to delete.  Ad-aware deleted them, they just 
reappeared.  I had to manually delete them from the registry.

The reason I was drawn to all of this last night was a few strange things 
in my task manager (I watch it all the time, hence my fast pickup on nasty 
installs.)   My wife has been using my workstation the last two weeks 
whilst I've been sick and although it doesn't appear she's been anywhere 
nasty or strange in her browsing (AFC, GOV.AU and a few others) there were 
new nasties all over the place.  WinAdServ.exe, WinAdClient.exe and many more.

After doing through WINNT, system32 and system directories I accumulated 
over 300 DLL's, EXE's and other strange files that were dated over the last 
two weeks and the occasional one dated earlier in the year.

I also found heaps of weirdly named .dat, .txt and .log files containing 
binary data which I am yet to examine and decrypt.  No doubt I will be very 
surprised.

I'm just wondering what software does anyone on Link use to detect auto 
installers via browser and other applications?

I'm looking for something, preferably shareware, that can run all the time, 
but I'll only run it occasionally.  It's pretty rare I end up with a nasty 
on my machine that I don't know about and being behind three firewalls they 
tend to do very little anyway.  Even if you log my keystrokes, my 
"internal" passwords and my "external" passwords are all different (I have 
over 600 passwords for our local network alone.  I also change them 
regularly and have a changing key system :> The key system is good for 
about 6 or 8 password changes, then I change the key and the passwords.)

Anyway, any pointers would be appreciated.  I'm now going to install Win2K 
on my wifes machine as WinNT4 and her machine have died and constantly 
reboot.  Hmmmm.