-I used the anti-trojan.net program for the first time, it identified a .jpg as having a trojan backdoor .. I deleted the file .. can't recall the exact name of the trojan it found ..
(do a google search with words "trojan" and "jpg" file and see all the references! here's one that looks like written by a hacker for example (also see symantec + other sites for more):
http://www.megasecurity.org/Info/exe_to_jpg.html )
-the pestpatrol program found a trojan in addition to the (unimportant) ad-cookies it found; agree the antivirus programs should be more inclusive to check for trojans
good idea re reformat/redo the drive if any problems.. the roxio goback program will save various "states" of the pc, eg will save your pc's state in a 4 gig file .. but that doesn't protect against if the .bin file it saves to is somehow corrupted too..
agree getting a lot of pita (pain in the a--) 126k type filesize emails w/virii ..
what's troublesome is all the new virii that disable antivirus programs and firewalls .. would be nice if the software companies who created those, would automatically add crc checking and/or vary the filenames somehow to control for that ..
-remote access terminal / rat trojans with keyloggers are the major concern..
* recommendations for a good hardware firewall? sounds like a good added layer of protection
* Excellent idea easyrider, others re having a pc without much on it..
In fact thanks to you guys, that's what my solution will be, using two pcs:
HARDWARE SOLUTION TO VIRUS/TROJAN PROTECTION:
MAIN "DATA" PC: No websurfing or downloads on it directly, I use this solely for web design, keeping passwords, sensitive data on. Also used for password-sensitive online transactions (online banking, accessing broker software, and getting esignal datafeed, uploading to manage websites etc) ONLY... no other downloading/receiving emails/browsing etc allowed on this one.
High-security terminal with very limited online behaviors allowed.
"TERMINAL" PC: Second pc used for surfing the 'net, downloading files, anything that can conceivably lead to being infected with a virus. This pc has virtually nothing of importance on it besides the browser, lan card for cablemodem access. It will be used to test out software downloads, receive/answer emails, anything that could be risky. Using latest firewalls/antivirus/antitrojan programs, plus add a hardware firewall.
SOFTWARE/DATA TRANSFER PROCESS:
If I find a new piece of software I have to have (reminding myself to limit this, I used to like trying out anything that looked interesting at download.com etc) .. or updates etc, have a quarantine process:
a) download/test it on the first 'terminal pc' first for awhile .. make sure no virii/suspicious behavior starts. Give it a week+.
b) if it looks fine, then burn the original download file to a cdrom and load into the 2nd pc ..
Does that sound ok? What am I overlooking? Any other ideas? May be simpler to have internet and non-internet pcs... or, internet w/risky (receiving emails, downloading s/w), and internet w/o risky behaviors allowed...
Thinking this through .. it's apparent, things like receiving emails should be done on a non-important pc, given the daily virus attacks we all get .. you can count on the hackers to come up with something Before NAV can come up with a patch, and bang that's it.. infected. So, this seems like a prudent course of action..
Any other ideas? I think this parallel "terminal pc" and "data pc" idea, probably good, though a pain to keep up two pcs, at least if a bug zaps the terminal pc, no biggie... and this one, hmm another idea .. will be a kiosk-type reverted pc using roxio, so it resets the pc's "state" daily automatically at end of each day.. store data on cd-roms ..
thx guys.. good feedback.. let's get some continuing teamwork on this, I'll update too w/what I'm finding .. let's post, keep it active .. it's a common threat we can all agree is important to deal with ..
ken
