Password Attacks?

Printer-friendly version

Author: 

Blog About: 

Taxonomy upgrade extras: 

It used to be that my internet passwords were simple, something easy to remember. After being victimised by unknown people in the last couple of years, I now have a book where I record my passwords, but in the last few days, something seems to be happening with several of my accounts. It is almost as if someone has gotten into some of my accounts and destroyed their password files, because accounts like Facebook, and several others, my passwords have stopped working.

In the last few days, my Desktop has had some sort of OS problem and will now only boot in safe mode. I'm gonna just leave it down for a while as I need all the money I can get to make a trip to visit friends.

It just seems like there is a lot of trouble in my computer world right now and I am wondering if any of you have had the same problems?

Gwendolyn

Comments

Sounds like...

you could have a keylogger trojan on your PC, but could just be a bad or dirty keyboard too.

Boot problems could be: Boot sector virus, Hard drive going bad, bad memory & just Windows ( if Windows ) going bad and needs to be re-installed. I usually have to do a fresh install every 2-3 years on my PC, just to clean stuff up.

I think there is a way to do a mem-check to scan/test your PC's memory. I think it is in the Windows 'R'epair Console.

chkdsk.exe is what you can run to scan the Hard Drive for physical problems. You have to boot into MSDOS mode for it to work though, or the Repair Console.

eset.com ( Nod32 ) is what I recommend for AV. It's not as bloated and resource intensive as Norton.

Everyone knows about email viruses and to not click on strange or even emails from friends, but the biggest attack/infection method is via your browser. You goto Google, do a search and click on a link, it takes you to a site with a Java program that runs on your PC and infects your PC, often without you even knowing it. I recommend FireFox with the NoScript addon. NoScript stops the scripts until you give them permission to run. Of course, that hasn't stopped my wife from giving that site permission to run everything just so she can see some cute kitten video. Then, I have to spend an hour or even a few days fixing her PC. *sigh*

You might be amazed at how many scripts a single website has that it tries to run. cnn.com has 11+ other site/scripts it tries to run and sometimes even trusted sites can accidentally host a malicious script.

One other thing to do is open the case and carefully vacuum it out. Dust bunnies love to form blankets around parts that don't like getting hot and that can cause problems too.

-- Sleethr

You may have/had a password

You may have/had a password capture virus on your machine.

As for passwords, you're better off making your password very easy to remember - but long - than trying to use the standard 'at least 8 characters, mixed numbers and letters, with one capital and one non-alphanumeric character'.

'mybrotherjohnisreallyheavy' is better than N7$3dwE9y

It has to do with relative levels of entropy. Unfortunately, financial institutions don't seem to understand mathematics :)


I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.

malware bytes

try this program, they it always works for me, they even have a link on the forums with the program as a random name so that if it is programmed to stop the program from running it wont catch the file and you can still run malware bytes
free btw

hugs :)
Michelle SidheElf Amaianna

malware bytes

there forums are also a nice community where you can get detailed help if you need it.

hugs :)
Michelle SidheElf Amaianna

All good advice

All good advice above. I'll add a couple bits:

- While Nod32 is indeed excellent, even lack of money is no problem nowadays: there are some fine freeware antivirus available. Avast, AVG, Avira, Panda Cloud, even Microsoft's are all worth looking at.

- I also endorse Malwarebytes Antimalware. It's a fine malware detector and cleaner. Well, it can't remove some of the most deeply-dug pieces of crap, but in most cases it can at least tell you that they are there.

- For keeping passwords, instead of a notebook (which, I admit, does have its points -- main one being that it's *offline*), I use the free KeePass password safe. Alternately, many people swear by Roboform. (I went with KeePass because I could make it work in all the platforms I needed -- one of the benefits of open source...). There's also LastPass, which is an online service with add-ons for major browsers. It seems to be fine, but I am an old fogey and hesitate to trust something as important as passwords do a "cloud" service...

Those password managers will keep your passwords in a strongly encrypted file (or server, in the case of LastPass), copy those to your browser using special measures to make life hard for keyloggers (well, at least KeePass does; I don't know the others that well), and even help you generate hard-to-guess passwords.

To throw in some more

To throw in some more information, MalwareBytes is a decent program, but I've only had moderate sucess in cleaning viruses with it.

In general, I end up with a mix of 'by hand', Kaspersky's TDDSKiller (rootkit/boot sector cleaner), ComboFix, (from BleepingComputers), rkill, and a couple of others.

The Antivirus program isn't run until _after_ the virus is removed. Until that point, it usually cannot be installed, let alone do any good.

Experience with AV? ESet hasn't set off any bull hockey alerts, but McAfee and Symantec/Norton are horrible programs. They want to be everything to everyone. My attitude is that I want a program that scans files when they are opened or put on the hard drive. Period. I don't need the a/v to try to interface and scan my email (if it's a virus, it'll get spotted when I try to open it. Why scan three times?), I don't want the antivirus to try to scan every web site at which I'm considering looking, and I certainly don't need 'toolbars' to make my 'browsing experience' better. So I put Microsoft Security Essentials on, and consider it mostly a placebo for the customer.

I've also found that most antivirus programs, if not ALL antivirus programs, are worthless for catching the viruses. By the time they're updated, the web site that was infected has already been shut down, and they've put a new one up somewhere else, with a new version of the virus. You're better of with the following.

1) Don't use Internet Explorer for regular browsing. Use Firefox, Chrome, or Opera. (Or Safari, if you are an Apple fan)

2) Don't use Adobe Acrobat Reader. Use FoxIt or any number of other readers. They're smaller, lighter, faster, and don't have the same security holes as Acrobat Reader, the biggest 'target' in the industry. If you _must_ use Adobe, turn off viewing PDF files in the browser. This is where an enormous amount of viruses come in - even the java infecting viruses often come in through it. (I can tell by watching the order of programs loaded when the virus hits, while I'm cleaning it off)

3) If you _must_ browse porn, warez, Facebook, or other risky behaviours, consider either having a second computer for that purpose, or at least setting up a 'guest' user with almost no rights other than being able to open the web browser. Or running a different OS.

4) Download CCleaner (Crap Cleaner) from Piriform, and become familiar with the startup options on your machine. Turn off anything you don't need to have running (your computer will boot faster, as well). Knowing what is supposed to be there will help you identify the things that shouldn't be if you get infected.

5) Go to the Java options in your control panel, and make sure that the Java cache is reduced down to 100 megabytes or less. By default, it tries to be _gigabytes_ in size.


I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.

Let's not forget...

Andrea Lena's picture

LeMerWare, which converts any invasive virus into a .wav file of the Greatest Hits of Claude Debussey. GorramViruskiller, which converts any virus into a .jpg file of Malcolm Reynolds deftly avoiding any serious romantic commitment with a certain gorgeous Companion! 請再來一杯五加皮?・请再来一杯五加皮?, and MaldeMer Ware, which enables the used to ride out the virus without getting seasick. Also available for a limited time only: DroogieWare, which turns all malevolent programs into friendly files suitable for surfing at Milk Bars with Malcolm McDowell (comes complete with a three CD set of Beethoven's 9th Symphony).

  

To be alive is to be vulnerable. Madeleine L'Engle
Love, Andrea Lena

actually bib...

I use a combination of Avira for antivirus (it's kind of annoying at times, but that's the price to pay for a truly active anti-virus - I sometimes get multiple definitions updates per day.), Spybot S&D for one type of active anti-malware, SpywareBlaster for a second type, and let MS's retarded "Windows Defender" stay enabled because otherwise Windows cries.

I use Firefox as my primary browser, but, that's mainly for the penultimate in-browser protection: Adblock Plus loaded with every subscription known to man.

On top of all that, I'm painfully aware of my machine at all times, and the minute it starts acting the least bit funny, I start rooting around.

Further, I'm protected with Windows Firewall and a hardware firewall at my router using Linux, and another at my modem running whatever proprietary software Arris puts on their modems.

I can trawl the deepest cesspits on the web and never catch a virus. I've actually had reason to on occasion, though I'll plead the fifth on said reason...

Abigail Drew.

I'm a computer consultant. I

I'm a computer consultant. I use Linux on most of my machines, except for the one that requires some rather expensive windows based recovery software.

I use NoScript, myself. Although on sites like this one, I've left the advertisments enabled. I really don't understand most of the companies out there. I mean, I was at one company that had _twelve_ other sites being loaded on their home page. Couldn't they just have stuck with either one advertising site, or at least fed it through their own advertising software? It's not like the software costs much to run.

(It was an automotive site or something like that. It wasn't a news site)

As for the bad sites - I have to go there regularly. Never seen a virus on my computer - although it's really funny when you get "Scanning C:\...." from a site claiming that it's looking for malware on your machine - when you don't have a C: drive.y

On my windows machine(s) (all two of them), I use ClamAV on one, because I _only_ want to scan the things I pick, and Microsoft SA on the other. I disable notifications about my firewall, because I'm BEHIND a firewall, and mostly don't go to those sites on those machines. When I do, it's with NoScript and Firefox. I found that Spybot and other programs aren't helpful to leave on your computer long term.

As for Avira? I've gotten to the point that I classify Avira and AVG in the same bucket as Norton/McAfee. Too much noisy, fury, and resources used up, for little benefit.


I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.