Hello Shaun,
You're welcome, glad we could assist you with cleaning up your computer.
Java - I got the latest update. In my add/remove I have "Jave 2 Runtime Environment, SE v1.4.1_02" & "Java Web Start" in addition to the new version. Do I want to remove both of those?
I would indeed suggest removing the old Runtimes. (Jave 2 Runtime Environment, SE v1.4.1_02) If you leave them on the PC, the vulnerabilities still can be exploited. Since you have the latest update installed already, it might be possible that the lastest update will not work if you remove v1.4.1_02. In that situation, remove all runtimes and reinstall the latest one. Java Web Start seems to be a separate download, might wanna check out your version. If it needs to be updated, uninstall the previous version and reinstall the new one. Java Web Start can be founded here :
http://java.sun.com/products/javawebstart/download.jspThe downloads you had posted - should I get all of those or is that just some things I might consider running. If I don't need all of them, would you list the ones you would recommend running together.
You shouldn't get all the downloads of course, they are just a guide of products that may help you in protecting your PC. I would install Spywareblaster, it disables a big list of BHO's and cookies by setting a killbit in the registry. The program does not need to run all the time. IE-SPYAD will put a big list of websites in your restricted zone, that means that those websited will have restricted access (no scripting, no activex ...) so they will not be able to perform "bad things" on your PC. Firetrust Toolbar has actually over 100.000 sites that are blocked. If you visit a site and it's on the toolbar's list, you will get a warning that it is not recommended to enter the site. If you still wish to visit the site, you can do that by clicking on Enter site. Database is almost updated daily. Free version allows blocking and manual updates. Paid version shows why a site is blocked and you have daily automatic updates.
Now after that it is not easy ... my preferred application is ProcessGuard, it stops about anything. If an application wants to run, you have to allow it. If an application wants to terminate a program (like your firewall or antivirus), install a driver ... you have to allow it. dll injection, global hooks, instal of services, drivers ... to be honest a rootkit would have a hard time to install itself with PG. On the other hand, you will have to allow some programs to create global hooks, install services ... It has a learning mode but you shouldn't leave learning mode running all the time. Turning off PG when Norton has other updates than the virus definitions is essential or it will block norton from installing IDS signatures (deletes & creates new driver), and from installing common client updates. If installing Windows Updates, turn it off too. If you are comfortable with your PC, I really recommend it. With some time it is really easy to set up and run. If you follow the instructions that are given on the ProcessGuard forum you should have no problems.
http://www.wilderssecurity.com/forumdisplay.php?f=13If PG seems too difficult, Ewido is a very nice program too. In the paid version you can leave the automatic updates, the real-time protection running. I did notice that the real-time protection in the previous version did slow down a little bit internet browsing, never tried in the 4.0 version. If you have enough RAM, you shouldn't feel it at all. Ewido is very good in catching stuff too, we use it very often.
If it were me : Spyware Blaster, IE-SPYADD, ProcessGuard and a firewall / antivirus of course. I also have a router which includes a hardware firewall, it helps alot with blocking intrusion attempts, port scanning and it isn't a program (software) that can be terminated from running.
But that is a personal choice of course.
I currently use Norton Security (anti-virus & firewall), but my subscription is going to need renewed shortly. Do you think it is as good as any or do you prefer something else?
Norton ... many people don't like it, it's a huge debate. I run both myself and I never had trouble with them. I'm still using the 2003 version, I consider that one as the last acceptable version they made. In more recent versions they added new features and the program becomes kinda heavier to run. (needs more ressources). I remember I did install the 2004 trial when it was released and it crashed my PC rather often, behaved differently. Finally I kept 2003 and did renew subscription.
Norton's Firewall is rather highly configurable if not set to automatic rule creating, if set to automatic then it's kinda useless but that's the case with every program. As alternatives, in the paid ones I like Kaspersky as an antivirus and Outpost as a firewall. Oustpost may cause blue screens on some PC's from what I heared though. Sunbelt Kerio is a nice firewall too, it has a 30 days trial and then some features are turned off. If you prefer to keep the additional features, you need to buy the product. But even with the advanced features turned off, it remains a good program. As a free antivirus, I would recommend AVG -
http://free.grisoft.com/doc/1On the same page you can find info about Ewido since they recently did take over Ewido. Being honest, I would turn myself towards another solution than Norton ... although no antivirus is really able to stop a rootkit from being installed. They detect some files of Haxdoor but it's already too late, it's installed.
I clicked the link in your signature, but I'm really not sure exactly what caused all my problems. I know Spysheriff was present at one point. Was that the root of everything?
Spysheriff might have been the cause or not, hard to tell. Bundles are rotating and are different on each PC. I have seen infections that are not too heavy and others that are similar to yours. Spysheriff is rather old, the pe386 rootkit is very recent, so is the Haxdoor variant you had. But that doesn't mean anything. Spysheriff type of infections often drop trojans on your system that are able to download other components and update them ... It's really hard to tell. Even if we would know the site were you got infected in the first place, it does not mean we will get the same infection. Maybe they aren't linked at all. You might have visited another site where you got the keylogger and the rootkits. If Spysheriff was not very recent (I mean just before this happend), I would suggest the Other Infections section at Malware Complaints.
Kim