hi

let me start off by admitting that i am completely and utterly ignorant when it comes to computer tech (i only use it for minimal purposes).. that being said, i have a couple of security concerns i would appreciate if any one give me some feedback on them...

i ve just bought a new computer.. after i installed the OS (win xp home sp2) i immediately installed kaspersky internet security 7.0... and then i had to update it so i connected to the Internet and KIS updates takes forever and my connection was slow also.. so the computer was connected to the Internet for a very long time was no protection (or obsolete protection as KIS was updating)....

1- what are the security risks of connecting to the Internet BUT not doing any browsing or downloading except the KIS update definition files downloads...?


2- what are the security risks if i connect to the Internet (ie hook the ethernet ADSL cable coming from a router and have no antivirus suite installed.. but DONT DO ANY BROWSING or DOWNLOADING..... i had to connect to the Internet before i installed KIS so as to activate my OS from Microsoft?


also windows not updated until KIS finished (after a long time) then i ran windows update which took even LONGER time


N.B. i have been attacked before on a different computer but on the same network by an ip from china (i dont know the type but i think its the one that over traffic the Internet?!?)but KIS blocked it.. so i am concerned that this guy who might know my ip address, attack the new computer during the time where KIS was updating.. esp when the attack hit when i opened an email (spam) that had the subject of my financial advisor company name..


i will be using this computer to access sensitive financial online data.. and i am PARANOID about my safety and security online esp of the issues mentioned above.....
currently
i have windows updated ........KIS 7 running and updated with firewall to max... and thats it..
before i start using it for sensitive online action.. i need to feel more protected.. i am still concerned about keyloggers, rootkit virus, trojans,...etc...


3-how to 100 % check that the computer was not infected by anything of anytype during the updates download?

4-how to add more protection for the future?

i am actually considering to write zeros to the WD 160 hard drive.. is that reasonable

please any feedback is immensely appreciated
thanks

In answer to your questions:

1. Well in your particular situation where your computer was connected to the internet unpatched for a couple of mere minutes, the risk of infection was extremely low.

2. In my opinion there is not much risk if you are not browsing or downloading anything at all. However viruses and spyware can still be passed around on USB's and other portable media.

3. There is no program that will detect 100% of spyware or viruses, so there is no way of being certain a computer is not infected. However the chance of you getting infected whilst your definitions update is extremely slim.

4. First you do not want to overload your computer with protection, this can cause problems in itself. This is because of Realtime protection in programs that can conflict each other. For some tips on protecting your computer see this topic: http://gladiator-antivirus.com/forum/index...?showtopic=9857

You may also wish to read this topic and its related article: http://gladiator-antivirus.com/forum/index...showtopic=54219

thanks for you reply

1- it wasnt a couple of minutes it was 30 min or more...PLUS
i just realized that during the time i was updating kasper and windows (again it took a long time to update mean while the system was with no/obsolete protection)... another computer on the lan had a trojan virus in it.... what are the risks on my computer...

please note that i dont understand the mechanics of LAN,..etc.. all i know is that this other computer (the infected one) has an ethernet cable from the cpu to a d-link device that has multipe sockets for ethernet cable (where i plug my ethernet cable from new computer to it) and then there is another cable that goes from the d-link device to the router which is connected to my regular phone line....

and when i first ran KIS it said it detected a network connection and asked what to do i choose "internet in stealth mode"


i think it look like this

infected pc ---> d link switcher -----> router ---> splitter---> my regular phone line
my pc ---------> d link switcher -----> router ---> splitter---> my regular phone line

WHAT TO DO NOW?????????

i did a full scan ny KIS and it was clean


2- if you were in my shoes...
ie
-connected to the internet to activate windows and there was nothing running but windows firewall and other pc on the network had a trojan in it
- spent a LONG time updating KIS 7 before windows updates
- have a win xp sp2 home edition, KIS 7 ONLY

what would you do to use this system for online sensitive financial data access with a peacful mind? apart from things concerning browsing and downloading behaviour..


3- is it enough to use scans form the prog on ur link to confirm that nothing got in during activation and updates and trojan from the innfected pc on the network.. or do i have to reformat or write zeros to the drive

thanks

No problem. Its what im here for.

Hmmm. It completely depends on the trojan, but I would immediately disconnect the infected PC from the network.

Unfortunately networks is not one of my strong points. One of the other members of staff here should be able to advise you on this.

I still think it is unlikely you would get infected. If I where doing internet banking for example I would use a program called spoofstick (http://www.spoofstick.com/) and also see what advice your bank or financial company can offer.
As I said earlier no one program can detect every piece of virus and spyware, so it is impossible to say.

thanks but please bare with me coz i am very skeptical about getting right as its for sensitive usage....


i checked and found that i have a repotec RP-IP1800 which is both a modem and a router but with no hardware firewall..

also the trojan that was in the infected computer on the network (even though i didnt share both pcs) was Packed.Win32.NSAnti.r..

here is a recap;


when i first turned on my new built pc
-i installed the OS winxp sp2
-then connected to the net with nothing but windows firewall (no hardware) to activate windows
- installed kaspersky internet security 7
- updated kasper ( toke a looong time with windows unpatched)
- updated the windows
- ran a full kasper scan that was clean..

ALL THROUGH This, there was a computer on the network (though not sharing with it, it just connected to the same dlink and the same router as mine) that had a trojan (Packed.Win32.NSAnti.r)... obvisouly i didnt know that..

i disconnected the infectd pc form the network but it was there during the first steps where the computer was unpactched and still updating..
i also ran counterspy scan and spybot scan on the pc and it turned clean...


do i run more scans.. what prog u recommend
do i write zeros to the drive and redo the whole things

now i dont know what to do.. what's next.. do i use it for online financial usage or not yet...will u use it ???

thanks :)

Here is some information about Packed.Win32. It is the designation for the generic detection of malicious software (trojans, backdoors, worms, adware) that is packed with certain sophisticated file compressors.

Some more information here aswell:

Characteristics -

This detection is for a remote access trojan written in Borland Delphi. An email message constructed to download and execute the trojan is known to have been spammed to users.

The spammed message is constructed in HTML format.It is likely to have a random subject line, and its body is likely to bear a head portrait of a lady (loaded from a remote server upon viewing the message).

The body contains HTML tags to load a second file from a remote server. This file is MIME, and contains the remote access trojan (base64 encoded).

Installation

Upon execution, the trojan installs itself into the %SysDir% directory as GRAYPIGEON.EXE. A DLL file is extracted and also copied to this directory:

• %SysDir%\GRAYPIGEON.EXE
  (system and hidden attributes set)
• %SysDir%\GRAYPIGEON.DLL

(Where %Sysdir% is the Windows System directory, for example C:\WINNT\SYSTEM32)

The following Registry key is added to hook system startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\RunOnce "ScanRegedit" = "%SysDir%\GRAYPIGEON.EXE"

The DLL file (which contains the backdoor functionality) is injected into the EXPLORER.EXE process on the victim machine. This method is typically used to bypass personal firewall settings (explorer.exe is often excluded from firewall rules).

Once running, the hacker is able to perform various tasks, including:

• Opening closing the CD
• Opening an FTP server on the victim machine
• Retrieve information from victim machine (OS, CPU, memory etc)

Symptoms

• The spammed message contains links to the image and the encoded trojan at the following server:
  
  http://ns1.jilinfarm.com/member/(blocked)/index.mht
  
• Outgoing HTTP traffic will be seen from the victim machine, to the following server for example:
  
  http://shaowenqi.3322.org
• Existence of the files/Registry keys detailed above

Method of Infection

A HTML email message intended to download and execute this trojan is known to have been spammed to users.

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.

I think that your computer should be clean, however if you are still worried one of our experts can have a look at it for you. This can be done by following these steps here: http://gladiator-antivirus.com/forum/index...showtopic=10517