Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Windows Security Tutorials - Herong's Tutorial Examples
http://www.herongyang.com/Windows-Security
Copyright © 2021 Dr. Herong Yang. All rights reserved.
This book is a collection of tutorial notes written by the author while he was dealing with security issues with Microsoft Windows systems. Key topics include anti-virus tools, virus and trojan removal techniques, security issues with browser add-on applications, malware (malicious software including spyware, adware, trojan, worm, and virus). Main topics include: Windows security protection settings review; Recovery processes; Free anti-virus tools: Windows Defender, Norton Power Eraser, McAfee Security Scan Plus; Discussion on malware infection, symptom, execution style, removal techniques; Using HijackThis and Spybot Search & Destroy; Removing Conduit Search, Tube Dimmer, Scorpion Saver, Adpeak; Removing Social Privacy DNS, Vundo, Puper, VSAdd-in, WebBar, VSToolbar; Removing IE Addons/Toolbar: Google Toolbar, MyWay Search, winfixer, MySearch; PWS (Password Stealer) Detection and Removal; MS08-001 Vulnerability; Antivirus System PRO. Updated in 2021 (Version v3.01) with minor changes.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Version Information
Windows 8: Create Restore Point
Windows 8: Uninstall Unwanted Programs
Windows 8: Disable System Services
Windows 8: Remove Startup Programs
Windows 8: Review Running Processes
Windows 8: Disk Folders and Files
Windows 8: Review Personal Downloads Folders
Windows 8: System Security Protection
Windows 8: System Update Status
Windows 8: System Update Settings
Windows 8: System Firewall Settings
Windows 8: System Firewall Advanced Settings
Windows 8: System Firewall Inbound Rules
Windows 8: System Firewall Outbound Rules
Windows 8: Manage System Firewall Rules
Windows 8: Firewall Alert on Blocked Connection
Windows 8: Firewall Allowed Programs
Windows 8: Action Center Security Messages
Windows 8: Action Center Security Message Settings
Windows 8: System Recovery Options
Windows 8: View Available Restore Points
Windows 8: Restore Point Settings
Windows 8: Create Restore Point
Windows 8: Apply Restore Point
Windows 8: Create System Image
Windows 8: Create System Repair Disc
Windows 8: Boot from Repair Disc
Windows 8: Modify UEFI Boot Order in BIOS
Windows 8: Recovery Option 2 - System Image
Windows 8: Verify Factory Reset
Windows 8: Recovery Option 3 - Factory Reset
Windows 8 Defender for Real-Time Protection
Windows 8: What Is Windows Defender
Windows 8: Turning on Windows Defender
Windows 8: Customizing Windows Defender Settings
Windows 8: Full Scan with Windows Defender
Windows 7: System Security Review
Windows 7: System Version-Information
Windows 7: Create Restore Point
Windows 7: Uninstall Unwanted Programs
Windows 7: Disable System Services
Windows 7: Disable Scheduled Tasks
Windows 7: Remove Startup Programs
Windows 7: Review Running Processes
Windows 7: Disk Folders and Files
Windows 7: Review Personal Downloads Folders
Windows 7: System Security Protection
Windows 7: System Update Status
Windows 7: System Update Settings
Windows 7: System Firewall Settings
Windows 7: System Firewall Advanced Settings
Windows 7: System Firewall Inbound Rules
Windows 7: System Firewall Outbound Rules
Windows 7: Manage System Firewall Rules
Windows 7: Firewall Alert on Blocked Connection
Windows 7: Firewall Allowed Programs
Windows 7: Action Center Security Messages
Windows 7: Action Center Security Message Settings
Windows 7: System Recovery Options
Windows 7: View Available Restore Points
Windows 7: Restore Point Settings
Windows 7: Create Restore Point
Windows 7: Recovery Option 1 - Restore Point
Windows 7: Create System Image
Windows 7: Create System Repair Disc
Windows 7: Boot from Repair Disc
Windows 7: Create Repair USB Drive
Windows 7: Modify Boot Order in BIOS
Windows 7: Recovery Option 2 - System Image
Windows 7: Verify Factory Reset
Windows 7: Recovery Option 3 - Factory Reset
Windows 7 Forefront Client Security
Windows 7: What is Forefront Client Security?
Windows 7: Forefront Real-Time Protection
Windows 7: Forefront Configuration Settings
Windows 7: Forefront Full Scan
Windows 7: Forefront Log Files
Windows 7: Forefront Software Explorer
Windows 7: Forefront Exploring Network Programs
Windows 7: Forefront Exploring Winsock Services
Windows 7: Microsoft Security Essentials
Windows 7: What Is Windows Defender
Windows 7: Turning on Windows Defender
Norton Power Eraser - Anti-Virus Scan Tool
Norton Power Eraser Advanced Options
Norton Power Eraser Aggressive Risk Report
McAfee Virus and Malware Protection Tools
What Is McAfee Security Scan Plus?
Manual Scan with McAfee Security Scan Plus
Network Connection List with FPort v2.0
What Is McAfee VirusScan Enterprise?
VirusScan Enterprise 8.5.0i Services
VirusScan Enterprise Startup Programs
VirusScan Enterprise 8.5.0i Log Files
EngQQ2005Formal.exe and Adware Trojan
Running VirusScan On-Demand Scan
Spybot - Spyware Blocker, Detection and Removal
What Is Spybot - Search and Destroy?
Installing Spybot - Search and Destroy 1.6.2
On-Demand Scanning of Spyware Infections
What Is AdRevolver Tracking Cookie
Removing Reported Tracking Cookies
Deleting MyWay MySearch Registry Key
Enabling IE Browser Helper SDHelper.dll
Start and Download Options for Firefox
Content Type Handler Applications
Privacy Options: Tracking, History and Cookies
Security Options: Add-Ons and Passwords
Deleting Cookies Stored in Firefox
Getting New Add-Ons in Firefox
Disabling Extension Add-Ons in Firefox
Disabling Plugin Add-Ons in Firefox
Disabling Search Engines in Firefox
Reviewing Advanced Settings in Firefox
Keeping IE (Internet Explorer) Secure
Keeping IE (Internet Explorer) Up To Date
Home Page and History Options for IE
Setting Security Level to Medium-High in IE
Setting Privacy Level to Medium High in IE
Disabling Form Auto-Completion in IE
Disabling Extension Add-Ons in IE
Disabling Search Engines in IE
Adding Tracking Protection List in IE
Building Tracking Protection List in IE
Malware (Adware, Spyware, Trojan, Worm, and Virus)
What Is Malware (Malicious Software)?
Common Ways of Getting Infected
Common Symptoms of an Infected System
Common Ways of Malware Executions
Malware Removal by Anti-Virus Tools
Identify Malware Process Manually
Delete Malware Program Files Manually
HijackThis - Browser Hijacker Diagnosis Tool
Downloading and Installing HijackThis
Scan Report Generated by HijackThis
HijackThis Log File Entry Types
Building "ignorelist" for HijackThis
Fixing Settings Reported by HijackThis
Generating Startup Program List by HijackThis
Listing Processes and DLL Files with HijackThis
Listing Installed Programs with HijackThis
HijackThis Configuration Settings
IE Add-on Program Listing and Removal
Removing Yahoo! IE Services Button - yiesrvc.dll
Removing MySearch Toolbar - S4BAR.DLL
Removing NetZero Toolbar - Toolbar.dll
Removing Windows Messenger Extra Button
"Conduit Search" - Malware Detection and Removal
What Is Malware "Conduit Search"?
"Conduit Search" Ad after Reinstalling Firefox
Diagnosis Results of Malware "Conduit Search"
Removing Malware "Conduit Search"
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
What Is Malware "Tube Dimmer"?
"Search Deals by Injekt" Ads on Google Pages
"Scorpion Saver" Floating Ad on Web Pages
"Scorpion Saver" Adpeak Proxy Attack
Google Ads Hijacked by "Scorpion Saver" Ads
Yahoo! Ads Displaced in Yahoo! Email
"RocketTab Ads" Box on Google Pages
Diagnosis Results of Malware "Tube Dimmer"
ChromeHelper.exe, FirefoxHelper.exe, and IeHelper.exe
Removing Malware "Tube Dimmer"
Malware Manual Removal Experience
Removing Malware "Social Privacy DNS"
Removing "WebBar" - htwtb.bin and bar.dll
Removing "SurfBuddy" - sbuddy.dll
Removing "WebSpecials" - webspec.dll
Removing "DSSAgent" - DSSAgent.exe
Removing "Best Offer" - farmmext.exe
Removing "dinst.exe" - dsr.dll
Removing "deSrcAs.dll" - MyWay Search Assistant
WinAntiVirusPRO 2006 Faked Security Popup
WinFixer 2006 Faked Security Popup
Removing "WinFixer" - Rogue Security Popups
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Partial Removal of Trojan Vundo
Detecting Trojan Vundo with McAfee VirusScan
Instructions on Full Removal of Trojan Vundo
Removing xxxxxxxx.dll Files Generated by Vundo
What Is Vundo Related vtsts.dll?
Finding and Removing vtsts.dll Manually
Removing Trojan Vundo with FixVundo.exe from Symantec
Removing Trojan Vundo with VundoFix.exe from Atribune.org
Trojan and Malware "Puper" Description and Removal
Trojan and Malware "Puper" Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
What Is VSToolbar (VSAdd-in.dll)?
Removing VSToolbar (VSAdd-in.dll)
PWS (Password Stealer) Trojan Infection Removal
What Is PWS (Password Stealer) Trojan?
JS/Downloader.gen - JavaScript Downloader Malware
PWS-Mmorpg.gen - A Password Stealer Trojan
heb.exe - The Trojan Installer Program
.exe and .dll Files Installed by the Trojan
my.exe - A Second PWS Trojan Infection
.exe and .dll Files of the Second Trojan
Explorer.EXE Trying to Install a Trojan
AccessProtectionLog.txt Log File Records
ATF-Cleaner.exe - Temporary File Remover
Trajon Files Left in the System Folder
Removing PWS Trojan Startup Entries
Command Processor AutoRun - Registry Value
UserInit - Winlogon Registry Key
js.users.51.la - hosts File Entries
Image File Execution Options - Registry Key
MS08-001 Vulnerability on Windows Systems
MS08-001 - Vulnerability in TCP/IP
IP Multicast and IP Address Range
"netsh" Commands for Interface IP
224.0.0.1 - The All Hosts Multicast Group
MulticastListener.java - A Simple Multicast Listener Program
All Hosts Multicast Group, 224.0.0.1, on Vista Systems
MS08-001 Vulnerability Explanation by Microsoft
Antivirus System PRO - Fake Security Alert
Antivirus System PRO - Task Bar Icon Message
Malicious Progarm - WinSpywareProtect sysguard.exe
Malicious Programs - pp10.exe and ld12.exe
Faked Host Name - 209.44.111.62
Keywords: Windows, Security, Virus, Trojan, Spyware, Adware