Windows Security Tutorials - Herong's Tutorial Examples

http://www.herongyang.com/Windows-Security

Copyright © 2021 Dr. Herong Yang. All rights reserved.

Windows Security Tutorials This book is a collection of tutorial notes written by the author while he was dealing with security issues with Microsoft Windows systems. Key topics include anti-virus tools, virus and trojan removal techniques, security issues with browser add-on applications, malware (malicious software including spyware, adware, trojan, worm, and virus). Main topics include: Windows security protection settings review; Recovery processes; Free anti-virus tools: Windows Defender, Norton Power Eraser, McAfee Security Scan Plus; Discussion on malware infection, symptom, execution style, removal techniques; Using HijackThis and Spybot Search & Destroy; Removing Conduit Search, Tube Dimmer, Scorpion Saver, Adpeak; Removing Social Privacy DNS, Vundo, Puper, VSAdd-in, WebBar, VSToolbar; Removing IE Addons/Toolbar: Google Toolbar, MyWay Search, winfixer, MySearch; PWS (Password Stealer) Detection and Removal; MS08-001 Vulnerability; Antivirus System PRO. Updated in 2021 (Version v3.01) with minor changes.

Table of Contents

About This Windows Security Book

Windows 8: System Security Review

Windows 8: System Version Information

Windows 8: Create Restore Point

Windows 8: Uninstall Unwanted Programs

Windows 8: Disable System Services

Windows 8: Remove Startup Programs

Windows 8: Review Running Processes

Windows 8: Event Log Viewer

Windows 8: Disk Folders and Files

Windows 8: Review Personal Downloads Folders

Windows 8: System Security Protection

Windows 8: System Update Status

Windows 8: System Update Settings

Windows 8: System Firewall Settings

Windows 8: System Firewall Advanced Settings

Windows 8: System Firewall Inbound Rules

Windows 8: System Firewall Outbound Rules

Windows 8: Manage System Firewall Rules

Windows 8: Firewall Alert on Blocked Connection

Windows 8: Firewall Allowed Programs

Windows 8: Action Center Security Messages

Windows 8: Action Center Security Message Settings

Windows 8 System Recovery

Windows 8: System Recovery Options

Windows 8: View Available Restore Points

Windows 8: Restore Point Settings

Windows 8: Create Restore Point

Windows 8: Apply Restore Point

Windows 8: Create System Image

Windows 8: Create System Repair Disc

Windows 8: Boot from Repair Disc

Windows 8: Modify UEFI Boot Order in BIOS

Windows 8: Recovery Option 2 - System Image

Windows 8: Verify Factory Reset

Windows 8: Recovery Option 3 - Factory Reset

Windows 8 Defender for Real-Time Protection

Windows 8: What Is Windows Defender

Windows 8: Turning on Windows Defender

Windows 8: Customizing Windows Defender Settings

Windows 8: Full Scan with Windows Defender

Windows 7: System Security Review

Windows 7: System Version-Information

Windows 7: Create Restore Point

Windows 7: Uninstall Unwanted Programs

Windows 7: Disable System Services

Windows 7: Disable Scheduled Tasks

Windows 7: Remove Startup Programs

Windows 7: Review Running Processes

Windows 7: Event Log Viewer

Windows 7: Disk Folders and Files

Windows 7: Review Personal Downloads Folders

Windows 7: System Security Protection

Windows 7: System Update Status

Windows 7: System Update Settings

Windows 7: System Firewall Settings

Windows 7: System Firewall Advanced Settings

Windows 7: System Firewall Inbound Rules

Windows 7: System Firewall Outbound Rules

Windows 7: Manage System Firewall Rules

Windows 7: Firewall Alert on Blocked Connection

Windows 7: Firewall Allowed Programs

Windows 7: Action Center Security Messages

Windows 7: Action Center Security Message Settings

Windows 7 System Recovery

Windows 7: System Recovery Options

Windows 7: View Available Restore Points

Windows 7: Restore Point Settings

Windows 7: Create Restore Point

Windows 7: Recovery Option 1 - Restore Point

Windows 7: Create System Image

Windows 7: Create System Repair Disc

Windows 7: Boot from Repair Disc

Windows 7: Create Repair USB Drive

Windows 7: Modify Boot Order in BIOS

Windows 7: Recovery Option 2 - System Image

Windows 7: Verify Factory Reset

Windows 7: Recovery Option 3 - Factory Reset

Windows 7 Forefront Client Security

Windows 7: What is Forefront Client Security?

Windows 7: Forefront Real-Time Protection

Windows 7: Forefront Configuration Settings

Windows 7: Forefront Full Scan

Windows 7: Forefront Log Files

Windows 7: Forefront Software Explorer

Windows 7: Forefront Exploring Network Programs

Windows 7: Forefront Exploring Winsock Services

Windows 7: Microsoft Security Essentials

Windows 7: What Is Windows Defender

Windows 7: Turning on Windows Defender

Norton Power Eraser - Anti-Virus Scan Tool

What Is Norton Power Eraser?

Norton Power Eraser Advanced Options

Norton Power Eraser Aggressive Risk Report

Norton Power Eraser Settings

McAfee Virus and Malware Protection Tools

What Is McAfee Security Scan Plus?

Manual Scan with McAfee Security Scan Plus

Network Connection List with FPort v2.0

What Is McAfee VirusScan Enterprise?

VirusScan Enterprise 8.5.0i Services

VirusScan Enterprise Startup Programs

VirusScan Enterprise 8.5.0i Log Files

OnAccessScanLog.txt Log File

EngQQ2005Formal.exe and Adware Trojan

Running VirusScan On-Demand Scan

Spybot - Spyware Blocker, Detection and Removal

What Is Spybot - Search and Destroy?

Installing Spybot - Search and Destroy 1.6.2

Keeping Spybot Up To Date

On-Demand Scanning of Spyware Infections

What Is AdRevolver Tracking Cookie

Removing Reported Tracking Cookies

Deleting MyWay MySearch Registry Key

Enabling IE Browser Helper SDHelper.dll

Keeping Firefox Secure

Keeping Firefox Up To Date

Start and Download Options for Firefox

Content Type Handler Applications

Privacy Options: Tracking, History and Cookies

Security Options: Add-Ons and Passwords

Deleting Cookies Stored in Firefox

Getting New Add-Ons in Firefox

Disabling Extension Add-Ons in Firefox

Disabling Plugin Add-Ons in Firefox

Disabling Search Engines in Firefox

Reviewing Advanced Settings in Firefox

Keeping IE (Internet Explorer) Secure

Keeping IE (Internet Explorer) Up To Date

Home Page and History Options for IE

Deleting History Files in IE

Setting Security Level to Medium-High in IE

Setting Privacy Level to Medium High in IE

Disabling Form Auto-Completion in IE

Disabling Extension Add-Ons in IE

Disabling Search Engines in IE

Disabling Accelerators in IE

Adding Tracking Protection List in IE

Building Tracking Protection List in IE

Malware (Adware, Spyware, Trojan, Worm, and Virus)

What Is Malware (Malicious Software)?

Common Ways of Getting Infected

Common Symptoms of an Infected System

Common Ways of Malware Executions

Malware Removal by Anti-Virus Tools

Identify Malware Process Manually

Delete Malware Program Files Manually

HijackThis - Browser Hijacker Diagnosis Tool

Downloading and Installing HijackThis

Scan Report Generated by HijackThis

HijackThis Log File Entry Types

Building "ignorelist" for HijackThis

Fixing Settings Reported by HijackThis

Generating Startup Program List by HijackThis

Listing Processes and DLL Files with HijackThis

Listing Installed Programs with HijackThis

HijackThis Configuration Settings

IE Add-on Program Listing and Removal

What Is an IE Add-on?

List of IE Add-on Programs

Removing Google Toolbar

Removing Yahoo! IE Services Button - yiesrvc.dll

Removing MySearch Toolbar - S4BAR.DLL

Removing NetZero Toolbar - Toolbar.dll

Removing Windows Messenger Extra Button

"Conduit Search" - Malware Detection and Removal

What Is Malware "Conduit Search"?

"Conduit Search" Ad after Reinstalling Firefox

Diagnosis Results of Malware "Conduit Search"

Removing Malware "Conduit Search"

"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

What Is Malware "Tube Dimmer"?

"Search Deals by Injekt" Ads on Google Pages

"Scorpion Saver" Floating Ad on Web Pages

"Scorpion Saver" Adpeak Proxy Attack

Google Ads Hijacked by "Scorpion Saver" Ads

Yahoo! Ads Displaced in Yahoo! Email

"RocketTab Ads" Box on Google Pages

Diagnosis Results of Malware "Tube Dimmer"

ChromeHelper.exe, FirefoxHelper.exe, and IeHelper.exe

Removing Malware "Tube Dimmer"

Malware Manual Removal Experience

Removing Malware "Social Privacy DNS"

Removing "WebBar" - htwtb.bin and bar.dll

Removing "SurfBuddy" - sbuddy.dll

Removing "WebSpecials" - webspec.dll

Removing "DSSAgent" - DSSAgent.exe

Removing "Best Offer" - farmmext.exe

Removing "dinst.exe" - dsr.dll

Removing "deSrcAs.dll" - MyWay Search Assistant

WinAntiVirusPRO 2006 Faked Security Popup

WinFixer 2006 Faked Security Popup

Removing "WinFixer" - Rogue Security Popups

Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

What Is Trojan Vundo?

Partial Removal of Trojan Vundo

Detecting Trojan Vundo with McAfee VirusScan

Instructions on Full Removal of Trojan Vundo

Removing xxxxxxxx.dll Files Generated by Vundo

What Is Vundo Related vtsts.dll?

Finding and Removing vtsts.dll Manually

Removing Trojan Vundo with FixVundo.exe from Symantec

Removing Trojan Vundo with VundoFix.exe from Atribune.org

Trojan and Malware "Puper" Description and Removal

What Is Trojan Puper?

Trojan and Malware "Puper" Removal

VSToolbar (VSAdd-in.dll) - Description and Removal

What Is VSToolbar (VSAdd-in.dll)?

Removing VSToolbar (VSAdd-in.dll)

PWS (Password Stealer) Trojan Infection Removal

What Is PWS (Password Stealer) Trojan?

JS/Downloader.gen - JavaScript Downloader Malware

PWS-Mmorpg.gen - A Password Stealer Trojan

heb.exe - The Trojan Installer Program

.exe and .dll Files Installed by the Trojan

my.exe - A Second PWS Trojan Infection

.exe and .dll Files of the Second Trojan

Explorer.EXE Trying to Install a Trojan

AccessProtectionLog.txt Log File Records

ATF-Cleaner.exe - Temporary File Remover

Trajon Files Left in the System Folder

Removing PWS Trojan Files

Removing PWS Trojan Startup Entries

Command Processor AutoRun - Registry Value

UserInit - Winlogon Registry Key

js.users.51.la - hosts File Entries

Image File Execution Options - Registry Key

regedit.exe Not Working

MS08-001 Vulnerability on Windows Systems

MS08-001 - Vulnerability in TCP/IP

IP Multicast and IP Address Range

"netsh" Commands for Interface IP

224.0.0.1 - The All Hosts Multicast Group

MulticastListener.java - A Simple Multicast Listener Program

All Hosts Multicast Group, 224.0.0.1, on Vista Systems

MS08-001 Vulnerability Explanation by Microsoft

Antivirus System PRO

Antivirus System PRO - Fake Security Alert

Antivirus System PRO - Task Bar Icon Message

Malicious Progarm - WinSpywareProtect sysguard.exe

Malicious Programs - pp10.exe and ld12.exe

IE BHO - iehelper.dll

Faked Host Name - 209.44.111.62

Malicious System Service - drv.dll and drv.sys

References

Full Version in PDF/ePUB

Keywords: Windows, Security, Virus, Trojan, Spyware, Adware