Monday, July 21, 2008

July 2008 Meeting Notes

File Associations
  • You “associate” a file type to the program that opens it in Windows.
  • Associations are usually made for you when you install programs. So if you don’t have an association already for a file type, that usually means you don’t have the software to view that file type installed.
  • How do you find out what software to install? Look up the file type on Google, or ask the person who sent you the file what software to use.
  • The file type is the last part of the file name; it is a period followed by three letters.
  • You can see the file associations that are already set up by opening My Computer, choose Tools -> Folder Options on the menu, then choose the File Types tab.
    If a file is being opened by the wrong program, you can change the association by right-clicking the file, choose Properties, then look for the Change button next to the “Opens with:” line.

Gmail
  • http://mail.google.com/

  • Free, web-based email. 6+ GB of storage. You never have to delete any mail.
  • Quickly search through all your old emails.

  • You do have to be on the internet to read your mail, but you can get to your email no matter what computer you are on as long as you can get to the internet.

  • Built-in spam filter, and other tools to help control unwanted mail.

  • Built-in converters for some file types, eliminates the “file association problem” mentioned above.

Cleaning Malware
How do users get malware?
They download apps that include adware and spyware
They click on misleading popups or banners
They visit sites that use exploits to inject malware
Many users still don’t patch or don’t use antivirus or antispyware

Why doesn’t antivirus and antispyware stop malware?
They are dependent on signatures (they can only defend against what they know about)
Malware directly attacks it

Malware cleaning steps:
Disconnect from the network
Identify malicious processes and drivers
Terminate identified processes
Identify and delete malware autostarts
Delete malware files
Reboot and repeat

Essential Processes needed to run Windows
System Idle Process
explorer.exe
taskmgr.exe
spoolsv.exe
lsass.exe
csrss.exe
smss.exe
winlogon.exe
svchost.exe - (There will be a few of these)
services.exe
By shutting down anything other than these processes, stand alone Windows should operate fine, however if any of these processes are shutdown, Windows will start to become unstable or unusable.

What are you looking for?
Processes that…
have no icon
have no description or company name
are unsigned Microsoft images
live in Windows directory
are packed
host suspicious DLLs or services

    July 2008 meeting

    The next meeting will be on July 15th, at 7:00 pm at the Canfield Prebyterian chrurch.

    Some things we will talk about:

    -- My experiences cleaning out an infection of malware. I had to clean out a bad infection of malware on a neighbor's computer, and I wanted to share what I had to do. I used all of those nice tools from sysinternals that I had shown before: Autoruns, Process Explorer, and Rootkit Revealer, and lots of searches on Google. I also had to use a built-in tool that comes with Windows, the Recovery Console. We'll talk about how you can tell if your computer has an infection, and how to prevent it in the first place.

    -- File associations. I had a question about how to view some unknown file that they got in an email. It says they have to set up a "file association". We'll take a look at what that is and how to set one up.

    -- Using Gmail, Google's web email program. Gmail is my primary email program now. I'll show you how it works, and why you might want to set up a Gmail account yourself. It's totally free! Gmail also has some neat tools that help you with file attachments, so you don't have to worry about the "file associations" I mentioned above.
    As always, we will also try and answer any other computer questions you may have. I hope to see you there!