Raheel99's Security Config

[Raheel99]

Dr. Web Security Web space v11 and Comodo Internet Security v6.3 firewall.

I have replace windows default task manager with Sysinternal Process Explorer
Disable unnecessary windows services
Disable autorun and autoplay of drive

For Rootkit detection, I am using PC Hunter and Power Tool for searching kernel hook, hidden process and driver.
Ollydbg v1.0 for disassembling purpose, also have tried some crack me for learning purpose.
PE Studio for analyzing exe file header.
WinHex for direct sector writing, hex editing, memory hunting etc.
Sysinternal Process Monitor for real time monitoring of file and registry.
Sysinternal AutoRun.
AVZ antiviral toolkit
WireShare
Security Task Manager
Some tools for finding datastream

VirtualBox 5.1.4 for trojan, malware which use kernel driver/system service.

Sandboxie v5 for testing software and other stuff.

All my private, personal and important data are saved in BestCrypt container.

 

[Evjl's Rain]

nice config

I have a few suggestions:
1/ add zemana portable to your ondemand scanner as it has one of the best detection rate. AVZ is quite outdated although it is made by kaspersky
2/ add bitdefender trafficlight or avira browser safety to your firefox so you will have more web protection. Avast is not really good in this field I believe
3/ Enable smartscreen as it is now extremely effective
4/ you may add unchecky to prevent PUPs, but this is optional
5/ tweak avast settings follow the guide here - you can set all or most settings if they suit you

edit: sorry w7 doesnt have smartscreen

 

[Exterminator]

In Windows 7 OS File reputation is IE8 or later.
I would consider uBlock Origin in place of ABD.
You can edit your thread at any time in the upper left dropdown menu of your original post
Thanks for sharing your config

 

[MatthewAllan93]

Hello,
I agree with @exterminator20 to consider uBlock Origin instead of Adblock. Also I recommend to you to add HTTPS Everywhere & consider changing from Ghostery to Privacy Badger . I also recommend using PrivaZer every once in a while haha. Hope this helps .

 

[Raheel99]

Thanks for suggestion.
Enabled Windows Smartscreen,
Replace Adblock with Ublock origin, ghoestry with privacy badger. Also added Cookie monster.

 

[_CyberGhosT_]

Thanks for sharing and Welcome

 

[frogboy]

With uBlock Origin instead of ABP it looks good to me.

Thanks for sharing.

 

[MatthewAllan93]

No problem , I use Self-Destructing Cookies and have used it for a long time now. Therefore I would recommend trying it out .

 

[JM Safe]

Good configuration. How did you get infected in the last 3 months?

Thanks for sharing.

 

[Raheel99]

Good configuration. How did you get infected in the last 3 months?

Thanks for sharing.

Unfortunately autorun and autoplay was enable in my system. I put my friend usb in my system for copying some images for photoshop editing and got infected. Comodo antivirus did'nt give me any alert. I don't use its Hip and sanboxie. The exe immediately loaded in memory, hooked system, blanket search on my drive and adding malicious code inside exe and dll, dll injecting in every process, Bypassed mikko folder protection for prohibiting .dll/.exe creation, using many technique to hide it, Virus did'nt tamper with system folder. Added following modification in registry

AppInit_DLLs"="C:\\PROGRA~1\\COMMON~1\\System\\symsrv.dll
LoadAppInit_DLLs"=dword:00000001
RequireSignedAppInit_DLLs"=dword:00000000

I am further investigating about this threat in VM. Avast detected it as FloxLib-A

 

[Raheel99]

I change my AV from AVAST Free to Dr. Web Security Space v11. Very light and faster database update.

 

[DardiM]

Thanks for sharing your security config