Computer Viruses in Ethiopia
910 views
Skip to first unread message
dald...@gmail.com
Jul 18, 2008, 3:34:59 AM7/18/08
to IT Volunteers in Ethiopia
As you might know, computer viruses are a huge problem in Ethiopia.
They are spread from computer to computer via prolific use of USB
Flash Drives which most people seem to have.
For this reason, I recommend bringing a Mac laptop for your personal
use. You won't have to worry so much about computer viruses on your
own machine.
At work, I've experimented with many different security configurations
to try to protect against flash drive viruses. Most computers are
networked in a peer-to-peer fashion, so you can't take advantage of
centralized domain policies or security restrictions. I still haven't
found a fool proof solution, but the best configuration so far is the
following:
Active working PCs or laptops:
Fresh Install of Windows
Antivirus: The latest version of Norton, McAfee, AVG, etc with the
latest updates.
AntiSpyware: A combination of the latest versions of Spybot Search &
Destroy and Spyware Blaster, both with the latest updates.
After everything else is installed, I have been very impressed with
Faronics' Anti-Executable, which blocks any additional unknown .exe
from running.
Computer Lab PCs:
All of the above, plus:
Faronics' Deep-Freeze or Microsoft Steady State (These two programs
will delete any modifications to the system after a reboot. The MS
program is free but requires genuine Windows software, something that
is not very common in Ethiopia.)
Cleaning a flash drive on a Windows PC is difficult because the
viruses tend to install a lot of invisible deeply nested hidden system
files. I finally discovered this useful command/switch combination:
From a Dos Command Prompt:
E: (change to flash drive)
attrib -r -a -s -h *.* /S /D
The above command will recursively make every file and folder on the
flash drive visible. You can then search for and delete any dangerous
autorun, INF, EXE, COM, VBS, or SCR file.
In my experience it is not worth the trouble to try to clean computer
viruses from PCs here. They are usually too messed up. It is usually
quicker and more reliable to start from a fresh install. Lock it down
tightly and then hopefully you won't have to deal with it again.
If you do try to unlock a virus plagued PC, a good first step is to
use programs such as MSN Cleaner and HijackThis.
-David
They are spread from computer to computer via prolific use of USB
Flash Drives which most people seem to have.
For this reason, I recommend bringing a Mac laptop for your personal
use. You won't have to worry so much about computer viruses on your
own machine.
At work, I've experimented with many different security configurations
to try to protect against flash drive viruses. Most computers are
networked in a peer-to-peer fashion, so you can't take advantage of
centralized domain policies or security restrictions. I still haven't
found a fool proof solution, but the best configuration so far is the
following:
Active working PCs or laptops:
Fresh Install of Windows
Antivirus: The latest version of Norton, McAfee, AVG, etc with the
latest updates.
AntiSpyware: A combination of the latest versions of Spybot Search &
Destroy and Spyware Blaster, both with the latest updates.
After everything else is installed, I have been very impressed with
Faronics' Anti-Executable, which blocks any additional unknown .exe
from running.
Computer Lab PCs:
All of the above, plus:
Faronics' Deep-Freeze or Microsoft Steady State (These two programs
will delete any modifications to the system after a reboot. The MS
program is free but requires genuine Windows software, something that
is not very common in Ethiopia.)
Cleaning a flash drive on a Windows PC is difficult because the
viruses tend to install a lot of invisible deeply nested hidden system
files. I finally discovered this useful command/switch combination:
From a Dos Command Prompt:
E: (change to flash drive)
attrib -r -a -s -h *.* /S /D
The above command will recursively make every file and folder on the
flash drive visible. You can then search for and delete any dangerous
autorun, INF, EXE, COM, VBS, or SCR file.
In my experience it is not worth the trouble to try to clean computer
viruses from PCs here. They are usually too messed up. It is usually
quicker and more reliable to start from a fresh install. Lock it down
tightly and then hopefully you won't have to deal with it again.
If you do try to unlock a virus plagued PC, a good first step is to
use programs such as MSN Cleaner and HijackThis.
-David
Göran Edström
Aug 3, 2008, 6:15:43 AM8/3/08
to it-volunteer...@googlegroups.com
- Hi David -
Thanks for all the information - really useful to me/us.
Regarding plugs/sockets in Ethiopia - it is rather confusing when checking on Internet..
Which type is the most common..?
Which types (what kind of four/six ways adapter) do I need to ensure that I can plug in my
electrical stuff (almost) everywhere..?
Here in Sweden we use the Type F (German 2-pin, side clip earth) CEE 7/4 (German "Schuko" 16 A/250 V earthed) - how useful is my swedish/german type down there..?
Check this out:
http://www.travel-images.com/electric-plugs.html or
http://en.wikipedia.org/wiki/Domestic_AC_power_plugs_and_sockets
Take care
> Date: Fri, 18 Jul 2008 00:34:59 -0700
> Subject: [it-volunteers-in-ethiopia] Computer Viruses in Ethiopia
> From: dald...@gmail.com
> To: it-volunteer...@googlegroups.com
Thanks for all the information - really useful to me/us.
Regarding plugs/sockets in Ethiopia - it is rather confusing when checking on Internet..
Which type is the most common..?
Which types (what kind of four/six ways adapter) do I need to ensure that I can plug in my
electrical stuff (almost) everywhere..?
Here in Sweden we use the Type F (German 2-pin, side clip earth) CEE 7/4 (German "Schuko" 16 A/250 V earthed) - how useful is my swedish/german type down there..?
Check this out:
http://www.travel-images.com/electric-plugs.html or
http://en.wikipedia.org/wiki/Domestic_AC_power_plugs_and_sockets
Take care
Goran Edstrom
¯'·.¸¸·´¯'·.¸¸.·´¯'·.¸ ><((((º>
Mobile (cell phone): +46 706 038080
Mailto: minpri...@hotmail.com
Mobile (cell phone): +46 706 038080
Mailto: minpri...@hotmail.com
> Date: Fri, 18 Jul 2008 00:34:59 -0700
> Subject: [it-volunteers-in-ethiopia] Computer Viruses in Ethiopia
> From: dald...@gmail.com
> To: it-volunteer...@googlegroups.com
David Aldacushion
Aug 4, 2008, 2:56:51 AM8/4/08
to it-volunteer...@googlegroups.com
Re: Voltage
The Ethiopian power system is 220 V as opposed to the 110 V used in
the U.S. Most of my electronics power adapters can automatically
adjust. Look for the range printed on the power adapter. So for me
it is mainly a matter of changing the plug type. The types of sockets
used in Ethiopia seem to vary considerably. Most of the wall sockets
are the two prong European type. However, in my house at the moment
there seem to be three different types. Some of wider holes, some
have narrower holes. On some, the two holes are farther apart than
others. I can only use some of them. Some are recessed, making it
difficult to plug large power bricks directly into the wall.
In most places, you can buy power strips with the correct wall plug.
The power strips usually have a variety of socket types making them
fairly universal. But they are usually made very cheaply, and it is
difficult sometimes to get a firm connection. Don't count on them to
provide any kind of surge protection.
Our group was also able to find plug adapters at the hotels and
electronic shops in Addis.
On 8/3/08, Göran Edström <minpri...@hotmail.com> wrote:
>
> - Hi David - Thanks for all the information - really useful to
> me/us.Regarding plugs/sockets in Ethiopia - it is rather confusing when
> checking on Internet.. Which type is the most common..?Which types (what
The Ethiopian power system is 220 V as opposed to the 110 V used in
the U.S. Most of my electronics power adapters can automatically
adjust. Look for the range printed on the power adapter. So for me
it is mainly a matter of changing the plug type. The types of sockets
used in Ethiopia seem to vary considerably. Most of the wall sockets
are the two prong European type. However, in my house at the moment
there seem to be three different types. Some of wider holes, some
have narrower holes. On some, the two holes are farther apart than
others. I can only use some of them. Some are recessed, making it
difficult to plug large power bricks directly into the wall.
In most places, you can buy power strips with the correct wall plug.
The power strips usually have a variety of socket types making them
fairly universal. But they are usually made very cheaply, and it is
difficult sometimes to get a firm connection. Don't count on them to
provide any kind of surge protection.
Our group was also able to find plug adapters at the hotels and
electronic shops in Addis.
On 8/3/08, Göran Edström <minpri...@hotmail.com> wrote:
>
> - Hi David - Thanks for all the information - really useful to
> checking on Internet.. Which type is the most common..?Which types (what
> kind of four/six ways adapter) do I need to ensure that I can plug in
> myelectrical stuff (almost) everywhere..?
NeilJ
Aug 6, 2008, 4:36:07 AM8/6/08
to IT Volunteers in Ethiopia
(Almost) fool proof solution to the USB virus problem.
Copied from my post on VSOs Moodle system. I've been testing and
pushing out this fix in Nepal for the last couple of months. <grand
statement> I believe it has the potential to (virtually) eradicate the
spread of viruses via USB pendrive all over the world. </grand
statement>
Computers - USB Stick virus blocker
Type: Software
In developing countries the biggest spread of viruses is via USB
sticks (pen drives / memory sticks). They spread from internet cafes
to personal and work computers. And are spread from country to country
by backpackers / travellers etc.
The viruses spread through autorun.inf files on the pen drive that
copy the virus file + autorun.inf file to the computer which then
infects in the opposite direction any pen drives that are inserted. As
well as executing malicious code on the computer itself.
This file is a registry 'fix' that will prevent Windows (XP and Vista)
from executing autorun.inf files on all drives including C D E etc and
pen drives. Thereby stopping the virus from spreading. It is 100%
effective. The only way a pen drive virus can infect a computer is if
someone double clicks the virus exe file on an already infected pen
drive.
The (small in my opinion) downside is that CDs/DVDs/pen drive
applications will no longer run automatically when the media is
inserted. A small trade off I feel.
It must be stated that the computer is still vulnerable to email and
web based virus attacks so antivirus software should still be used.
The NoAutorun fix is a good second line of defence especially on
computers that aren't network / internet connected or that have
outdated or no antivirus software installed.
I have attached the fix in a Zip file as some systems will
prevent .reg files from downloading as a security precaution.
Simply download the Zip file then run the NoAutorun.reg file and click
YES to enter the information into the registry.
See following webpage for further info :-
http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html
Neil
Copied from my post on VSOs Moodle system. I've been testing and
pushing out this fix in Nepal for the last couple of months. <grand
statement> I believe it has the potential to (virtually) eradicate the
spread of viruses via USB pendrive all over the world. </grand
statement>
Computers - USB Stick virus blocker
Type: Software
In developing countries the biggest spread of viruses is via USB
sticks (pen drives / memory sticks). They spread from internet cafes
to personal and work computers. And are spread from country to country
by backpackers / travellers etc.
The viruses spread through autorun.inf files on the pen drive that
copy the virus file + autorun.inf file to the computer which then
infects in the opposite direction any pen drives that are inserted. As
well as executing malicious code on the computer itself.
This file is a registry 'fix' that will prevent Windows (XP and Vista)
from executing autorun.inf files on all drives including C D E etc and
pen drives. Thereby stopping the virus from spreading. It is 100%
effective. The only way a pen drive virus can infect a computer is if
someone double clicks the virus exe file on an already infected pen
drive.
The (small in my opinion) downside is that CDs/DVDs/pen drive
applications will no longer run automatically when the media is
inserted. A small trade off I feel.
It must be stated that the computer is still vulnerable to email and
web based virus attacks so antivirus software should still be used.
The NoAutorun fix is a good second line of defence especially on
computers that aren't network / internet connected or that have
outdated or no antivirus software installed.
I have attached the fix in a Zip file as some systems will
prevent .reg files from downloading as a security precaution.
Simply download the Zip file then run the NoAutorun.reg file and click
YES to enter the information into the registry.
See following webpage for further info :-
http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html
Neil
Goran Edstrom
Aug 6, 2008, 5:59:15 AM8/6/08
to it-volunteer...@googlegroups.com
- Hi -
Here is an alternative solution - a tiny piece of software that is very useful and powerful - including autorun options on all/specifik drives :-)
I have tested it on my own laptop and it works great.
--- Anfibia Deskman ---
Advanced Security
Full control over keys, mouse and critical system options: Taskbar, Control Panel...
Secure, Lock Desktops
Deskman allows you to lock down PCs and restrict access the way you want.
Simple Yet Powerful
One button configuration. Advanced, yet accessible, desktop security.
Main Features.
Computer Usage Restrictions
Desktop restrictions
Start Menu restrictions, configuration
Internet Explorer restrictions
Control Panel restriction
Taskbar restrictions
Windows Explorer restrictions
Advanced Desktop Security
Drive access protection
Disable USB drives
Disable Ctrl-Alt-Del (WinXP only)
Disable Alt-F4
Disable all Winkeys
Disable Task Manager hotkey
Disable any key combination
Disable any mouse button
Build a new, secure Start Menu (WinXP only)
Kiosk Mode
Autorun Options
Add new entries
Block new entries
Enforce programs: make sure a critical program will be always running.
Desktop Lockdown
One-button desktop protection
Password protection
Leave notes on the desktop
Lock workstation
Security Profiles
Defaulft profile: Basic Protection
Defaulft profile: Limited Access
Defaulft profile: Advanced Protection
Defaulft profile: Internet Explorer Protection
Defaulft profile: Kiosk Mode
Add your own profiles
Advanced Setup
User exceptions
Autologon
Silent installation available
User profiles for fast deployment
Import, export data file
Tight hotkey and password security system
No network connection required
http://www.anfibia-soft.com/products/deskman/
---------------------------------------------------
Best wishes
Goran Edstrom
¯'•.¸¸•´¯'•.¸¸.•´¯'•.¸ ><((((º>
Mobile (cell phone): +46 706 038080
Mailto: minpri...@hotmail.com
¯'•.¸¸•´¯'•.¸¸.•´¯'•.¸ ><((((º>
Mobile (cell phone): +46 706 038080
Mailto: minpri...@hotmail.com
> Date: Wed, 6 Aug 2008 01:36:07 -0700
> Subject: [it-volunteers-in-ethiopia] Re: Computer Viruses in Ethiopia
> From: bobz...@gmail.com
> To: it-volunteer...@googlegroups.com
> Subject: [it-volunteers-in-ethiopia] Re: Computer Viruses in Ethiopia
> From: bobz...@gmail.com
> To: it-volunteer...@googlegroups.com
David Aldacushion
Aug 6, 2008, 7:04:40 AM8/6/08
to it-volunteer...@googlegroups.com
Thanks. I found the NoAutoRun solution a while back and have used it
on many computers. However, one weakness is that it still allows
users to click on and run other .exe files that the viruses place on
the flash drives. For instance, one very common virus will do things
like mark all the folders on the USB drive as hidden system folders,
making them invisible. It will then add a bunch of exe files named
the same as the hidden folders in order to trick the user into running
them.
Does anyone know of an easy way (perhaps through a registry setting
like the NoAutoRun fix) to single out USB drives and block the running
of all executables on them?
Thanks,
David
On 8/6/08, Goran Edstrom <minpri...@hotmail.com> wrote:
>
> - Hi -
>
> Here is an alternative solution - a tiny piece of software that is very
> useful and powerful - including autorun options on all/specifik drives :-)
> I have tested it on my own laptop and it works great.
>
>
>
> --- Anfibia Deskman ---
>
> Advanced SecurityFull control over keys, mouse and critical system options:
> Taskbar, Control Panel...Secure, Lock DesktopsDeskman allows you to lock
> down PCs and restrict access the way you want.Simple Yet PowerfulOne button
> workstationSecurity Profiles Defaulft profile: Basic Protection Defaulft
on many computers. However, one weakness is that it still allows
users to click on and run other .exe files that the viruses place on
the flash drives. For instance, one very common virus will do things
like mark all the folders on the USB drive as hidden system folders,
making them invisible. It will then add a bunch of exe files named
the same as the hidden folders in order to trick the user into running
them.
Does anyone know of an easy way (perhaps through a registry setting
like the NoAutoRun fix) to single out USB drives and block the running
of all executables on them?
Thanks,
David
On 8/6/08, Goran Edstrom <minpri...@hotmail.com> wrote:
>
> - Hi -
>
> Here is an alternative solution - a tiny piece of software that is very
> useful and powerful - including autorun options on all/specifik drives :-)
> I have tested it on my own laptop and it works great.
>
>
>
> --- Anfibia Deskman ---
>
> Taskbar, Control Panel...Secure, Lock DesktopsDeskman allows you to lock
> down PCs and restrict access the way you want.Simple Yet PowerfulOne button
> configuration. Advanced, yet accessible, desktop security.Main
> Features.Computer Usage RestrictionsDesktop restrictions Start Menu
> restrictions, configurationInternet Explorer restrictions Control Panel
> Features.Computer Usage RestrictionsDesktop restrictions Start Menu
> restriction Taskbar restrictions Windows Explorer restrictionsAdvanced
> Desktop Security Drive access protection Disable USB drives Disable
> Ctrl-Alt-Del (WinXP only) Disable Alt-F4 Disable all Winkeys Disable Task
> Manager hotkey Disable any key combination Disable any mouse button Build a
> new, secure Start Menu (WinXP only) Kiosk ModeAutorun Options Add new
> Desktop Security Drive access protection Disable USB drives Disable
> Ctrl-Alt-Del (WinXP only) Disable Alt-F4 Disable all Winkeys Disable Task
> Manager hotkey Disable any key combination Disable any mouse button Build a
> entries Block new entries Enforce programs: make sure a critical program
> will be always running.Desktop Lockdown One-button desktop
> protectionPassword protection Leave notes on the desktop Lock
> will be always running.Desktop Lockdown One-button desktop
> workstationSecurity Profiles Defaulft profile: Basic Protection Defaulft
> profile: Limited Access Defaulft profile: Advanced Protection Defaulft
> profile: Internet Explorer Protection Defaulft profile: Kiosk Mode Add your
> own profilesAdvanced Setup User exceptions Autologon Silent installation
> profile: Internet Explorer Protection Defaulft profile: Kiosk Mode Add your
> available User profiles for fast deployment Import, export data file Tight
> hotkey and password security system No network connection required
> http://www.anfibia-soft.com/products/deskman/
>
> ---------------------------------------------------
>
>
> Best wishes
>
>
>
>
>
> Goran Edstrom ¯'•.¸¸•´¯'•.¸¸.•´¯'•.¸ ><((((º>Mobile (cell phone): +46 706
> 038080Mailto: minpri...@hotmail.com> Date: Wed, 6 Aug 2008 01:36:07
> hotkey and password security system No network connection required
> http://www.anfibia-soft.com/products/deskman/
>
> ---------------------------------------------------
>
>
> Best wishes
>
>
>
>
>
> Goran Edstrom ¯'•.¸¸•´¯'•.¸¸.•´¯'•.¸ ><((((º>Mobile (cell phone): +46 706
woodyinafrica
Aug 23, 2008, 7:18:20 PM8/23/08
to IT Volunteers in Ethiopia
You need to use USB Drive Letter Manager from here -
http://www.uwe-sieber.de/usbdlm_e.html - this tool lets you assign a
specific drive letter to a memory stick.
Then use a group policy to denty certain files from running e.g. exe
vbs com ....
Surely the biggest question for everyone is how will we all cope
without Google on Broadband!
http://www.uwe-sieber.de/usbdlm_e.html - this tool lets you assign a
specific drive letter to a memory stick.
Then use a group policy to denty certain files from running e.g. exe
vbs com ....
Surely the biggest question for everyone is how will we all cope
without Google on Broadband!
Emmadw
Aug 31, 2008, 12:25:16 PM8/31/08
to IT Volunteers in Ethiopia
On Aug 24, 12:18 am, woodyinafrica <woodyinafr...@hotmail.co.uk>
wrote:
> You need to use USB Drive Letter Manager from here -http://www.uwe-sieber.de/usbdlm_e.html- this tool lets you assign a
use PortableApps on a USB stick - then they could have a problem.
With limited computers, and no networks, I'd think that PortableApps
is a good way to ensure that a single user has access to the software
that they're used to, regardless of machine they're on.
Emma
(Not going to Ethiopia ... got here from the VSO Community)
wrote:
> You need to use USB Drive Letter Manager from here -http://www.uwe-sieber.de/usbdlm_e.html- this tool lets you assign a
> specific drive letter to a memory stick.
> Then use a group policy to denty certain files from running e.g. exe
> vbs com ....
>
> Surely the biggest question for everyone is how will we all cope
> without Google on Broadband!
The main drawback of that, of course, is that if people are wanting to
> Then use a group policy to denty certain files from running e.g. exe
> vbs com ....
>
> Surely the biggest question for everyone is how will we all cope
> without Google on Broadband!
use PortableApps on a USB stick - then they could have a problem.
With limited computers, and no networks, I'd think that PortableApps
is a good way to ensure that a single user has access to the software
that they're used to, regardless of machine they're on.
Emma
(Not going to Ethiopia ... got here from the VSO Community)
Reply all
Reply to author
Forward
0 new messages