Slashdot Mirror

You need advanced trojan detection to fully eliminate malware. You need Trojan Hunter as well as Trend Micro Housecall in addition to Spybot and Adaware. At the Trend Micro site, be sure to choose the complete scan. Also, you may have to run Trojan Hunter in Safe Mode along with Adware and possibly Spybot. It depends how much malware is left over after the scan. Some of it might not be able to be removed unless you boot into safe mode. If you run less than those four programs, you will probably miss some malware. I'm saying that from my own experience. The four programs essentially compensate for one another.

Friday night I experienced the same thing. All of a sudden, my CPU usage pegged at 99% and could barely do anything. Any programs/windows I launched either took a very long time to execute, if at all. It took me a while to figure out what went wrong. After messing around with the services (services.msc), I figured out it was pc-cillin. I just disabled all of the services associated with the program and rebooted. Everything came up fine afterwards and I just did a uninstall/reinstall and now my machine is happily chugging along!

Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.

Infected file: C:\Documents and Settings\----\Local Settings\Temporary Internet Files\Content.IE5\BJLJ35CW\JS[1].htm

Virus name: JS_FORTNIGHT

User name: ----

Scan action result: Unable to clean infected file. The file was quarantined.

Thanks again /. for testing my antivirus

" Yes, and lots of older worms won't work on WinXP or 2k."

But the number of those older worms is VASTLY exceeded by the number of new, 2k/xp specific ones. VASTLY.

"Win2k and XP got rid of a lot of problems for people by leaving the 9x series kernel in hell."

They got rid of a few problems but managed to introduce hundreds more.

Have you ever used a patched, upgraded 98se/lite box? I got six months of uptime before the power went out.

I'll make you a deal. You take two boxes, put 98se/lite UNPATCHED on one, and XP UNPATCHED on the other, put 'em both on a broadband internet connection and you tell me which one gets infected inside 15 minutes. Hint: it won't be 98se/lite.

Hmm maybe this will help you...

http://www.trendmicro.com/vinfo/virusencyclo/alpha listing.asp?NAV=42&ltr=E

Gee... why patch inferior with something worse? Try this antivirus solution instead.

I am sorry that I cannot reccomend any free virus scanners. The *only* virus scanner that I ever reccomend to anyone now is TrendMicro. After working with it for a while now, I almost refuse to fix problems with McAfee and Norton. Both of them drastically slow down a computer, and both of them miss viruses that TM finds regularly.

If you'd like to see it in action, go to Trendmicro.com/download and click on "Damage Cleanup Engine", download "sysclean", then go back and click on "Virus Pattern File" and download the latest (currently lpt335.zip). Unzip this into the same directory as sysclean and run it.

This solution won't stay in memory and scan everything that accesses your computer or HDD, but it will find viruses if you have any.

~Will

I just cleaned up something called Wintools for IE. Among other things, it reinstalls itself if you try and remove it, and runs partially as a Windows service named "Wintools for IE Service".

Additionally this machine had some IE toolbars.
Here's my top 10 list of viruses/adware as detected by Trend Antivirus. As you can see, we're pretty much "virus" free, though the spyware viruses are rampant.

1. ADW_HUNTBAR.A
2. ADW_ENVOLO.A
3. ADW_EZULA.A
4. ADW_WINSTOOL.B
5. SPYW_KEENVAL.A
6. ADW_SAHAGENT.B
7. SPYW_BISPY.A
8. ADW_BINET.A
9. ADW_SAVENOW.A
10. ADW_SAHAGENT.A

If you search here you can see what toolbars or other nonesense those infections come from. The vast majority of those infections are on PCs on which users have no special rights at all.

I was at a conference about 4 months ago, and a representative from Trend Micro was there. He stated that they already have implemented some spyware detection in their Enterprise Desktop Product, and they were going to be focusing more on it in the near future. Of course, those guys will tell you anything to get a sale, but it might be worth checking out.

Get AdAware SpyBot S&D, and my favorite flavor of anti-virus/firewall Trend Micro Pc-Cillin I'm too lazy to make a user account to post this once. - Nate MC

but it would be relevant to add antivirus software. Using Windows without is dangerous.

Oh really? With a Windows PC, an Internet connection, and IE, anybody can visit Housecall for a weekly overnight virus scan for no extra charge.

yeah, yeah, i'm sorry, you're sorry, everybody's sorry... quit blaming your users. that aside, i think this article is a little more proof that anti-virus programs like norton, are ineffective these days. the way they function needs to be re-thought badly. i hope to see the cost of devices like this one come down to more consumer friendly levels in the future. anyone have any ideas on how anti-virus can be improved?

As long as the machine can boot from CD, it'll work.

And with security being the issue it is, watch Internet cafes disable booting from the CD drive. And watch your friend not let you power down her machine while she's running Housecall, doing a big download, or just trying to prove that Windows can stay up for longer than 49 days.

how would you know [that you've been virus free without installing antivirus software]?

Periodically launching IE (after having firewalled it to connect only to microsoft.com and trendmicro.com) and going to Trend Micro's HouseCall site will tell you whether you have a virus on your machine, and you don't even need to pay for virus definition updates. Run a HouseCall scan overnight once a week (put something in Scheduled Tasks to remind you), and you'll be able to tell Windows XP SP2's security wizard the truth that you are already taking antivirus measures without having to shell out for Norton.

Use a hardware router that filters out *ALL* unsolicited incoming internet connections. This should 'hide' your computer from others while on the internet. In addition, use a software firewall program such as Outpost.

Install an antivirus program such as AVG and keep it constantly up-to-date.

'Harden IE' by disabling ActiveX, Java, and Javascript. No more IE 0wnage!

Delete/rename the Windows Scripting Host. No more 0wnage via VBScript!

By doing all of the above, it should now be safe to use Outlook (Express) to check your email and not get 0wned by some email-based exploit. Be on the lookout for spam (FREE V14gr4!!!), phish (id theft attempts), fraud (Nigerian advanced fee fraud), and malware (the latest Wintel/OE mass-mailing-virus). To avoid running emailed malware by accident, consider using my approach which renders known and unknown emailed malware 'inert' and safe to handle provided the system hasn't been compromised first.

yes it is true. Have you seen the program with the tools, such as the hammer, flamethrower, ants, etc. Also the program that flips your screen upside down and the "game" that looks like it is deleting your hard drive? These are the "joke" programs it is talking about. housecall http://housecall.trendmicro.com/ will detect those "joke" programs also.

Trend Micro Analysis

• It has 6 paths of infection: 5 vulnerabilities (as above) plus open shares
• It attempts to steal CD keys for some games.
• It installs a network sniffer
• It has an interface with 26 commands that the bad guys can use on an 0wned box
• It can log keystrokes

Network Propagation and Exploits

This worm takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows XP systems, which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised. Read more on this vulnerability from the following link:

Microsoft Security Bulletin MS03-026

It also takes advantage of the Buffer Overflow in SQL Server 2000 vulnerability. Read more on this vulnerability from the following link:

Microsoft Security Bulletin MS02-061

This worm also exploits the IIS5/WEBDAV buffer overrun vulnerability affecting Windows NT platforms, which enables arbitrary codes to execute on the server. The following link offers more information from Microsoft about this vulnerability:

Microsoft Security Bulletin MS03-007

It also exploits the Windows LSASS vulnerability. This is a buffer overrun vulnerability that allows remote code execution. Once successfully exploited, a remote attacker is able to gain full control of the affected system. For more information about this vulnerability, refer to the following Microsoft Web site:

Microsoft Security Bulletin MS04-011

• Admin$\system32
• C$\windows\system32
• C$\winnt\system32
• Ipc$

-puTTY - terminals should be available on any Unix-ish or Mac-ish comp., but in case you're in an Apple store (where Terminal is locked off), maybe a Mac SSH client, too

-Firefox - shameless self-promotion: here's my quick, easy, robust way of getting Firefox to work on a USB drive: Firefox@York. Note that this not only allows you to have extensions (which some portability how-tos don't), but you can use the same profile for the Mac, Windows and Unix versions of Firefox (diff binaries, same profile).

-Adaware and Spybot. Maybe a ClamAV or AVG installer

-Useful links - I have Trend Micro's "House Call" online virus scan, Windows Update, www.whatsmyip.com, etc.

-Perhaps a POP3 or IMAP client like Thunderbird? Or even a full-fledged PIM, depending on size

-A list of CD keys for all your software

The next thing to go on my drive will be Open Office. Only one binary (I think), since it's Java-based, but getting it down to size and getting it to understand that it's on a portable drive will be the challenges.

"Worm solutions are an all-or-nothing thing. If your worm defense is going to work and work evidently, so your CEO doesn't notice, it can't be piecemeal or incremental,"

-- Tom Ptacek, product manager at Arbor Networks of Lexington, Massachusetts, a network security technology company.

Also, Bill G. recognizes that the medium itself is but the vessel. What goes in the vessel is the future. MS wants to sell you the server OS that gives MS content (Office and other apps) to a MS desktop, all bundled nicely together with Longhorn and the ability to ship sandboxed code over the 'net.

Let's not forget the reason we all moved to webapps in the first place: single distribution that updates for everyone at once. No more multiple versions and testing on all sorts of configurations. The next version will be the single one they keep on the server, and the configuration will be the IE web browser.

MS Office over the internet will succeed where the Java Web Start failed. Soon to follow will be the anti-virus guys, because it's already here and I'm sure TrendMicro would also like to dump the development costs of a desktop client for an all web one.

This one is a good call by MS.

Secure IE against ActiveX/JavaScript/VBScript/IFRAME exploits

Stop the 'unblockable' Messenger service

To further minimize the possibility of malware invading your system, use antivirus and firewall products. I use:

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

Filter spam/malware out of your email. I use CF13-POP3(TM). It is a freeware program I wrote to crush the email spam/malware menace. It is very effective.

A companion shareware program I wrote at the above URL is an all-in-one software mail server that makes it pratically impossible to accept and deliver email spam/malware.

Secure IE against ActiveX/JavaScript/VBScript/IFRAME exploits

Stop the 'unblockable' Messenger service

To further minimize the possibility of malware invading your system, use antivirus and firewall products. I use:

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

Filter spam/malware out of your email. I use CF13-POP3(TM). It is a freeware program I wrote to crush the email spam/malware menace. It is very effective.

A companion shareware program I wrote at the above URL is an all-in-one software mail server that makes it pratically impossible to accept and deliver email spam/malware.

Secure IE against ActiveX/JavaScript/VBScript/IFRAME exploits

Stop the 'unblockable' Messenger service

To further minimize the possibility of malware invading your system, use antivirus and firewall products. I use:

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

Filter spam/malware out of your email. I use CF13-POP3(TM). It is a freeware program I wrote to crush the email spam/malware menace. It is very effective.

A companion shareware program I wrote at the above URL is an all-in-one software mail server that makes it pratically impossible to accept and deliver email spam/malware.

The whole "three out of five machines failed to come back up" after installing SP2 RC2 should not frighten you from trying it.

The original article said quit clearly that the problem they had was that they'd get a bluescreen and "A message stated that 'winserv' was missing."

What the article didn't say was what "winserv" actually is. It's not part of Windows. In fact, it is spyware. Plain and simple.

So the problem, then, with Windows XP SP2 RC2 is that it doesn't work when the operating system has been corrupted beyond repair by spyware that hooks into various DLLs and services in an attempt to prevent itself from being uninstalled.

And then they only accept payment via PayPal. So you have no legal recourse when they take your money and disappear.

And their product description looks like a whole pile of feel-good platitudes with absolutely no technical content whatsoever. Their FAQ goes on at great length about how styli are evil, but the site says absolutely nothing about how you enter text into the thing. My guess is that you can't. Assuming the device exists at all, you probably can only enter text while it's docked to a real computer - making it completely useless for everything I rely on my Palm PDA for.

Seven processors and a custom OS? <SARCASM>And if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop - which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late.</SARCASM>

Click here before replying that you don't get the joke.

Great story, but unfortunately it's a hoax.

Jolyon

Simple really, just periodically run a free online scan from sites such as Trend Micro (java plugin required) to detect for virii.
No need to shell out for a copy and subscription to the latest Norton 200x.

While not protecting you from contracting one, this will certainly let you know if you have a virus and will clean it for you if you do.

Bravo, but you missed on one detail.

To download the Sasser worm, please open Outlook Express or Outlook 2000/XP and execute any attachements you have recieved from unknown senders.

Sasser exploits a buffer overflow, not naive/stupid email users. Trend Micro page:
This worm is known to exploit the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.

A tool that I use quite often seems to go ignored time and time again.

Trend Micro Damage Cleanup is a free after-the-fact cleanup tool that will fix just about any virus (As long as the pattern file is downloaded...) It scans drives, registry, etc. The only drawback is that it's quite large (The pattern file is ~8.5MB and the Scanner is ~1.6MB).

It blows Norton's one-fix-per-virus tools away, except from a portability standpoint. Also helps make sure you don't leave other viruses behind. (Did I run the Netsky.QZX removal tool, but not the Netsky.ZZB one?)

Yesterday it found 530 copies of Agobot (3 Variants) and Sasser.B on one person's PC.

About two years ago I download a shareware program from a particular website.

After that, my PC acted sluggishly after I installed the program and whenever I when online.

I finally found out my PC had picked up the Klez virus and that a bunch of .exe files were infected with it.

After this incident, after disinfecting my PC, I took PC security very seriously!

I found the URLs below very helpful to keep my PC free of all malware:

The 'Home User Self Defense Guides' at http://www.uksecurityonline.com
(Thanks to spammers/crackers/blackhats, you have get a free account with a valid email address in order to access the Guides.)

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

My program CF13 keeps malware out of my PC by treating all email file attachments as 'text files'. This renders any malware in them inert and also makes it safe to scan said files for malware or otherwise handle them--even delete them.

The only way the botnets will continue to survive is through user inertia/apathy or, worse yet, trusted firewall/antivirus programs become silently compromised and used widely.

About two years ago I download a shareware program from a particular website.

After that, my PC acted sluggishly after I installed the program and whenever I when online.

I finally found out my PC had picked up the Klez virus and that a bunch of .exe files were infected with it.

After this incident, after disinfecting my PC, I took PC security very seriously!

I found the URLs below very helpful to keep my PC free of all malware:

The 'Home User Self Defense Guides' at http://www.uksecurityonline.com
(Thanks to spammers/crackers/blackhats, you have get a free account with a valid email address in order to access the Guides.)

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

My program CF13 keeps malware out of my PC by treating all email file attachments as 'text files'. This renders any malware in them inert and also makes it safe to scan said files for malware or otherwise handle them--even delete them.

The only way the botnets will continue to survive is through user inertia/apathy or, worse yet, trusted firewall/antivirus programs become silently compromised and used widely.

About two years ago I download a shareware program from a particular website.

After that, my PC acted sluggishly after I installed the program and whenever I when online.

I finally found out my PC had picked up the Klez virus and that a bunch of .exe files were infected with it.

After this incident, after disinfecting my PC, I took PC security very seriously!

I found the URLs below very helpful to keep my PC free of all malware:

The 'Home User Self Defense Guides' at http://www.uksecurityonline.com
(Thanks to spammers/crackers/blackhats, you have get a free account with a valid email address in order to access the Guides.)

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

My program CF13 keeps malware out of my PC by treating all email file attachments as 'text files'. This renders any malware in them inert and also makes it safe to scan said files for malware or otherwise handle them--even delete them.

The only way the botnets will continue to survive is through user inertia/apathy or, worse yet, trusted firewall/antivirus programs become silently compromised and used widely.

Because Slashdot wasn't when I submitted my site as a newsworthy article some time ago.

In a nutshell, my program, CF13 uses a number of simple, non-mathematic, pattern-matching tests to make it virtually impossible to get English language spam past it. These tests do not require the overhead associated with Bayesian Filtering and its ilk.

I think the key feature to it is to treat as spam all email from unapproved senders that contain more than 'spaces' and alphabetic charaters.

This simple but powerful feature makes it IMPOSSIBLE to conveniently spell email addresses, URLs, postal addresses, prices, and phone numbers. These items are neccessary for e-commerce to take place. Without them, e-commerce is IMPOSSIBLE or at least extremely difficult to conduct. It also treats as spam email containing 'non-ASCII' characters. I have gotten quite a few such emails at another email address I use infrequently--all spam (sales pitches in foreign languages).

As an added benefit, CF13 makes it 100% IMPOSSIBLE to accidentally run malware sent by email provided a particular registry setting has not been compromised. It does this by treating all email and file attachments as 'text files' that can be scanned for malware and handeled safely. Thus, one's PC CANNOT be compromised by a malicious malware HTML webpage or worm/virus/trojan email file attachment.

It also detects 'mailbombing' and handles it a manner that makes it easy to clean up afterwards.

It is probably best to fight spam at the SMTP server level but I have heard it is best to fight spam at the end user level. Both approaches have their advantages and disadvantages so this issue appears to me to be a toss-up for the time being....

Amen, brother!

I honestly don't know the answer. Ignorance? Stupidity? A false sense of security? All of the above, possibly.

I deal with this every day at work. We have about 40 computers, all protected by Symantec's corporate edition, and this setup usually works. However, after all the worms and viruses that we see, and after all the times I've talked to people about it, I still see people opening infected attachments, then, when I tell them they've been infected, saying, "I don't think so. I didn't see it do anything." My response is, "Yes, it did something. Just because you didn't see anything doesn't mean it didn't. I'll be up there in a minute to clean it up." Then, I lose a half hour of my workday dealing with scanning their system to make sure Symantec stopped whatever it was they ran and telling them once again not to open every e-mail they get, and if they're not sure about something they receive, then, for God's sake, call me and ask before they do anything with it.

I think I want to hold an office-wide meeting on this stuff. Need to run that by the Administrator...

But anyway, there are some good, free resources out there that I think everyone ought to be using.

For quick scans and cleanups of computers without any AV app installed, I like Trend Micro's free scanner at http://housecall.trendmicro.com.

For a free AV program, you can't beat AVG Anti-Virus, available at http://www.grisoft.com.

For firewall software, ZoneAlarm still does the trick nicely. http://www.zonelab.com I just wish they didn't go through such great effort to make the free download hard to get at. I wonder if Real designed their site.

And we can't forget Microsoft in all this. One of the best things they've done lately is to finally get somewhat on the ball with their Windows security site at http://www.microsoft.com/security/protect. You can even get free or discounted AV software by following links in the section on antivirus software. And the free Windows Security Update CD is a must-have for anyone who has to mess with computers owned by the, shall we say, less informed among us.

Finally, and this is the thing that is really starting to piss me off, we have way too many ISPs out there who don't seem to give two shits about getting infected PCs off their networks after they've been reported to them numerous times. How hard is it to call a customer who's been reported, tell them they're infected, and tell them they have 24 hours to clean it up, and if they get another report after then, the connection will be shut off? But I guess that would negatively impact the bottom line, and we can't have that.

Second quarter sales were just under 100 million USD last year...

In other news, Trend Micro predicts stocks to rise due to increased demandfor it's products and services as a direct result of increased virus activity.

Yawn.

Wopps, typo in the link (though it's the first hit): Trend Micro: PE_BAGLE.Q - Description and solution.

Perhaps it wouldn't have been such a problem if Eolas had succeeded in making Microsoft and others drop it from their browsers. Thanks, USPTO :)

FYI, I am posting AC for a reason. The company I work for does roll-outs and tech support for small cable companies. Scripts are in place to automatically deactivate accounts with high upload/download bandwidth (meaning trojan p2p programs) and techs monitor e-mail usage. Problem with an account? Notify account holder and de-activate account. If the account holder can't be notified, the account is de-activated anyways.

It's time people start taking responsibility for their actions when using a computer. Computers need to be patched frequently with Windows Update. AntiVirus programs such as Norton Antivirus, Mcafee VirusScan, or Trend Micro PC-Cillin (my personal favorite) are needed with updates and scans run, at the very least, weekly. Computers also need anti-trojan programs such as The Cleaner and anti-spyware programs such as Spybot Search & Destroy and Adaware. Even go as far not to use the default Internet programs, Internet Explorer and Outlook Express. Instead, use free, open source programs such as Mozilla Firefox (browser) and Thunderbird (e-mail).

Naturally, the majority of people on /. know this, but we need to spread the word.

Screw stupid users. There is a perfectly excellent Free antivirus solution on the net, its Trend Micro's Housecall.

And of course, there are the favorites, McAfee and Symantec, but although it appears that these stupid people would be too stupid to update their definitions, and wouldn't benefit from McAfee and Symantec without those updates (in fact, these stupid stupid people would probably feel a false sense of security). Therefore, a once a month check at Trend Micro would be better than these solutions because they don't have to check the virus definition dates, update it themselves, etc.

And of course, these stupid stupid people should stop opening up mail from unknown senders, should stop trusting Microsoft and should buy a goddamn router!

Trend Micro Housecall: $Free, Linksys Router: $50, not pissing off every technically competent person they bring their stupid problems to: $Priceless

This is a very bad idea! The best source for antivirus and spyware-removal software is on the internet. To me, it looks like they're burring the problem instead of fixing it.
Now, here's my humble suggestion for a better solution. If a PC is identified as a compromised machine, it's added to a pool of machines that all gets a special IP and special DNS servers (I assume they run DHCP - if they don't they should). Now, the new DNS servers resolve all addresses to a special page dedicated to downloading anti-spyware and virus checkers. Maybe even an online scanner like housecall. So, when Joe Luser fires up his web browser, he reaches this page no matter what he types. Once he's machine is cleaned, he will be removed from the compromised pool.

• Trend Micro Damage Cleanup - Free, Effective at catching a multitude of viruses and malware (Detects some spyware as trojans or adware)
• Spybot Search & Destroy
• Ad-Aware
• CWShredder - Kills CoolWebSearch variants
• HijackThis! - Powerful general tool for cleaning up what the others miss
• LSPFix - to fix broken LSPs that interfere with Windows' TCP/IP stack

Right, I mean, all you really have to do to get new defs/engine is to look for them. For example:

Today's McAfee Definitions
Today's Symantec (Norton) Definitions
Today's TrendMicro Antivirus Definitions

All these are available free from the vendor along with engine updates (and I found them all in five minutes using just a search engine). The suckers paying $20 a year are actually just paying for their app's "LiveUpdate" or similar feature to work, when they could either use a non-broken, older version, or grab the definitions every week or so off the vendor's website.

All revenue brought in by the subscriptions is simply a tax on laziness. Well, except it's paid to those companies instead of the government. You know what I mean.

Here has most of the answers you seek. It opens up a port to allow someone to hijack the system, and if the date on the system is Feb. 1 then it attacks. So it is possible SCO could recieve a few attacks from people with their dates wrong.

Not just a proxy, a backdoor.

Info here.

It would seem that the real goal is to show how many people are stupid enough to still click on attachments when they have no idea what the fuck they are.

2. Offer different proxies with multiple levels of popup/junk filtering that your savvy customers can opt-into.

3. Send out a CD with free versions of Ad-Aware, Spybot S&D, and so on. Or point them to links like the online version of X-Cleaner or one of many online virus scans.

4. You could also be a real saint and figure out how to put most of the important Windows Updates on CD for your dial-up users and have it automatically do its thang. At a minimum, the Service Packs and Security Rollups will make you their hero.

5. ???
6. Profit!!!

We know there isn't a quick fix solution, but 1 and 2 are eminently doable. I personally use a proggie called AdMuncher(.com) and since Dec. 25th its blocked 13,100 ads/popups/etc and supposedly saved me around 102MB of bandwidth. It ain't free, but goddamn its good (and only 157K).

In case you haven't found out about this already, this is the latest version of the mimail trojan. (mimail.i). You can read more about this at Trend Micro.

Although others have said Mozilla as a web browser, I feel that it's too bloated and slow. Try K-Meleon or Opera instead.
CDEx is a great open-source program for ripping your legally-owned CD-audio tracks. Rip them to OGG and feel your 1337ness potential expand.
Try using ZINF instead of WinAmp (bloatware ... I haven't cared for WinAmp since early 2.x) for your sound-playing abilities. The skinning abilites are also a lot better on ZINF, plus it supports more formats than WinAmp does.
If you're not looking at getting the entire OpenOffice.org suite, you can get just AbiWord, which is a great word-processing program. OpenOffice.org, however, is really full-featured and I would say almost a must.
People have already mentioned the free anti-virus software from AVG, but it doesn't hurt to have backups, such as the free online scan from Trend Micro.
As someone else also mentioned, ZoneAlarm is also a great thing to have.
Trillian and/or GAIM are great instant-messaging.

Taking a look through SourceForge and Pricelessware are great places to go and explore on your own as well.