 sj |
||
|
||
Tech: ISP Says I have a virus
|
|
|
|||||||
|
Tech: ISP Says I have a virus |
Share Thread
|
||||||
|
Subject: RE: Tech: ISP Says I have a virus From: GUEST,Jon Date: 18 Jul 04 - 07:24 AM (no email accounts that is. OE was installed) |
|
Subject: RE: Tech: ISP Says I have a virus From: GUEST,Jon Date: 18 Jul 04 - 07:22 AM It can happen quite easily Sorcha. I had to re-install Windows on my PC after installing an ADSL driver got me in a state where Windows would not re-boot no matter what I tried. I tried to get other things working before installing my AV software and firewall. Something happened within the space of what at most can have only been 4 hrs. I became aware of a lot of modem activity and that when I switched the modem off, I was getting loads of 'redail' messages to enable sending stuff to all over the place. Whatever it was (and it can't have been something picked up from an email as I had no email set up - I was hacked in some way) also prevented me from installing my AV software. I ended up with a 2nd re-install of the lot. This time round 1st thing I put on was AV and I got a firewall running and downloaded all MS "critical updates" ASAP. I think the lesson learned is that you don't want to be leaving yourself unprotected even for minutes. There are swine out there who will get you if they can. Jon |
|
Subject: RE: Tech: ISP Says I have a virus From: Louie Roy Date: 17 Jul 04 - 11:16 AM Sorsha if you have a complete backup of your system prior to getting this message dump everything on your PC and reload your backup and this should clear it up then change your email address.Louie Roy |
|
Subject: RE: Tech: ISP Says I have a virus From: GUEST,leeneia Date: 16 Jul 04 - 02:31 PM John, I just want to say that you are so knowledgeable and helpful here on the Mudcat. Thanks for the effort you go to in helping people. |
|
Subject: RE: Tech: ISP Says I have a virus From: JohnInKansas Date: 15 Jul 04 - 07:52 PM Sorch - The BRS (big red switch) is a pretty foolproof AV, at least for temporary use. When you turn back on, you may want to make notes on which files the AV found infected and what virus got into each of them, before you delete, in case you need to look up specifics during cleanup. The infected files don't always tell which virus is involved; but the more you know, the easier it is to work through things. John |
|
Subject: RE: Tech: ISP Says I have a virus From: Sorcha Date: 15 Jul 04 - 07:40 PM John, I have done all of the above except turn off System Restore and in order to do that, I would have to boot his machine,and I don't want to do that. As long as it's shut down and off line, I don't see how it can cause problems. |
|
Subject: RE: Tech: ISP Says I have a virus From: artbrooks Date: 15 Jul 04 - 07:30 PM Sorcha, for what its worth, I'm in your address book (I think), and I haven't gotten any spam from your address. |
|
Subject: RE: Tech: ISP Says I have a virus From: JohnInKansas Date: 15 Jul 04 - 07:06 PM If your ISP says that your machine has been mailing SPAM, you may have more than a virus. A virus is that little malicious program that gets onto your machine without your permission. Every virus has a "payload" of some sort. In the old days (a few months ago) you could assume that deleting the virus would clean things up. THAT IS NO LONGER TRUE. The "payload" carried by a number of recent "infecting agents" has been "downloader scripts" that connect you to a malicious website, where other programs may be downloaded to your machine. Since the "downloader" has to trick your machine (and your AV) into thinking you've given permission for the download, your AV does not generally recognize these downloaded routines as a virus - and in fact they are not, according to normal definitions. The majority of the most noted recent "downloaders" have attempted to put spyware, frequently keystroke loggers, on the machines they attack. A few have been used to create "open server" connections that a "spammer" can use to relay junk, making it appear that it originated from your machine. Once the original download script has executed and put the program on your machine, removing the virus will NOT NECESSARILY remove the malicious program(s). Most of the recently observed ones can be found by antispyware programs like Spybot and/or AdAware, although a few have been found that are not detected by any commonly available "general purpose" antispyware program. Your ISP informed you that you have a virus, because that's what gets peoples attention. In all probability, the only information your ISP has is that SPAM email has been coming from your machine. Your ISP has no way of knowing which of several "programs" is controlling your machine, or of knowing which of several viruses were used to get the program on your machine. While it is remotely possible that someone has just faked your address, with currently extant malware it is quite likely that your machine has been taken over and is being actually used as a relay server to send the spam. The first, and MANDATORY step in getting things cleaned up is to TURN OFF SYSTEM RESTORE if you are using a Windows version that has it. I frankly don't know whether that's a feature of WinME that I believe Sorcha was using last October, and I don't know what system is on his. If you leave System Restore turned on, the next time your reboot it may restore any Registry entries that have "disappeared," which may reinstall the virus and any other malware you've attempted to remove. Turning off System Restore will DELETE all old copies of your Registry that may contain infections or that may call infected or malicious programs. The second step is to go to any major AV website and get a good scan for viruses, and make sure that they get removed. Infected files that can't be deleted because they're "in use" can often be terminated using Task Manager in recent Win versions, after which the files can be deleted; but it may be difficult to tell which "process" is using a given file. In any Win version, you should be able to use a Safe Mode boot to delete the files. After you have cleared VIRUS infected files, you should check for Spyware programs, using AdAware AND Spybot, and/or any of the other good programs. IF THERE ARE STILL problems, the only good recourse is to use Task Manager to see what processes are running, and work through them to eliminate any that shouldn't be there. This will probably require EXPERT assistance that you will not find at mudcat. There have been no significant numbers of reports of such infections for people who keep their Windows updates current, who keep their AV signatures current, and who ALWAYS run a good AV - but you might always be the exception, since there are new kinds of malware daily. John |
|
Subject: RE: Tech: ISP Says I have a virus From: Stilly River Sage Date: 15 Jul 04 - 05:24 PM Visit Symantec's Security Response and let them scan the machine. If you're getting the message that these things are "in use" then you can pretty well figure that they're busy with malicious activity. See if Norton can repair or quarantine the programs or files. You might have to open the computer in the "Safe Mode" in order to delete the files that are the problem. If you're not sure about what is on them and think they are repairable (but you should have a backup so these can be deep-sixed) then burn them to a CD and delete them from the machine. Look at them carefully later, only after the virus has been removed or disabled, and only if by looking at the titles of the files you think it's worth the risk. SRS |
|
Subject: RE: Tech: ISP Says I have a virus From: Clinton Hammond Date: 15 Jul 04 - 04:18 PM When you run ANY v-scanner it's a good idea to close ALL the other programs.... |
|
Subject: RE: Tech: ISP Says I have a virus From: Sorcha Date: 15 Jul 04 - 03:12 PM OK, used housecall on his machine....(it's his anti virus that I can't get into). Found 30 infected files....un cleanable, and it won't let me delete any of them because they are 'in use' so I'm shutting down his until he gets home. |
|
Subject: RE: Tech: ISP Says I have a virus From: Clinton Hammond Date: 15 Jul 04 - 03:05 PM Use the online service that Ellenpoly urled ya to above... |
|
Subject: RE: Tech: ISP Says I have a virus From: GUEST,.gargoyle Date: 15 Jul 04 - 02:20 PM LOOK - lots of this 'TECH' is really BS and belongs
B E L O W T H E L I N E
|
|
Subject: RE: Tech: ISP Says I have a virus From: Jeri Date: 15 Jul 04 - 02:13 PM Agree completely with Anahata. Whoever reported it to them should have sent the message to them. Your ISP people can look at the headers to determine if it really DID come from you. They should have done so before they bothered you with it. If they simply believe what anyone tells them and don't know enough about spoofers and viruses to be bothered checking, they're morons. It really does sound to me as if the e-mail came from elsewhere. I've gotten bounced messages myself, but my ISP has antivirus on both outgoing and incoming stuff, so they'd know it wasn't from them. |
|
Subject: RE: Tech: ISP Says I have a virus From: GUEST Date: 15 Jul 04 - 01:22 PM It is COMPLETLY ROUTINE for viruses and spammers to put fake From: addresses on their emails, and for those fake addresses to be real addresses harvested usually from the hard disk of the infected machine. Any ISP which is dumb enough to believe that one of their customers is sending out viruses just because the recipient saw that customer in the "From" address of an infected email doesn't deserve to be in business. However, an ISP is perfectly capable of scanning outgoing email for viruses and/or spam too, so their assertion may be true. But they definitely should be able to tell you what the virus is - that's very strange if they can't or won't. Anahata |
|
Subject: RE: Tech: ISP Says I have a virus From: Sorcha Date: 15 Jul 04 - 01:09 PM Thanks. I'll call them back after bit and see what else I can find out. Just remembered also, that his addy is netcommander and mine is communicomm. That might help determine which machine it's on. |
|
Subject: RE: Tech: ISP Says I have a virus From: Amos Date: 15 Jul 04 - 01:00 PM It is not uncommon for spammers to steal your email address and use it as the spoof source of their spam. You only find out when one of their spams bounces and the notification gets sent back to you ( since it looks like you are originating the spam). I always advise my ISP when this occurs so they know that I am not actually sending out the spam. A |
|
Subject: RE: Tech: ISP Says I have a virus From: Bill D Date: 15 Jul 04 - 12:50 PM does it say WHO was sent a virus by you? I can't believe they know it was a virus and that your machine sent it, and still don't know what it was. What MMario & Pavane said |
|
Subject: RE: Tech: ISP Says I have a virus From: pavane Date: 15 Jul 04 - 12:47 PM That does seem to have happened to me. I have occasionally had messages bounced, which I never sent, and which bear no resemblence to anything on my machine. |
|
Subject: RE: Tech: ISP Says I have a virus From: pavane Date: 15 Jul 04 - 12:45 PM Did he provide any proof? Possibly someone complained, and your address was in the message header(s) - but that doesn't mean you sent it. The header can be faked, after being picked up from addresses on someone else's machine. |
|
Subject: RE: Tech: ISP Says I have a virus From: Ellenpoly Date: 15 Jul 04 - 12:43 PM This website does free virus scan "house calls". It takes a while but will root out where the virus is and tell you what it is, and how lethal as well. Most times, it can also get rid of it right then and there. Good luck!..xx..e http://housecall.trendmicro.com/housecall/start_corp.asp |
|
Subject: RE: Tech: ISP Says I have a virus From: Sorcha Date: 15 Jul 04 - 12:36 PM Nope. I asked, and even called back to make SURE it was my ISP calling. |
|
Subject: RE: Tech: ISP Says I have a virus From: GUEST,MMario Date: 15 Jul 04 - 12:34 PM if your ISP has detected a virus on your system they should be able to tell you the virus name AND what files it sends out. |
|
Subject: Tech: ISP Says I have a virus From: Sorcha Date: 15 Jul 04 - 12:28 PM My ISP called this morning and said I have a virus and have been reported as sending out spam. If I don't fix it, my modem will automatically be shut down. I have run Avast! anti virus both in normal and safe mode on my machine and it says I'm clean. His is shut down. I can't get into it to do anything until he gets home tomorrow. I have also done Search for most of the new ones. IF I can't find anything, we will have to change our e mail addys. ISP couldn't give me the name, file or any helpful info. Any ideas out there? Clinton, this may have been what was wrong last night when I was trying to send pictures to you. Best check your machine. |
| Share Thread: |