 sj |
||
|
||
Tech: Virus help 2012.10.07
|
|
|
|||||||
|
Tech: Virus help 2012.10.07 |
Share Thread
|
||||||
|
Subject: Tech: Virus help 2012.10.07 From: gnu Date: 07 Oct 12 - 01:51 PM File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.VF Warning: The file quarantine failed. Virus: Gen:Trojan.Heur.FU.au1@aSmMr2di What should I do? |
|
Subject: RE: Tech: Virus help 2012.10.07 From: Mick Pearce (MCP) Date: 07 Oct 12 - 02:10 PM Looks like a few others have had the same problem. See this: Gen:Trojan.Heur.FU.au1@aSmMr2di how to remove it for two suggestions (one using malwarebytes, the other with a few Windows commands). Mick |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 07 Oct 12 - 02:14 PM Thanks. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: JohnInKansas Date: 07 Oct 12 - 08:57 PM A common reason for your AV being unable to quarantine (or delete) something is that a file that is "open" can't be moved or deleted. This sometimes happens even with the relatively innocuous "tracking cookies" that most AV sets try to keep cleaned out. Some malware inserts itself into the Startup folder so that it's launched (and has files open) whenever you boot, so a "Clean/Safe Boot" is necessary to prevent the Startups from running. Restarting in Safe Mode, with minimal other trash running, sometimes will allow your regular AV to rescan and omplete the quarantine, if you can get a clean enough start that the AV program is the only thing with open files. SOME AV programs can run from a Recovery Disk that boots the machine only to a Command Prompt (still called a "boot to DOS" by some) which is perhaps the "cleanest" boot that you can get easily, but that capability is less frequently included with "modern" protection suites than for older (or just simpler) ones, partly because some newer programs use Windows service functions and won't run all their functions from a "pure" Command Prompt boot. If your AV allows you to make a recovery disk of this kind, the disk should of course be made on a "clean machine" and then moved to the possibly infected one to boot it for cleaning. John |
|
Subject: RE: Tech: Virus help 2012.10.07 From: GUEST,999 Date: 08 Oct 12 - 08:04 AM Incidental: I have noticed that Skype seems to be a program that doesn't like to close when I restart. If you use Skype, close it first or it will slow the restart considerably. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 08 Oct 12 - 05:36 PM Well, my supergeek fixed it by remote connection to my PC just now AND I found out what NOT to do in future. In future, I will NOT open any links here at Mudcat in posts from people I do not know and do not absolutely trust. That includes You Tube links and all others. Now... I got somethin ta say ta somebody in this here Mudcat Cafe that I cannot prove, but I want everyone to read it and be aware... Fuck you you piece a shit troll. I hope you had good fun accessing my computer. If I was anywhere close to you I would fuck you over... personally... BIG TIME. And you wouldn't be able to prove it was me just like I can't prove it was you. You are a sick puppy. That's right, I know it was you... maybe you aren't as slick as you thought you were... it's not hard to trace the timeline and figure it out. Don't fuck with me again. And don't fuck with my friends. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: Stilly River Sage Date: 08 Oct 12 - 07:03 PM Do you know where you were reading when you hit this bad link? What thread? SRS |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 08 Oct 12 - 07:45 PM That doesn't matter now, SRS. I am sure it's been disabled to avoid detection (from my geek). This was two days ago that I was attacked. He won't be at it again for a while, I assume). Just make sure you trust every poster that posts any links. As a matter of fact, a thought just occurred to me... I have no idea what I am talking about but... don't click any links I have posted in the past three days. Seriously, I REALLY don't have any knowledge of any of this internut stuff except that I asked my geek what I could do to stop this from happening again and he said. "Not much. Call me if it happens again." Sorry if I don't wanna tell you exactly what I think (think I know) but that is a sticky wicket that I really don't want to get stuck in. I can't prove it fer sure... yet... that may be coming over the next while. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: Joe Offer Date: 08 Oct 12 - 09:54 PM Well, gnu, we'd like to remove the link if it's a bad one, If you know where you came across it, please let us know. This is one of the reasons why I am vehemently opposed to the idea of starting a thread with only a link. Maybe I should name names, but I won't this time. If you start a thread or send an email, at least have the courtesy to furnish a summary of what people will find when they click a link. Also, when you send e-mail or start a thread, be sure to give the message or thread a specific title that doesn't sound like Spam. -Joe- |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 08 Oct 12 - 10:18 PM Well, Joe... I can only say what I said until I can prove what I think happened. My geek (supergeek... not yer run of the mill geek - he has his own IT company) is on it when he can get to it. He's keen on accounta we go way back but he has to earn a paycheque too so it might never even happen. Suffice it to say... y'all be careful about what links youse click on. If it's a trusted member, great. If it's a troll, well... |
|
Subject: RE: Tech: Virus help 2012.10.07 From: Joe Offer Date: 09 Oct 12 - 01:34 AM Nonetheless, if you can tell me specifically (and privately) which link(s) you suspect, I can check them out - and remove them if they prove to be bad. Otherwise, you raise suspicions about Mudcat and we have no way to address the problem. -Joe- |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 09 Oct 12 - 02:35 PM Sorry, Joe... just read your last post. I'll email you soon. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 09 Oct 12 - 03:42 PM Well THANK GOODNESS! My geek has just informed as to what happened, albeit in not enough detail just yet as he is busy. Here's the gist of it : Norton Security (Windows Defender too? that part sounds odd to me and I have asked for clarification) updated their definitions and Norton IDs the Defender file as infected when it is not infected. That is why Defender sees no infection. The Defender file was modified just about the time I was at Mudcat and had clicked several links so I assumed it was a particular link. This just in... "No…norton detects a virus in a new defender definition file. When the next defender definition file comes out it may not detect it anymore. If you call Rogers they have probably had calls on this (at least I hope they have)." My apologies to Joe and everyone else but I felt it advisable to warn everyone I could about what I assumed was the case and to also throw a fright into who I suspected. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 09 Oct 12 - 04:04 PM Also just went to Rogers... 4:59 PM Touraj: I can definitely look into that for you, one moment please. 4:59 PM Gary Owens: I am told it is a false positive. 5:00 PM Touraj: This appears to an archived file from the Windows Defender program itself which in most cases is not an actual infection. What you can do is either go to the specific path it provides to manually delete it or you can re-run the scan in Safe Mode of windows which may be able to permenantly delete it by having access to it that way. 5:00 PM Gary Owens: Okay... so, no worries. 5:01 PM Touraj: Yes, based on the file path, it is just archived scan results from the Windows Defender program itself. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: maeve Date: 09 Oct 12 - 04:08 PM Thanks, gnu. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: JohnInKansas Date: 09 Oct 12 - 04:23 PM That's appparently a thing quite similar to the stone age (or maybe we were still just scratching in the sand) AnvtiVirus program called VirusScan (or maybe it was just VirScan?) by IBM. The definition files were in a separate folder from the program, so the program always reported "thousands of infections" in the definition folder (one for each signature). The program when I ran into it was so primative that it didn't delete (fix?) anything. It just told you what it found. It took an immense amount of "training" for some of the people in the office to understand that they didn't need to delete the sig folder everytime the program told them to. It was even harder getting some of them trained to notice that something elsewhere actually might be malware. The IT departement (almost as primitive as the AV) solved both problems by pulling the memo that told everyone to "scan frequently." Don't feel bad about it gnu. You're not really all that stupid, since with modern programs it is a little unexpected. Unfortunately you're about 50 years too late to write a paper on it and cash in on all the applause. (But if you do, be sure to credit your Techie.) (I just wonder why I didn't remember it when you first asked????) John |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 09 Oct 12 - 05:16 PM "You're not really all that stupid,..." Hahahaa! |
|
Subject: RE: Tech: Virus help 2012.10.07 From: JohnInKansas Date: 09 Oct 12 - 05:53 PM Remember that a primary rule in the BS (Liars) contest is "never say what you don't both know is a lie." It spoils the effect if you don't follow the customs. And I think Ghandi said somethin' like "You can't tease an inferior 'cause that's cruel. You can't tease a superior 'cause that's just plain stupid." (ouch!) John |
|
Subject: RE: Tech: Virus help 2012.10.07 From: Stilly River Sage Date: 09 Oct 12 - 09:45 PM gnu, putting us on our toes to pay attention to computer security isn't a bad thing. And your all-too-human brain was seeing cause and effect at human speed, not realizing the Norton was moving in the background and a lot faster. In the "for what it's worth" category, you might want to investigate all of the various logs that are retained in your computer. Norton should have a slough of them, and you can begin to detect patterns if something isn't working the way it was before and you can remember about when the change happened. Look to the logs to see if they show something new being blocked or some new program running. SRS |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 09 Oct 12 - 11:17 PM I have been at that SRS... I have learned that windows defender does a DAILY full scan (yes, just found that out) and it takes about ten hours. I had no idea. Heck... I only ever visit the Cafe and only a few sites with... well, there's another thread on that at the moment below the line. Fact is, I expect my security that I pay money for to protect me. It did so. And it erred on the side of safety... no problem to speak of here. And I would not have done anything differently. I acted out of concern for others (I could have just not botherd). Mum told me I should, over 50 years ago. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: JohnInKansas Date: 10 Oct 12 - 03:12 PM k-1 notes: "Incidental: I have noticed that Skype seems to be a program that doesn't like to close when I restart." An amazing happening occured in the wee hours of this morning. I was just about to hit "Submit" in a thread here when my screen went blank. I had failed to notice that an update was ready for a restart and the machine was rebooting. When the reboot and all the configuration stuff was finished, and I was about finished reciting my %@$#^! mantra, the computer reopened my browser. (That's not too unusual although it doesn't always happen.) The remarkable thing was that it reopened the browser in the thread I was about to post to, with my post intact in the Reply box ready for me to go ahead and hit the button. With the difficulties we sometimes have when a post "gets lost" and needs to be recovered "on purpose," I was more than a little surprised. That's the sort of thing one might expect from a good OS, but I'm still using Windows so I was mildly astonished to see it actually happen. I can't recall that it ever happened before, although I seldom miss a pending reboot so I haven't given it many chances to perform that act. John |
|
Subject: RE: Tech: Virus help 2012.10.07 From: gnu Date: 10 Oct 12 - 03:35 PM BUY A LOTO TICKET ASAP!!! |
|
Subject: RE: Tech: Virus help 2012.10.07 From: JohnInKansas Date: 10 Oct 12 - 03:48 PM Since this is the only active thread discussing malware, and the news isn't critically important enough to merit a new one, it still might be of interest to some people that Microsoft has just released its latest quarterly report on the malware situation. An article that briefly describes what the report says is at: Windows 7 malware infection rate soars in 2012 This "news clip" likely will be all that many people will be interested in reading. Despite the rather sensationalist title, what the report says is that the rate of infections (infections per thousand machines) found by Microsoft's Malware Remover scans almost doubled for the past quarter compared to the same quarter last year for Win7 machines. The fine print says that Win7 infection rates are still one-third of those in WinXP. Also worth noting might be that the infection rate in 64-bit Win7 was significantly lower than in 32-bit Win7, especially if anyone is considering a newer version. There is a link at the bottom of the page that goes to the Microsoft security site where you can download the full report (.pdf 146 pages) and/or a shorter summary. One section from the report that Mickey apparently thought would be interesting is also available as a separate pdf. (Although 146 pages for the full report might sound pretty big, the layout is landscape with "lots of pretty layout stuff" so it's a quicker read than you'd expect.) For the convenience of those who can't manage two clicks from the same thread: Microsoft Security Intelligence Report Download Site The full report has lots of information that may be useful for those who are seriously interested in what's going on around them, and gives better explanations of what some of the info probably means than is in the news report. This appears to be the first time that this quarterly report has included fairly detailed identification of specific malware types, with some "ranking" of which have been most troublesome, and in this part it may include some things few people have heard much about from more generic sources. John |
|
Subject: RE: Tech: Virus help 2012.10.07 From: GUEST Date: 10 Oct 12 - 05:22 PM How convenient for the launch of WIN8. |
|
Subject: RE: Tech: Virus help 2012.10.07 From: JohnInKansas Date: 10 Oct 12 - 06:09 PM Unidentified Guest - Since this report is published every quarter and is one of the most comprehensive summaries available, it's doubtful that it has anything to do with the Win8 release. This is a scheduled release, on schedule, and unaffected by what might be new someday. Since it only reports on measured incidences of malware on computers running programs and Operating Systems currently in use you will find virtually NO MENTION of Win8 in this report, as Win8 won't be released for some months and there's no information to report about it. Anybody with poor personal hygeine can toss a turd in the punch bowl, if they do it without looking at what's offered for discussion and only want to display their own illiteracy and lack of intelligence. The only discussion appropriate to your comment is "how did you learn to type without learning to read?" Maybe you had another idea of how your quip would be helpful. John |
| Share Thread: |