BS: malware

To Thread - Forum Home

The Mudcat Café ^TM
https://mudcat.org/thread.cfm?threadid=91313
40 messages

BS: malware

08 May 06 - 07:57 PM (#1735692)
Subject: BS: malware
From: harpmaker

Ok Iam no computer wizz, but, I cant seem to get rid of this "Malware???? infestation crap" I have run norton, agv, and ad aware- to no avail. I also get this red popup box (bottom right hand corner) saying my comp' is infected- its driving me nuts. Where's Musato when you need him!!!! (xp pro btw)

08 May 06 - 07:58 PM (#1735694)
Subject: RE: BS: malware
From: GUEST,ragdall

remove ad aware, download spybot and run it?

08 May 06 - 08:51 PM (#1735723)
Subject: RE: BS: malware
From: Kaleea

Are the popup boxes ads? Or are they the norton alerts? I used to get some of those ads till I got a pop up blocker thingie.

I also noticed that norton did not seem to do the job, & a really old spyware program I had would sometimes find trojans in addition to all kinds of stuff even with the norton activated & running & that includes the firewall thing. So, I quit using internet exploder (ok, I know-- it's "explorer") & started using netscape as a browser with the dsl I have. Then I downloaded Avast antivirus, which is free for homeusers. I had to disable the norton & the old firewalls. It hasn't been longs, so I'll have to see how it goes.

08 May 06 - 09:14 PM (#1735742)
Subject: RE: BS: malware
From: John O'L

Don't disable Ad-Aware, but do instal Spybot. Run them both at least weekly. Also the Google toolbar comes with an effective popup blocker. You can instal the toolbar without having to have the Google homepage as well if that's what you want.

08 May 06 - 09:26 PM (#1735750)
Subject: RE: BS: malware
From: frogprince

Believe what John says; McCaffee with regular updates, plus Spybot run about every couple of weeks, isn't enough; I just paid to have 175 assorted nasties removed; the computer had become essentially inoperable. We're on dialup; It must be some kinda fun to prevent infections on high speed.

08 May 06 - 09:52 PM (#1735782)
Subject: RE: BS: malware
From: The Fooles Troupe

I'm on dialup, and I don't even have my firewall alert me anymore - it got so I couldn't do any thing else but read alert popups.

08 May 06 - 11:52 PM (#1735911)
Subject: RE: BS: malware
From: JohnInKansas

Click Start. In the upper part of what pops up, you should see "Windows Update." Click it.

If you don't see it there, you haven't been keeping your WinXP Pro supplied with critical security patches. (Not keeping current greatly expands the number of possible infections you could have.)

If you don't happen to have the Windows Update in your start list, you should be able to get started at http://windowsupdate.microsoft.com/

When you get to the Microsoft Windows update site, you should let it look to see whether there are critical Windows updates you should have, and if there are you should let them download and be installed, although that's not the real point. (Note: I'm about 23 hours into a download (on dial-up) to catch up on a laptop that hadn't been connected for about 6 months to get updates. Don't expect instant results if you're behind.)

Once you are current for Windows Critical updates, at the "Windows Update" site, you'll see a couple of links offering "Microsoft Update." Click either of them. You may need to supply the "Product Code" for your copy of Windows. If WinXP came with your computer, it should be on a tag permanently glued to the outside of the computer. If you bought WinXP separately, the product code should be on the envelope the CD came in.

The punch line: Microsft's "Malware Remover" has been renamed "Microsoft Defender" and if you go through the updates offered it should automatically be installed. It will run once per day, and will be updated monthly - automatically if you're connected long enough for the downloads.

Note that it is NOT a complete "fixer," but is intended to repair the most critical and most common malware infections in current circulation. If your infection is one of those currently included, it's one of the "cleanest" ways to get rid of the crud.

Note 2: It can remove Kazaa and some other "peer-to-peer" programs that include spyware. Depending on how you set it up, you may or may not have a choice whether they're removed when you run a scan. When it does a removal, it deletes everything in the folder. If you have downloaded music files from one of these that you want to save, move them to another folder before you scan Defender.

Microsoft Defender is a "beta" program, and is free (for now). It is NOT a substitute for a good AntiVirus program, or for AntiSpyware programs such as AdAware and Spybot. It will not interfere with your continued use of those programs, and you should continue to use them. It does clean out some kinds of malware that AdAware and Spybot can't, even though it's not guaranteed to find every bit of crud you could have.

(Defender is available only for WinXP, Win2K, and possibly some server versions.)

John

09 May 06 - 04:21 AM (#1736016)
Subject: RE: BS: malware
From: JohnInKansas

Additional info:

Microsoft has introduced several "new concepts" for Windows Security scanning and correction of problems. Most of these are "beta" items, but there have been no significant "program fixes," since the first ones came out, so I suspect that the reason for calling them "betas" is to offer them free while collecting info on how they work, and leaving it open to charging for them when the change the names to "the real forever final honest to goodness for sale" services.

An older (but still current) scanner for malware, was called the Microsoft Windows Malicious Software Tool (WMST) Information at Microsofts' Automatic Update Sites indicate that if you are getting Auto Updates it will be updated automatically. The info is not clear on whether it is automatically installed for all participants in Auto Updates. It was originally issued as a beta program, and I installed it separately at the first beta version, so the automatic updates I've been getting may not be the usual thing. If you install it, and are getting Automatic Updates, it should be kept up to date automatically.

You can download it using links at Microsoft Windows Malicious Software Tool.

It scans for, and removes, problems that are common for WinXP and Win2K users. It can remove some things that AntiVirus and AntiSpyware tools typically do not.

More to follow.

John

09 May 06 - 04:25 AM (#1736019)
Subject: RE: BS: malware
From: JohnInKansas

The latest upgrade of the Malicious Software Tool changed the name to Windows Defender and the new version has its own home page: Windows Defender (Beta 2) Homepage. You can download the Windows Defender program there, and if you use Windows Automatic Update it should keep it up to date.

Users of the WMST beta versions and Windows Update are being fed the upgrade to Defender automatically. Again, it is not clear whether it's being given to all users of Auto Update.

A significant difference between the WMST and Defender is that WMST merely scanned regularly. With Defender you can elect to have "real time protection." There are a few other differences outlined in the FAQ linked at the Defender Homepage, which I'd suggest you read if you're uncertain about whether you should install it.

I would recommend that "reasonably competent" WinXP/Win2K users may want to try it, but less experienced users may want to use alternative methods for now. IF IT FINDS malware, it may offer you "choices" that really inexperience users may not want to face up to. If you're willing to accept the "recommended action" without really knowing what's going to happen, even the least experienced should find it okay.

John

09 May 06 - 04:28 AM (#1736022)
Subject: RE: BS: malware
From: JohnInKansas

An additional resource, called Windows Live Security (beta), is a site where you can let Microsoft scan your computer on-line for common malware. This is probably roughly equivalent to a "remote scan" by the WMST program. Links at this site also lead to additional software you can download or services you can use. Most of these are free but a few of the linked options may require subscription fees.

John

09 May 06 - 04:34 AM (#1736026)
Subject: RE: BS: malware
From: JohnInKansas

Microsoft Security Options: Comparison gives a quick chart comparison of some of the above programs and services, with the emphasis on the difference between downloading Defender to your own machine or going periodically to the Windows Live site to get scanned.

NONE OF THESE MICROSOFT PROGRAMS OR SERVICES should be considered to be a replacement for a good AntiVirus program kept current with frequent updates OR FOR AntiSpyware programs such as Ad-Aware, SpyBot or others of your own choosing, frequently updated and run on a regular schedule. Microsoft asserts that none of these will interfere with the AV/AS programs you are using.

An additional service that some may not have noticed:::: If you signed on for Automatic Windows Updates, you got Critical Updates to Windows automatically, but had to go separately to other sites for update of other Microsoft Programs. You can now set up "Microsoft Updates" to have all your Microsoft Programs automatically updated on a regular schedule. For most people this just means Office and Internet Explorer, but other programs are included when applicable. This still includes only Critical security updates, so visiting the download sites to see if there are optional non-critical goodies you want is still a clever thing to do occasionally.

You should find a link to the "Microsoft Update" sites at any "Windows Update" site.

Note that switching from "Windows Update" to "Microsoft Update" may require you to "verify" that your Windows version is legal, and of course will require you to "click-off" on a EULA. I've read the EULA and didn't get scared. Your "Product Number" should be on your computer if WinXP or Win2K came with the machine. It's on the envelope your CD came in otherwise. It's been painless for me.

John

09 May 06 - 05:10 AM (#1736037)
Subject: RE: BS: malware
From: Dave Earl

John says,

"Note that switching from "Windows Update" to "Microsoft Update" may require you to "verify" that your Windows version is legal, and of course will require you to "click-off" on a EULA. I've read the EULA and didn't get scared. Your "Product Number" should be on your computer if WinXP or Win2K came with the machine. It's on the envelope your CD came in otherwise. It's been painless for me."

This is true of course but has resulted in a bit of a problem for me. I bought a "previously owned" pooter from a local Internet cafe (one they were replacing. They had cleared the hard drive and placed on it disk image that included XP Pro and Offiice 2003. All of it works well but I set the machine up for auto Updates from Microsoft Update which also worked until a few days ago when following an auto update from Msoft I am now told that my machine is running a counterfeat copy of the software. I know I was taking a chance by getting this software cheaply but I was assured that the sale of the machine pre-loaded this way was OK under the licence that the internet cafe was using on an OEM basis.

I should have been more aware of what was going to go wrong when they showed me how to disable the Windows Genuine Advantage add-on.
Now of course Msoft Update has reactivated WGA and won't allow me to disable it again. The Add-on manager now says my "administrator" is the only one who can disable this again.Logging on with my "administrator" user profile doesn't help as I get the same message. Looks as if the only way out is to pay Msoft for a "genuine " licence or live with the fact that I am not going to update that machine.

As it happens my other 2 desktop pooters and the new laptop that I am about to get are all genuine and properly licenced so I think I can live without paying anymore.

Unless of course anyone out there know something different.

Dave

09 May 06 - 05:13 AM (#1736038)
Subject: RE: BS: malware
From: JohnInKansas

And Now Returning to the main feature:

HARPGIRL'S PROBLEM:

red popup box (bottom right hand corner) saying my comp' is infected

The exact wording of the popup box would be helpful.

You may see a popup from this area – the System Tray – with WinXP if WinXP has not detected that you have a valid AntiVirus progam on your machine. I can't replicate the warnings you might get without disabling my AV program, and I don't remember the exact wordings of all the possible messages. It may say something to the effect of "you don't have an AntiVirus program," or it may say something like "your AntiVirus definitions are out of date," or it may say "you are at risk for virus infections" or it may say "Your Subscription for Updates of your AntiVirus Program has EXPIRED."

(The last one, I've seen recently on a laptop that sat under the bed for 7 months, and I'm waiting for a CD to update the program I'm using before I register again for update subscriptions.)

If the "red popup" you're getting says that you "are at risk" or "could have a virus" or some other such thing, but doesn't actually say "Virus xxxxxx has been detected on youre machine":

IF YOU ACTUALLY DO HAVE a valid and up-to-date AntiVirus program installed, you can go to Start|Settings|Control Panel. There should be an item on the list that appears called "Security Center." Double-Click it to open it, and click on Virus Protection. This should allow you to select something that resembles "I have a current AntiVirus Program Installed and I cross my heart and hope to die I will keep it up to date and the Microsoft Windows XP Security Center should SHUT UP." (Obviously I don't recall the exact wording of the choice offered.)

Note: If the Security Center DOESN"T APPEAR in control panel, see previous posts above about getting current with WinXP SP2 and critical updates. YOU MUST DO THIS IN ORDER TO USE THE WEB SAFELY.

Note: If you don't have a CURRENT AV program, either get one or get it up to date. (i.e. update your definitions file.) You've said you have Norton – and it actually is pretty good – but make sure you've updated recently.

IFF (that's tek-speak for the logical IF BUT ONLY IF) the popup actually says generically "You have a virus" it is quite likely that you are the victim of malware.

What to do about that is more complicated, so I'll wait for you to tell me at least:

"It really does say I have a virus."

Or better:

Its says "sfvrbltqblr – blpxskkk??!!!" (You fill in the appropriate letter values.)

John

09 May 06 - 06:59 AM (#1736075)
Subject: RE: BS: malware
From: JohnInKansas

Breton Cap:

So far as I've been able to determine, the Windows installed on the machine is "part of the machine" if it's an OEM (Original Equipment Manufacturer) License. You can sell the machine, with the software, but you can't move an OEM license to a different machine. A recent bulletin from Microsoft asserts that a new motherboard means you've built a new machine and need a new license, but if the machine hasn't be "recreated" the license should be good.

IF you can tell Microsoft who built the machine on which the Windows version you're using was originally installed, and IF that's the same machine on which you're running it, they should honor the license and allow you to get updates (IF you can show credible evidence that you're the current (and only) new owner).

With an OEM license, the builder of the machine is generally responsible for all support of Windows, so you probably need to determine where the machine originally came from, and investigate what policies the OEM builder applies. They may invoke restrictions in addition to the ones by Microsoft.

If, in fact, the people who sold you the computer made a complete and accurate offload of the software, and you reloaded it on the same machine from which it came, the only thing you should need to do is refer back to the original OEM maker who put it on the machine when you describe the "history" of the license, to prove to Microsoft that you have a valid license.

I can't say with assurance that this will work, but those are the rules as I understand them. The only thing that matters should be that you are running Windows on the same machine on which that copy of Windows was first installed by the OEM builder.

If someone sold you a "Windows machine" without a valid license for the Windows, then they are counterfeiting Windows. I wonder if Microsoft pays a bounty....

John

09 May 06 - 08:03 AM (#1736096)
Subject: RE: BS: malware
From: harpmaker

Red outlined Popup box says:
Your computer is infected!
"Critical system error!
System detected virus activities.
They may cause critical system failure.
Please, use antimalware to clean and protect your system from parasite programmes. Click here to get all available software."
--------------------------------------------------------------
Also popup a baloon:
"System alert adware and spyware.
Your computer performance slowed down. your intrnet conection speed has decresed. You receive more spam emails than ever. Use spyware scan to find out the reason."
--------------------------------------------------------------
I have just run "Windows live security (beta)" It found some stuff and deleted it. But it also said some things "Could not be cleaned"
(Trogen incuded!!) I still get the popup box, and popup baloon.

IF I go to the "click here" sites, they want me to pay for installing software removal, I think there cheeky twats and its a scam. However, I would probably pay to have my comp' fixed, but I dont have a credit card!!
Thank you, Thank you all for help. It is much appreciated.
John Harpmaker.
(Not Harpgirl, last time I looked anyway!!!)

09 May 06 - 08:20 AM (#1736100)
Subject: RE: BS: malware
From: Dave Earl

John thanks.

The Internet cafe that I bought the beast from has now gone bust so I can get no help from them.

I have had a further thought on this problem of mine.

If I use XP restore feature and go back to a date before the Auto-update that reset WGA and disable Auto update do you think that I will be able to get the up-dates using the "Custom" option as opposed to the "Express".

Dont know if this will work but I feel I am no worse off if I give it a try.

Dave

09 May 06 - 08:52 AM (#1736125)
Subject: RE: BS: malware
From: jeffp

Those sound like popup ads, not anything from a legitimate source. Do not click to install anything!!

09 May 06 - 02:19 PM (#1736284)
Subject: RE: BS: malware
From: Kaleea

I was reading this thread when all of a sudden, I get a box in the corner of my screen that says, "microsoft antispyware updates are available. Do you want to download them now?"
Scary monster!

09 May 06 - 05:59 PM (#1736529)
Subject: RE: BS: malware
From: JohnInKansas

Breton Cap -

A System Restore to an earlier configuration might work, but the automatic backups WinXP does to save older configurations is limited to about 5 copies, with old ones replaced by newest, so there's a definite limit to how far back you can go.

Some but not all updates are individually removable, and if you know which one did it, you might find an uninstall folder (Hidden, Read Only) in your \Windows32 folder. The Folder Names will be MSxxxxx_UninstallKBxxxxx format, where the xxxx after MS is the number of the Security Bulletin, I think, and the xxxx after the KB is the "Knowledge Base" information sheet. You should refer to the documents indicated by the filename to see how - or whether - it's safe to try removal and what it may do.

Backing out the patch is unlikely to get you back on the good list, since Microsoft probably will run the same verification again with the next patch that's available..

If it's a "brand name" computer, and you can identify the builder and find a machine serial number, many makers will let you enter the machine serial number to find a copy of the original "build list" showing what hardware was there, and when it was built and/or shipped. With that information, you may be able to go back and argue with Microsoft. If you mean it was built by the Internet cafe guys you got it from, and they're gone, you may be stuck. They may actually have used the same copy of Windows on more than one machine, so yours is a "counterfeit."

Recent Microsoft policy has been to provide Critical Security Updates even to those with known "counterfeit" copies; but you have to go to the download site and manually check for them, and only the critical ones are available. If you can't show good, or make good, for your copy of Windows, your best available option may be just to use manual downloads of the patches. They come out at least monthly. The Express Option, if you go in manually instead of by AutoUpdate, should be just the ones you can get with an unregistered Windows. The Custom Opeiton just lists other optional patches that are in addition to the Critical ones. You probably can't get the "optional" ones without valid registration.

John

09 May 06 - 06:13 PM (#1736538)
Subject: RE: BS: malware
From: JohnInKansas

Kaleea -

If the popup you saw that said "Microsoft updates are available" came from an icon that looked like a little gold shield in your System Tray at the bottom right, that's what's supposed to happen when Microsoft has an update that you should have. It should happen only for Critical Security Fixes, and generally you should let them download them and install them.

If you click Start, and there's a "Windows Update" or "Microsoft Update" in the list, you can click it and go get one you might have missed. If your start list doesn't show one or the other of the update links, you should use the link posted at 08 May 06 - 11:52 PM to go to the update site, get available critical updates, and (I recommend) sign up for automatic updates.

The link should be at http://windowsupdate.microsoft.com/, but they've recently started "redirecting" to the Microsoft Update, instead of the Windows update site. Either should work for you.

John

09 May 06 - 06:48 PM (#1736569)
Subject: RE: BS: malware
From: JohnInKansas

harpMAKER -

Apologies for the misnaming. It was getting late, I guess.

There are very few trojans that current AV programs can't remove, so if the Microsoft Live program found something it couldn't remove, it's most likely that your AV can remove it if your definitions are current. If your Norton AV missed something because your definitions are out of date, you can get Norton current or you can get several free AV programs that may work.

Even if you don't have a subscription to keep Norton up to date, you can go to the Norton Symantec Security Check site and let them scan your machine. They will tell you what name they use for the infection that's present, so you can look it up on the Norton/Symantec site to see if there is a manual removal procedure.

The Symantec Security Check website may or may not remove an infection that it finds. Sometimes, if you're a current Norton subscriber, it will, but if you don't have a current product from them, sometimes all it gives is "information." If you look up the info sheet on the specific "trojan" that WMD detected, at Norton or at any other AV site, you usually can find a "how to get rid of it." Various AV builders invent their own names for common malware, so ideally you use the name that a specific program gives you, and go to that program's own site. (WMD may use a different name than Norton does.)

I haven't looked in detail at what the Microsoft Live does when it finds something. The Windows Defender home page and/or FAQ has some information that suggests that what couldn't be removed could have been quarantined somewhere, and either site, Live or Defender, may have some help on what to do if you poke around a bit.

Your problem appears to be phony advertising malware. It is quite probable that your "worm" was downloaded to your machine when you clicked an ad somewhere, either at some website or the popup on your own machine. A few instances are known where the "X" to close a popup is actually a "permission to install," disguised as a "close" button, that actually puts the real malware on your machine. A popup that says you have malware probably is what put the malware on your machine, if there really is an infection. Buying anything from anyone using these methods is of course and open invitation for them to use your credit card, once you give them the number, for whatever ....

If their "malware remover" removes anything, it's likely to be the visible evidence of what they put on your machine while they use the opportunity to add something even worse.

And you may have more than one infection from more than this one scumware source.

John

09 May 06 - 07:32 PM (#1736615)
Subject: RE: BS: malware
From: JohnInKansas

addend to Breton Cap:

As noted in the reply to Kaleea above, my old link to Windows update is now being redirected to Microsoft update. This may be a general thing, or it may be only because I've signed up for Microsoft update so my machine knows it should do that.

Windows Update and Microsoft Update have been two distinct things, but the appearance of multiple new (beta) sites in Microsoft's arsenal of antimalware stuff could indicate a change in their policy on providing Critical Updates to unvalidated WinXP users.

A valid and verified license has always been required for the Microsoft Update system. If they've decided to discontinue the separate Windows update it could mean that nothing's going to be available for users without valid certs.

This is pure speculation, and is not based on anything I can find that says the policy is being changed. It should be questionable that Microsoft would not provide critical updates to everyone, since that would convert more than 100,000,000 known "counterfeit users" into immediately infected pestholes that, with mass mailing worms, could literally shut down the entire internet. Of course, there's at least an equal number of valid users who haven't bothered to install any updates, or to use valid/current AV, which IMO is much like spitting in a crowd.

Small wonder that organized crime is suspected of being the most prolific creator of recent new malware. Russian and Chinese gangs appear to lead in real malware recently, but nearly all my spam email seems to come from the same, probably small, "organization" in Canada.

I believe you mentioned the possibility of getting a new legal copy of WinXP, if necessary. As has been said, an OEM copy is part of the first machine on which it's installed; and it can't be copied or moved to a different hardware setup.

I have a "verbal" (email) communication from a Microsoft support tech that states that the "Retail" version (I think the term was "FPP = Full Product Package") that you yourself buy in shrink wrap from a retail store can be moved to another machine without invalidating the license, as long as it's on only one machine at a time. The tech who gave me that statement was unable to provide any published source where Microsoft has said this, so I have to consider it "hearsay" until I can actually see the EULA that comes with the FPP product. If you can confirm that it's portable, it might affect whether it's worth buying a new WinXP for your present machine.

If you wait six months and buy a new machine with an installed OS, you probably will be offered the new "Vista" OS. I'm "-whelmed" by all it offers, but haven't decided if it's "over-" or "under-".

John

09 May 06 - 10:45 PM (#1736768)
Subject: RE: BS: malware
From: harpmaker

Ahh well, thank heaven ive got my ukulele to make me smile!!
"Its turned out nice again"!! more tomorrow........

10 May 06 - 03:28 AM (#1736932)
Subject: RE: BS: malware
From: Paco Rabanne

Yo harpy,
Pop down to the Wednesday market and go into toys r us, they are having a sale of Fisher Price models.

10 May 06 - 09:11 PM (#1737644)
Subject: RE: BS: malware
From: EBarnacle

I had a scary experience today. Last night I went to a government site to get some information. It had at least 2 transcription errors. Apparently, the errors were some sort of malware. When I attempted to start the computer this AM, I was unable to get it to operate at all beyond the initial screens. A neighbor showed me how to reset the cpu to its status several days ago using system restore. The machine is back in operation.
If you have not done this exercise, do it now so that when the problem hits you, you will know what to do. It's simple if you know what to do.

10 May 06 - 09:57 PM (#1737676)
Subject: RE: BS: malware
From: harpmaker

Yes i tried that, but system is that infected that it cant go to a restore point.
HOWEVER, SOME GOOD NEWS!!!
I ran 'SPYBOT' and this got rid of a load of crap. Its a free programme, but they ask for a donation.
SOME MORE GOOD NEWS!!!
I ran 'Advanced spyware remover', and this got rid of loads and loads of spyware/adware/malware/ etc.
You can download and run/clean it free, once, then i think you have to pay. Fair enough when you see how much crap it gets rid off.
My computer now is far better now. (Although not perfect) From a machine that was bereley inoperable (it used to take 3 goes to get it started, and then it would crash!) to a machine that starts up ok, and works like it should do apart from the odd glitch (i can live with that) we have sucsses, touch wood.
Can someone do the blickys for above sites, as I need my bed now after all that.
Anyone experiencing malware/spyware problems, should try the sites above. Its quite time consuming, but be patient, its worth it.
night night Zzzzzzzzzz.

10 May 06 - 10:29 PM (#1737703)
Subject: RE: BS: malware
From: harpmaker

One for the road;
You can get lots of free stuff @ TedsaTool.com
Its a flamenco site giving away unused bikes.

10 May 06 - 10:35 PM (#1737705)
Subject: RE: BS: malware
From: harpmaker

:-)

11 May 06 - 06:10 PM (#1738416)
Subject: RE: BS: malware
From: harpmaker

http://www.innovative-sol.com/spyware_remover/
http://www.spybot.info

11 May 06 - 06:25 PM (#1738425)
Subject: RE: BS: malware
From: harpmaker

guest ragdall was absolutley right. a big thank u to all who pointed me in the right diarection on this thread. esp johninkansas

11 May 06 - 09:02 PM (#1738530)
Subject: RE: BS: malware
From: JohnInKansas

The problems discussed are far too common¹, but are pretty much a fact of life.

The "good trend(?)" is that there seems to have been something of a decrease² in the number of new "viruses" in recent weeks. Hopefully this indicates that the bigest holes in major (esp. Microsoft) programs have patches available, and they're begining to be installed on enough machines to make abusing them less "profitable."

The depressing news is that worms found and patched for more than two years still infect a very large number of users (some say up to a third of all personal machines) simply becaue people don't bother, or don't understand how, to get "patched."

The bad news is that recent malware tends toward "phishing" exploits that try to convince you you can get something for free, and installs nasty programs on your machine when you click just because you can't resist seeing if it's really a deal. If you say it's okay, no "protection program" can prevent you from installing a program, even if it's malware, 'cause "you're da boss."

The really bad news: It's also the conclusion of many experts that the most prevalent sources of malware are no longer "hackers" who just want to prove they're great programmers (or usually - great program cut-n-pasters) but are coming from organized crime groups who just want your money, or to use your machine to get someone else's money.

¹ = I include vague information, especially in "unhelpful" error messages, and "hidden" policies by major program builders in "these problems."

² = Some of the pros believe they've seen a slight increase in attempted exploits against Linux and Mac systems recently; but thus far the "targets" remain too small to interest the majority of hackers.

John

12 May 06 - 09:05 AM (#1738947)
Subject: RE: BS: malware
From: Beer

This is what "Mudcat" should be about. Helping one another. John, your contributions to the members on this forum is greatly appreciated.
Many thanks.
Beer

12 May 06 - 09:36 AM (#1738963)
Subject: RE: BS: malware
From: Paco Rabanne

Yo Harpy,
You will be pleased to know that I have just added a GIANT XTC SX to my mountain bike fleet. See you on tuesday daft lad.

12 May 06 - 10:51 AM (#1739007)
Subject: RE: BS: malware
From: Donuel

The brand new spy programs are now undectectable. They rewrite your operating system to never see the added program so spyware removal programs are totally ineffective.
There are some programs that claim to detect this new menace but I forget the name it has been given.

12 May 06 - 12:56 PM (#1739121)
Subject: RE: BS: malware
From: JohnInKansas

Donuel -

The most frequently used method of hiding malware on a machine is the use of a rootkit. (See Sony's blunders) This is a method that's been discovered quite recently - first appearing (to my knowledge) in about 1978.

It can be quite effective, and can be difficult even to detect, much less remove. Some security analysts in fact have advocated the policy that any evidence of any kind of infection is reason to reformat all the hard drives and reinstall everything. I don't know that anyone's actually applying that policy - yet.

There is no clear leader for "best detection and removal" program, but there are a couple of "leaders" in reporting of new exploits. One that pops up frequently in the news is F-Secure, and some other active reporters fairly frequently report finding things using F-Secure programs.

I haven't tried their stuff, so can't really say what it does or how good it is, but one of their products is at F-Secure Blacklight. I believe it was a free download during beta, but may have been incorporated into a security suite that requires purchase.

There are a few others, and some have received "good mentions;" but nobody has been publishing comparative reviews, so information has to be searched out.

John

12 May 06 - 04:36 PM (#1739327)
Subject: RE: BS: malware
From: harpmaker

Facinating stuff!

Just you update you on my pc;
I said above " computer now is far better now. (Although not perfect)"
Well,, after turning the pc on and off a few times since I wrote that, antispyware downloads seemed to do a scan when you first turn on, and got rid of even more junk!!

My pc is runnung like a trouble free new one now, and no longer scans at start up!

Thanks to this thread and the people that contributed, I dont need to buy a new pc!
I hope it has helped manny others too.

Jon.

13 May 06 - 10:36 AM (#1739802)
Subject: RE: BS: malware
From: Cluin

You may have to do the scans in safe mode to get rid of all the junk. Or run msconfig and disable all items under the Startup tab, re-boot and scan.

Go into Control Panel, Add & Remove Programs and uninstall any toolbars, NewDotCom, WildTangent, anything else that looks like adware, spyware or malware to you. Google it first if you are unsure. All of this will likely not remove it all anyway as much of it will reinstall itself at next boot (that's why you disable everything in the start-up settings.

Download and run a little app called CWShredder from Trend Micro.

If your feeling really confident, tech-wise, use a program called HijackThis.

Then, if you had a large infestation, you'll likely want to do a full format of the boot drive (it's the only way to get rid of some of this shit) and reinstall of the OS. Removal of a large amount of this stuff leaves your registry and other parts of Windows looking like swiss cheese and it ends up pretty error-prone.

When you reinstall remember to unplug your modem. They can get in (especially that little nasty, the Sasser worm it takes about 5 seconds to find you and burrow in) while you are reinstalling and vulnerable as a newborn babe. Get your firewall and anti-virus up and running before you reconnect and update Windows and your AV programs.

VIGILANCE!!!

13 May 06 - 09:03 PM (#1740259)
Subject: RE: BS: malware
From: Donuel

Spot on John.

20 Jun 06 - 07:51 PM (#1765105)
Subject: RE: BS: malware
From: harpmaker

Here's a real thorough home user freebie;
Type 'avast' in google, follow instructions.
Takes a bit of time, but I think its well worth it.
John.
(Thanks to Arne)

20 Jun 06 - 09:18 PM (#1765153)
Subject: RE: BS: malware
From: John Hardly

I just had to dump TrendMicro PCcillin. It seemed incapable of distinguishing cookies (that are a matter of course in surfing) and spyware and/or viruses. My computer time with Trend Micro PC cillin consisted mostly of grabbing the mouse upwards of 20 times an hour to close warning box pop-ups.

Once I dumped the PC cillin and went back to Norton, not only do I not have the annoying pop-ups, my computer is faster as well.