WiredWX Hobby Weather ToolsLog in

 


Virus Problem

2 posters

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
Here's the log:

Results of screen317's Security Check version 0.99.0
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 8.5
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
HijackThis 2.0.2
Java(TM) 6 Update 2
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
Hi

Please consider updating to Windows Vista Service Pack 2 (SP2).
Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please let me know how the upgrades went, and how your computer is running. This is important, because any mysterious activity or issues with upgrading may be a sign of more malware, or another problem.

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
DMJ,

Old Adobe Reader and Java uninstalled.
New ones installed.
New Windows update installed.

Do I need to get rid of my Adobe Acrobat Professional as well or just the Reader?

Does this virus have a name? What were we dealing with?

Am I good to go at this point? Will a seed virus sprout up as soon as I surf around the internet or open an application?

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
No way...do not uninstall a professional program. That would not be good. Just the reader.

The infections were the following load (in order of danger):

Trojan.Agent and Rootkit.Agent << both are hard to remove.
Trojan.DNSChanger << difficult to remove.
Rogue.TotalVirusProtection << Easy to remove.
Adware.Vundo << Leftover Vundo infection??
Worm.FakeSmitfraudFix << A fake version of SmitfraudFix.
Scare.Smitfraud << A couple of low risk annoyances.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • PC Tools Firewall Plus: free and excellent firewall.


AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like Noscript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: http://www.getfirefox.com
  • Opera is available here: http://www.opera.com/download/


Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
DMJ,

First and foremost, thank you and God bless you for your help. The process of receiving help from a volunteer is an unexpected renewal of faith in the human race. Thank you for your time and making it happen. Certainly I will be donating to help out a bit, but the time and effort are worth so much more.

I do have some questions I was hoping you might help with.

1. Because my machine has been compromised, is it possible sensitive data has been stolen?
2. Why do people write viruses if all they do is cause others pain? I understand if the virus is to steal information, but if its just to be a hassle, what's the point?
3. Should I stop using IE altogether? I'm willing to go to Firefox if its safer.
4. Do I need more than one firewall or just one of the 3?
5. Will my machine performance be very slowed down with all these anti malware programs running?
6. I have AVG 8.5 - should I get rid of that and use the ones suggested in your post?
7. What are the chances there is a sleeper cell file we have not detected that will activate these viruses again?
8. When I got the virus notification I was just surfing around normal websites. Do the viruses come from anywhere or did I download an infected music file or something and it time-delay launched? Where do these viruses typically get caught from?
9. I have a removable hard drive. Is it wise to backup my entire system onto the drive so I have a clean backup? If I do this is it possible in the future to reformat my hard drive and then load the saved hard drive back onto the formatted system?
10. Last but not least, now that I have posted all my computer files and architecture publicly on this forum is it a simple thing for someone to hack into my computer using the data?

I appreciate the security suggestions and will implement them immediately.

Thank you so very much!!

Anthony X

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
1. Because my machine has been compromised, is it possible sensitive data has been stolen?

The trojans that I saw were not data thieves. I did not find any phishing attempts. If you have an email account you use in Microsoft Outlook or Outlook Express, or any other email program (not on the web) - then I would suggest changing that password. Only because of the worm. Worms of this nature usually just use your already logged in email account to send spam from your email address.

2. Why do people write viruses if all they do is cause others pain? I understand if the virus is to steal information, but if its just to be a hassle, what's the point?

Because, virus is usually a term used for malware, also, then I will talk about malware. The main purpose of malware is to steal information, and/or infiltrate security to test how powerful it is. The most dangerous tasks malware does is steal information, and launch botnets. Botnets are a collection of compromised computers, that are used to launch an attack over the Internet or via email. The attacks launched over the Internet include sending malicious downloads and attempts to infiltrate websites using login credentials. The attacks via email are usually spam or hate-mail.

Now, viruses have a reproductive ability, and are not considered the same as adware or spyware or trojans.

3. Should I stop using IE altogether? I'm willing to go to Firefox if its safer.

Firefox can be considered better. But, it is all about your security level on the computer itself. Most browsers are equally secure and up to standards. As long as you have one antivirus, one firewall, and one antispyware - you are guaranteed safe...as long as they get updates and scans get run at least once every three days.

4. Do I need more than one firewall or just one of the 3?

Just use one firewall. Any more than one can cause crashes of your computer, inaccurate detections, and computer slowdown.

5. Will my machine performance be very slowed down with all these anti malware programs running?

Your machine should perform well, as long as you have 512 MB of RAM or more. With programs nowadays, it is better to have 512 MB or a recommended amount of 1 GB.

6. I have AVG 8.5 - should I get rid of that and use the ones suggested in your post?

If I were to pick any antivirus and antispyware, it would be AVG. Stay with it. It has both antivirus and antispyware technology built in. Which means that is two-in-one protection.

7. What are the chances there is a sleeper cell file we have not detected that will activate these viruses again?

These are usually not possible, unless a "backdoor" trojan was on your computer. I looked through all the logs, and it appears to be clean. If it were some hȋdden file that I could not find, it would not be powerful enough to even start back up a program. Ahahaha

8. When I got the virus notification I was just surfing around normal websites. Do the viruses come from anywhere or did I download an infected music file or something and it time-delay launched? Where do these viruses typically get caught from?

P2P applications, warez, cracks and illegal software keygens, hacks for games, malicious websites. I would recommend to use AVG safesearch with every browser. If you see an AVG toolbar in your browser, you are good to go. I also recommend to use Web-Of-Trust (WOT) website ratings.

9. I have a removable hard drive. Is it wise to backup my entire system onto the drive so I have a clean backup? If I do this is it possible in the future to reformat my hard drive and then load the saved hard drive back onto the formatted system?

Actually, I only recommend to save your personal data, like documents, music, pictures, videos, etc. Do not save programs, system files, normal files, etc. Saving system data is not a good idea, usually. Just your personal stuff.
If you plan on doing a reformat and reinstall, I recommend to read this tutorial for help with it: http://www.geekpolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm

10. Last but not least, now that I have posted all my computer files and architecture publicly on this forum is it a simple thing for someone to hack into my computer using the data?

No. The malware experts that we work with, make all these tools. They make it impossible to reveal any sensitive data. Most of the data posted is fairly typical data, and it would be hard to obtain a MAC address or a password to send a remote attack. We cannot and do not want to see that information. I can tell you that your computer is probably at its safest, and if you want to arm it even better, use DragonFix:
This will fix the damages due to malware, and secure your computer to help prevent re-infection. That does not mean it will prevent, it will just help prevent.
Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer, for the changes to take effect.


Cheers Mate I see you have a good interest in malware. Why not learn how to help people fight it. Check out this topic, I recommend it (after all, you could work here): http://www.geekpolice.net/virus-spyware-malware-removal-f11/do-you-want-to-learn-how-to-fight-malware-t15100.htm

descriptionVirus Problem - Page 6 EmptyRe: Virus Problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum