Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / antivirus?

Author
Message
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 27th Dec 2010 22:04
Link
so i reinstalled the OS on this dudes laptop less than a month ago and he calls me yesturday telling him that his computer is screwed up. Mainly the internet is working really slow. I installed avast5 when i reinstalled XP it updates automatically and dosent hog up resourses and i use it myself. I suspected that he has a virus so i told him to do a scan on startup thing and it turns out he has a crapload of viruses and trojans on his laptop. Since i dont want to reinstall his sytem again i decided to track down the virus and kill manually. i am still working on it.

But the thing i am wondering about is how did so much malware get past avast without even setting off a warning? I began to think it was some new virus but even then i dont see how they could even catch a virus that bad. i looked at their browsing history and they only visited social networking sites and looked at interior design sites. no porn or sketchy sites where they could pick it up. so where did this thing come from? also avast does a thing where it constantly scans the computer and it didnt pick up anything too.

i started to think it was some new virus that they didnt have in the databases yet. If its not that then avast must have really screwed up here.

after hours of virus hunting i killed off pretty much all the viruses exept for the one that causes the internet to screw up. unlike most worms/trojans that just immediatley block the internet browsers. or just blocks all antivirus sites. this one (after a bunch of scans, and a scan on startup) just causes the internet to go slow then after a few minutes just blocks some parts of connections (cant update the antivirus because of this) connection is still up, you can use skype (very slow)and stuff but cant browse the internet.

so this thing is still somewhere in the computer but antiviruses arent picking it up at all. (i managed to manually update avast during the short time when connection is still working)

Something is telling me that this guy would proboly want a different antivirus after what happened. I just have several prejudices against some AVs. people reccomend me nod 32. the story with this is many people in the past who used nod32 asked me to fix their computer which was slow and froze all the time. and every single time nod 32 was the problem. i uninstalled nod 32 and everything started working. Kaspersky is also really good but its not free (and even if you pay for it its only untill the next version which youll have to buy again) also its bloated and takes up a lot of resourses and this is a cheap weak celeron laptop and i dont think the thing can handle it. and generally i have tons of stories when i everything was fine and i installed an antivirus and darkest horrors were unleashed upon my computer. many stories like that. so i dont even install any AVs on most of my computers and they work fine for years. Ether this is some giant conspiracy against me by the antivirus corporations or i am just extremeley lucky.

so what do you guys think of this whole thing?

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 27th Dec 2010 23:03
Link
I've been recommending Avira lately, it's been great so far.

You may have checked his browsing history, but what about email attachments? Even without AV software, a good user wouldn't have that much crap installed in only a month.

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
bitJericho
22
Years of Service
User Offline
Joined: 9th Oct 2002
Location: United States
Posted: 27th Dec 2010 23:41
Link
Install linux

Or, get a paid-for antivirus, he can then contact the vendor for virus assistance.

Also, run a real-time adware blocker, like adaware or spybot.

[center]
Join the TGC Group!
http://tehcodez.groups.live.com
Back to top
Profile PM Email Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 28th Dec 2010 01:25 Edited at: 28th Dec 2010 01:31
Link
@Phaelax: thats what surprised me, the only thing he installed was a printer driver. I suspect the viruses might have come through skype when their friends sent them some photos. i guess its possible to go through an email attachment. altho i am surprised by how this turned out i am more concerned on how to find and remove this thing. avast isnt picking it up, got all kaspersky specialised virus removal tools but they didnt detect it too (they detected a few other smaller viruses that started to just randomly appear 3 days ago proboly when they got this virus. same time when their internet started being screwy. Safe mode with networking works fine. the internet is fast and all sites work like they should.

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Destrugter 1
18
Years of Service
User Offline
Joined: 26th Oct 2006
Location:
Posted: 28th Dec 2010 02:04
Link
When people ask me to help them with these sorts of viruses, I boot into safemode to remove it. That way it's not auto-run on startup. I just go through all of the stuff on their computer and look for weird folders/files.
Back to top
Profile PM Email Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 28th Dec 2010 02:13
Link
i do that too but in this case i dont know where the virus is. If the virus scanner could at least detect it, i would know where it is hiding and there are no suspicios folders either.

safe mode= everything is fine stuff works like its supposed to
normal mode= internet is either very slow or dosent work

and there are always other viruses appear every once in a while.
i think this is some new bot ware or something. this computer was turned into a virus making mashine and it takes over the internet connection and uses it to spread the viruses (hence screwed up slow connection and browsers not working).

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Fatal Berserker
14
Years of Service
User Offline
Joined: 2nd Jul 2010
Location:
Posted: 28th Dec 2010 06:59
Link
download and install 'hijack this' it scans ur pc and u can see everything that is going on.
furthermore, u should look at what is running at startup, both in the registries and msconfig.

Smoke me a kipper, ill be back for breakfast.

MMORPG -- Many Men Online Role Playing as Girls

G.I.R.L -- Guy In Real Life
Back to top
Profile PM
bitJericho
22
Years of Service
User Offline
Joined: 9th Oct 2002
Location: United States
Posted: 28th Dec 2010 07:32
Link
run a spybot scan

[center]
Join the TGC Group!
http://tehcodez.groups.live.com
Back to top
Profile PM Email Website
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 28th Dec 2010 09:26
Link
He's not running bittorrent or anything is he? It could be something legit that boots up in normal mode thats killing his network.

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 28th Dec 2010 09:46
Link
no no bittorrent at all. as i said before nothing remotley sketchy. Nothing suspicios in msconfig either. this thing proboly hides itself. I will try using spybot and Hijack this. altho i have to admit that i dont trust spybot. last time i used spybot my computer started getting more viruses and my pc got screwed up slow and buggy (it was normal before spybot)... some kindof conspiracy... the antivirus software developers pay hackers to write viruses. it keeps them in business.

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 28th Dec 2010 10:53
Link
My tools for cleaning up PC are a full deep scan from whatever AV software (Avira or Symantec in my case), then MalwareBytes, followed by HiJackThis to see if anything was left behind.

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 28th Dec 2010 15:31
Link
wll spy bot picked up a few things, ill scan it with all those after ill do a second run with spybot. just kinda weird that avast updates every day and it missed those.

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 29th Dec 2010 14:33
Link
so i managed to get rid of that virus using spybot, the internet works fine now. ill scan it with other av software just to make sure there is nothing left.

But what are some good lightweight antiviruses i can use since this is a weak laptop, i dont want anything that will take up too many resourses but i want something that would be good protection. kinda lost faith in avast after it missed that virus

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 30th Dec 2010 00:53
Link
The Avira that I'm using only appears to take up about 15mb of ram when adding up all processes. That's on my laptop running Win7 64bit. On my desktop, I use Symantec with XP-32 and its processes use over 30mb. While I don't notice any performance hit from either one, its easy to see which appears more efficient. But my symantec engine is a little dated.

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 30th Dec 2010 01:18 Edited at: 30th Dec 2010 01:19
Link
ok this is very nervewrecking. Even tho i defeated the big virus that caused the internet to screw up, (works fine now) even after i cleaned out ALL the malware, (in safe mode updated AVs no internet connection) i hook it up back to the internet viruses keep kreeping into the system. antivirus just keeps discovering new viruses! i really dont like this. something is leaking viruses into the system. i seriosly do not like this at all. i have the firwall up and everything. I think its something in the system that i just missed.

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Neuro Fuzzy
17
Years of Service
User Offline
Joined: 11th Jun 2007
Location:
Posted: 30th Dec 2010 02:26
Link
:S is there any flash memory device connected VIA USB? I would imagine its possible to store a virus on the flash memory of a printer... try disconnecting everything except the power, mouse, and ethernet cables?

Just saying, I use Avast!, comodo firewall, malwarebytes, and spybot SD, and do regular scans. This work great - I've never gotten a big virus. Have you done both avast and malwarebytes scans since the major problem virus got removed? (or, my point being, other antivirus scans)

Back to top
Profile PM Email
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 30th Dec 2010 02:38
Link
no flash drive here. latest windows, firewall turned on, also the ISP has a firewall as well. I have avira installed now, everything apperas to be in working order but during full scans avira and spybot and malwarebytes keep discovering 1-3 new viruses every once an a while. like right now this laptop is clean but in an hour when i do another full scan it will definatley pickup some new malware. I am afraid i will have to reformat the drive completley. this sucks since the guy wanted the computer to be done by new years so he can skype a happy new year to his family back in moldavia

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 30th Dec 2010 03:06
Link
Once a virus has compromised your system, the only way to be 100% sure it's gone is a format/reinstall of the OS.


Senior Web Developer - Nokia
Back to top
Profile PM Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 30th Dec 2010 03:09
Link
well i keep getting rid of it but its not the same viruses that reappear its all different kinds every time. in the past few hours i got rid of viruses trojans, even net worms. i guess i do have to reinstall

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 30th Dec 2010 12:35
Link
I'm trying to think what could be causing so many issues to keep showing up, but I'm coming up with nothing. There must be a trojan or something opening a backdoor that isn't being detected.

Not sure if this would help, but run netstat after you've made sure every program/browser is closed. Maybe something unusual will show up. Another thought would be to download a rootkit detection app.

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 30th Dec 2010 15:01
Link
well i decided to reinstall windows on a new clean formatted disk rather than trying to figure out the virus. even my client told me it will take less timetojust reinstall and there wont be any risk of a problem/virus showing up.

I figure this was some new virus that the AV soft cant detect yet so this thing has been sending junk trough this computer.

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 30th Dec 2010 23:01
Link
That's a pretty common route to take in the business world. Even for simple fixes we would often just re-image the harddrive if the fix would take more than an hour to figure out because we know a reimage would fix anything (unless the hardware failed or the image becomes corrupted, which has happened).

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
AutoBot
15
Years of Service
User Offline
Joined: 25th Sep 2009
Location: Everywhere
Posted: 1st Jan 2011 18:40
Link
Just want to note that sometimes worms can embed themselves into the RAM, which means that you'd need to replace the RAM as well as reinstall the OS. That seems pretty rare nowadays, though.


Back to top
Profile PM Email
bitJericho
22
Years of Service
User Offline
Joined: 9th Oct 2002
Location: United States
Posted: 1st Jan 2011 18:56 Edited at: 1st Jan 2011 19:07
Link
Eh? Nah, ram by definition is volotile. Info isn't saved once it's powered off. Maybe you're thinking about bios viruses. I havent heard of those in a long time. I suspect most bioses now are pretty well protected against those attacks.

[center]
Join the TGC Group!
http://tehcodez.groups.live.com
Back to top
Profile PM Email Website
AutoBot
15
Years of Service
User Offline
Joined: 25th Sep 2009
Location: Everywhere
Posted: 1st Jan 2011 19:28
Link
Yeah, I'm probably wrong about that. I just remember reading something of that sort, it was probably about bios viruses though.


Back to top
Profile PM Email
PAGAN_old
19
Years of Service
User Offline
Joined: 28th Jan 2006
Location: Capital of the Evil Empire
Posted: 1st Jan 2011 20:51
Link
Quote: "Nah, ram by definition is volotile. Info isn't saved once it's powered off. Maybe you're thinking about bios viruses. I havent heard of those in a long time. I suspect most bioses now are pretty well protected against those attacks.
"


yeah what he said. Viruses do however temporarley store themselves in ram and do their activities from ram while the computer is on. as i notices many antiviruses these days had modules that scan ram.

and wow bios viruses? i remember hearing about them in the ancient times when dinasaurs roamed the land. but wow i would imagine what these things might be capable of. its even possible to fry the entire system with one of these.

dont hate people who rip you off,cheat and get away with it, learn from them
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 1st Jan 2011 23:55
Link
Friend of mine from a few years ago actually got a virus in his router's firmware. Reflashed it and it was fixed, but still a rare virus to find which only targeted specific routers like his.

"Only the educated are free" ~Epictetus
"Imagination is more important than knowledge..." ~Einstein
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2025-05-22 15:51:12
Your offset time is: 2025-05-22 15:51:12