Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Arkangel on April 03, 2007, 12:04:17 am
-
Yup, me again.
I made a post around a month ago called spyware issues.
http://www.hard-light.net/forums/index.php/topic,46015.0.html (http://www.hard-light.net/forums/index.php/topic,46015.0.html)
I discussed my problem and you guys sorted it out. :)
Now, somehow, i have a ***** of a virus on my pc. I think it may be along the lines as the same issue i had before; a program called SpyLock is telling me there is several viruses on my pc and that i should purchase this product. Thinking it was yet another scam I scanned with Adaware. As expected it found a load of **** so i deleted them. But the problem still persisted so i downloaded several other programs. Some detected and removed various bugs but i still got a system warning.
Now in my previous post Hitmanpro got a mention. People say its great but i am sceptical and reluctant to download it after reading the link at the bottom of the Spyware Issues Page.
Please could someone give me an idea of what to do?
-
There are three certainties in life: death, taxes, and re-formatting.
-
For one, be careful of ads telling you your computer is infected, they have no way of knowing whether your computer is infected or not, it's a cheap trick. It's usually something along the lines of 'Warning! Your computer may contain Viruses! Click here to download new 'ripoff' virus detector to clean your system now!' or the like.
If you want to be sure then I'd suggest something like Avira Antivirus..
http://www.free-av.com/
That's a pretty comprehensive free Antivirus program, it should be good for most normal use.
-
Here's what I would suggest you to do.
1) If you have another computer(s), run both anti-virus and anti-malware/-spyware scans on it to check if they're clean or infected.
For anti-virus get avast! Home if you don't have any decent av. www.avast.com
For anti-malware, get both ad-aware and spybot search&destroy.
http://www.lavasoftusa.com/
http://www.safer-networking.org/
2) If the computer(s) comes clean, transfer all your personal files and other stuff you don't want to lose to the other computer from the infected computer. And then re-run the scans to make sure the transferred files are clean.
3) I assume you are running Windows XP. Make sure you have XP installation media with the latest Service Pack. You can create one by following these instructions, and create the new installation media on clean PC. http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp
4) Reboot the infected computer with the newly created XP SP2 installation media. Unplug network cable. Format ALL your hard drives on the infected PC and install XP SP2.
5) After XP is installed, you have SP2 firewall running and should be protected from incoming packets. Plug network cable and get latest updates from WindowsUpdate. http://windowsupdate.microsoft.com
6) While updates are being downloaded and installed, install anti-virus and 3rd party firewall if your broadband modem does not have built-in NAT and firewall. If your modem has built-in NAT and firewall, make sure they're enabled. If they're enabled, SP2 firewall is enough.
7) Once updates and av/fw are set up, transfer your stuff back from the other computer.
Once you get infected with viruses and/or malware, the only way to make sure you get rid of everything is to run full format on all your hard drives. Otherwise you may just get re-infected the next day if something was left after cleanup.
I cannot stress the importance of a decent broadband router with built-in NAT and firewall enough. After you have one, focus on damage control. If one PC gets infected with viruses or malware, make sure to prevent other computers in the same network from getting infected. For that end make sure all Windows PC's are running firewalls with no exception rules for file and printer sharing, network diagnostics, remote assistance, remote desktop and upnp framework. If you really need one of those, change the default ports.
-
For one, be careful of ads telling you your computer is infected, they have no way of knowing whether your computer is infected or not, it's a cheap trick. It's usually something along the lines of 'Warning! Your computer may contain Viruses! Click here to download new 'ripoff' virus detector to clean your system now!' or the like.
If you want to be sure then I'd suggest something like Avira Antivirus..
http://www.free-av.com/
That's a pretty comprehensive free Antivirus program, it should be good for most normal use.
It is different to get such messages on internet sites than getting these messages on your own desktop. They're nothing more than regular ads if you see these on web sites, but if you get those messages on your desktop, it means your messenger service is enabled and vulnerable.
If you get those messages through the messenger service, it is a huge security hole for your messenger service to be fully open to the outside world. It means that your computer is pretty much exposed to the internet with little to no security. In this case you can be fairly certain your computer is infected with god knows what.
-
I actually had gotten one of those messages (your registry seems damaged) while I was doing some work on some damage in my registry (and surfing for... something or other), I though it was from the scanner I was using and was just a pixel away from clicking on it when I noticed it was the only window not using my windows blinds theme. that was close, who knows what other problems I'd have gotten if I hadn't noticed that.
there was also some add in the VW forum that tried to install some suite of adware, and it happened to popup just as I hit the 'y' key while typing something, I had just reformatted, like that day, I was still installing things, so I just started over and nuked it.
-
I hear all these stories about viruses and spyware, yet I have absolutely no idea how anyone can possibly fall for the tricks.
My Windows PC runs without firewall, AV or antispyware apps. Admittedly, it's no more than a gaming rig these days and I can restore the whole thing from a clean image inside of ten minutes if I want (and it's behind a router with a fairly draconian set of firewall rules most of the time), but the last time my machine had a virus on it was four years ago, and that was due to an infected game patch I got at a LAN; the virus was CIH and it was fairly easy to clean out.
I didn't even understand all this stuff 4 years ago, but I've never been dumb enough to click on a popup window while surfing the web, or trusting some random web page re: the state of my computer.
-
Amen brotha. The only times a computer I use has been infected with a virus has been when it has been a test system at work and intentionally let vulnerable.
-
Thats the problem
I have no clue where it came from, i haven't been on the net for days, just games and then it pops up out of no-where
I'm honoured to get such a response. I'll give your suggestions ago short of re-formatting.
-
Nothings working, though my virus count is still rising!
Looks like i'm gonna have to get it reformatted...
Before I let my parents know can anyone tell me roughly how much it is? I wanna see if i can do behind their backs...
-
I have McAffe VirusScan, and I set it to automatically delete anything it finds, and it fixed the problem I had, and I've had none since.
Before I let my parents know can anyone tell me roughly how much it is? I wanna see if i can do behind their backs...
If you yourself know how to do it, then it's free. Here's the basic process:
1) buy norton ghost (IIRC thats what it's called)
2) unplug all hard drives you don't want formated
3) boot from the ghost
4) format your HD
5) reinstall windows
6) reinstall all SPs
7) reinstall all drivers
8) reinstall all software
9) plug your other HDs back in.
-
I love the way the number 8 in most peoples lists turns into the sunglasses guy ;)
-
Spylock is bogus. Try this: http://www.xp-vista.com/remove-SpyLock
Or this: http://siri.geekstogo.com/SmitfraudFix.php (Spylocked screenshot is at the top! http://siri.geekstogo.com/ScreenShot.php )
-
I love the way the number 8 in most peoples lists turns into the sunglasses guy ;)
I usually catch that, but I didn't this time :p
-
Always get paired up with a good firewall first. The free version of zonealarm will offer all the containment you'll need for outgoing and incoming connections. Great for keeping **** from getting in and great for keeping **** in....that's when you get an anti virus program. Avg antivirus is free and is a good one many users turn to, but the best in my opinion for free antivirus is Avast4home made by alwil software.
Anyway, if for some reason a virus did get into your computer from something you downloaded and executed, zonealarm will usually tell you the name of the program trying to access the net which is probably going to be that virus. From there you can click deny to not allow the virus access to the net keeping your virus infection contained. Containment is so nice, keeps viruses from getting to other computers, after containment use your good antivirus program to be rid of the problem once and for all.
This is all i do, and yes i've had a virus or two, but this is how much easier being beefed up with a good firewall and good antivirus will be to get rid of infections. And if someone is using dialup, never tell them they don't need an antivirus or firewall because of their low bandwidth, viruses are pretty tiny and they don't take that long to get onto a computer using dialup.
Just for reminder the **** i recommend and use.
Zonealarm - download the free version and only install the basic firewall instead of the 15 day trial with all the bells and whistles(so many people get tripped up and install the trial instead...just keep your eyes open it's not hard).
http://www.zonealarm.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?dc=12bms&ctry=US&lang=en&lid=db_trial
Avast4home (avast antivirus) - download free avast4home in your favorite language, then pop in your email address to get an activation code(which is free) that will enable you to use avast forever as opposed to not getting the activation code and get a 60 day trial (one cool thing i like about avast is that if you must have a virus scanner for linux, avast is for linux as well...want a good firewall for linux, try the iptables frontends guarddog(this ones better) or firestarter). I can't even begin to praise how ****ing good avast is, i'd definitely pipe down the money for it if i needed antivirus for non-home use(avast for home use is free).
http://www.avast.com/eng/download-avast-home.html
Use good software like this and you should be more than well off and good, happy, alive and kicking, more wise, etc...unless you guys like to pay for you firewall and antivirus(why when you don't have too). Mcafee and norton are the worst antiviruses and firewalls ever, plz don't use them, avast and zonealarm is so much better. Pretty much i emphasize do what i do and you'll stay away from the bull****.
-
ZoneAlarm is crap. It often causes more problems than it solves, it has a lot of compatibility problems with different apps. I've never used them myself, but I've heard Jetico and Comodo firewalls are the best of free software firewalls.
avast! on the other hand is pure ace and I use it myself as well.
-
Yeah zonealarm does have compatibility issues, in particular avast detected zonealarm and said it didn't operate too well with it, but i went ahead with it anyway, and they seem to work fine together with absolutely no issues.
I shall check out jetico and comodo, i hope they actually let me mess around with a firewall more than zonealarm basic does(zonealarm basic is a little too basic in my taste, i want to change firewall paramaters besides allowing and blocking ****). Then again, zonealarm isn't a bad fall back plan if anything else doesn't work.
-
The properly configured hardware router is your best first line defense.
If parameters don't scare you, then Comodo is probably the current front runner in firewall protection, though you don't really need to configure anything to my knowledge, unless you need to allow a P2P app.
(ZoneAlarm is kind of a pig nowadays, resource-wise, and protection-wise too.)
No sense in not trying NOD32 trial either, the current best antivirus software you can get. For free, AVG still gets very good ratings, and it's still free, even though they gave a different impression when they recently changed to the new version.
This leaves spyware software. Webroot SpySweeper is considered the best right now, and Spyware Doctor is a close second.
Finally, if you insist on sticking your mouse where it probably shouldn't be, you can prevent the need for all these programs by browsing within the sandbox: http://www.sandboxie.com/. You will have to learn how to get stuff you want to keep out of the sandbox and onto your PC, though it seems worth it in your case.
For hardcore malware removal, if you can't reformat and start over, "hijack this" from merijn is the hardest core tool available, period. http://www.spywareinfo.com/~merijn/programs.php. It will allow you to find and delete anything, just make damn sure you know what you're doing first. The forums are very helpful for analyzing your logs, and you'll be an expert when you finish.
Anyway, don't take my word for it, surely nobody else will. An hour of Googling will show you the depth of my research. And I've used them all too.
-
I hear all these stories about viruses and spyware, yet I have absolutely no idea how anyone can possibly fall for the tricks.
My Windows PC runs without firewall, AV or antispyware apps. Admittedly, it's no more than a gaming rig these days and I can restore the whole thing from a clean image inside of ten minutes if I want (and it's behind a router with a fairly draconian set of firewall rules most of the time), but the last time my machine had a virus on it was four years ago, and that was due to an infected game patch I got at a LAN; the virus was CIH and it was fairly easy to clean out.
I didn't even understand all this stuff 4 years ago, but I've never been dumb enough to click on a popup window while surfing the web, or trusting some random web page re: the state of my computer.
I agree. I think I got some spyware once around 2000, and that was it. I use a router firewall (which are like $30 these days) with pretty much just the default settings and have nothing on the software side. I used to run anti-virus and anti-spyware programs regularly, but haven't needed to do that for years. All it takes is a little common sense.
-
on the other hand all it takes is one bad click or ill timed key press to screw all that up.
-
Indeed! Thus, Sandboxie (or a virtual machine) adds a few more clicks to make accidents harder to implement. Using those, you have to really TRY to get infected. :D
-
I use AVG Free at home and their free Anti Spyware prog as well, only once has AVG Free ever found a virus on my PC and that was because I downloaded an spam attachment on purpose just to test the Anti virus. (I never opened the attachment of course, that would have been silly) and AVG detected and deleted the virus within minutes, still in it's zipped form. :yes:
-
Indeed, AVG just subsumed ewido anti-spyware, which was considered best in class, a definite confidence inspiring move.
-
Too bad AVG artificially limits their free versions to an annoying degree. They tend to remove some or all automatic online update features and x86_64 support among other things. Due to that, I favor avast! over AVG.
-
Too bad AVG artificially limits their free versions to an annoying degree. They tend to remove some or all automatic online update features and x86_64 support among other things. Due to that, I favor avast! over AVG.
Really!!?? :eek2:
My AVG updates every 2-3 days! Or at least I thought it did? I may look at avast.......?
-
According to AVG's website, the current free version of their AV has online updates but no "high-speed online update", whatever that means. :rolleyes: From their free anti-spyware product, automatic updates as well as real-time scanning and kernel protection are missing alltogether.
-
Yeah, the free AVG AV has always used a sometimes overloaded server for updates. There was a long time when it was too overloaded to work well at all, but after too many months of complaints they added more server capacity, so it's cool now. The free anti-spyware part (especially after expiration) certainly has real-time limitations though.
-
From their free anti-spyware product, automatic updates as well as real-time scanning and kernel protection are missing alltogether.
Hmm yes i believe avast what this avg is missing has all of this from what i've experienced of it. I need to check out avg as well, i've seen it on many customers computers, then i've found out many people use it(it must be good but is it?), i need to see this first hand for myself...but i like my avast
-
They both rate highly, so there's no compelling reason to switch from one to the other. The major deal with AVG is that it has a free version. But as far as the difference between them, what would really determine whether you used one or the other? Unless you were to test your machine by infecting it with some particular virus, it kind of boils down to which interface you prefer, or (for me) whatever the latest magazine reviews are.
Since virus writers are getting so clever lately, it seems that frequency of updates is not as important as it once was, and that heuristic detection capability is coming to the fore. I wonder how many people actually manage to get infected with any new virus before it and its variants get added to the predominant detection databases.
-
http://forums.spybot.info/index.php (Spybot Search & Destroy Forums)
Near the bottom, post your problem under "Malware removal" - They helped me fix a problem back awhile ago, those folks are great!
-
Lots of good suggestions here.
A few of my buddies (network admins, engineers, hobbyists) and I have worked out a system we tell friends.
1.A. Run Windows Update from the website. Internet explorer has a menu option in the tools menu.
1.B. Run Housecall: http://housecall.trendmicro.com/
1.C. Download Avast. It's the best possible anti-virus software you can get for home use. Including McAffee and Norton. They're crap. Download Avast. www.avast.com
2. Sunbelt Kerio Personal Firewall. A restricted-use version is also free. I liked it better when Kerio maintained control of it, but it's still alright. The main benefit here is traffic restriction - you can see what is trying to come in AND what's trying to go out. http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/ The free version will suffice (it runs as a full version for 30 days).
3. After those are installed, run Hitman Pro. Then run it a second time.
4. Download the Firefox Browser, and quit using IE. Stick in the AdBlock Plus extensions so you quit getting suckered by ads that say you have viruses.
5. Repeat steps 1-4 a second time and watch the results of the scans/repairs.
Chances are you don't have any viruses or serious malware to begin with. Follow those steps. If Avast, Housecall, and Hitman pick up viruses or malware the first go around, complete the steps, then run them all again. If they STILL pick up problems, then reformat.
I'd put money down that says this is not a serious problem that requires a reformat of the hard disk.
-
McAffee and Norton. They're crap.
*agrees heartily*
EDIT: Removed text for better impact.
-
2. Sunbelt Kerio Personal Firewall.
Kerio has not done so well in tests lately, were beaten by a number of other firewalls including Jetico and Comodo. I haven't used the two, but I used Kerio before it was aqcuired by Sunbelt. I had to stop using the firewall because it caused massive CPU usage whenever there was traffic of LAN speeds going on, LAN transfer speeds dropped to one tenth of what they were when Kerio wasn't running.
These days I have my trusty router with built-in NAT and firewall, so I don't have much need for a software firewall as outbound connections aren't really of any concern to me. :p
-
2. Sunbelt Kerio Personal Firewall.
Kerio has not done so well in tests lately, were beaten by a number of other firewalls including Jetico and Comodo. I haven't used the two, but I used Kerio before it was aqcuired by Sunbelt. I had to stop using the firewall because it caused massive CPU usage whenever there was traffic of LAN speeds going on, LAN transfer speeds dropped to one tenth of what they were when Kerio wasn't running.
These days I have my trusty router with built-in NAT and firewall, so I don't have much need for a software firewall as outbound connections aren't really of any concern to me. :p
Yeah, I've got a Linksys router now too, but I haven't had any problems with Kerio (yet). I may eventually nix it. For a free firewall though, it's certainly better than the Windows one.
-
I tried all of those above but the only one that detects the issue is Spy Hunter. (I daren't risk Hitman Pro)
Only problem is that I have to pay 30 bucks to use it.
Ah well... at least its cheaper than reformatting.
-
Why not use Hitman Pro? It's free.
I have never heard of Spy Hunter, and I am highly skeptical of malware software you have to pay for, especially when nothing else finds the problem.
-
i just use blueyonder pc guard, very little gets through that, but whne i do get a virus i download everything pssible untill i fix my pc. i also use peergaurdian 2 and spybot.
-
I searched SpyLocked (The bastard i have) on google and all these comments regarding its scam came up and they gave me the options of deleting it either manually (Way too complicated) or via software. Every site led me to Spy Hunter... It does detect all the problems i have.
I am reluctant to use Hitman Pro after reading the link at the bottom of the topic I posted at the start of this one.
Though if everyone here uses it and thinks its safe i will consider using it before purchasing Spy Hunter.
Any comments on pros and cons they have experienced with Hitman Pro will be highley appreciated.
Oh, and its now affected my MSN Hotmail too, it takes about 8 attempts before my password works. Not good i'm guessing.