Viruses on my Computer

[rumour3]

Can't people learn some common sense and not goto dodgy websites after this problem is fixed? I use the internet far too much, and have done since about '97, and haven't picked up a single virus. Oh well. Avoid any programs which have anything to do with Microsoft and Windows, and you should be fine.

Hi 55378008_Ed

The wife has recently picked up malware which spybot identified as 'virtumonde'. Unless there's something she's not telling me, she was researching ancient Egypt at the time (she's a teacher), so I'm fairly sure she wasn't intentionally visiting dodgy websites, but the content isn't always obvious from a Google link. The only obvious manifestation of the problem, apart from a slowing down of her computer, was the inability to run Regedit. As far as Microsoft goes, AVG, Adaware and Spybot couldn't remove it but Microsoft's OneCare program (free trial) seems to have done the trick.

R3

 

[johnwhelan]

Can't people learn some common sense and not goto dodgy websites after this problem is fixed? I use the internet far too much, and have done since about '97, and haven't picked up a single virus. Oh well. Avoid any programs which have anything to do with Microsoft and Windows, and you should be fine.

Sorry you're are out of date. Originally specially crafted web sites were the problem but these days the approach is to infect a "normal" web site, its not so difficult as many are hosted on Unix platforms and the majority are not up to date with security updates if they exist at all.

Firefox 3.0 with noscript is about the safest combination at the moment. IE8 is much safer than ie7.

Cheerio John

 

[skol587]

try downloading spybot search and destroy and dump norton anti virus its useless get avg anti virus instead its free and extremely good at keepimg ur pc clean

 

[srr89]

My dad already used Spybot, it found the 3 viruses but couldn't get rid if them. At this time my dad is pretty much trying to find a free antivirus program that will get rid of the viruses so he doesn't have to reformat, but again I will let him know of your's and everybody else's suggestions before he reformats.

 

[skol587]

avg is free and it works wonders

 

[srr89]

Guys, my dad just ran Malware Bytes and after he "deleted" the viruses from quarantine, the virus replicated itself, so that didn't really work.

BTW, my dad is confused with what to do with the mbr.exe file. After running the file, a notepad file came up with this:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Does this mean everything is okay?

EDIT-Message to smoovious, since my pc is a little older, there is no option in the BIOS to write-protect the MBR.

 

[moveon]

Hi,


Best you can do is run a hijack and maybe combofix, cause Mbam as Spybot will only delete malware, not virus.
This is specialized work. There are some secure and helpful sites for this. Qualified people provide free help. This is one of them in English.


http://www.bleepingcomputer.com/forums/forum22.html




Hope this is be helpfull

 

[backyard]

Don't waste time reformatting...

Stick with your Norton product. If your subscription is current, you can remove all Norton product using the Symantec Norton Removal Tool & reinstall Norton...you really should be using this posting time for work with Symantec.

Windows Deep-site Extractor works compatible with all Symantec product.

The fact your computer works at all means you have a limited threat already...& your backups are already infected.

Reformatting the hard drive only means you may access the website where you got the flu in the first place & you have definantly not done your "homework" yet, so let Symantec direct you to on Further.

Thanks for sharing your problem with us, a lot of useful(as well as useless) info gets passed on this way.

I use Norton 360(2008) & highly intend on continuing this year...there is no finite way to protect, but Norton 360 works silently in the background & constantly responds to Internet threats through Symantec LiveUpdate...mine updated 1 minute ago whilst I typed this & I noticed nothing...

Internet Security is not rocket-science, but must not be ignored!

 

[srr89]

My dad has tried everything with Norton, and really no progress has been done. But here's the thing, my computer still runs fine, hell I can probably still run Trainz a little. Other than the fact that the viruses are keeping Norton from running scans, my computer has had no other problems. No files have been deleted, but as I said one of the viruses managed to replicate itself about 93 times after running Malware Bytes, so my computer is definitely screwed at this point. My computer is actually due for a reformat anyway, it's actually recommended to reformat every couple of years to keep your pc running smooth.

I really do appreciate all the help everyone has given, but at this point it's best to just reformat and then I'll probably go with avast! or AVG after the reformat, but we'll see.

I still have a question about mbr.exe. How exactly do you run the program with the command line switch "mbr.exe -f"?

 

[Smoovious]

Ok, it sounds like you have a Trojan... and virus scanners, don't work so well on trojans as they do on virii...

For trojans, I use "The Cleaner"... this program is specifically geared for trojans, and has a better record at finding the hidden infector files.

You can find it at MooSoft. http://www.moosoft.com/

-- Smoovious

ps> Start Menu -> Run -> type in mbr.exe -f

or

Start Menu -> Run -> cmd
and then, at the C:\> prompt that comes up, type mbr.exe -f

The 2nd is the better choice, as the first, will close the window as soon as mbr finishes.

 

[srr89]

Thanks a bunch smoovious. Let me just get this clear, should my dad place the mbr.exe file from the flash drive onto the computer and run it, or run it off of the flash drive?

 

[Smoovious]

Doesn't matter, where you run it from, but if you get a "File Not Found" error, then instead of typing "mbr.exe", type "d:\mbr.exe" or whatever drive letter the flash is on.


-- Smoovious

 

[srr89]

Thanks I'll have my dad try that out sometime today maybe.

Question, my dad just talked to a friend of his who knows a lot about computers and mentioned something about a program called "boot and nuke" that will wipe the hard drive and get rid of all viruses, including rootkits. Any thoughts on this?

 

[LieLestoSbrat]

Bit of copy n paste from a post I made on another forum but it serves this thread well.

When it comes to security its also up to the end user. No point installing a security package if the user is just going to click on random links and spam they get sent. I will concede though that it is harder to detect what is legitimate and not. Recently at work I've seen a number of fake anti virus products infecting computers, fairly easy to remove though. They are some what comical to watch as well when they start bringing up pops "your computer is under attack from this and that from this address", yet the computer isn't connected to any network . When it comes to security programs my personal recommendation is for ESET Nod32 Smart Security antivirus and firewall product. Fast scanner that detects allot (found infected spam emails on my machine that others have missed), coupled with minimal background system resources. I've heard many good recommendations about Kaspersky as well but never tried it myself. Anti spyware wise Malware bytes antimalware is damn good, although you have to pay for a resident scanner. Super Anti spyware is pretty good as well but is a bit of a hog when it comes to background resources. Out of the major anti virus products I would avoid is Norton antivirus. The amount of rubbish that things lets through is a joke, You'd be better of using a sieve, coupled with the numerous problems I've seen where it can cock up your computer. My other big final tip is install a modified hosts file. This is another helpful trick is in stopping communication to know sites that have dodgy content on them, the one linked below also stops a large number of advertising sites, helping you to rid webs of the ever annoying advert.

MVPS hosts file

Rob

 

[srr89]

Thanks, I'll see what my dad wants to do. As of right now, my hard drive has been wiped clean and my external hard drive that I backed all my stuff to is squeaky clean of viruses. I think for now my dad will be sticking with Norton until the subscription ends (in about 200 days or so), then he'll go after something else like AVG or avast. But I would like to thank everyone for their advice, hopefully something like this won't happen again.

Robby :wave:

 

[grumplstink]

Because I seemed to have computer problems, even though I had run several very popular and more expensive virus checkers/spam/malware etc. No problems apparent. I ran Kaspersky (it was a "Thirty Day Limited Demo"). It found six problems amongst them were three virus and two trojans! I repeat the earlier anti virus checkers (one of which is VERY popular, but I will not name it) found nothing. I paid my years subscription and bought three user versions for the price of two and installed on all household computers. You get odd slowdowns on new software whilst Kaspersky checks and logs them. But you can actually see it is doing something. It solved my problems. Suggest those interested Google for more (and my less biased) info.

 

[JCitron]

John --

Are you sure about that? From what I've read I always thought that formatting would remove a rootkit virus.

The other thing to consider is a firewall. After suffering an almost terminal Trojan infestation and a rootkit virus (Trojan.Agent) I'm now using the Comodo firewall. Freeware. Seems to do its job.

Phil

Hi Phil,

I thought the same thing as you did, but I guess we're mistaken. A system security expert told me about this. Now this is another thing to worry about from a system support point of view.

John

 

[johnwhelan]

Because I seemed to have computer problems, even though I had run several very popular and more expensive virus checkers/spam/malware etc. No problems apparent. I ran Kaspersky (it was a "Thirty Day Limited Demo"). It found six problems amongst them were three virus and two trojans! I repeat the earlier anti virus checkers (one of which is VERY popular, but I will not name it) found nothing. I paid my years subscription and bought three user versions for the price of two and installed on all household computers. You get odd slowdowns on new software whilst Kaspersky checks and logs them. But you can actually see it is doing something. It solved my problems. Suggest those interested Google for more (and my less biased) info.

One major issue with anti-virus software is false positives. There is a trade off between detecting everything and giving 100 false positives at the same time and detecting very few viruses but no false positives. The classic false positive was part of windows update was identified as a virus so one of the free anti-virus software isolated it. Result Windows was unable to boot.

The commercial anti-virus software is very good at differentiating, it has to be, the cost per virus incident to a large corporation is fairly high so too many false positives and you get dumped for a better product. Products aimed at the home market often have a much higher rate of false positives and a much smaller research lab to identify new threats as they crop up.

Cheerio John

 

[grumplstink]

John, many thanks for information. I can now understand a little more about these programs and the variation in results. Thanks again.

 

[greywolfretired]

After reading all of the posts here,I get the impression that a lot of trainzers do not have adequate protection. Avg is one of several anti virus programs, only anti virus. Malware, spyware can still get through. You really need to spend some $ and get a good internet security program. I use Bitdefender internet security and its is a very good program, as well has tools to keep your hard drive clean, defragged ,gets rid of duplicates,and keeps your registry clean all in one program.
After you back up your trainz stuff , and before you put it back into trainz, get a good program and scan thourghly before putting back into trains. You are backing up your stuff ,but you may also be backing up a problem.
Good luck