What happened? somewhat related to CRYPTIC.AZC

Discussion in 'Anti-Virus' started by mm, Oct 4, 2010.

  1. mm

    mm Guest

    What happened? somewhat related to CRYPTIC.AZC

    A friend had an HP netbook with some respectable AV software, and she
    got a virus it seems that allowed the Welcome to XP screen to show,
    but nothing beyond that.

    She took it to Best Buy where the guy started it up, took one look at
    it, threw up his hands, and gave it back to her.

    HP wanted 139 dollars to do somethign, but she says the whole netbook
    was only 300! (And she eventually wants to buy a laptop anyhow,
    because this one has small keys. I point out that many laptops have
    smaller keys than the a desktop, but she doesn't say anythign.)

    I like a challenge, and she's a friend, so I installed the portable
    version of AVG on a flash drive, changed the boot order to start with
    the USB port, booted, ran the AVG, found two consecutive occurrences
    (in the same temp directory) off CRYPTIC.AZC, looked it up on my
    computer and found the manual way of removing it, let AVG finish on
    her computer, rebooted, and XP ran fine!!!!!

    Boy did I feel good. I checked Task Manager and sysdpt.exe wasn't
    running, checked the system32 directory and sysdpt.exe wasn't there,
    and checked the two places in the registry and the references to it
    weren't there. I felt even better, and better about AVG

    Just about then an screen appears from the MS AV program, something
    essetial. At this time I didn't know what AV she had but there was a
    little yellow castle turret in the systray, with 3 high spots and two
    places in between for the archers to shoot from. I didn't know what
    software that represented. What does it represent?

    Anyhow, 20 progress bars, for 20 difgferen6t AVG programs showed up,
    ran across the screen and 5 of them came up with removal programs for
    the virus it had anmed. I'll admit, I clicked on one. It was a fraud.

    Maybe it was AntispySafeguard. That name is in this story somewhere.

    MY QUESTION IS; Does it matter if I click on something. After all,
    the virus must be there already to display the message that I have a
    virus. What if I didn't click? Would it just give up and go home?
    Surely it would do all the same bad things. Is that right?

    After this, I told my story to my other friend I wrote about with a
    virus, and she says she didnt' actually click on the scan as she it
    said to do. I assumed she had, I guess, but it started by itself.

    QUESTIONS 2 ARE: Did AVG do anything, accomplish anything?

    Did I dl a new virus in the 5 minutes I was running windows, even
    though I didn't dl any email, didn't iirc open a web browser, and
    didnt' click on anything?

    Or was this a leftover from CRYPTIC.AZC? and AVG only got part of it?
    And not enough to prevent it from messing everything up. Or did AVG
    actually get none of it?

    Is http://www.spywaredb.com/remove-trojandownloader-win32-crypt/
    incorrect when it says the four places that sysdpt.exe infects things?
     
    mm, Oct 4, 2010
    #1
    1. Advertisements

  2. From: "mm" <>

    | What happened? somewhat related to CRYPTIC.AZC

    | A friend had an HP netbook with some respectable AV software, and she
    | got a virus it seems that allowed the Welcome to XP screen to show,
    | but nothing beyond that.

    | She took it to Best Buy where the guy started it up, took one look at
    | it, threw up his hands, and gave it back to her.

    | HP wanted 139 dollars to do somethign, but she says the whole netbook
    | was only 300! (And she eventually wants to buy a laptop anyhow,
    | because this one has small keys. I point out that many laptops have
    | smaller keys than the a desktop, but she doesn't say anythign.)

    | I like a challenge, and she's a friend, so I installed the portable
    | version of AVG on a flash drive, changed the boot order to start with
    | the USB port, booted, ran the AVG, found two consecutive occurrences
    | (in the same temp directory) off CRYPTIC.AZC, looked it up on my
    | computer and found the manual way of removing it, let AVG finish on
    | her computer, rebooted, and XP ran fine!!!!!

    | Boy did I feel good. I checked Task Manager and sysdpt.exe wasn't
    | running, checked the system32 directory and sysdpt.exe wasn't there,
    | and checked the two places in the registry and the references to it
    | weren't there. I felt even better, and better about AVG

    | Just about then an screen appears from the MS AV program, something
    | essetial. At this time I didn't know what AV she had but there was a
    | little yellow castle turret in the systray, with 3 high spots and two
    | places in between for the archers to shoot from. I didn't know what
    | software that represented. What does it represent?

    | Anyhow, 20 progress bars, for 20 difgferen6t AVG programs showed up,
    | ran across the screen and 5 of them came up with removal programs for
    | the virus it had anmed. I'll admit, I clicked on one. It was a fraud.

    | Maybe it was AntispySafeguard. That name is in this story somewhere.

    | MY QUESTION IS; Does it matter if I click on something. After all,
    | the virus must be there already to display the message that I have a
    | virus. What if I didn't click? Would it just give up and go home?
    | Surely it would do all the same bad things. Is that right?

    | After this, I told my story to my other friend I wrote about with a
    | virus, and she says she didnt' actually click on the scan as she it
    | said to do. I assumed she had, I guess, but it started by itself.

    | QUESTIONS 2 ARE: Did AVG do anything, accomplish anything?

    | Did I dl a new virus in the 5 minutes I was running windows, even
    | though I didn't dl any email, didn't iirc open a web browser, and
    | didnt' click on anything?

    | Or was this a leftover from CRYPTIC.AZC? and AVG only got part of it?
    | And not enough to prevent it from messing everything up. Or did AVG
    | actually get none of it?

    | Is hxxp://www.spywaredb.com/remove-trojandownloader-win32-crypt/
    | incorrect when it says the four places that sysdpt.exe infects things?

    First, where did anything really state this was a "virus" and not a trojan ? All
    idications are trojan actividy, not viral activity.
    spywaredb.com is an affiliate site whose job it is is to to get you to install and
    purchase SpyWare Doctor. Instructions at such sites must be taken with a grain of salt
    because their objective is always affilaite revenue. Revenue that won'y be aerned if the
    instructions aare 100% effective.

    Additionally, one of the problems the anti malware industry has always faced is naming
    malware across all vendors. That is a given piece of malware may be identified by
    multiple vendors with different names. Sometime they may be similar, somethimes the
    majority are the same but more times that not, each vendoe will identify a given piece of
    malware with a different name.

    Knowing the nameing problem, we really can't go by these "removal" instructions as being
    partially correct or 100% correct.

    AVG defined the malware as; CRYPTIC.AZC. Searching the library of AVG Technolgies, http://free.avg.com/us-en/virus-encyclopedia
    , for "CRYPTIC.AZC" or "CRYPTIC" is no help.

    What you did in the first place by scanning the system using a portable version of AVG
    from a flash drive was *good* work. However, you failed to follow up that scan with
    additional scan of anti malware utilities to discern if there were additional types of
    malware AVG failed to detect. It appears that the notebook was infected by a fakeAlert
    type trojan and you further infected the notebook by falling for the FakeAleret con.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Oct 4, 2010
    #2
    1. Advertisements

  3. "Caesar Romano" <> wrote in message
    news:...
    > On Mon, 04 Oct 2010 17:42:51 -0400, mm <>
    > wrote Re What happened? somewhat related to CRYPTIC.AZC:
    >
    >>I like a challenge, and she's a friend, so I installed the portable
    >>version of AVG on a flash drive, changed the boot order to start with
    >>the USB port, booted, ran the AVG,

    >
    > How do you make a USB drive bootable?


    You can't, unless your BIOS supports it (I'm guessing most do these
    days).
     
    FromTheRafters, Oct 5, 2010
    #3
  4. "mm" <> wrote in message
    news:...
    > What happened? somewhat related to CRYPTIC.AZC
    >
    > A friend had an HP netbook with some respectable AV software, and she
    > got a virus it seems that allowed the Welcome to XP screen to show,
    > but nothing beyond that.


    Doesn't sound like a virus.

    > She took it to Best Buy where the guy started it up, took one look at
    > it, threw up his hands, and gave it back to her.


    Ayup - there's yer problem right there - it's broke.

    [...]

    > I like a challenge, and she's a friend, so I installed the portable
    > version of AVG on a flash drive, changed the boot order to start with
    > the USB port, booted, ran the AVG, found two consecutive occurrences
    > (in the same temp directory) off CRYPTIC.AZC, looked it up on my
    > computer and found the manual way of removing it, let AVG finish on
    > her computer, rebooted, and XP ran fine!!!!!


    Never heard of it, but many simarly named malware programs are trojan
    downloaders.

    > Boy did I feel good. I checked Task Manager and sysdpt.exe wasn't
    > running, checked the system32 directory and sysdpt.exe wasn't there,
    > and checked the two places in the registry and the references to it
    > weren't there. I felt even better, and better about AVG


    I did a quick google for that filename and come up with references to
    "TrojanDownloader.Win32.Crypt" is *this* what you have?

    ....sorry, close doesn't count - you have to be specific about what
    malware name was given by what antimalware or antivirus program.

    An online file submission scanner (virustotal.com, jotti.org,
    virscan.org to name a few) can be helpful in giving you names assigned
    by other scanners - more food for google to eat.

    > Just about then an screen appears from the MS AV program, something
    > essetial. At this time I didn't know what AV she had but there was a
    > little yellow castle turret in the systray, with 3 high spots and two
    > places in between for the archers to shoot from. I didn't know what
    > software that represented. What does it represent?


    Probably MSSE (Microsoft Security Essentials).

    > Anyhow, 20 progress bars, for 20 difgferen6t AVG programs showed up,
    > ran across the screen and 5 of them came up with removal programs for
    > the virus it had anmed. I'll admit, I clicked on one. It was a fraud.


    Funny, you usually have to browse the web for this to happen (or did you
    just neglect to mention that you fired up the browser?).

    > Maybe it was AntispySafeguard. That name is in this story somewhere.
    >
    > MY QUESTION IS; Does it matter if I click on something. After all,
    > the virus must be there already to display the message that I have a
    > virus.


    Sometimes you only have a script with limited scope running (untrusted
    internet zone) and it wants you to click it. Once clicked, you have
    given it tacit permission to run as the current user with the privileges
    that user enjoys (no longer as limited as the initial script was).

    > What if I didn't click? Would it just give up and go home?
    > Surely it would do all the same bad things. Is that right?


    Not necessarily, if it was the old "Message From Webpage" pop-up, you
    can just ignore it and it will patiently wait for input it never gets.
    When you close your browser, it dies. If you use Task Manager to end it,
    it usually ends the entire session, and so I just ignore it until I'm
    ready to stop browsing.

    > After this, I told my story to my other friend I wrote about with a
    > virus, and she says she didnt' actually click on the scan as she it
    > said to do. I assumed she had, I guess, but it started by itself.


    If it started by itself, then there is an unpatched vulnerability on her
    machine somewhere.

    > QUESTIONS 2 ARE: Did AVG do anything, accomplish anything?


    Unknown, but since you became able to boot, I assume it did *something*.

    ....and entered something in a log file I presume...

    > Did I dl a new virus in the 5 minutes I was running windows, even
    > though I didn't dl any email, didn't iirc open a web browser, and
    > didnt' click on anything?


    You probably have something running that connected the browser to a
    malware server.

    > Or was this a leftover from CRYPTIC.AZC? and AVG only got part of it?
    > And not enough to prevent it from messing everything up. Or did AVG
    > actually get none of it?
    >
    > Is http://www.spywaredb.com/remove-trojandownloader-win32-crypt/
    > incorrect when it says the four places that sysdpt.exe infects things?


    I haven't read that yet, but it hasn't been established that CRYPTIC.AZC
    = TrojanDownloader.Win32.Crypt - they are probably entirely different
    beasts (and both not viruses at all).
     
    FromTheRafters, Oct 5, 2010
    #4
  5. mm

    mm Guest

    David's post is longer. I'll get to it tomorrow, I hope.

    On Mon, 04 Oct 2010 17:27:41 -0500, Caesar Romano <>
    wrote:

    >On Mon, 04 Oct 2010 17:42:51 -0400, mm <>
    >wrote Re What happened? somewhat related to CRYPTIC.AZC:
    >
    >>I like a challenge, and she's a friend, so I installed the portable
    >>version of AVG on a flash drive, changed the boot order to start with
    >>the USB port, booted, ran the AVG,

    >
    >How do you make a USB drive bootable?


    Two ways that I know of.

    The first was what I did, use the portable version of AVG. If you
    can't find it on the net, email me, remove the NOPSAM, and I'll figure
    out where I got it. It's free. I downloaded it using XP, and I
    followed directions. I think I installed it straight to the usb drive,
    and it included a program in it that made the drive bootable. Maybe
    it was called makeboot.exe.

    At first I had trouble, because I already had things on this drive so
    I made a directory and put AVG in it. When I moved AVG to the root
    directory of the flash drive, makeboot worked.

    I would guess that one can do all this and then use some of the files
    from AVG on a different flashdrive that doesn't have AVG at all, but I
    have no time to test this, especially considering method two.


    The second is flashboot 2.0t . Again, if you can't find it let me
    knwo. I haven't had occasion to use it, but it's purpose is to install
    windows from a flash drive or USB hard drive, and it says it works
    with anything else also, so it probably works.
    http://www.prime-expert.com/flashboot/ It's not free, but the demo
    version works for 30 days from the date the drive was formatted, and
    each distinct USB disk can be formatted by FlashBoot demo version no
    more than 16 times. If you use it every month for 16 months, you
    should really buy a copy! 30 euros.

    I was going to try this one to enable me to copy the Recovery CD to a
    flash drive and then install windows on m friend's netbook from that
    -- I know it is designed to install Windows with -- but A) HP has a
    dowloadable, installable from a flash drive, recovery partition, for
    its netbooks, and maybe other computers, and B) before I knew that I
    decided to buy a cable that will enable me to connect a any IDE or
    SATA drive or DVD or CD drive to the USB port. It hasn't come yet, but
    I have so many CD's to run, counting AV CD's on this netbook alone,
    and there will be more netbooks in the future, that I don't want to
    keep loading them to the flash drive, so I'll connect a CD drive to
    the this new cable and use the CDs. It's 20 dollars from Newegg, no
    charge for shipping. I don't know if it works but it had 105 ratings
    and most of them were overwhelmingly positive. The rest complained a
    little about the SATA cable, which the buyer himself replaced with
    another one.
     
    mm, Oct 5, 2010
    #5
  6. mm

    mm Guest

    On Tue, 05 Oct 2010 07:07:42 -0500, Caesar Romano <>
    wrote:

    >On Tue, 05 Oct 2010 02:36:06 -0400, mm <>
    >wrote Re Re: What happened? somewhat related to CRYPTIC.AZC:
    >
    >>Two ways that I know of.

    >
    >Thanks for the details mm. I just checked, and my BIOS doesn't allow
    >booting from the USB drive. I'm using an older computer.


    Neither does mine, but the HP mini is only about 2 years old. In
    addition, since it doesn't have a floppy drive or a CD drive, they
    figured they had to provide some source other than harddrive to boot
    from.

    If my long trip actually gets scheduled, I'm going to buy a netbook,
    or maybe if she buys a laptop, I can borrow this one. :)
    >
    >Regards,
    >C.R.
     
    mm, Oct 5, 2010
    #6
  7. mm

    mm Guest

    My next thread is a lot more important than this is now. It's about
    the same computer, but after running Panda and Kaspersky, plus 3
    general questions.

    On Mon, 4 Oct 2010 21:08:47 -0400, "FromTheRafters"
    <> wrote:

    >"mm" <> wrote in message
    >news:...
    >> What happened? somewhat related to CRYPTIC.AZC
    >>
    >> A friend had an HP netbook with some respectable AV software, and she
    >> got a virus it seems that allowed the Welcome to XP screen to show,
    >> but nothing beyond that.

    >
    >Doesn't sound like a virus.
    >
    >> She took it to Best Buy where the guy started it up, took one look at
    >> it, threw up his hands, and gave it back to her.

    >
    >Ayup - there's yer problem right there - it's broke.


    Darn.
    >
    >[...]
    >
    >> I like a challenge, and she's a friend, so I installed the portable
    >> version of AVG on a flash drive, changed the boot order to start with
    >> the USB port, booted, ran the AVG, found two consecutive occurrences
    >> (in the same temp directory) off CRYPTIC.AZC, looked it up on my
    >> computer and found the manual way of removing it, let AVG finish on
    >> her computer, rebooted, and XP ran fine!!!!!

    >
    >Never heard of it, but many simarly named malware programs are trojan
    >downloaders.


    Okay.
    >
    >> Boy did I feel good. I checked Task Manager and sysdpt.exe wasn't
    >> running, checked the system32 directory and sysdpt.exe wasn't there,
    >> and checked the two places in the registry and the references to it
    >> weren't there. I felt even better, and better about AVG

    >
    >I did a quick google for that filename and come up with references to
    >"TrojanDownloader.Win32.Crypt" is *this* what you have?


    I think so. I found hits like this one. I thought I searched on the
    virus name as I wrote it here, and found exact hits, but maybe I just
    got on the CRYPTIC part, or CRYPT.
    >
    >...sorry, close doesn't count - you have to be specific about what
    >malware name was given by what antimalware or antivirus program.


    That was the name I got from the program.

    >An online file submission scanner (virustotal.com, jotti.org,
    >virscan.org to name a few) can be helpful in giving you names assigned
    >by other scanners - more food for google to eat.


    I'll check them, but as you can see in the next post, I'm really in
    deep water now. :) I removed 42 instances of malware and one isn't
    removed so far.

    >> Just about then an screen appears from the MS AV program, something
    >> essetial. At this time I didn't know what AV she had but there was a
    >> little yellow castle turret in the systray, with 3 high spots and two
    >> places in between for the archers to shoot from. I didn't know what
    >> software that represented. What does it represent?

    >
    >Probably MSSE (Microsoft Security Essentials).


    Yeah, that was it. But that might have been a lie. Now that I ran
    Kasperssky, it showed the Norton Quarantine directory as having
    malware. Well of course! Though Panda didn't show it. I wonder if
    that is better or not as good to cite things found in a quarantine
    folder or virus vault.

    >> Anyhow, 20 progress bars, for 20 difgferen6t AVG programs showed up,
    >> ran across the screen and 5 of them came up with removal programs for
    >> the virus it had anmed. I'll admit, I clicked on one. It was a fraud.

    >
    >Funny, you usually have to browse the web for this to happen (or did you
    >just neglect to mention that you fired up the browser?).


    No, I don't think I did. That's why I think it was already there, and
    AVG only found one malware and not this one.

    >> Maybe it was AntispySafeguard. That name is in this story somewhere.
    >>
    >> MY QUESTION IS; Does it matter if I click on something. After all,
    >> the virus must be there already to display the message that I have a
    >> virus.

    >
    >Sometimes you only have a script with limited scope running (untrusted
    >internet zone) and it wants you to click it. Once clicked, you have
    >given it tacit permission to run as the current user with the privileges
    >that user enjoys (no longer as limited as the initial script was).


    Bummer, so it might well be partly because of what I did.

    >> What if I didn't click? Would it just give up and go home?
    >> Surely it would do all the same bad things. Is that right?

    >
    >Not necessarily, if it was the old "Message From Webpage" pop-up, you
    >can just ignore it and it will patiently wait for input it never gets.
    >When you close your browser, it dies. If you use Task Manager to end it,
    >it usually ends the entire session, and so I just ignore it until I'm
    >ready to stop browsing.


    Uh huh. I really don't get popups anymore, but I do get messages that
    FFox suppressed a popup and I can let it pop up if I want.

    >> After this, I told my story to my other friend I wrote about with a
    >> virus, and she says she didnt' actually click on the scan as she it
    >> said to do. I assumed she had, I guess, but it started by itself.

    >
    >If it started by itself, then there is an unpatched vulnerability on her
    >machine somewhere.


    Maybe. My other friend with the other computer didn't always accept
    security updates, or maybe she did because they were set to be
    automatic by her other friend. I don't know so much about the owner
    of this one.

    >> QUESTIONS 2 ARE: Did AVG do anything, accomplish anything?

    >
    >Unknown, but since you became able to boot, I assume it did *something*.


    Okay

    >...and entered something in a log file I presume...
    >
    >> Did I dl a new virus in the 5 minutes I was running windows, even
    >> though I didn't dl any email, didn't iirc open a web browser, and
    >> didnt' click on anything?

    >
    >You probably have something running that connected the browser to a
    >malware server.


    Ugh. I missed this line the first time I read your post.

    >> Or was this a leftover from CRYPTIC.AZC? and AVG only got part of it?
    >> And not enough to prevent it from messing everything up. Or did AVG
    >> actually get none of it?
    >>
    >> Is http://www.spywaredb.com/remove-trojandownloader-win32-crypt/
    >> incorrect when it says the four places that sysdpt.exe infects things?

    >
    >I haven't read that yet, but it hasn't been established that CRYPTIC.AZC
    >= TrojanDownloader.Win32.Crypt - they are probably entirely different
    >beasts (and both not viruses at all).


    Okay.

    Thanks a lot.
     
    mm, Oct 7, 2010
    #7
  8. "mm" <> wrote in message
    news:...
    >
    > My next thread is a lot more important than this is now. It's about
    > the same computer, but after running Panda and Kaspersky, plus 3
    > general questions.


    I just posted there, but I must say that Dustin Cook and David H. Lipman
    have extensive experience in dealing with malware.

    [... CRYPTIC.AZC ... etc...]

    >>Never heard of it, but many simarly named malware programs
    >> are trojan downloaders.


    [...]

    >>I did a quick google for that filename and come up with references to
    >>"TrojanDownloader.Win32.Crypt" is *this* what you have?

    >
    > I think so. I found hits like this one. I thought I searched on the
    > virus name as I wrote it here, and found exact hits, but maybe I just
    > got on the CRYPTIC part, or CRYPT.
    >>
    >>...sorry, close doesn't count - you have to be specific about what
    >>malware name was given by what antimalware or antivirus program.

    >
    > That was the name I got from the program.


    Too bad they don't publish information on detected things that they
    name.

    >>An online file submission scanner (virustotal.com, jotti.org,
    >>virscan.org to name a few) can be helpful in giving you names
    >> assigned by other scanners - more food for google to eat.

    >
    > I'll check them, but as you can see in the next post, I'm really in
    > deep water now. :) I removed 42 instances of malware and one
    > isn't removed so far.


    Seems to me that the water is receding - down to just the rootkit's
    'early opportunity' component now, which will be obliterated when the
    proper code is written to the MBR.

    [...]

    > Now that I ran
    > Kasperssky, it showed the Norton Quarantine directory as having
    > malware. Well of course! Though Panda didn't show it. I wonder if
    > that is better or not as good to cite things found in a quarantine
    > folder or virus vault.


    IMO such quarantined objects should be stored in encrypted form.

    [...]

    >>> MY QUESTION IS; Does it matter if I click on something. After all,
    >>> the virus must be there already to display the message that I have a
    >>> virus.

    >>
    >>Sometimes you only have a script with limited scope running (untrusted
    >>internet zone) and it wants you to click it. Once clicked, you have
    >>given it tacit permission to run as the current user with the
    >>privileges
    >>that user enjoys (no longer as limited as the initial script was).

    >
    > Bummer, so it might well be partly because of what I did.


    Don't beat yourself up over it, some of them exploit software
    vulnerabilities taking the user entirely out of the loop.

    >>> What if I didn't click? Would it just give up and go home?
    >>> Surely it would do all the same bad things. Is that right?

    >>
    >>Not necessarily, if it was the old "Message From Webpage" pop-up, you
    >>can just ignore it and it will patiently wait for input it never gets.
    >>When you close your browser, it dies. If you use Task Manager to end
    >>it,
    >>it usually ends the entire session, and so I just ignore it until I'm
    >>ready to stop browsing.

    >
    > Uh huh. I really don't get popups anymore, but I do get messages that
    > FFox suppressed a popup and I can let it pop up if I want.


    No need really, usually by the time you try to report a bad site, it has
    moved on to yet another address.

    >>> After this, I told my story to my other friend I wrote about with a
    >>> virus, and she says she didnt' actually click on the scan as she it
    >>> said to do. I assumed she had, I guess, but it started by itself.

    >>
    >>If it started by itself, then there is an unpatched vulnerability on
    >>her
    >>machine somewhere.


    Not something *you* did, but rather something that she didn't do (at
    least not soon enough).

    Keeping your (her) patch level current is paramount.

    [...]
     
    FromTheRafters, Oct 7, 2010
    #8
  9. mm

    mm Guest

    On Thu, 7 Oct 2010 08:59:22 -0400, "FromTheRafters"
    <> wrote:

    >
    >
    >>>> After this, I told my story to my other friend I wrote about with a
    >>>> virus, and she says she didnt' actually click on the scan as she it
    >>>> said to do. I assumed she had, I guess, but it started by itself.
    >>>
    >>>If it started by itself, then there is an unpatched vulnerability on
    >>>her
    >>>machine somewhere.

    >
    >Not something *you* did, but rather something that she didn't do (at
    >least not soon enough).
    >
    >Keeping your (her) patch level current is paramount.


    BitDefender has a file manager and I did look at a few of her files
    and she had lots of KBnnnnnnnn files, so I guess she has been
    accepting all of her MS security updates.
    >
    >[...]


    Thanks, including for the part I snipped.
     
    mm, Oct 7, 2010
    #9
  10. "mm" <> wrote in message
    news:...
    > On Thu, 7 Oct 2010 08:59:22 -0400, "FromTheRafters"
    > <> wrote:
    >
    >>
    >>
    >>>>> After this, I told my story to my other friend I wrote about with
    >>>>> a
    >>>>> virus, and she says she didnt' actually click on the scan as she
    >>>>> it
    >>>>> said to do. I assumed she had, I guess, but it started by itself.
    >>>>
    >>>>If it started by itself, then there is an unpatched vulnerability on
    >>>>her
    >>>>machine somewhere.

    >>
    >>Not something *you* did, but rather something that she didn't do (at
    >>least not soon enough).
    >>
    >>Keeping your (her) patch level current is paramount.

    >
    > BitDefender has a file manager and I did look at a few of her files
    > and she had lots of KBnnnnnnnn files, so I guess she has been
    > accepting all of her MS security updates.
    >>
    >>[...]

    >
    > Thanks, including for the part I snipped.


    You're welcome. Sometimes it helps in troubleshooting if you are able to
    'get you head around' the concept. OS updates are good, but malware has
    taken to attacking applications recently (PDF readers - especially when
    a browser has an extension to automatically call the reader or play a
    flash file).

    I hope you get it sorted out, please keep us posted on your progress.
     
    FromTheRafters, Oct 7, 2010
    #10
  11. From: "mm" <>

    | On Thu, 7 Oct 2010 08:59:22 -0400, "FromTheRafters"
    | <> wrote:



    >>>>> After this, I told my story to my other friend I wrote about with a
    >>>>> virus, and she says she didnt' actually click on the scan as she it
    >>>>> said to do. I assumed she had, I guess, but it started by itself.


    >>>>If it started by itself, then there is an unpatched vulnerability on
    >>>>her
    >>>>machine somewhere.


    >>Not something *you* did, but rather something that she didn't do (at
    >>least not soon enough).


    >>Keeping your (her) patch level current is paramount.


    | BitDefender has a file manager and I did look at a few of her files
    | and she had lots of KBnnnnnnnn files, so I guess she has been
    | accepting all of her MS security updates.

    >>[...]


    | Thanks, including for the part I snipped.


    Getting Microsoft updates is insufficient.

    There are all sorts of software that have vulnerabilities that lead to exploitation that
    can result in malware.

    To name a few, but defintely not limited to...

    - RealPlayer
    - QuickTime
    - Sun Java
    - Adobe Reader/Acrobat
    - FoxIt PDF
    - Adobe Flash

    Secunia has a Java Applet that is free and will check the currency of the OS and
    applications for vulnerabilities

    http://secunia.com/vulnerability_scanning/online/


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Oct 7, 2010
    #11
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gabriele Neukam
    Replies:
    0
    Views:
    464
    Gabriele Neukam
    Jul 24, 2003
  2. Torsten

    cryptic subject line in emails.

    Torsten, Aug 5, 2003, in forum: Anti-Virus
    Replies:
    2
    Views:
    540
    Anonymous
    Aug 6, 2003
  3. Nathan Gutman

    Please help with McAffee cryptic message

    Nathan Gutman, Sep 4, 2003, in forum: Anti-Virus
    Replies:
    0
    Views:
    209
    Nathan Gutman
    Sep 4, 2003
  4. What happened to Swen

    , Nov 17, 2003, in forum: Anti-Virus
    Replies:
    9
    Views:
    206
    Stratman
    Nov 18, 2003
  5. Janus
    Replies:
    13
    Views:
    251
    cquirke (MVP Win9x)
    Jan 20, 2005
Loading...

Share This Page