crazy viruses

[Jack]

Lately, My computer was infected with a lot of viruses. I got rid some of
them with PC-Cillin 2006, spybot and ad-aware and the problem keeps coming
back every now and again. PC-Cillin detects new kinds of viruses
occasionally and once the computer was completely out of control, viruses
popping up, IE6 got hijacked etc
Does anyone know what is going on? Is there a particular way of getting
round this problem?
Or there is a particular fix for me to find on the net (The name of this
virus)?
Thanks

 

[Jack]

Lately, My computer was infected with a lot of viruses. I got rid some of
them with PC-Cillin 2006, spybot and ad-aware and the problem keeps coming
back every now and again. PC-Cillin detects new kinds of viruses
occasionally and once the computer was completely out of control, viruses
popping up, IE6 got hijacked etc
Does anyone know what is going on? Is there a particular way of getting
round this problem?
Or there is a particular fix for me to find on the net (The name of this
virus)?
Thanks

The virus/trojan seems to hide itself inside IE6.
Please help
Thanks

 

[Detlev Dreyer]

Lately, My computer was infected with a lot of viruses. I got rid some
of them with PC-Cillin 2006, spybot and ad-aware and the problem keeps
coming back every now and again. PC-Cillin detects new kinds of viruses
occasionally and once the computer was completely out of control,
viruses popping up, IE6 got hijacked etc
Does anyone know what is going on? Is there a particular way of getting
round this problem?

"Cleaning a Compromised System"
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Or there is a particular fix for me to find on the net (The name of
this virus)?

The fix ("Brain 1.0") is sometimes available, however, not always. It
requires to realize some basic issues. Otherwise, you may run into the
same situation sooner or later. Some items from the no-no list:

- Surfing with Administrator privileges
- Running not fully patched systems
- Clicking all and everything
- To open unknown Mail attachments
- Running P2P Software
- Lack of security (FAT32 instead of NTFS)
- Unlimited Account and/or NTFS permissions
- Downloads from suspicious sources
- Disabled (built-in) firewall

 

[David H. Lipman]

From: "Jack" <[email protected]>

| Lately, My computer was infected with a lot of viruses. I got rid some of
| them with PC-Cillin 2006, spybot and ad-aware and the problem keeps coming
| back every now and again. PC-Cillin detects new kinds of viruses
| occasionally and once the computer was completely out of control, viruses
| popping up, IE6 got hijacked etc
| Does anyone know what is going on? Is there a particular way of getting
| round this problem?
| Or there is a particular fix for me to find on the net (The name of this
| virus)?
| Thanks
|

Understanding and protection via Safe Hex practices are important.
I have a feeling you don't practice Safe Hex and you don't understand about malware.

You clumped all malware as viruses. Malware is the super-topic and viruses are a sub type.
If you used SpyBot S&D v1.4 and Ad-aware SE v1.06 then you removed non-viral mwalre.

You also posted in a "general" OS News Group, not a "virus" News Group.

The correct News Group to post in is:
You ask for fixes and a name for the "malware" w/o providing ANY information.

What exactly did PC-Cillin, SpBot S&D and Ad-aware SE find and remove ?
What exactly comes back ?

In the mean time...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[NoStop]

Lately, My computer was infected with a lot of viruses. I got rid some of
them with PC-Cillin 2006, spybot and ad-aware and the problem keeps coming
back every now and again. PC-Cillin detects new kinds of viruses
occasionally and once the computer was completely out of control, viruses
popping up, IE6 got hijacked etc
Does anyone know what is going on? Is there a particular way of getting
round this problem?

Yes there is ... fortunately! Move over to a secure operating system running
GNU/Linux. Ubuntu jumps to mind as an alternative that you'll probably
like. It is secure and stable and gives one access to over 18,000 free
software packages. Ubuntu is available as a Live CD, allowing you to try it
out and see what you think of it and how well it works with your hardware.
If you like it, then one click and you're on your way to a quick and
painless installation.

Or there is a particular fix for me to find on the net (The name of this
virus)?

Probably, somewhere. But what's the point of constantly fighting this crap
when you can move away from an insecure operating system like XP and to a
secure one like GNU/Linux?

Thanks

You are welcome.


--
Linux is ready for the desktop! More ready than Windoze XP.
http://tinyurl.com/ldm9d

"Computer users around the globe recognize that the most serious threats to
security exist because of inherent weaknesses in the Microsoft operating
system." McAfee

 

[NoStop]

"Cleaning a Compromised System"
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx


The fix ("Brain 1.0") is sometimes available, however, not always. It
requires to realize some basic issues. Otherwise, you may run into the
same situation sooner or later. Some items from the no-no list:

- Surfing with Administrator privileges

True, so why does XP - out of the box - set up to allow this?

- Running not fully patched systems

Patches many times FOLLOW exploits and in Microsoft's case, by quite a long
time before they decide to release a patch. So that in itself doesn't
guarantee security.

- Clicking all and everything

??? Silly response as that is what a GUI is all about. How does one decide
what to click and what not to click without the insight offered by a
crystal ball or real world experience? Do you want to offer the OP a list
of safe things to click?

- To open unknown Mail attachments

Even "known" mail attachments can contain malicious code, sent to you by
your "friends" and "family" who have compromised systems.

- Running P2P Software

That's just so much FUD. There is plenty of software based on P2P ...
legitimate software like Skype for example.

- Lack of security (FAT32 instead of NTFS)

NTFS doesn't offer security anymore than FAT32 lacks it. It's the operating
system that is either secure or not secure and in the case of Windows, it
is the most insecure operating system available.

- Unlimited Account and/or NTFS permissions
- Downloads from suspicious sources

And who decides what is "suspicious sources"? With the latest PDF exploit,
for example, any website can become suspect.

- Disabled (built-in) firewall

What has a firewall got to do with this? Do you know what a firewall is
designed to do? It certainly has nothing to do with "crazy viruses", nor
will it offer any protection against them.

Cheers.


--
Linux is ready for the desktop! More ready than Windoze XP.
http://tinyurl.com/ldm9d

"Computer users around the globe recognize that the most serious threats to
security exist because of inherent weaknesses in the Microsoft operating
system." McAfee

 

[HeyBub]

Yes there is ... fortunately! Move over to a secure operating system
running GNU/Linux. Ubuntu jumps to mind as an alternative that you'll
probably like. It is secure and stable and gives one access to over
18,000 free software packages. Ubuntu is available as a Live CD,
allowing you to try it out and see what you think of it and how well
it works with your hardware. If you like it, then one click and
you're on your way to a quick and painless installation.

Balderdash. The largest virus infestation in the history of the internet
infected only Unix-based machines. Linux itself is a knock-off of that same
40-year-old operating system that was designed by a money-losing division of
the local telephone company. Its interface designers obviously believed that
the DOS command line was not arcane enough.

Linux is, however, the refuge of those afflicted with MDS (Microsoft
Derangement Syndrome) and, in that regard, usually keeps them from screwing
with normal folk as they frolic in their very own sandbox (also used by the
cat).

 

[Detlev Dreyer]

True, so why does XP - out of the box - set up to allow this?

Because many actions *require* administrative privileges. And there are
at least two accounts with these privileges necessary in order to help
out in case of emergency (forgotten password etc.).

Patches many times FOLLOW exploits and in Microsoft's case, by quite a
long time before they decide to release a patch. So that in itself
doesn't guarantee security.

There is no 100% security on this planet. However, 90% is better than
60%, for instance. Too hard for you to understand?

??? Silly response as that is what a GUI is all about. How does one
decide what to click and what not to click without the insight offered
by a crystal ball or real world experience? Do you want to offer the OP
a list of safe things to click?

Nonsense. I had one virus only in the past 25 years of heavy computing
and this trojan could not install because it did not manage to replace a
read-only system file. 1 virus only could enter the system because I do
*not* click all and everything. BTW, that rare trojan was hidden in a
file, downloaded by my son from a suspicious site years ago and not re-
cognized by the (updated) McAfee anti-virus software.

Even "known" mail attachments can contain malicious code, sent to you by
your "friends" and "family" who have compromised systems.

Replace "unknown" with "unexpected" if you have severe problems to
understand the obvious.

That's just so much FUD. There is plenty of software based on P2P ...
legitimate software like Skype for example.

ROFL! There is a good article (German) about "Skype & Co." and how they
bypass firewalls. You may want to translate that article if interested.
http://www.heise.de/security/artikel/82054

NTFS doesn't offer security anymore than FAT32 lacks it.

Apparently, you did not understand the principle of NTFS.

And who decides what is "suspicious sources"? With the latest PDF
exploit, for example, any website can become suspect.

Correct. A good example are driver downloads. You can download them
directly from the manufacturer's homepage or from any site found by
Google. The latter sites are suspect in general.

What has a firewall got to do with this? Do you know what a firewall is
designed to do? It certainly has nothing to do with "crazy viruses", nor
will it offer any protection against them.

Well, the Blaster and Sasser worms would not have been very successful
if the built-in firewall (SP1 at that time) would have been enabled on
Internet connections - even when running an unpatched system. EOD.

 

[Paul Johnson]

Does anyone know what is going on?

You are running Windows.

Is there a particular way of getting round this problem?

Don't do that.

Or there is a particular fix for me to find on the net?

http://www.debian.org/

 

[Paul Johnson]

Balderdash. The largest virus infestation in the history of the internet
infected only Unix-based machines. Linux itself is a knock-off of that
same 40-year-old operating system that was designed by a money-losing
division of the local telephone company. Its interface designers obviously
believed that the DOS command line was not arcane enough.

It's hard to take someone seriously on a particular subject when they remove
all doubt that they don't know what they're talking about. DOS's designers
didn't think CP/M was arcane enough, so they bastardized it with the unix
Bourne shell. DOS is a knockoff of CP/M and UNIX.

Linux is not a unix knockoff; that would imply that Linux tries to be unix
and fails. Windows NT and it's successors would qualify in this category,
as it strives for POSIX compliance yet Windows isn't a unix, hence
knockoff.

http://en.wikipedia.org/wiki/POSIX

Linux is, however, the refuge of those afflicted with MDS (Microsoft
Derangement Syndrome) and, in that regard, usually keeps them from
screwing with normal folk as they frolic in their very own sandbox (also
used by the cat).

Might want to get those glasses checked. Your myopia is showing. What OS
are you going to use after Vista? Hint: It's not going to be made by
Microsoft.

 

[Paul Johnson]

True, so why does XP - out of the box - set up to allow this?

NT is making a weak attempt at providing unix-type permissions, but then
utterly fails by promoting Administrator as the default permissions
category.

Patches many times FOLLOW exploits and in Microsoft's case, by quite a
long time before they decide to release a patch. So that in itself doesn't
guarantee security.

True, but it keeps you from getting nailed by exploits Microsoft is willing
to admit. When compared to free software, Microsoft has a long way to go
when it comes to realizing that admitting mistakes is *not* a Bad Thing(tm)
and *is* expected.

??? Silly response as that is what a GUI is all about. How does one decide
what to click and what not to click without the insight offered by a
crystal ball or real world experience? Do you want to offer the OP a list
of safe things to click?

Not doing that as Administrator would go a long way.

That's just so much FUD. There is plenty of software based on P2P ...
legitimate software like Skype for example.

SMTP is technically a peer-to-peer protocol, as well. XMPP (Jabber) gets
complex: It's peer-to-peer between sites, client-server from site to
end-user, except when Jingle (Voice over XMPP) or file transfers get
involved, then it can be either client-to-client or
client-to-proxy-to-client. Then there's other protocols that have even
more complex examples that shoot holes in the assumption that P2P is bad.

Searching for pirated media on P2P networks would be the correct vendor that
Jack is probably shooting for.

NTFS doesn't offer security anymore than FAT32 lacks it. It's the
operating system that is either secure or not secure and in the case of
Windows, it is the most insecure operating system available.

NTFS provides filesystem permissions (user security) and transaction
journaling. About the only thing keeping NTFS from being considered a
truly modern filesystem is the lack of sane fragmentation handling.

And who decides what is "suspicious sources"? With the latest PDF exploit,
for example, any website can become suspect.


What has a firewall got to do with this? Do you know what a firewall is
designed to do? It certainly has nothing to do with "crazy viruses", nor
will it offer any protection against them.

Not only that, but any end-host-based (aka "personal") firewall is no
firewall at all. http://samspade.org/d/firewalls.html