How to get rid of virus and malware etc online?


M

mur

I'm using AT&T and they have a package deal that they say will check out your
computer online and get rid of all virus and malware etc problems for so much
per month, but they want you to agree to a contract of a year at a time and
they're already charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to give them even
MORE... Can anyone suggest a good online service that will find that crap and
keep it off the computer at a reasonable price, but that's dependable? AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address..."

Thanks for any help!
David
 
Ad

Advertisements

J

John Doe

Best (and free) way to nuke viruses is to have and use a backup of
your windows C drive.
 
P

Paul

I'm using AT&T and they have a package deal that they say will check out your
computer online and get rid of all virus and malware etc problems for so much
per month, but they want you to agree to a contract of a year at a time and
they're already charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to give them even
MORE... Can anyone suggest a good online service that will find that crap and
keep it off the computer at a reasonable price, but that's dependable? AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address..."

Thanks for any help!
David

It's good to be skeptical of the ISP-offered packages.
I've read enough horror stories about ISP-offered malware
packages, to steer well clear of them.

To start your cleaning, you can use the free one-shot MBAM scanner.

"Think you're infected? Fire up Malwarebytes Anti-Malware Free"

http://www.malwarebytes.org/antimalware/

That one runs while Windows is running. It can use heuristic
behavior (watch what malware does) to figure out malware is
present. The hard part of using that one, is getting it to start.
As the malwares are skilled at defeating MBAM.

http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial

*******

There are also a few offline scanners. Windows is not running when they
do their work. The scanners come as a "boot CD" and so the scanner
has its own (clean) OS to use. The scanner cannot use heuristics,
as Windows is not running, no malware behaviors can be observed. The
scan is signature based.

The download here is listed as "~375MB" but the size increases
regularly due to the size of malware definitions. The definitions
when you download will be within a week of being up to date, so
if the CD attempts to download definitions at the start of the
run, it won't need a lot of files to bring it up to date. Three
months from now, the size of download could be pretty big.

http://support.kaspersky.com/8092

*******

We'll assume MBAM quarantined the bad stuff.

That leaves nuisance-ware. Which probably isn't the stuff making
a "bot" out of your machine right now. Your machine is probably
sending spam email, or participating in a botnet (doing denial
of service attacks when commanded to do so). If all of that
stuff was cleaned up, there is the milder "potentially unwanted programs"
or PUP to get rid of.

http://www.bleepingcomputer.com/download/adwcleaner/

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Programs like MBAM were not intended to remove everything.
Programs which "claim to not be malware" are in a gray zone,
and antimalware companies don't touch them. For fear of
being sued by the lawyers of the companies making PUP programs.
That's why small developers, in countries far away, make programs
to clean your machine.

*******

Your machine could have a rootkit. A popular rootkit is TDSS.

http://support.kaspersky.com/viruses/disinfection/5350?qid=208280684

Kaspersky makes TDSSkiller.exe, a program maintained specifically
for the purpose of stopping variants of TDSS/Alureon.

I've also seen a page on another site, with specific removal
packages for some pretty nasty malware. So nasty in fact,
that the chances of "saving" the installation are slim indeed.
Many malwares have a "light touch" and the damage can be
repaired. But some just ruin the OS (over 200 files are modified)
and the chances of a specific tool fixing all of those successfully
is limited.

Even for a professional, such as the malware guy at the computer
store, at some point they just re-install as it's faster.

You can get "guided help" at bleepingcomputer.com and other sites,
to help you remove stuff. But you can wait several days before
they see your posting, and they're normally swamped with work. But
they're also pretty good at figuring out what the machine has. Sometimes
your case is unique enough, several of their experts will be working
in the background, trying to defeat the new example.

*******

When I got something nasty a number of years ago, I used the
"trial version" of Kaspersky to remove it. It took several reboots
of the computer, until Kaspersky "got in control" of the machine.
And if I was doing that today, there's a good chance the malware
simply wouldn't allow the software to install. And that's where
the offline scan method is better than nothing.

*******

In terms of free programs, there are three of them that begin with
the letter "A" that you might consider.

http://en.wikipedia.org/wiki/Comparison_of_antivirus_software

And there are sites that test the AV programs (commercial ones),
to see how effective they are. I would think a subscription to
a real AV program, a good one, would be cheaper than the ISP offer.

http://www.av-comparatives.org/

These would be for your "cleaned up" machine, for later.
Not all of the programs are equally adept at taking over
from a malware attack. Some of the weaker AVs are just
"gutless" when under attack, and can't stop anything.
I particularly remember a "free web scan" site, that
just threw up error dialogs the whole time it was running :)

*******

Steps:

1) Back up the computer. The link in the lower left corner of the link below
can be used. The purpose of making a backup, is in case any of
your attempts to clean the machine, prevent the computer from
booting. This software includes a boot CD, which allows "bare metal
restore", so no matter how ruined C: is, you can return things to
their current (infected) state. You would discard the backup image,
once things are under control again. In this case, if my drive had
a C: partition and a data partition, I'd just make a copy of C: onto
the data partition. Macrium makes a single .mrimg file holding the
whole thing (whatever you ticked to be backed up). If you want to
image the whole disk, Macrium will likely ask for a second disk to
hold the output.

http://www.macrium.com/reflectfree.aspx

You would install Macrium on your "clean" computer, make the boot CD
(which cannot be infected), carry the boot CD to the infected machine,
and make your backup copy by booting the CD, not booting the hard drive.
The boot order of the machine should have the CD before the hard drive,
as set in the BIOS.

2a) Go crazy. Knock yourself out. Run some of the tools above. If a system
file is quarantined and the OS no longer boots, you can restore from
your backup.

or

2b) Seek guided help from bleepingcomputer.com or similar. Use
a second, uninfected computer, until your helper has finished
repairing the damage, one repair tool at a time. For safety, do not
connect the two computers to the same router or switch at the same
time, in case this is Sality. The infected machine will need to be
connected to the router long enough, to get AV definition updates.
You should also be careful moving data between machines with a USB key,
since some (U3) USB keys have fake CDROM drives in their configuration, and
an autorun can be used to infect the second computer. Microsoft thinks
it is OK to run software off any CDROM, which is a dumb-ass idea.

3a) Install your new suite of tools, on the clean computer

or

3b) If you're just not cleaning the stuff off, reinstall the OS from scratch.
You can "browse" the Macrium backup image to get at your data files. Make sure
your new AV scanner is installed, before you start browsing the Macrium
backup image. Same would go for keeping the "infected" disk drive separate,
using a new hard drive for your clean OS install, and then re-connecting the
infected disk later. Make sure your defenses are ready. You can start with
a "long scan" using your new AV, when the old disk is connected.

There are some really bad malwares out there. The worst for removal so far,
is called "BadBIOS", for its ability to leap from machine to machine. A
malware researcher happened to get attacked by it. And it defeated virtually
all efforts to remove it. Even new computers brought into the building,
end up infected. The guy has some idea how it works, but still doesn't
claim mastery of the thing. That's an example of what nation-states use
for malware, to attack others. That's not something normally deployed
against end-users like yourself. A copy of something like that, is
sent as an email attachment, to the "victim". A more focused delivery
method is used. They've even been known to use the "I left a USB stick
in your driveway" trick, and you'd be surprised how many people are
stupid enough to immediately plug that into their USB port.

Good luck,
Paul
 
K

Ken

I'm using AT&T and they have a package deal that they say will check out your
computer online and get rid of all virus and malware etc problems for so much
per month, but they want you to agree to a contract of a year at a time and
they're already charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to give them even
MORE... Can anyone suggest a good online service that will find that crap and
keep it off the computer at a reasonable price, but that's dependable? AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address..."

Thanks for any help!
David

David,

Are you sure the message you are receiving is coming from AT&T? I have
U-Verse and AT&T provides McAfee free for subscribers. (Most providers
have something similar) Is it the best out there? Probably not. But
it seems to do the job for me, and before I would accept the offer you
describe I would call someone from AT&T to make sure it is from them.
They might also have a free AV program you can use that you might not be
aware of.
 
R

Robert Baer

John said:
Best (and free) way to nuke viruses is to have and use a backup of
your windows C drive.
FALSE!
At best (or wort, depending on viewpoint) backup makes a copy, and do
ALL programs, virii, rootkits, adware, etc are retined intact.
 
Ad

Advertisements

R

Robert Baer

Ken said:
David,

Are you sure the message you are receiving is coming from AT&T? I have
U-Verse and AT&T provides McAfee free for subscribers. (Most providers
have something similar) Is it the best out there? Probably not. But it
seems to do the job for me, and before I would accept the offer you
describe I would call someone from AT&T to make sure it is from them.
They might also have a free AV program you can use that you might not be
aware of.
....and McAfee, to be polite, is not exactly the best AV program.
I like Avast, one of the better ones.
 
J

John Doe

Robert Baer said:
John Doe wrote:
FALSE! At best (or wort, depending on viewpoint) backup makes
a copy, and do ALL programs, virii, rootkits, adware, etc are
retined intact.

I don't know what "wort" or "and do ALL programs" are supposed to
mean, but apparently that's trolling for answers.

And here's the answer...

When I do an installation, and at all times during use of that
installation, I perpetually make incremental backups of the
Windows C drive. Of course the backup makes a copy, so I simply
revert to a copy that was made prior to the infection. That makes
my system bulletproof. It's the shotgun method, and it works like
a charm.

I think that's pretty simple. Then again, if you can't write worth
beans...





--
 
R

Robert Baer

John said:
I don't know what "wort" or "and do ALL programs" are supposed to
mean, but apparently that's trolling for answers.

And here's the answer...

When I do an installation, and at all times during use of that
installation, I perpetually make incremental backups of the
Windows C drive. Of course the backup makes a copy, so I simply
revert to a copy that was made prior to the infection. That makes
my system bulletproof. It's the shotgun method, and it works like
a charm.

I think that's pretty simple. Then again, if you can't write worth
beans...
1) I did NOT ASK for an answer, READ!
2) I misspelled "worst", which you should have figured out in context.
3) I meant that backup copies ALL programs.
Just doing a backup is NOT a "solution".
Get back into your cave.
 
J

John Doe

Yeah, I know what you meant. But if you put that sort
of gibberish into a computer, heaven help you...

--
 
N

Nil

I'm using AT&T and they have a package deal that they say will
check out your computer online and get rid of all virus and
malware etc problems for so much per month, but they want you to
agree to a contract of a year at a time and they're already
charging me way more for the service I have than what I agreed to
to begin with. That part's another issue but I don't want to give
them even MORE... Can anyone suggest a good online service that
will find that crap and keep it off the computer at a reasonable
price, but that's dependable? AT&T is sending me emails saying
it's infected now:

"AT&T has received information indicating that one or more devices
using your Internet connection may be infected with malicious
software. Internet traffic consistent with a malware infection was
observed on Sep 15, 2014 at 9:34 PM EDT from the IP address..."

I think this is very likely NOT really from AT&T. This sounds almost
exactly like the well-known phone scam where somebody cold-calls you,
claiming to be from Microsoft, and offering you the same sales pitch.
Truth is they do not represent MS or any legitimate company, they will
not do anything to fix your computer, and they are only trying to
separate you from your money. I hadn't heard that the scam was being
done through email, but it's certainly possible.

Check the headers of that message to make sure it's from who it claims
to be. You may post the headers here if you want help interpreting
them. You could also call AT&T directly to ask them, but don't call the
phone number referenced in the email - call the tech support number on
your bill.
 
Ad

Advertisements

M

mur

I think this is very likely NOT really from AT&T. This sounds almost
exactly like the well-known phone scam where somebody cold-calls you,
claiming to be from Microsoft, and offering you the same sales pitch.
Truth is they do not represent MS or any legitimate company, they will
not do anything to fix your computer, and they are only trying to
separate you from your money. I hadn't heard that the scam was being
done through email, but it's certainly possible.

Check the headers of that message to make sure it's from who it claims
to be. You may post the headers here if you want help interpreting
them. You could also call AT&T directly to ask them, but don't call the
phone number referenced in the email - call the tech support number on
your bill.

I'm not sure about the headers, but here is what the message says:

AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address ......... Our records indicate that this IP address was
assigned to you at this time.

Infected computers are often used as part of a zombie computer network
(“botnet”). Botnets are networks of computers which have been infected with
malware and placed under the control of a hacker or group of hackers. They are
often used for attacks on websites, spamming, fraud, and distribution of
additional malware.

Because malware is designed to run in secret, an infected computer may display
no obvious symptoms.

To address this matter we ask that you take the following actions. If your
computer(s) are managed by an Information Technology (IT) group at your place of
work, please pass this information on to them.
1.If you use a wireless network, an infected computer may be using your Internet
connection without your knowledge. Ensure that your wireless router is
password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not
available). Check the connections to the router and ensure that you recognize
all connected devices.
2.Ensure your firewall settings and anti-virus software are up-to-date, and
install any necessary service packs or patches. Scan all systems for viruses and
other malware.
Additional tools and information:

•Tools for removing rootkits, bots, and other crimeware:
•Norton Power Eraser: https://security.symantec.com/nbrt/npe.aspx (Windows)
•McAfee Rootkit Remover:
http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx (Windows)
•Tools for general virus and malware removal:
•Microsoft Safety & Security Center: http://www.microsoft.com/security/
(Windows)
•Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android)
•Spybot +AV: http://www.safer-networking.org/ (Windows)
•OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X)
•AT&T Malware and Network Security analysts gather weekly to give you the
information that you need to know about the latest security news and trends.
Visit AT&T ThreatTraq at http://techchannel.att.com/showpage.cfm?ThreatTraq
Regards, AT&T Internet Services Security Center

Incident details for .........

Type: zeus
Source port: 4333
Destination IP: 82.xx.xx.26
Hostname: updateos.name
Destination port: 80
For security reasons, the destination IP is partially obscured.

DISCLAIMER: The information above contains links to software by third-party
vendors (hereafter, “the Software”). AT&T is not responsible for support or
assistance for any of the Software. If you need support or assistance with any
of the Software, please contact the Software's vendor directly. AT&T is unable
to provide a warranty or guarantee, either expressed or implied, for any of the
Software. You will be responsible for your own system software and system
security and not hold AT&T, its partners, agents or affiliates liable for any
costs or damages whatsoever (including, without limitation, damages to access
system, hardware and/or software) to your computer as a result of installing or
using any of the Software. You also understand that use of all hardware and/or
software must comply with the Bellsouth Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and
paste the URL(s) into your browser rather than clicking directly on the link.
 
Ad

Advertisements

J

John Doe

All of the text in that message appears to be from AT&T. It reads
exactly like one would expect for a legitimate notice.

It's obviously not spam.

At the very least, if I didn't have backups, I would do a new
installation.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top