Need some general purpose advice on how to handle viruses and noxious ad-ware

B

B J W

I am trying to help a novice cope with his new PC, and yesterday, he
reported that he apparently had acquired a virus -- a downloader/Trojan,
according to his Norton Antivirus.

The instructions for removal provided by Norton for removal were obviously
written by an expert, to be implemented by an expert, and included scanning
in safe mode and a lot of registry editing. Among other things, Norton
wants to turn off System Restore temporarily -- I suppose to clear system
restore points which might include the trojan.

I decided to tell him, INSTEAD, to use system restore to take the computer
back to last week (when I know he did not have the virus infection) and then
to run a full system scan with Norton (in normal mode).

Am I right in supposing that this much simpler procedure will accomplish the
desired results in the circumstances, and probably many other similar
circumstances involving noxious ad-ware?

The trojan in question would have installed itself, I suppose, and system
restore would, in effect, uninstall it, removing the associated entries for
starting up the trojan from the registry.

I would appreciate comments on the risks associated with this approach,
including identifying circumstances in which it would not be appropriate.

Also, I am wondering whether a system restore can complete if, on the
reboot, you go to safe mode. I know you can start a system restore in safe
mode (and thank the Microsoft gods for that).
 
C

Clinton Fitch III

Hello,

It is totally dependent on the virus in question. There are many of them
that transplant themselves throughout the systems directory structure and
are not touched by a System Restore. While this approach may work
sometimes, I would not say it is 100%.

Norton AntiVirus is an excellent program and I do not want my comment here
to come across as a "bashing" but you may want to suggest a more simplified
product such as eTrust AntiVirus or McAfee AntiVirus. They are a bit more
user friendly in my opinion.

Regards,
 
R

Rock

B said:
I am trying to help a novice cope with his new PC, and yesterday, he
reported that he apparently had acquired a virus -- a downloader/Trojan,
according to his Norton Antivirus.

The instructions for removal provided by Norton for removal were obviously
written by an expert, to be implemented by an expert, and included scanning
in safe mode and a lot of registry editing. Among other things, Norton
wants to turn off System Restore temporarily -- I suppose to clear system
restore points which might include the trojan.

I decided to tell him, INSTEAD, to use system restore to take the computer
back to last week (when I know he did not have the virus infection) and then
to run a full system scan with Norton (in normal mode).

Am I right in supposing that this much simpler procedure will accomplish the
desired results in the circumstances, and probably many other similar
circumstances involving noxious ad-ware?

The trojan in question would have installed itself, I suppose, and system
restore would, in effect, uninstall it, removing the associated entries for
starting up the trojan from the registry.

I would appreciate comments on the risks associated with this approach,
including identifying circumstances in which it would not be appropriate.

Also, I am wondering whether a system restore can complete if, on the
reboot, you go to safe mode. I know you can start a system restore in safe
mode (and thank the Microsoft gods for that).
Click to expand...
Many times there is no simple solution. And often times it takes a
combination of programs and skill to clean a system. If he's got one
trojan then likely he has other malware. And the most important thing
is not to install these things in the first place. Many problems are
caused by the user installing junk and not practicing safe hex.

Run these programs to check for spyware/malware. After installing
update them, then boot into safe mode and run them. You should update
and run them weekly.

Cwshredder
http://209.133.47.200/~merijn/files/CWShredder.exe

Ad-aware
http://www.lavasoftusa.com

Spybot Search and Destroy
http://www.safer-networking.org

Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html

After your system is clean use these programs to help keep it clean:

Spywareblaster
www.javacoolsoftware.com/sbdownload.html

Spywareguard
http://www.javacoolsoftware.com/sgdownload.html

IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm

For viruses:

Online and Downloadable Virus Scanning:

Bit Defender Online Virus Scan:
http://www.bitdefender.com/scan/license.php

Symantec Online Virus and Security Scan:
http://security.symantec.com/ssc/home.asp

TrendMicro:
http://housecall.trendmicro.com/housecall/start_corp.asp

McAfee Online Virus Scan:
http://www.mcafee.com/myapps/mfs/default.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

RAV AntiVirus - Scan Online
http://www.ravantivirus.com/scan/

McAfee Stinger, Downloadable Virus Scanner:
http://us.mcafee.com/virusInfo/default.asp?id=stinger

Make sure you have a firewall active at all times. If nothing else use
the one built into XP, but there are a variety of free third party ones
that do a better job from Sygate, Zone Alarm or Kerio.

Sygate Personal Firewall
http://smb.sygate.com/products/spf_standard.htm

Zone Alarm
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za

Kerio Personal Firewall
http://www.kerio.com/kpf_download.html

Lastly check your system for vulnerabilities. Make sure you have all
the latest security patches from Windows Update too.

Websites which will check for vulnerabilities:

Browser Security Tests:
http://www.jasons-toolbox.com/BrowserSecurity/

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
www.pcpitstop.com
 
A

Alex Nichol

B said:
The instructions for removal provided by Norton for removal were obviously
written by an expert, to be implemented by an expert, and included scanning
in safe mode and a lot of registry editing. Among other things, Norton
wants to turn off System Restore temporarily -- I suppose to clear system
restore points which might include the trojan.

I decided to tell him, INSTEAD, to use system restore to take the computer
back to last week (when I know he did not have the virus infection) and then
to run a full system scan with Norton (in normal mode).

Am I right in supposing that this much simpler procedure will accomplish the
desired results in the circumstances, and probably many other similar
circumstances involving noxious ad-ware?
Click to expand...

Possibly, but as it will chain through the states where the virus was
active I would not trust the approach. Also SR does not necessarily
unwind all items such a thing may introduce. As far as contaminated SR
points goes, the best procedure is to scan and fix, ignoring anything
reported in those files (in System Volume Information). Then when all
is clean, make a new restore point, then use the 'More Option' of Disk
Cleanup to delete all but this most recent point - the virus will go
with the point it is in.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Reformatting Computer 5
Stuck in a Jam need some help??? 4
system restore 3
Ad-ware 2
Advice on HD crash 18
Regaining the lost utilities in the Accessory area in program files 44
Malware removal 19
Safe Mode without System Restore 12

Top