Should I do a system recover given the following vulnerabilities

[MARVINJCOHEN]

I am suggesting to my parents that they do a system recover on their
computer to get it to the stage it was when it was delivered from the
factory. This would be a lot of work, but I think its necessary.
These are my reasons:
1. The Norton Anti Virus is disabled for 5 to 6 minutes on start up.
2. When you click on the HP (Hewlett Packard) bar at the top, it starts
off OK, and then says "malicious script executing"
3. When I do Symantec's online scan (from their web page), I'm told
that a port is open.
4. I use Eudora email on my parents computer. Eudora is not as safe as
Outlook Express. Recently I opened an email that just locked the
computer for two minutes. I tried clicking on it a half hour later,
and it did the same thing. I wonder if it might have executed some
malicious code.

So, I need an expert opinion - Should I tell my parents to stop doing
financial transactions on their computer and should I rebuild all the
software for them?
Thanks,
Marvin

 

[Malke]

I am suggesting to my parents that they do a system recover on their
computer to get it to the stage it was when it was delivered from the
factory. This would be a lot of work, but I think its necessary.
These are my reasons:
1. The Norton Anti Virus is disabled for 5 to 6 minutes on start up.
2. When you click on the HP (Hewlett Packard) bar at the top, it
starts off OK, and then says "malicious script executing"
3. When I do Symantec's online scan (from their web page), I'm told
that a port is open.
4. I use Eudora email on my parents computer. Eudora is not as safe
as
Outlook Express. Recently I opened an email that just locked the
computer for two minutes. I tried clicking on it a half hour later,
and it did the same thing. I wonder if it might have executed some
malicious code.

So, I need an expert opinion - Should I tell my parents to stop doing
financial transactions on their computer and should I rebuild all the
software for them?

The answer really depends on 1) your skill level; 2) with what viruses
and malware your parents' computer is infected. Because your parents'
computer is definitely infected.

Here are general virus/malware removal steps:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

If they look like more work than you want to do, either take the machine
to a professional computer repair shop or restore the computer to
factory condition. Do not connect to the Internet unless Service Pack 2
and an antivirus is installed.

I don't agree with you about the relative safety of Eudora and OE. The
reason you are having difficulties with your email is that the computer
is infected.

Malke

 

[mprocto]

Try getting rid of the virus you have first. Are you able to boot in
Safe mood? try that and do a full system scan and make sure your
anti-virus software is up to date. Also, run an adware or spybot
program. If that were my computer and a port was open with scripts
controlling your computer...I can assure you I would find another
computer to do financial transactions.

 

[David H. Lipman]

From: <[email protected]>

| I am suggesting to my parents that they do a system recover on their
| computer to get it to the stage it was when it was delivered from the
| factory. This would be a lot of work, but I think its necessary.
| These are my reasons:
| 1. The Norton Anti Virus is disabled for 5 to 6 minutes on start up.
| 2. When you click on the HP (Hewlett Packard) bar at the top, it starts
| off OK, and then says "malicious script executing"
| 3. When I do Symantec's online scan (from their web page), I'm told
| that a port is open.
| 4. I use Eudora email on my parents computer. Eudora is not as safe as
| Outlook Express. Recently I opened an email that just locked the
| computer for two minutes. I tried clicking on it a half hour later,
| and it did the same thing. I wonder if it might have executed some
| malicious code.
|
| So, I need an expert opinion - Should I tell my parents to stop doing
| financial transactions on their computer and should I rebuild all the
| software for them?
| Thanks,
| Marvin

Oy ! Another post !

Please don't Multi-Post.
Please learn to Cross-Post to pertinent, On Topic, News Groups instead.

 

[Carey Frisch [MVP]]

A virus attack mandates a complete "clean install".
Why? Read the following:

Viruses - I feel your pain
http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx

Read the following article thoroughly, then follow
the steps outlined to perform a "recovery from the hard drive"
which will reformat the drive prior to reinstalling Windows XP:
http://h10025.www1.hp.com/ewfrf/wc/...7145&product=71013&dlc=en&lang=en#bph07145_cp

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------­----------------

|| So, I need an expert opinion - Should I tell my parents to stop doing
|| financial transactions on their computer and should I rebuild all the
|| software for them?
|| Thanks,
|| Marvin

 

[David H. Lipman]

From: "Carey Frisch [MVP]" <[email protected]>

| A virus attack mandates a complete "clean install".
| Why? Read the following:
|
| Viruses - I feel your pain
| http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx
|
| Read the following article thoroughly, then follow
| the steps outlined to perform a "recovery from the hard drive"
| which will reformat the drive prior to reinstalling Windows XP:
|
http://h10025.www1.hp.com/ewfrf/wc/...7145&product=71013&dlc=en&lang=en#bph07145_cp
|

You are assuming there is indeed a virus and it is so virulent that draconian action is
required.

"1. The Norton Anti Virus is disabled for 5 to 6 minutes on start up."
- If it was a virus, it would have been totally disabled or even corrupted (some viruses
target the Registry entries of major V packages)

"2. When you click on the HP (Hewlett Packard) bar at the top, it starts
off OK, and then says "malicious script executing""
- What's reporting this ? HP software ? Norton.
If it is Norton then Norton isn't completely disabled and is overly cautious on HP software
scripts. Nothing uncommon with Norton.

"3. When I do Symantec's online scan (from their web page), I'm told
that a port is open."
- What port ? This could be a simply Proxy Trojan or it could be flagging NetBIOS over IP.
Basically insufficient information to make a confirmed conclusion.

"4. I use Eudora email on my parents computer. Eudora is not as safe as
Outlook Express. Recently I opened an email that just locked the
computer for two minutes. I tried clicking on it a half hour later,
and it did the same thing. I wonder if it might have executed some
malicious code."
- Eudora not as safe as OE ? That's an uninformed opinion. Maybe I should go to Secunia
and lookup both software and compare vulnerabilities patched and unpatched { Another time }
Nothing in that or the rest of the above is indicative of a totally infected platform
requiring a draconian solution of a wipe and re-install. The post says nothing about the
email message. For example its size, content, if there are attachments, etc. Nothing.
Therefore there are so many variables that a conclusion can not be made.

 

[MAP]

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=us&docname=bph07145&pro
duct=71013&dlc=en&lang=en#bph07145_cp
You are assuming there is indeed a virus and it is so virulent that
draconian action is required.

"1. The Norton Anti Virus is disabled for 5 to 6 minutes on start up."
- If it was a virus, it would have been totally disabled or even
corrupted (some viruses target the Registry entries of major V
packages)

"2. When you click on the HP (Hewlett Packard) bar at the top, it
starts
off OK, and then says "malicious script executing""
- What's reporting this ? HP software ? Norton.
If it is Norton then Norton isn't completely disabled and is overly
cautious on HP software scripts. Nothing uncommon with Norton.

"3. When I do Symantec's online scan (from their web page), I'm told
that a port is open."
- What port ? This could be a simply Proxy Trojan or it could be
flagging NetBIOS over IP. Basically insufficient information to make
a confirmed conclusion.

"4. I use Eudora email on my parents computer. Eudora is not as safe
as
Outlook Express. Recently I opened an email that just locked the
computer for two minutes. I tried clicking on it a half hour later,
and it did the same thing. I wonder if it might have executed some
malicious code."
- Eudora not as safe as OE ? That's an uninformed opinion. Maybe I
should go to Secunia and lookup both software and compare
vulnerabilities patched and unpatched { Another time } Nothing in
that or the rest of the above is indicative of a totally infected
platform requiring a draconian solution of a wipe and re-install.
The post says nothing about the email message. For example its size,
content, if there are attachments, etc. Nothing. Therefore there are
so many variables that a conclusion can not be made.

David, are you trying to use "logic" with Carey?

 

[David H. Lipman]

From: "MAP" <[email protected]>


|
| David, are you trying to use "logic" with Carey?
|

Mike:

Logic is a pretty flower that smells bad

 

[Carey Frisch [MVP]]

When in doubt, assume the worst case scenario and take
prudent precautionary measures...

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------­----------------

| From: "Carey Frisch [MVP]" <[email protected]>
|
|| A virus attack mandates a complete "clean install".
|| Why? Read the following:
||
|| Viruses - I feel your pain
|| http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx
||
|| Read the following article thoroughly, then follow
|| the steps outlined to perform a "recovery from the hard drive"
|| which will reformat the drive prior to reinstalling Windows XP:
||
| http://h10025.www1.hp.com/ewfrf/wc/...7145&product=71013&dlc=en&lang=en#bph07145_cp
||
|
| You are assuming there is indeed a virus and it is so virulent that draconian action is
| required.
|
| "1. The Norton Anti Virus is disabled for 5 to 6 minutes on start up."
| - If it was a virus, it would have been totally disabled or even corrupted (some viruses
| target the Registry entries of major V packages)
|
| "2. When you click on the HP (Hewlett Packard) bar at the top, it starts
| off OK, and then says "malicious script executing""
| - What's reporting this ? HP software ? Norton.
| If it is Norton then Norton isn't completely disabled and is overly cautious on HP software
| scripts. Nothing uncommon with Norton.
|
| "3. When I do Symantec's online scan (from their web page), I'm told
| that a port is open."
| - What port ? This could be a simply Proxy Trojan or it could be flagging NetBIOS over IP.
| Basically insufficient information to make a confirmed conclusion.
|
| "4. I use Eudora email on my parents computer. Eudora is not as safe as
| Outlook Express. Recently I opened an email that just locked the
| computer for two minutes. I tried clicking on it a half hour later,
| and it did the same thing. I wonder if it might have executed some
| malicious code."
| - Eudora not as safe as OE ? That's an uninformed opinion. Maybe I should go to Secunia
| and lookup both software and compare vulnerabilities patched and unpatched { Another time }
| Nothing in that or the rest of the above is indicative of a totally infected platform
| requiring a draconian solution of a wipe and re-install. The post says nothing about the
| email message. For example its size, content, if there are attachments, etc. Nothing.
| Therefore there are so many variables that a conclusion can not be made.
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|

 

[David H. Lipman]

From: "Carey Frisch [MVP]" <[email protected]>

| When in doubt, assume the worst case scenario and take
| prudent precautionary measures...

| --
| Carey Frisch
| Microsoft MVP
| Windows - Shell/User
| Microsoft Community Newsgroups
| news://msnews.microsoft.com/


Using a sledge hammer to kill a fly is not being prudent and is unwarranted.

An interactive discussion with the end user is needed to qualify his statements and
distill the problem into its core problems with specific facts that surround them and
really determine a proper course of action.