Spyware or virus or .... ?

[XThing]

This is my first visit to this NG, so I hope I'm not violating any
group nettiquette.

Over the past one year or so, my Windows and other software had
developed a few, apparently minor, glitches, so I wiped my C: drive
with a full format and installed WinME and XP after scanning the
entire HDD with PC-cillin 2002. I wanted to try using AVG and went
online to get it without installing any AV software first. Besides
Grisoft, the only sites I visited were my ISP and Rediff (both to
check mail only). I gave my Rediffmail address for the AVG
registration and waited in vain for their notification mail.

I went offline and then on again after a few minutes. At some point
(not sure when), my computer slowed down. The connection status showed
a continuous up-down traffic and the byte count kept going up and up.
I went offline and installed Spybot (not updated recently) and
PC-cillin (pattern 803), but neither scan showed anything untoward. I
went offline and on again a few times, but the same thing always
happened the moment I logged on to my ISP, sometimes even before
opening IE (my home page is blank and I deleted history, cookies and
offline files).

The only external media I used was a bootable CD that I know to be
virus-free. The raw Windows and other software I installed were all
from backups in my HD.

Only XP is affected so far. Is there anything I can do other than
start from scratch again ? Thanks in advance for any help.

 

[null]

This is my first visit to this NG, so I hope I'm not violating any
group nettiquette.

Over the past one year or so, my Windows and other software had
developed a few, apparently minor, glitches, so I wiped my C: drive
with a full format and installed WinME and XP after scanning the
entire HDD with PC-cillin 2002. I wanted to try using AVG and went
online to get it without installing any AV software first. Besides
Grisoft, the only sites I visited were my ISP and Rediff (both to
check mail only). I gave my Rediffmail address for the AVG
registration and waited in vain for their notification mail.

I went offline and then on again after a few minutes. At some point
(not sure when), my computer slowed down. The connection status showed
a continuous up-down traffic and the byte count kept going up and up.
I went offline and installed Spybot (not updated recently) and
PC-cillin (pattern 803), but neither scan showed anything untoward. I
went offline and on again a few times, but the same thing always
happened the moment I logged on to my ISP, sometimes even before
opening IE (my home page is blank and I deleted history, cookies and
offline files).

The only external media I used was a bootable CD that I know to be
virus-free. The raw Windows and other software I installed were all
from backups in my HD.

Only XP is affected so far. Is there anything I can do other than
start from scratch again ? Thanks in advance for any help.

Are you going on line without a firewall?


Art
http://www.epix.net/~artnpeg

 

[XThing]

On 11 Sep 2004 14:27:22 -0700, (e-mail address removed) (XThing) wrote:



Are you going on line without a firewall?

The first time, yes. Careless of me, I guess. But as I said, I
strictly limited my visit to a few pages of sites I thought I could
trust. I've done this a few times before, usually to test new
machines, and never had a problem. Otherwise, PC-cillin's built-in
firewall has always been adequate for me.

 

[Beauregard T. Shagnasty]

Quoth the raven XThing:

(e-mail address removed) wrote in message

The first time, yes. Careless of me, I guess. But as I said, I
strictly limited my visit to a few pages of sites I thought I could
trust. I've done this a few times before, usually to test new
machines, and never had a problem. Otherwise, PC-cillin's built-in
firewall has always been adequate for me.

You don't have to visit /any/ site to get tagged. It's all those
zillions of infected machines out there scanning, and finding, your IP
address (unfirewalled) and sending /you/ the worm.

 

[null]

(e-mail address removed) wrote in message news:<[email protected]>...

The first time, yes. Careless of me, I guess. But as I said, I
strictly limited my visit to a few pages of sites I thought I could
trust. I've done this a few times before, usually to test new
machines, and never had a problem. Otherwise, PC-cillin's built-in
firewall has always been adequate for me.

This is apparently a common misunderstanding. Taking hits with no
firewall has nothing to do with sites you visit. Taking hits on
certain web sites is a (insecure and vulnerable) browser issue, not a
firewall issue. Just going on line for a few minutes with a virgin XP
install and no firewall will often result in taking hits even if you
aren't using any browser or other internet application.


Art
http://www.epix.net/~artnpeg

 

[NonDisputandum.com]

This is my first visit to this NG, so I hope I'm not violating any
group nettiquette.

Over the past one year or so, my Windows and other software had
developed a few, apparently minor, glitches, so I wiped my C: drive
with a full format and installed WinME and XP after scanning the
entire HDD with PC-cillin 2002. I wanted to try using AVG and went
online to get it without installing any AV software first. Besides
Grisoft, the only sites I visited were my ISP and Rediff (both to
check mail only). I gave my Rediffmail address for the AVG
registration and waited in vain for their notification mail.

I went offline and then on again after a few minutes. At some point
(not sure when), my computer slowed down. The connection status showed
a continuous up-down traffic and the byte count kept going up and up.
I went offline and installed Spybot (not updated recently) and
PC-cillin (pattern 803), but neither scan showed anything untoward. I
went offline and on again a few times, but the same thing always
happened the moment I logged on to my ISP, sometimes even before
opening IE (my home page is blank and I deleted history, cookies and
offline files).

The only external media I used was a bootable CD that I know to be
virus-free. The raw Windows and other software I installed were all
from backups in my HD.

Only XP is affected so far. Is there anything I can do other than
start from scratch again ? Thanks in advance for any help.

Next time, give it a good (mostly free) clean-up befor you start
formatting
http://www.nondisputandum.com/html/antivirus___firewall.html
http://www.nondisputandum.com/html/anti_spyware.html
http://www.nondisputandum.com/html/registry___system.html
& afterwards... protect your machine (= pay for an antivirus & firewal
-> cheaper than having it repaired)
Greetz

 

[David W. Hodgins]

Over the past one year or so, my Windows and other software had
developed a few, apparently minor, glitches, so I wiped my C: drive
with a full format and installed WinME and XP after scanning the

Only XP is affected so far. Is there anything I can do other than
start from scratch again ? Thanks in advance for any help.

Before connecting a new xp install to the internet...

Xp (standalone) - turn off file sharing in the M$ client and turn on the firewall
See http://isc.sans.org/presentations/xpsurvivalguide.pdf
Note that you need a pdf viewer such as acrobat reader, to read the document.

Xp (lan) un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks
See http://www.pcurtis.com/network-xp.htm

Regards, Dave Hodgins

 

[--Mike]

On 11 Sep 2004 14:27:22 -0700, (e-mail address removed) (XThing) wrote:

[snip]


Next time, give it a good (mostly free) clean-up befor you start
formatting
http://www.nondisputandum.com/html/antivirus___firewall.html
http://www.nondisputandum.com/html/anti_spyware.html
http://www.nondisputandum.com/html/registry___system.html
& afterwards... protect your machine (= pay for an antivirus & firewal
-> cheaper than having it repaired)
Greetz
--
www.nondisputandum.com - soft revieuws:
freeware to Protect & Clean your PC
freeware Office tools & Webbuilding aid
+ the Internet Addiction Test ;-)

If you are going to reformat the hard drive, there is no reason to take the
time to clean the system beforehand, or do I misunderstand the above
statement?

--Mike

 

[Clay]

Xp (lan) un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks
See http://www.pcurtis.com/network-xp.htm

Interestingly, the page cited above seems to indicate that NetBEUI is
not supported in XP - see section: A world without NetBEUI...

In fact, it's rather simple to install NetBEUI on Windows XP. (And it
works...)
http://support.microsoft.com/default.aspx?scid=kb;en-us;301041&sd=tech

 

[XThing]

This is apparently a common misunderstanding. Taking hits with no
firewall has nothing to do with sites you visit. Taking hits on
certain web sites is a (insecure and vulnerable) browser issue, not a
firewall issue. Just going on line for a few minutes with a virgin XP
install and no firewall will often result in taking hits even if you
aren't using any browser or other internet application.


Art
http://www.epix.net/~artnpeg

Thanks, all. This has been an eye-opener. It's not easy to keep up
with high-tech progress from a remote corner of a third-world country
where many people still think a virus is something your computer gets
if you keep it in a damp place.

 

[Theo]

(e-mail address removed) (XThing) wrote in

(e-mail address removed) wrote in message


Thanks, all. This has been an eye-opener. It's not easy to keep up
with high-tech progress from a remote corner of a third-world country
where many people still think a virus is something your computer gets
if you keep it in a damp place.

There are several free firewalls (Kerio, Zone Alarm, BlackIce)...
including a limited one on xp which should be activated by default. The
firewall on service pack 2 is supposed to be much better but since many
people & businesses are staying away from sp2 for now I wonder how much
better it really is... as reported via independent testing.

If you do try one of these others (personally I use Kerio, but others are
just as good), you will need to turn off xps firewall. Also, best thing to
do is block off internet access (in and out) to everything, and add
specific access as you go along to those things that actually need it.
Also, these firewalls have features that allow/disallow programs from even
running. Again the best thing to do is not allow anything associated with
the operating system to run, and selectively allow things as you go (and
save rules for them so you wont be asked again). That way if something new
comes along you didnt know about, it will be easier to catch quickly.

BTW... Kerio is almost the same product as Tiny.

 

[David W. Hodgins]

Interestingly, the page cited above seems to indicate that NetBEUI is
not supported in XP - see section: A world without NetBEUI...

In fact, it's rather simple to install NetBEUI on Windows XP. (And it
works...)
http://support.microsoft.com/default.aspx?scid=kb;en-us;301041&sd=tech

Good point. I've sent a copy of your post to the feedback address on
the site, and will post back regarding any responses.

Thanks, Dave Hodgins

 

[Alex Makoque]

Over the past one year or so, my Windows and other software had
developed a few, apparently minor, glitches, so I wiped my C: drive
with a full format and installed WinME and XP after scanning the
entire HDD with PC-cillin 2002.

I used PC-cillin 2002 for about 10 months (got it free on the cd that
came with my motherboard), but can not recommend it at all. I
regularly kept it updated, manually checking for updates at least once
every day, yet Viruses managed to find their way onto my system.

In the end I decided to use a different virus checker, as the latest
version of ZoneAlarm if PC would not install (it reported that there
were compatibility issues with PC-cillin 2002 and would not even start
to install until PC-cillin 2002 had been removed!). I tried AVG and a
trial of Kaspersky 5.0 and they both found about 7 or 8 virus infected
files on my system that PC-cillin had missed, and continued to miss
even after updating to the latest virus definitions!

The firewall in PC-cillin 2002 did not appear to work very well, when
tested with the Shields Up website. It seemed to fail all the tests,
when switched on AND when switched off! It appeared to make no
difference at all to the test results whether it was activated or not
(even after rebooting between changing the settings) compared to an XP
system running no firewall at all! Tests showed that the original
firewall built into XP worked better than this.

Also, the latest version of ZoneAlarm Pro has reported hackers trying
to scan my system looking for "insecure systems protected by PC-cillin
2002" (or words to that effect), so I really cannot advise using this
software. Later versions may of course be much better.

Alex

 

[XThing]

I used PC-cillin 2002 for about 10 months (got it free on the cd that
came with my motherboard), but can not recommend it at all. I
regularly kept it updated, manually checking for updates at least once
every day, yet Viruses managed to find their way onto my system.

In the end I decided to use a different virus checker, as the latest
version of ZoneAlarm if PC would not install (it reported that there
were compatibility issues with PC-cillin 2002 and would not even start
to install until PC-cillin 2002 had been removed!). I tried AVG and a
trial of Kaspersky 5.0 and they both found about 7 or 8 virus infected
files on my system that PC-cillin had missed, and continued to miss
even after updating to the latest virus definitions!

The firewall in PC-cillin 2002 did not appear to work very well, when
tested with the Shields Up website. It seemed to fail all the tests,
when switched on AND when switched off! It appeared to make no
difference at all to the test results whether it was activated or not
(even after rebooting between changing the settings) compared to an XP
system running no firewall at all! Tests showed that the original
firewall built into XP worked better than this.

Also, the latest version of ZoneAlarm Pro has reported hackers trying
to scan my system looking for "insecure systems protected by PC-cillin
2002" (or words to that effect), so I really cannot advise using this
software. Later versions may of course be much better.

Alex

I've been using PC-cillin 2002 for 2 years now and within the limits
of my experience, never had an infection or a security breach. I'm not
saying it's the best or fool-proof (no AV is), but it hasn't failed me
yet. The exception was when my children wanted to play games, turned
off the AV to speed up loading and forgot to turn it back on. They
each have their own machines now and are under strict orders never to
turn off the AV. Fortunately, the infections I got were not
particularly malicious ones - like VBS_REDLOF.

I mentioned my failed attempt to download AVG in my first post. I
don't like Norton because it's a control freak, and Mcafee, well, you
know ....

Re the dual-AV installation issue, isn't this the case with many AV
progs ?

XThing

 

[XThing]

On 11 Sep 2004 14:27:22 -0700, (e-mail address removed) (XThing) wrote:

[snip]


Next time, give it a good (mostly free) clean-up befor you start
formatting
http://www.nondisputandum.com/html/antivirus___firewall.html
http://www.nondisputandum.com/html/anti_spyware.html
http://www.nondisputandum.com/html/registry___system.html
& afterwards... protect your machine (= pay for an antivirus & firewal
-> cheaper than having it repaired)
Greetz
--
www.nondisputandum.com - soft revieuws:
freeware to Protect & Clean your PC
freeware Office tools & Webbuilding aid
+ the Internet Addiction Test ;-)

If you are going to reformat the hard drive, there is no reason to take the
time to clean the system beforehand, or do I misunderstand the above
statement?

--Mike

If the whole hard drive is formatted, I'd agree with you. I did
mention in my first post that I scanned the whole HDD before
formatting the C: partition. This was to prevent infection from
viruses that might be hiding in other partitions. I even cleared the
CMOS too.

I also used PC-cillin's companion product Trend System Cleaner to
check for anything that might be lurking in the system registry. I've
seen cases where an AV cleaned or quarantined infected files, but the
infection was triggered again from the system registry at boot-up. TSC
took care of that.

- XThing

 

[NonDisputandum.com]

On 11 Sep 2004 14:27:22 -0700, (e-mail address removed) (XThing) wrote:

[snip]


Next time, give it a good (mostly free) clean-up befor you start
formatting
http://www.nondisputandum.com/html/antivirus___firewall.html
http://www.nondisputandum.com/html/anti_spyware.html
http://www.nondisputandum.com/html/registry___system.html
& afterwards... protect your machine (= pay for an antivirus & firewal
-> cheaper than having it repaired)
Greetz
--
www.nondisputandum.com - soft revieuws:
freeware to Protect & Clean your PC
freeware Office tools & Webbuilding aid
+ the Internet Addiction Test ;-)

If you are going to reformat the hard drive, there is no reason to take the
time to clean the system beforehand, or do I misunderstand the above
statement?

--Mike

meaning... clean it up in stead of formattiing