Justin said:
My brother is using Windows XP 64 bit.
I sent him an MP3 file from my Mac and when he clocked on it in Hotmail,
it tried to start Java, and then the machine was infected with "System
Tool" rogue malware.
After Googling, he followed the instructions for removal, and scanned
his machine with Malwarebytes - the desktop background and whatnot is
gone - hence the machine is clean.
Now he's afraid to click on a file from Hotmail since he think it will
bring that crapware back up. Other than switching to Mac (which he
intends to do this year) how can we make sure the machine is completely
clean?
Try a scan with Kaspersky, then install some kind of full-time
anti-malware application.
Kaspersky offers a bootable CD (or you can make a bootable USB stick),
and when you boot the computer with it, you can scan Windows partitions.
As long as your Internet connection supports DHCP, this bootable
solution will also be able to download the most up-to-date virus
definitions.
http://support.kaspersky.com/faq/?qid=208282163
As for what anti-malware application to install in Windows after
that, there are free choices and commercial choices. Commercial choices
will come with a subscription, so you'd perhaps pay on a yearly
basis for daily updates of the virus definition files.
No matter what tool you buy, there is a gap between when new
malware is discovered, and virus definitions are updated. So there
is still the possibility of becoming infected.
And that's where "Safe Hex" comes into the picture. How you use
a computer, like carelessly clicking an attachment in an email,
ignoring the warnings to not run executables from an attachment
and so on, help determine what level of risk you'd be exposed to.
The anti-malware tool might not get very much of a workout,
if you inherently treat all content from the Internet as
being dangerous.
A good question would be, why you didn't scan the MP3 you sent
to him in the first place. Part of "Safe Hex" is the "Web Of Trust".
For example, if I sent you a file, I would scan it first, before
sending it. If you knew me personally, and knew I took care about
the files I sent, then you'd "trust me". Now, in terms of the
"Web Of Trust", you're on your brother's "shit list". Your brother
can't trust you, because you don't scan the files you send.
You don't have to pay money to scan files. If you need a file scanner,
one is available for free at
www.virustotal.com . Even a Macintosh
owner can help support the "Web Of Trust", by scanning files before
sending them. The site also offers a search option. If you can
compute a hash (MD5 or SHA1), you can use the string value from
that, in the virustotal.com search box. That saves on having
to upload the file. But if you don't know how to compute a hash,
you always have the option to upload the file and test it.
Now that you have a bad MP3 file in hand, why not send it to
virustotal.com, and see which of the forty scanners, can detect it ?
Paul