new member

[thescruff]

Pick up a small problem last night from a new member.

1x. xp antivirus 2011

2x. trojan fakeMS

3x. hijack.startmenuinternet

3x. PUM.disabled.security

and my avatar disappeared.

7 hours sleep wasted, so good night.

[moderator6]

That'll teach you to go clicking on any old link. I just dump 'em in quarantine for nerd mod to sort out

I banned them for you though

Mod 6

[tooltraderdirect]

Your own machine got infected? How?

[tooltraderdirect]

I got caught the other day when looking to download the VLC mediaplayer. I googled it, went to what sounded like the right domain, and got suspicious when it tried to bundle some adware with it. I know a lot of free software gets sponsored but there is usually an option to opt out. I had to kill the download process, with task manager as the cancel button (of course) wasn't working. I generally run "no script" which blocks all scripts from running but it was a test machine.

Malware is so subtle these days

[thescruff]

Your own machine got infected? How?

Quite simple, I opened something I shouldn't

The new member is a known spammer, actually there's 2, one from USA and the other from Singapore, so some detective work with the IP's of both, I ended up with a computer full of nasty's, as above plus a few more.

Between them they switched my anti virus off, disabled mBam and prevented me from getting on the internet.

Found a jqs.exe file in task manager and was able to kill xp antivirus 2011, although it kept coming back every time I tried to log on, I left taskmgr open and just kept killing it till I got on-line.

Once online all the other bugs/viruses showed up after I got mBam working again, also got Spyware Doctor working so looks like us is back in business.

Also, found an empty .tu file in local settings\application data\, run it by the Doctor and there was two Trojan fake ms viruses.

[moderator2]

but that river is still running sideways..

[dave.m]

Tsunami! Caused by the Severn Bore.
Often happens after a virus and trojan meet.

Or it could be as a result of Scruff's latest plumbing escapade.

dave

[joinerjohn]

I managed to get MS Removal Tool (malware) on mine after one of the grandkids went on it for an hour. Had to start up in safe mode then download MBaM, update that then run it to remove it. Clear System Restore (then turn it back on). A few hours wasted , but all clear now. Next time any kids come here , they can play on the PS2.

[thescruff]

These little darlings, i jacked the start menu so I couldn't get online, also disabled mBam, and my antivirus and installed xp antivirus 2011.

I kept killing them in taskmgr, and they kept coming back got online eventually by leaving taskmgr open and deleting it every few seconds (qfm.exe) in my case but can be any 3 random letters.

Checking the remote hard drive at the moment, been on for 13 hours+ 76% 250000 files it's checked so far.

[thescruff]

Remote Storage drive came up clean which was very pleasing just under 300,000 files and folders

[BillyGoat]

Watch yourself Scruff, viri and trojans arn't what they used to be.

Years back, it would be as simple as a scan/cleanup (safemode, a removal tool, etc) but I don't belive it's is the case any more - at least if you want to be 100% safe.

There are so many varients of trojans, viruses, worms and they use all manners of techniques to hide themselves (shifting file names, sizes, hiding in ADS stream on the drive, etc, etc). You are very much in the lap of the gods.

If someone asks me now, I just say restore/restart - it's harsh, but the ONLY way you can be sure. There are TONS of software packages out there that let you create cloned images of your drive (I have two Windows Home Servers - for personal use that do full daily/weekly/monthly backups and allow a restore in under an hour!!!), which you can then restore knowing you are back to a safe place!

It might be worth a reinstall (clear the lot), setup, update, protect and then clone the drive - keep regualr system snapshots. In the long run it ends up like this:

1. Use your computer (I notice you keep you important stuff on a seperate drive, good practise - if it's also backed up!!!)
2. Every so often, update system snapshot (could be to DVD, USB drive, etc)
3. Computer gets infected (which you can never be SURE SURE it's gone after clearup)

- At this point you can spend days clearing it up, scanning, double checking OR....

4. Shut PC down
5 Restore from backup (a local HDD image would take less than 30 minutes in most cases, call it an hour for fun).
6. Make a tea and eat a biscuit
7. Enjoy safely restored system like nothing had happened.

Worth considering.

Right, I'm off.....I've got to face the kamakazi traffic to get someone I don't want to be......

Peace!

BG

[tooltraderdirect]

Its a nice feature of Windows 7 (some versions) - that you can schedule backups to an external hard drive. As Billy Goat says, a system snapshot (image) of your system drive (usually C) . Some laptops have a recovery partition which you can use to restore to factory settings. There are two problems with this. The factory restore takes you back so far that when you have restored, you have to do gazillions of Windows updates. You also lose any programmes you installed yourself. The other factor I don't like is that it is perfectly possible for malware to infect the recovery partition, even if it is hidden from Windows and in one case I found recently, the recovery partition was visible and had a drive letter, so I tested it and was able to simply copy files across to it. So if I can do it so can malware.

It is better to do a full system backup to an external drive which is not permanently attached to the pc. If you then need to restore, you boot from a DVD/CD to ensure that no malware can load at startup. Then restore the image from the external drive. Using a home server is fine, unless malware has infected the whole network. It would be nice if DVD-Rs had greater capacity (so they were large enough to hold a system image file), as once they are burned, you can be sure no malware can infect them, which cannot be said for memory sticks, external drives or network storage.

To be really safe, you should do a low level format on the drive you plan to restore in order to destroy potential boot sector viruses.

[thescruff]

Never really had too much trouble with viruses, and certainly none I haven't been able to remove.

What annoys me is when the anti virus program makes a racket and a warning Virus alert, but doesn't actually prevent it getting into the system. If the damn program can't prevent them I see no point in having it in the first place, ok I suppose it's nice to know.

[thescruff]

Started mBam on a full system scan and hr ago.

Has found 1 infected so far, will take a few hours to complete

[Razor]

Caused by the Severn Bore.
dave

Is that Scruffs nickname then