Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 06-29-2007, 06:50 PM   #21
Thinks s/he gets paid by the post
FIRE'd@51's Avatar
 
Join Date: Aug 2006
Posts: 2,315
fuzzy bunny;530685]
Disabling system restore shouldnt remove your prior restore points.
[/quote]

"Note that disabling System Restore doesn't just prevent future restore points from being created. It also permanently deletes any restore points created in the past. These are nonrecoverable, even if you turn System Restore back on, so use this feature with caution."


Smart Computing Article - Take Advantage Of System Restore
__________________

__________________
FIRE'd@51 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-29-2007, 07:41 PM   #22
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
I stand corrected. I've been running without system restore for some time now...last time I used it and turned it off, my recollection was that it kept all of the old restore points.
__________________

__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-29-2007, 07:47 PM   #23
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
Quote:
Originally Posted by cute fuzzy bunny View Post
Uh oh, a rootkit virus. Generally bad news.

Symantecs removal instructions: Trojan.Peacomm.B - Symantec.com

I looked at the AVG site, and their 'virus encyclopedia' doesnt include any mention of peacomm, so I'm wondering if it even detects or removes it.

Disabling system restore shouldnt remove your prior restore points. You CAN remove them at your discretion.
Thanks for looking at the AVG site. I am very green on all this, my first virus. Greg's computer seems to be working fine, so I just don't know. Any way to find out? Maybe we should use a different antivirus program on his computer?
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-29-2007, 07:47 PM   #24
Thinks s/he gets paid by the post
lazygood4nothinbum's Avatar
 
Join Date: Feb 2006
Posts: 3,895
martha, bummer but glad you got restored. anyway, thanx for the reminder to back-up my puter files. i tend to get lazy with that.
__________________
"off with their heads"~~dr. joseph-ignace guillotin

"life should begin with age and its privileges and accumulations, and end with youth and its capacity to splendidly enjoy such advantages."~~mark twain - letter to edward kimmitt 1901
lazygood4nothinbum is offline   Reply With Quote
Old 06-29-2007, 08:23 PM   #25
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
I read more about rootkit viruses and it is disturbing. The reason I discovered the problem was that our ISP locked us down for sending boat loads of spam and suggested we had a virus. My IS person from work says my laptop is clean (really? how does she know?). I am kind of at a loss as to what to do. Certainly no online banking or brokerage account activity for now. Change passwords?
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-29-2007, 08:52 PM   #26
Thinks s/he gets paid by the post
 
Join Date: Apr 2006
Posts: 1,487
Quote:
Originally Posted by Martha View Post
but I was tricked by a purported lawyer email.
ah, the irony!
__________________
d is offline   Reply With Quote
Virus Problems
Old 06-29-2007, 10:19 PM   #27
Recycles dryer sheets
 
Join Date: Dec 2005
Posts: 133
Virus Problems

A few things to be aware of running Windows o/s

1) You need a good Anti-virus program with up to date definitions.
2) A Firewall Program, or Router with built-in Firewall Protection
3) An Anti-Spyware program if your using Internet Explorer. Better to use Firefox, Opera, or Netscape.
4) Make sure windows updates are turned on to Automatically install. These updates patch holes for vulnerabilities in windows, including ways that worms can get through.
__________________
Livefree is offline   Reply With Quote
Old 06-30-2007, 01:17 AM   #28
Thinks s/he gets paid by the post
 
Join Date: Nov 2005
Location: North of Montana
Posts: 2,753
Quote:
Originally Posted by cute fuzzy bunny View Post
Uh oh, a rootkit virus. Generally bad news.

Symantecs removal instructions: Trojan.Peacomm.B - Symantec.com

I looked at the AVG site, and their 'virus encyclopedia' doesnt include any mention of peacomm, so I'm wondering if it even detects or removes it.

Every AV company names malware differently. If you check Martha's original post, her machine with Symantec picked up the original infection so Symantec may not be the ultimate solution.

Quote:
Originally Posted by Martha View Post
Our home network got attacked by a worm. Neither my nor DH's virus checker caught it, and both were up to date, automatically updated every day. DH has AVG as a virus checker. I have Semantec.
If you read the description at Trojan.Peacomm.B - Symantec.com
you'l see it should have been detected as early as April. Maybe the AV software wasn't updating as necessary or Symantec is not worth the money (you choose).

Martha:
If you aren't sure it's clean, pay someone you trust to get it clean.
__________________
There are two kinds of people in the world: those who can extrapolate conclusions from insufficient data and ..
kumquat is offline   Reply With Quote
Old 06-30-2007, 08:25 AM   #29
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
Thanks all. Goes to show that even with two separate anit-virus programs that are proported to be up to date, you can still get infected.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-30-2007, 09:18 AM   #30
Thinks s/he gets paid by the post
Rustic23's Avatar
 
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 3,624
This will not solve the virus problem, but, I do it on all my computers (4). Norton Ghost, which use to be PowerQuest Drive Image. With this software you can do a complete backup of your C: drive to another location. I keep all my hard drives with two partitions. I do a drive image to one. i.e. d:. When I encounter a problem, i.e. I download something that effect's my computer, I can restore the C: drive in about 20 min. The network connections are there, Office and all the other software installed. It is the fastest way I know to get a computer back working. I also keep a USB drive with a backup of all four computers on it, just in case one of the drives crashes and I need a new drive.

Now you will only be able to restore to the date of your last backup. I normally take the computer when it is new, put it on the network, load all the programs I use, copy my favorites from one of the other computers, let Windows do all the update, run the virus and spywhare software. I now have a clean computer. I then run Ghost and drive image the computer. The compressed backup is about 4g, and will fit on a DVD.

There are other software products that do the same thing as Ghost. PCMag.com Backup - Backup has a good article on backup.
__________________
Rustic23 is offline   Reply With Quote
Old 06-30-2007, 09:48 AM   #31
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Download and run this https://europe.f-secure.com/exclude/blacklight/fsbl.exe

Should root out any remaining bits.

I dont think peacomm is much of a threat to you with regards to private data and financial transactions, but its been mixed with other malware on occasions, so who knows. Generally it just sits down in your machine and starts sending off spam. You generally wouldnt even know it was there except for excess ISP traffic and an outbound firewall would detect its activities.

An outbound firewall, while somewhat onerous to set up as you have to okay/not okay each initial instance of outbound activity, can be helpful. Windows firewall is an in-bound item only.

As far as detection and removal, rootkits are generally started when someone actuates a particular attachment or object on a web page. The actions of the rootkit during its install and operation are often invisible to any system scanning/protection software.

And again, before the mac and linux people get too excited, rootkits are named as such because they originated on unix based systems as "backdoor" elements...and mac osx and linux are both based on the same rootkit vulnerable platforms.

In fact, there have been quite a few suppositions of infections in the mac and linux communities...but due to a lack of easy to use tools to identify and remove rootkits in those environments...we cant even tell if they do or dont exist unless they behave very badly.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-30-2007, 09:56 AM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,255
Quote:
Originally Posted by Martha View Post
Thanks all. Goes to show that even with two separate anit-virus programs that are proported to be up to date, you can still get infected.

I'm sorry Martha, but you must be mistaken. In an earlier thread on this subject CFB assured us that:

Quote:
Originally Posted by cute fuzzy bunny View Post
One last time.

I have three machines. Software installed by the manufacturer. I did nothing. They dont get viruses.
Quote:
Originally Posted by cute fuzzy bunny View Post
I have three PC's that came from the maker with software installed. Been in service for years. No viruses. No work. No expense. Bupkus. Nada. Nothing special done. No expertise required.
Quote:
Originally Posted by cute fuzzy bunny View Post
I've spent zero extra time and money as well. Virus protection is provided for free by most system manufacturers and ISP's. Its already on the machine. It updates itself. It only interrupts me when something bad happens, which for the last 2-3 years has been never.
So really Martha, nothing happened, your machine is fine according to CFB. And you don't need to do anything (so why does CFB ask if you installed Windows Defender?) - it's all taken care of by the manufacturer. And call off your experts, after all, 'no expertise is required'.

Now, onto something helpful: Absolutely take the advice from others to do a full back-up of your machine from time-to-time. For extra safety, rotate those backups, so if you discover later that something was already hosed, you can go one further generation back. It's very simple, and large capacity external drives are cheap these days. Buy two.

Any machine can get hit by a hardware failure - you need a backup. It makes computer life so much less stressful. It is also a good idea to completely wipe your hard drive once in a while (every 18 months?), run a few tests, and then copy the image back. That can detect/prevent developing problems from bad blocks, which will get mapped out in the process.

Hope you get things straightened out OK - ERD50

PS: my 'cup of...' hasn't fully kicked in yet - sure, Apple computers are not bullet-proof to virus problems, but since all of CFB's dire warnings, all us Mac users have enjoyed another four months of zero virus damage. On top of all the previous years of zero virus damage. As I said then, that could change tomorrow..... but it hasn't. (queue the strawmen... )
__________________
ERD50 is online now   Reply With Quote
Old 06-30-2007, 10:58 AM   #33
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Thank god for the ignore list...

I'm now officially sorry I took time away from working on my second bathroom remodel to look in on this, do some background reading, check out some solutions, and see if there was anything I could offer.

Too bad you didnt take the time to dig up the posts where I reviewed external storage units, backup software, and helped people find good deals on them and avoid problem units.

But I'm sure Martha appreciates your efforts.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-30-2007, 01:31 PM   #34
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
Thanks CFB for your help.

Went out for a walk, when I came back my computer had a message that Symantec had stopped a virus, specifically Trojan.Packed.13. Am I under attack or what? I have done next to nothing since getting my computer back.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-30-2007, 01:35 PM   #35
Thinks s/he gets paid by the post
Rustic23's Avatar
 
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 3,624
After my last post I started to look for a free solution. I found UBCD4Win. It is a free download and with it and you Win XP Service Pack 2 disk you can create a cd that will boot to windows without the C: drive. It comes with a program driveimagexml that will make a drive image backup of your entire pc. I took the cd I made on my laptop and put it in one of the desktops. Booted and I am working off that pc now. Only problem I had with the laptop is it would not recognize the wireless. I am making a xml backup of the laptop now to a firewire drive just to see how it works, and how big the backup is. So far this appears to be a reasonable free solution. I think you could make the backup file and transfer it to a web location and get it back using your UBCD4Win CD.
__________________
Rustic23 is offline   Reply With Quote
Old 06-30-2007, 01:56 PM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Trojan.packed.13 was probably "packaged" with the rootkit and as part of the delivery encrypted or tried to "hide" some of the rootkit contents.

Your scanner has identified a 'funny' looking file that seems to have been encrypted but it cant find anything evil that its 'attached' to. This is mostly good news as the rootkits probably gone (although you might try that rootkit finder I linked above). I'd look at this:

Trojan.Packed.13 - Symantec.com

And follow the recommendations to quarantine and submit the reported file to symantec for further evaluation.

I havent used the symantec stuff in years...and never used the AVG product. The mcafee scanner i'm using does detect and remove both the rootkit you got and the packer. For what thats worth...
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-30-2007, 02:52 PM   #37
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
CFB, I ran the rootkit "rooter outer" you linked to on both computers and it found nothing. The "packer" ( am I getting into the computer talk or what!) was quarantined by my virus checker and I sent the file to Symantec. I still have both computers under quarantine so they don't run the same time on our home network.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-30-2007, 07:11 PM   #38
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
You got it goin on! If your scanners and the rootkit snooper say all is well, and you're not seeing any oddball behavior, you're probably good to go.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-30-2007, 07:43 PM   #39
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
Hey, I even checked the registry to make sure things weren't changed, ala Symantic's instructions.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-30-2007, 07:55 PM   #40
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Theres a bright, sunny future for you in Information Technology!

Way better than freelance dentistry.
__________________

__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 06:47 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.