ah, the irony!
We got virused
- Thread starter Martha
- Start date
Virus Problems
A few things to be aware of running Windows o/s
1) You need a good Anti-virus program with up to date definitions.
2) A Firewall Program, or Router with built-in Firewall Protection
3) An Anti-Spyware program if your using Internet Explorer. Better to use Firefox, Opera, or Netscape.
4) Make sure windows updates are turned on to Automatically install. These updates patch holes for vulnerabilities in windows, including ways that worms can get through.
A few things to be aware of running Windows o/s
1) You need a good Anti-virus program with up to date definitions.
2) A Firewall Program, or Router with built-in Firewall Protection
3) An Anti-Spyware program if your using Internet Explorer. Better to use Firefox, Opera, or Netscape.
4) Make sure windows updates are turned on to Automatically install. These updates patch holes for vulnerabilities in windows, including ways that worms can get through.
kumquat
Thinks s/he gets paid by the post
Every AV company names malware differently. If you check Martha's original post, her machine with Symantec picked up the original infection so Symantec may not be the ultimate solution.
If you read the description at Trojan.Peacomm.B - Symantec.com
you'l see it should have been detected as early as April. Maybe the AV software wasn't updating as necessary or Symantec is not worth the money (you choose).
Martha:
If you aren't sure it's clean, pay someone you trust to get it clean.
Rustic23
Thinks s/he gets paid by the post
This will not solve the virus problem, but, I do it on all my computers (4). Norton Ghost, which use to be PowerQuest Drive Image. With this software you can do a complete backup of your C: drive to another location. I keep all my hard drives with two partitions. I do a drive image to one. i.e. d:. When I encounter a problem, i.e. I download something that effect's my computer, I can restore the C: drive in about 20 min. The network connections are there, Office and all the other software installed. It is the fastest way I know to get a computer back working. I also keep a USB drive with a backup of all four computers on it, just in case one of the drives crashes and I need a new drive.
Now you will only be able to restore to the date of your last backup. I normally take the computer when it is new, put it on the network, load all the programs I use, copy my favorites from one of the other computers, let Windows do all the update, run the virus and spywhare software. I now have a clean computer. I then run Ghost and drive image the computer. The compressed backup is about 4g, and will fit on a DVD.
There are other software products that do the same thing as Ghost. PCMag.com Backup - Backup has a good article on backup.
Now you will only be able to restore to the date of your last backup. I normally take the computer when it is new, put it on the network, load all the programs I use, copy my favorites from one of the other computers, let Windows do all the update, run the virus and spywhare software. I now have a clean computer. I then run Ghost and drive image the computer. The compressed backup is about 4g, and will fit on a DVD.
There are other software products that do the same thing as Ghost. PCMag.com Backup - Backup has a good article on backup.
cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Download and run this https://europe.f-secure.com/exclude/blacklight/fsbl.exe
Should root out any remaining bits.
I dont think peacomm is much of a threat to you with regards to private data and financial transactions, but its been mixed with other malware on occasions, so who knows. Generally it just sits down in your machine and starts sending off spam. You generally wouldnt even know it was there except for excess ISP traffic and an outbound firewall would detect its activities.
An outbound firewall, while somewhat onerous to set up as you have to okay/not okay each initial instance of outbound activity, can be helpful. Windows firewall is an in-bound item only.
As far as detection and removal, rootkits are generally started when someone actuates a particular attachment or object on a web page. The actions of the rootkit during its install and operation are often invisible to any system scanning/protection software.
And again, before the mac and linux people get too excited, rootkits are named as such because they originated on unix based systems as "backdoor" elements...and mac osx and linux are both based on the same rootkit vulnerable platforms.
In fact, there have been quite a few suppositions of infections in the mac and linux communities...but due to a lack of easy to use tools to identify and remove rootkits in those environments...we cant even tell if they do or dont exist unless they behave very badly.
Should root out any remaining bits.
I dont think peacomm is much of a threat to you with regards to private data and financial transactions, but its been mixed with other malware on occasions, so who knows. Generally it just sits down in your machine and starts sending off spam. You generally wouldnt even know it was there except for excess ISP traffic and an outbound firewall would detect its activities.
An outbound firewall, while somewhat onerous to set up as you have to okay/not okay each initial instance of outbound activity, can be helpful. Windows firewall is an in-bound item only.
As far as detection and removal, rootkits are generally started when someone actuates a particular attachment or object on a web page. The actions of the rootkit during its install and operation are often invisible to any system scanning/protection software.
And again, before the mac and linux people get too excited, rootkits are named as such because they originated on unix based systems as "backdoor" elements...and mac osx and linux are both based on the same rootkit vulnerable platforms.
In fact, there have been quite a few suppositions of infections in the mac and linux communities...but due to a lack of easy to use tools to identify and remove rootkits in those environments...we cant even tell if they do or dont exist unless they behave very badly.
ERD50
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
I'm sorry Martha, but you must be mistaken. In an earlier thread on this subject CFB assured us that:
So really Martha, nothing happened, your machine is fine according to CFB. And you don't need to do anything (so why does CFB ask if you installed Windows Defender?) - it's all taken care of by the manufacturer. And call off your experts, after all, 'no expertise is required'.
Now, onto something helpful: Absolutely take the advice from others to do a full back-up of your machine from time-to-time. For extra safety, rotate those backups, so if you discover later that something was already hosed, you can go one further generation back. It's very simple, and large capacity external drives are cheap these days. Buy two.
Any machine can get hit by a hardware failure - you need a backup. It makes computer life so much less stressful. It is also a good idea to completely wipe your hard drive once in a while (every 18 months?), run a few tests, and then copy the image back. That can detect/prevent developing problems from bad blocks, which will get mapped out in the process.
Hope you get things straightened out OK - ERD50
PS: my 'cup of...' hasn't fully kicked in yet - sure, Apple computers are not bullet-proof to virus problems, but since all of CFB's dire warnings, all us Mac users have enjoyed another four months of zero virus damage. On top of all the previous years of zero virus damage. As I said then, that could change tomorrow..... but it hasn't. (queue the strawmen...
)
cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Thank god for the ignore list...
I'm now officially sorry I took time away from working on my second bathroom remodel to look in on this, do some background reading, check out some solutions, and see if there was anything I could offer.
Too bad you didnt take the time to dig up the posts where I reviewed external storage units, backup software, and helped people find good deals on them and avoid problem units.
But I'm sure Martha appreciates your efforts.
I'm now officially sorry I took time away from working on my second bathroom remodel to look in on this, do some background reading, check out some solutions, and see if there was anything I could offer.
Too bad you didnt take the time to dig up the posts where I reviewed external storage units, backup software, and helped people find good deals on them and avoid problem units.
But I'm sure Martha appreciates your efforts.
Thanks CFB for your help.
Went out for a walk, when I came back my computer had a message that Symantec had stopped a virus, specifically Trojan.Packed.13. Am I under attack or what? I have done next to nothing since getting my computer back.
Went out for a walk, when I came back my computer had a message that Symantec had stopped a virus, specifically Trojan.Packed.13. Am I under attack or what? I have done next to nothing since getting my computer back.
Rustic23
Thinks s/he gets paid by the post
After my last post I started to look for a free solution. I found UBCD4Win. It is a free download and with it and you Win XP Service Pack 2 disk you can create a cd that will boot to windows without the C: drive. It comes with a program driveimagexml that will make a drive image backup of your entire pc. I took the cd I made on my laptop and put it in one of the desktops. Booted and I am working off that pc now. Only problem I had with the laptop is it would not recognize the wireless. I am making a xml backup of the laptop now to a firewire drive just to see how it works, and how big the backup is. So far this appears to be a reasonable free solution. I think you could make the backup file and transfer it to a web location and get it back using your UBCD4Win CD.
cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Trojan.packed.13 was probably "packaged" with the rootkit and as part of the delivery encrypted or tried to "hide" some of the rootkit contents.
Your scanner has identified a 'funny' looking file that seems to have been encrypted but it cant find anything evil that its 'attached' to. This is mostly good news as the rootkits probably gone (although you might try that rootkit finder I linked above). I'd look at this:
Trojan.Packed.13 - Symantec.com
And follow the recommendations to quarantine and submit the reported file to symantec for further evaluation.
I havent used the symantec stuff in years...and never used the AVG product. The mcafee scanner i'm using does detect and remove both the rootkit you got and the packer. For what thats worth...
Your scanner has identified a 'funny' looking file that seems to have been encrypted but it cant find anything evil that its 'attached' to. This is mostly good news as the rootkits probably gone (although you might try that rootkit finder I linked above). I'd look at this:
Trojan.Packed.13 - Symantec.com
And follow the recommendations to quarantine and submit the reported file to symantec for further evaluation.
I havent used the symantec stuff in years...and never used the AVG product. The mcafee scanner i'm using does detect and remove both the rootkit you got and the packer. For what thats worth...
CFB, I ran the rootkit "rooter outer" you linked to on both computers and it found nothing. The "packer" ( am I getting into the computer talk or what!) was quarantined by my virus checker and I sent the file to Symantec. I still have both computers under quarantine so they don't run the same time on our home network.
cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
You got it goin on! If your scanners and the rootkit snooper say all is well, and you're not seeing any oddball behavior, you're probably good to go.
cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Theres a bright, sunny future for you in Information Technology!
Way better than freelance dentistry.
Way better than freelance dentistry.
ERD50
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Ignore function, huh? Well, I guess that is so much easier for you than actually admitting that you may have overstated the ease and effectiveness of Windows virus protection?
- C'est la vie...
CFB seems like a bright and knowledgeable guy and often helpful, but a number of his posts just had too much of the 'I'm right, you're wrong, and you're an idiot if you disagree' in them to be helpful to anyone. Since he couldn't let this one go w/o a preemptive strike against the Apple folks, I thought I'd just hold his previous 'proclamations' up to the light of day.
I like to give people the benefit of doubt, but he really confirmed his status as a 'Dish it out but can't take it guy' with that response.
Serious question regarding the source of those virus attacks: OK, looks like Martha got the help she needed to get things cleaned up, good - but I don't think I read anywhere what the original problem was? How would she (or anyone else) protect themselves? Obviously, the virus protection didn't catch it. What went wrong? What should people be doing? How would they know (some of this stuff was told to Martha after-the-fact)?
-ERD50
Yes, the whole thing is disturbing. Here we have two different virus programs and various spyware programs and the first time I ever get attacked by a virus, nothing catches it. And everyone seems to have their own favorite anti-virus program with no consensus on what is the best.
My computer is twitchy today. It is working fine now but took a half an hour to boot up. Another call into our IT person.
cute fuzzy bunny
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Actually ERD, I made that comment to head off the expected and thoroughly unhelpful "heh, if you had a mac, you wouldnt have a virus". Clearly the preemptive approach doesnt work when dealing with finely honed dickheads.
However, thanks for your analysis. The solution was also already given, in the form of "dont open attachments from people you dont know or arent expecting". But then you've had a problem with reading comprehension before.
Still not a single virus or even the scanner going off on any of my machines. But if you're feeling pretty good about things, give me your email and I'll send you an important attachment to look at. It wont matter much what OS you're running...
This ignore user thing is really helpful, but we need to do something about that 'view post' button...
I guess for everyone else...get a virus scanner...dont install software you dont know anything about, open emails or attachments from people you dont know, and dont count on security through obscurity.
However, thanks for your analysis. The solution was also already given, in the form of "dont open attachments from people you dont know or arent expecting". But then you've had a problem with reading comprehension before.
Still not a single virus or even the scanner going off on any of my machines. But if you're feeling pretty good about things, give me your email and I'll send you an important attachment to look at. It wont matter much what OS you're running...
This ignore user thing is really helpful, but we need to do something about that 'view post' button...
I guess for everyone else...get a virus scanner...dont install software you dont know anything about, open emails or attachments from people you dont know, and dont count on security through obscurity.
ERD50
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Yes, that was understood (drop the insults). I was asking, quite seriously, why didn't the virus protection intercept it? It's fine to say 'don't open unsolicited attachments' ( I don't open any to avoid acknowledging spammers, I also keep image previews turned off in emails), but people do slip. I thought the AV programs were supposed to provide another level of protection against that.
I'm sure that attachment would be real 'cute' and 'family friendly'. Why don't you do something more informative for the Mac and Linux users on the forum - give us a link documenting any current, real-world email attachments that are doing damage out in the OSX world? Not the theoretical, potential, threat-type vulnerabilities - I mean real live exploits that are doing damage.
-ERD50
Similar threads
Latest posts
-
-
-
-
-
-
What new series are you watching? *No Spoilers, Please*- Latest: ShokWaveRider
-
-
