Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
We got virused
Old 06-28-2007, 08:03 PM   #1
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
We got virused

Our home network got attacked by a worm. Neither my nor DH's virus checker caught it, and both were up to date, automatically updated every day. DH has AVG as a virus checker. I have Semantec.

Anyway, DH's computer is out of commission, I brought mine into the IS person at my former job to get cleaned up, and I have a loaner, my old computer from work.

I am generally very careful about what I open, but I was tricked by a purported lawyer email.

So why didn't the virus checkers pick this up?
__________________

__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-28-2007, 08:29 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Dawg52's Avatar
 
Join Date: Feb 2005
Location: Central MS/Orange Beach, AL
Posts: 7,442
Does the worm have a name?
__________________

__________________
Retired 3/31/2007@52
Full time wuss.......
Dawg52 is offline   Reply With Quote
Old 06-28-2007, 08:51 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Are you SURE your antivirus is properly updating itself?

The sad truth is that many of the nastier bugs are new and the AV stuff can only detect what its been instructed to find. By which time it may be too late. And stuff that you explicitly open may or may not be headed off by the program that opens it...what exactly was the attachment? IE script? an executable? ??

And before it gets started, since I see Apple patched a dozen or so fairly unpleasant holes in their operating system a month or two ago, its time for a nice big cup of...
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-28-2007, 09:05 PM   #4
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
Dawg, I'll ask the IS person when I get my computer back.

I do know Greg's antivirus updates itself everyday because it tells us so and it told me it updated last night. He caught the virus from me.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-28-2007, 09:11 PM   #5
Recycles dryer sheets
 
Join Date: May 2007
Posts: 290
That is why I converted my home PC to Linux last year.

Quote:
Originally Posted by cute fuzzy bunny View Post
And before it gets started, since I see Apple patched a dozen or so fairly unpleasant holes in their operating system a month or two ago, its time for a nice big cup of...
I'll go brew myself a cup right now.
__________________
bpp3 is offline   Reply With Quote
Old 06-28-2007, 09:14 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Whoa, didnt see that one coming. Fortunately I have my chuck norris tee shirt on and therefore have an extra fist.

Is it time for me to whip out the report I just saw yesterday that discusses how vista is superior in security to linux?

And who are you, and what have you done with bpp, bpp1 and bpp2?
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-28-2007, 09:22 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Oh and Martha...have you installed windows defender on your machines? Its a good idea and a decent freebie accompaniment to your antivirus protection. Its built into vista.

Some of the early versions were a bit flakey, but the newer versions are transparent.

I know it smells a little bit like another AV package, but its more effective in sealing up any security holes and protecting from naughty apps and spyware.
Windows Defender home
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-28-2007, 09:22 PM   #8
Recycles dryer sheets
 
Join Date: May 2007
Posts: 290
Quote:
Originally Posted by cute fuzzy bunny View Post
Whoa, didnt see that one coming. Fortunately I have my chuck norris tee shirt on and therefore have an extra fist.
I'm sorry, I can't hear you over the sound of my STFU brewing.

Quote:
Is it time for me to whip out the report I just saw yesterday that discusses how vista is superior in security to linux?
Feel free, right after you find that list of applications that work under Vista.
(The one that includes Cygwin and VPN, hopefully.)

<gulp, slurp> Oops, never mind.
__________________
bpp3 is offline   Reply With Quote
Old 06-28-2007, 09:24 PM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697


Alright, i gotta go quit laughing my ass off now...
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 06-28-2007, 09:33 PM   #10
Recycles dryer sheets
 
Join Date: May 2007
Posts: 290
Quote:
Originally Posted by cute fuzzy bunny View Post
And who are you, and what have you done with bpp, bpp1 and bpp2?
Keep asking nosy questions and you just might find out.
__________________
bpp3 is offline   Reply With Quote
Old 06-29-2007, 06:38 AM   #11
Thinks s/he gets paid by the post
 
Join Date: Jul 2005
Location: Minnehaha
Posts: 2,375
just found three trojans

is it possible to get infected by ER forum?
__________________
MinnesotaEats - www.goodfoodmsp.com
Danny is offline   Reply With Quote
Old 06-29-2007, 07:24 AM   #12
Thinks s/he gets paid by the post
BUM's Avatar
 
Join Date: Feb 2004
Location: Mid Hudson Valley
Posts: 1,778
Quote:
Originally Posted by DanTien View Post
just found three trojans
Don't take any chances. Throw them away.
__________________
In a panamax down by the river.
BUM is offline   Reply With Quote
Old 06-29-2007, 07:30 AM   #13
Thinks s/he gets paid by the post
 
Join Date: Jul 2005
Location: Minnehaha
Posts: 2,375
Quote:
Originally Posted by BUM View Post
Don't take any chances. Throw them away.

probably right...how long after the expiration date are they good for do you recon...by the way would you use condoms made in China?
__________________
MinnesotaEats - www.goodfoodmsp.com
Danny is offline   Reply With Quote
Old 06-29-2007, 11:47 AM   #14
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,620
Quote:
Originally Posted by Martha View Post
I am generally very careful about what I open, but I was tricked by a purported lawyer email.
By any chance was this an e-mail claiming to have an attached PDF file?

When the "I Love You" virus came out, one of the first computers at our military training command to receive it was in the torpedomen's office (the submarine force's version of GEICO's cavemen). Because they're military instructors, these guys were smarter than your average knuckle-dragger and they knew all about anti-virus software. They all clustered around the computer, discussed the virus issue in depth, and decided to run a virus scan on it. It passed clean. Reassured by their forethought and their faith in anti-virus technology, they clicked on it.

Quote:
Originally Posted by Martha View Post
So why didn't the virus checkers pick this up?
Then we all got to attend a few hours of mandatory training on how virus-checking software is updated AFTER the innovative new virus comes out.
__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Old 06-29-2007, 03:03 PM   #15
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
OK, our IS person said it was a trojan, specifically Trojan.Peacomm.B. I have my computer back all nice and cleaned up.

I can't seem to clean up Greg's computer. I followed all the antivirus directions (disabling system restore) and ran it several times, including in safe mode. I ran the spyware stuff too. No virus was found. But I cannot get his computer to get on the internet. I have a call into the IS person at my former job to hire her to come and fix it. Any ideas?
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-29-2007, 03:25 PM   #16
Thinks s/he gets paid by the post
 
Join Date: Jul 2005
Location: Minnehaha
Posts: 2,375
Quote:
Originally Posted by Martha View Post
OK, our IS person said it was a trojan, specifically Trojan.Peacomm.B. I have my computer back all nice and cleaned up.

I can't seem to clean up Greg's computer. I followed all the antivirus directions (disabling system restore) and ran it several times, including in safe mode. I ran the spyware stuff too. No virus was found. But I cannot get his computer to get on the internet. I have a call into the IS person at my former job to hire her to come and fix it. Any ideas?
I found three trojans after your heads-up. Used Ad-Aware its free...
__________________
MinnesotaEats - www.goodfoodmsp.com
Danny is offline   Reply With Quote
Old 06-29-2007, 03:25 PM   #17
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
I ran Ad-Aware.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-29-2007, 04:20 PM   #18
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,212
OK, I got Greg's computer to work. It could never find our internet network. I remember having that problem before and having to set a static IP address. I did that and now it works. I never found the trojan on his system so I am thinking it maybe never got there and in the process of trying to fix all of this on my own I ended up losing the static IP address and it would search automatically and never find it. I still don't have the two computers together on the wireless system. I am not sure it is safe.
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Old 06-29-2007, 05:36 PM   #19
Thinks s/he gets paid by the post
FIRE'd@51's Avatar
 
Join Date: Aug 2006
Posts: 2,322
Quote:
Originally Posted by Martha View Post
I followed all the antivirus directions (disabling system restore) and ran it several times, including in safe mode.
I have always wondered about this step. I know Symantec says to do it, presumably to avoid backing up the virus. However, it is my understanding that, when you disable System Restore, you lose all of your previous restore points, which go back over the past 3 months. Wouldn't it be better to try some restore points from back before when you think you got the virus before doing the disable?
__________________
FIRE'd@51 is offline   Reply With Quote
Old 06-29-2007, 06:00 PM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Uh oh, a rootkit virus. Generally bad news.

Symantecs removal instructions: Trojan.Peacomm.B - Symantec.com

I looked at the AVG site, and their 'virus encyclopedia' doesnt include any mention of peacomm, so I'm wondering if it even detects or removes it.

Disabling system restore shouldnt remove your prior restore points. You CAN remove them at your discretion.
__________________

__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 09:31 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.