Do I have a virus?

Discussion in 'Virus Information' started by Øyvind Granberg, Nov 9, 2008.

  1. Hi...

    There is a virus in my computer. I am convinced about that.
    I cannot download anything concerning updates to Ad-Aware or Spybot.
    I cannot download anything at all from Microsoft.com like the Outlook
    Connector or anything else I've tried.
    Neither can I download the afore mentioned files from these sites with FF3,
    Google Chrome or Opera 9.26.

    When browsing using IE8, I get a message stating that a pop up has been
    prenvented. Even on my own web pages where there is no pop up at all.

    Something is preventing me from downloading anything that I can use to
    remove it!?!?!

    I need help...
    Running Windows Vista Ultimate with all updates.
    AVG 8 Free
    Windows Defender
    Spybot once a week
    UAC disabled
    Firewall disabled


    Tried Bitdefender's online scanner and even that couldn't update it
    definition file.
    I have scanned thouroughly twice with AVG 8
    So too with Spybot and Windows defender.

    What is wrong, and how can I get rid of it?

    --

    Vennlig hilsen
    Øyvind Granberg


    www.tresfjording.com
     
    Øyvind Granberg, Nov 9, 2008
    #1
    1. Advertisements

  2. Øyvind Granberg

    Malke Guest

    Is Windows Firewall disabled because AVG 8 has a firewall? If not, then you
    are most definitely not protected. Also with UAC disabled IE does not run
    in protected mode. So you've decided to run your computer at risk.

    Your symptoms do sound like the machine is infected, but only a thorough
    scanning will tell.

    Go through these general malware removal steps systematically -
    http://www.elephantboycomputers.com/page2.html#Removing_Malware

    Include scanning with David Lipman's Multi_AV and follow instructions to do
    all scans in Safe Mode. Please see the special Notes regarding using
    Multi_AV in Vista.

    http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
    http://tinyurl.com/yoeru3 - download link and more instructions

    You can also check to see if there are targeted removal steps for your
    malware here:
    Bleeping Computer removal how-to's -
    http://www.bleepingcomputer.com/forums/forum55.html

    When all else fails, get guided help. Choose one of the specialty forums
    listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
    POST LOGS IN THE MS NEWSGROUPS.

    Malke
     
    Malke, Nov 9, 2008
    #2
    1. Advertisements

  3. It is something, but it probably is not a *virus*.
     
    FromTheRafters, Nov 9, 2008
    #3
  4. The only absolutely guaranteed 100% way of resolving a virus problem is to
    format the hard disk and re-install Windows, all your software and your user
    files - which you previously copied to, say, another hard drive or memory
    stick. Not very practical perhaps but at least it has the redeeming feature
    of also clearing out all those bits and pieces of software left behind by an
    incomplete uninstall.

    The next, nearly 100% guaranteed method is to take out the hard drive and
    install it in another computer which has antivirus software installed and
    updated immediately before and scan for viruses. Doing this gets around
    some scanners being crippled by the infection.

    The next, less effective method is to update the virus software and scan for
    viruses in 'Safe Mode'.

    The least effective method is to update the virus software and scan for
    viruses in 'Normal Mode'.

    Having said that, the most practical way is to work the above list in
    reverse order.

    Bill Ridgeway
     
    Bill Ridgeway, Nov 10, 2008
    #4
  5. Thank you for your advice Bill!

    Let me point out that two years ago I formatted and reinstalled XP on a
    laptop.
    This did not get rid of the virus causing the reinstallation in the first
    place.
    I had to disconnect from the net, after I downloaded the latest updates from
    AVG and the install the OS and the updated viruskiller.

    I have managed to update the definition files of Adaware by downloading them
    from download.com
    You see, I have trouble downloading from the webpages of Microsoft and
    Lavasoft.

    Adaware found three threats and removed them, but the problem remains.
    I will now try teh same in safe mode....

    I'll be back, as a famous european once said.

    --

    Vennlig hilsen
    Øyvind Granberg


    www.tresfjording.com
     
    Øyvind Granberg, Nov 10, 2008
    #5
  6. This is sometimes the *only* solution, and sometimes no solution
    at all. Much depends on exactly what malware is involved. Think
    about the fact that you could be reinstalling the malware, or the
    vector the malware used to gain access initially, by reinstalling the
    OS and backed up user programs and data.
    Entirely practical if the malware contains "unknowns" such as a
    downloader that may have downloaded another, undetected as
    yet, malware program.
    Not always a good idea.
    Or take it to a professional.

    From a post by Kayman in m.p.s. newsgroup

    http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
     
    FromTheRafters, Nov 10, 2008
    #6
  7. Øyvind Granberg

    ~BD~ Guest

    I'd like to watch the video, FTR - but I get this message when I try to
    install Silverlight
    http://www.microsoft.com/silverlight/resources/help.aspx?errorID=1503

    Are you (or anyone else here) aware of any other way to access the video -
    might it be on YouTube for example? I wouldn't have a clue what to search
    for in this instance!

    Dave
     
    ~BD~, Nov 10, 2008
    #7
  8. Øyvind Granberg

    1PW Guest

    Hello Øyvind:

    By and of itself, this is counter to industry best practices and
    conventional wisdom. After a proper reformat, installation from known
    good media is the best possible guarantee of a clean system. Surely a
    flaw has entered the procedure.

    Since the malware in question has yet to be identified, perhaps a new
    stance should be considered. The instant an unprotected system is
    allowed to "see" the internet, it has become the proverbial "Honey pot".
    Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must
    introduced in the most protected environment you can provide, before the
    system is allowed to see the Internet.

    The above must include good security templates, security settings, and
    good updated malware protection that has already been vetted. For some,
    this is a hardship as few casual users have taken the necessary steps to
    create perfect installation sources.
    Everything I've said above is conveyed with great respect. I DO so wish
    you well.
     
    1PW, Nov 10, 2008
    #8
  9. <<Think about the fact that you could be reinstalling
    the malware, or the vector the malware used to gain access initially, by
    reinstalling the OS and backed up user programs and data.>>

    Is this a 'real' problem? Re-installing from the original source (CD / DVD)
    software which, until the malware, worked OK there shouldn't be a
    possibility of re-installing malware. However, downloading / installing may
    be of a later version and a risk of installing malware. To guard against
    this possibility I have a copy of downloaded files which can be used to
    re-install later if necessary.

    Of course, having installed Windows and a virus checker, updated same and
    scanned for any malware which may have crept in the window of vulnerability
    whilst updating the computer is then just as vulnerable as before. I have
    (and update regularly) a clone of my hard disk drive. If, therefore, the
    hard disk drive fails (or is heavily infected) I can swap drives, copy my
    user files and update software and I have a working computer in a very short
    time subject to scanning for malware.

    By the way, use of the phrase 'backed up user programs' is a bit ambiguous.
    You cannot (perhaps there are some small exceptions) install from a back-up
    which will have installed by the software. You can, however, install
    downloaded files (which may be found on a backup). Sorry to be pedantic!

    Regards.

    Bill Ridgeway
     
    Bill Ridgeway, Nov 10, 2008
    #9
  10. True, but the flaw used by the malware to infest the system may very
    well be reintroduced. Other flaws, since corrected by patches, might
    be reintroduced as well. Flattening and rebuilding XP after certain worm
    attacks would result in reinfestation within minutes of reconnecting to the
    internet.
    Same as the above applies if the replacing involves retrograding the
    patch level of the affected software. Plus, for the amount of time the
    program was stored in a read/write environment, it could have been
    infected. Executing an infected file may reinfest the system.
    I use a similar method with disk images in files on external drives - plus
    the more conventional full and incremental backups.
    How so?
    A full backup, followed by incremental backups, gives you backed up programs
    as well as backed up user data. Such can be reintroduced when restoring from
    backup after wiping the disk.

    [snip]
     
    FromTheRafters, Nov 10, 2008
    #10
  11. Hello 1PW
    Perhaps you are right about that. I am a bit flumsy sometimes. hehe
    I hva now doubled my RAM to 4GB and will resurrect my use of a firewall.
    The reason I do not use a firewall is because they tend to make problems for
    me when relatives are calling upon the family nerd/geek to fix their pc's.
    Can I bill Bill for that? Twenty years of local support?
    I use AVG 8, and Windows Defender. Plus I run Spybot and Adaware once a
    week.
    In addition to that I will now run the os integrated firewall....
    There... it's activated!!

    How can I identify this virus/malware?

    --ØG--
     
    Øyvind Granberg, Nov 10, 2008
    #11
  12. I will NOT! The "professionals" around here is not much of profesionals.
    hehe... don't mean to brag!


    Vennlig hilsen
    Øyvind Granberg


    www.tresfjording.com
     
    Øyvind Granberg, Nov 10, 2008
    #12
  13. What about this?
    If you reinstall from your original cd things still can get wrong.
    Some viruses are writing themselves to the boot sector, I think they are
    called MBF-viruses, and to the memory.
    If you delete the one on the harddisk, it rewrites it self down on the
    harddisk immidiately from a copy in RAM.
    Think about it:
    A virus is in both the memory and on the harddisk.
    You turn off the computer.
    During shut down the virus secure a copy of it self on the harddisk.
    You put in the original OS cd and boot on that.
    The virus is then activated i the same instance the OS is reaching for the
    HDD and reproduce it self again into the RAM.
    As a result you format the harddisk with the virus active i memory.
    After reformatting, and many reboots, forcing the virus to rewrite it self
    to memory and HDD many times, you still have an infected computer.
    I addition to this I think it don't have to be the virus itself, maybe a
    trojan holding the backdoor open to a certain virus.


    Am I right?

    --

    Vennlig hilsen
    Øyvind Granberg


    www.tresfjording.com
     
    Øyvind Granberg, Nov 10, 2008
    #13
  14. BSI (Boot Sector Infector) viruses are not very common these
    days. You are thinking of MBR (Master Boot Record) viruses
    which are one type of BSI virus.

    There are malware programs that use boot sector code to operate
    and increase their "stickiness" (persistence). I am not aware of any
    that have used this method to regenerate after reformatting though.
    Yeah, some programs operate as guardian programs for other ones.
    Makes removal attempts seem like swatting flies or stomping ants.
    If the malware relies on HDD boot sector code to activate itself,
    then booting from CD will keep it from being active at this point.
    Accessing the HDD now is from within the filesystem as the boot
    was from the CD there is no other MBR code to be used. The
    code can still be reached, but there is no reason for legitimate OS
    loading functions from the CD's produced operating environment
    to do so.
    There was a malware program (a virus IIRC) that faked a format when
    the user tried to get rid of it that way. I can't remember which one though.
     
    FromTheRafters, Nov 10, 2008
    #14
  15. | Perhaps you are right about that. I am a bit flumsy sometimes. hehe
    | I hva now doubled my RAM to 4GB and will resurrect my use of a firewall.
    | The reason I do not use a firewall is because they tend to make problems for
    | me when relatives are calling upon the family nerd/geek to fix their pc's.
    | Can I bill Bill for that? Twenty years of local support?
    | I use AVG 8, and Windows Defender. Plus I run Spybot and Adaware once a
    | week.
    | In addition to that I will now run the os integrated firewall....
    | There... it's activated!!

    | How can I identify this virus/malware?

    | --ØG--


    I gave you a set of directions to post in an Expert Forum -- Have you ?
     
    David H. Lipman, Nov 10, 2008
    #15
  16. :eek:)

    Your choice. If you are the best around - then you are the logical
    choice. If I were you, I would follow the advice offered by Malke.

    Are you running as admin and with UAC disabled?

    Maybe "flatten & rebuild" is the best choice - and learn to live with
    UAC and limited user rights.
     
    FromTheRafters, Nov 10, 2008
    #16
  17. Øyvind Granberg

    ~BD~ Guest

    *I* think you ARE right, OG! :)

    Maybe you should ask the experts about this at http://aumha.net/index.php

    Dave
     
    ~BD~, Nov 11, 2008
    #17
  18. Øyvind Granberg

    Kayman Guest

    Get your facts right! I never posted this comment!
     
    Kayman, Nov 11, 2008
    #18
  19. Øyvind Granberg

    1PW Guest

    On 11/10/2008 01:37 PM, Øyvind Granberg sent:

    Snip, snip...
    Hello ØG:

    If after two years of using various anti-malware applications something
    hasn't been identified, then perhaps you aren't experiencing malware.

    Please follow David H. Lipman's post and let us know what you find.

    Best wishes to you.
     
    1PW, Nov 11, 2008
    #19
  20. Yes, I have disabled UAC!
    I'm like most people; Don't read what's on screen before clicking yes...
    hehe
     
    Øyvind Granberg, Nov 11, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.