PDA

View Full Version : OT-Virus almost wrecked my OS....



Chuck Wintle
01-31-2010, 12:53 PM
Yesterday i my computer got infected by a virus that proved hard to get rid of. AVG was of no use and neither was Spybot SD. It too repeated running's of malwareware bytes to purge the virus, in safe mode, but along the way it did damage to the OS. :mad:

I needed to reinstall several programs, repair some parts of XP that were rendered useless. :confused:

Hopefully it is back to normal! :D:D By the way AVG was next to useless so that is gone. Now what to replace it with? :D

David G Baker
01-31-2010, 12:58 PM
I have had good luck with ZoneAlarm Security Suite.

James Jaragosky
01-31-2010, 1:09 PM
I have had good luck with ZoneAlarm Security Suite.
Norton was rated #1 last year which I found surprising. The close second was ESET http://www.pixelitt.com.au/products/eset-ess-security-info.htm

paul cottingham
01-31-2010, 1:15 PM
AVG is junk. Spybot is not antivirus, neither is malabytes. Try Avast from safe mode. OR get a computer buddy to make an antivirus bootable cd just an example http://www.avast.com/bart-cd . I would be surprised if the OS needs to be reinstalled.



Yesterday i my computer got infected by a virus that proved hard to get rid of. AVG was of no use and neither was Spybot SD. It too repeated running's of malwareware bytes to purge the virus, in safe mode, but along the way it did damage to the OS. :mad:

I needed to reinstall several programs, repair some parts of XP that were rendered useless. :confused:

Hopefully it is back to normal! :D:D By the way AVG was next to useless so that is gone. Now what to replace it with? :D

Glenn Vaughn
01-31-2010, 1:27 PM
I have Avast on all of my computers and have not been compromised "yet". I had AVG for years but moved to Avast when AVG 8 came out and had an overhead that I did not like.

There is no anti-virus tool that is 100% effective - period. The paid for programs are not always better than the freeware programs - new attacks are coming out daily as are new methods. The vendors have to be constantly updating their programs and data to even keep close to current.

Part of the protection is dependant on the user not doing the wrong thing. There are time when the smart thing to do is turn the power off rather than click on a button - especially those that offer to do a free scan of your computer in a pop-up window. Many times clicking on "cancel" or "close" is the same as clicking on "Ok".

Bottom line is that there is no protection that will protect you from yourself.

Dick Strauss
01-31-2010, 4:42 PM
I'm, sorry to hear of your troubles.

If you are on a laptop when the issue pops up, immediately kill your internet connection so that the program can't install more bad stuff.

I have Avast on all of my computers too!

Jim Rimmer
01-31-2010, 5:33 PM
I use CA Security Suite. It's got a firewall, virus checker, the works and it is only $50 or $60. It's got a few quirks you have to get used to at first but they are there to protect you. It even sends an email if you're not upgrading (free upgrades) regularly.

Ken Fitzgerald
01-31-2010, 6:27 PM
I have CA Sercurity Suite on one computer and ZoneAlarm Security Suite on the other computer.

Neither has had a problem yet.

Both programs are a firewall, antivirus and antispyware.

Phil Thien
01-31-2010, 6:38 PM
I own the oldest computer store in Wisconsin.

Once of the oldest in the country, according to Tech Data and Ingram Micro.

We do a LOT of virus cleaning. 20+ machines per week on carry-in, another 10+/week remote.

None of the antivirus products mentioned above (avast, Norton, CA, ZA) work substantially better than any other. We see infected machines running all of them.

There is only ONE WAY to keep your machine clean!

SWITCH YOUR ACCOUNT FROM ADMINISTRATOR TO LIMITED USER.

Limited users cannot modify the "\Windows" and "\Program Files" folders.

Nor can they make adjustments to critical registry entries that change what happens on startup on your PC.

You CAN get a virus on your machine while running as Limited, but rebooting the machine is all it takes to clear the virus.

If you need instructions on how to do this I can post step-by-step.

Chuck Wintle
01-31-2010, 6:52 PM
I own the oldest computer store in Wisconsin.

Once of the oldest in the country, according to Tech Data and Ingram Micro.

We do a LOT of virus cleaning. 20+ machines per week on carry-in, another 10+/week remote.

None of the antivirus products mentioned above (avast, Norton, CA, ZA) work substantially better than any other. We see infected machines running all of them.

There is only ONE WAY to keep your machine clean!

SWITCH YOUR ACCOUNT FROM ADMINISTRATOR TO LIMITED USER.

Limited users cannot modify the "\Windows" and "\Program Files" folders.

Nor can they make adjustments to critical registry entries that change what happens on startup on your PC.

You CAN get a virus on your machine while running as Limited, but rebooting the machine is all it takes to clear the virus.

If you need instructions on how to do this I can post step-by-step.

well i did manage to get rid of the virus using several programs, one after the other, in safe mode. it was a struggle and in the process XP got messed up. Some but not all programs refused to work afterward as did some parts of XP. I have been busy finding fixes for them and for the most part it is all back to normal. In the end I may reinstall XP to solve something that is preventing Avast and AVG from properly working. I ran chkdsk several times and SFC several times. Your advice to run in limited user mode and should be heeded more often.

What would be nice is a program that could check all aspects of XP to see if it is all working correctly.

If I do reinstall it will take time to put back all the programs i am using.

paul cottingham
01-31-2010, 7:13 PM
I say this too much, BUT the easiest way to avoid viruses (not completely, but you get the picture) is to not use Windows. Linux and its variants (and I include Mac amongst those) are nowhere near as vulnerable, largely for the reasons mentioned above...the root user is rarely, if ever used by the OS for vulnerable stuff.

Chuck Wintle
01-31-2010, 7:21 PM
I say this too much, BUT the easiest way to avoid viruses (not completely, but you get the picture) is to not use Windows. Linux and its variants (and I include Mac amongst those) are nowhere near as vulnerable, largely for the reasons mentioned above...the root user is rarely, if ever used by the OS for vulnerable stuff.

Paul,
I could not agree more with you but a lot of apps don't have an equivalent in Linux so i still like XP for that. Unfortunately i got careless(stupid) and tried to run a program that contained viruses(virii?), I know, i know, it really went to town before I could properly react to it. I finally managed to get malwarebytes to run in safe mode and got rid of it, no thanks to AVG at all though. So my dilemma now is the re-install with all the extra too. :(

paul cottingham
01-31-2010, 7:26 PM
You might be surprised. A shocking number of my windows apps run in Wine. The ones that won't, I run in vmware running my old copy of XP.

Best of both worlds, and i no longer pay the Microsoft tax.

Scott T Smith
01-31-2010, 8:19 PM
I own the oldest computer store in Wisconsin.

Once of the oldest in the country, according to Tech Data and Ingram Micro.

We do a LOT of virus cleaning. 20+ machines per week on carry-in, another 10+/week remote.

None of the antivirus products mentioned above (avast, Norton, CA, ZA) work substantially better than any other. We see infected machines running all of them.

There is only ONE WAY to keep your machine clean!

SWITCH YOUR ACCOUNT FROM ADMINISTRATOR TO LIMITED USER.

Limited users cannot modify the "\Windows" and "\Program Files" folders.

Nor can they make adjustments to critical registry entries that change what happens on startup on your PC.

You CAN get a virus on your machine while running as Limited, but rebooting the machine is all it takes to clear the virus.

If you need instructions on how to do this I can post step-by-step.


Phil, please post the steps. I take it that you would retain an administrative login, but would use the limited login for everyday use?

Phil Thien
01-31-2010, 9:43 PM
Phil, please post the steps. I take it that you would retain an administrative login, but would use the limited login for everyday use?

The abridged version (let me know if you need more help).

(1) Use regedit and find the following key:
\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\allocatecdroms

And change it from 0 (zero) to 1 (one). If you don't do this, you won't be able to burn CD's/DVD's when you're all done.

(2) Open Control Panel/Users. Create a new user. I use "Admin" (no quotes). Set a password on the new "Admin" account. If you have teenagers in the house, you may want to keep the password to yourself. If you have teenagers, and they're constantly infecting your machine, you may also want to set a password on the "Administrator" account (the "Administrator" account is a default account in Windows available when booting in "Safe Mode." Let me know if you need help on this).

(3) Now use the Users applet under control panel to change all the other accounts on the machine to "Limited user."

(4) Reboot, you're done.

If you want to install/uninstall software or make substantial changes to Windows, you'll can login to the "Admin" account to do so.

Another way that doesn't require logging into Admin is to use the "Run as." In Control Panel, hold down the shift key while right-clicking on the icon for the applet you want to run. Left-click "Run as." Now select "The following user" and select the "Admin" user and type in your password.

Let me know if anything needs any clarification or further explanation.

Like I may have said, I've done this for families that were constantly battling viruses, and (despite their best efforts), the teenagers have been unable to reinfect their PC's as long as they don't use the "Admin" account for anything but PC maintenance.

I have had a couple of dads reinfect the machines when using the "Admin" account because they're trying to get to porn. It only happens once because I'm brutally honest with the moms, and I also change the "Admin" password and don't share it with dad again.

I've also had some moms share the "Admin" password with the kids who constantly insist they need it "because I need to install something for school." Mom only falls for that once.

Chuck Wintle
02-01-2010, 7:33 AM
A few months ago I made an image of my working installation so tonight I will copy this over to replace my busted OS. :D

Curt Harms
02-01-2010, 8:08 AM
A few months ago I made an image of my working installation so tonight I will copy this over to replace my busted OS. :D

Charles

I did something similar but it wasn't a virus, just carelessness with a partition/boot manager that nuked the MBR. Images are useful, aren't they?:D

Curt Harms
02-01-2010, 8:14 AM
You might be surprised. A shocking number of my windows apps run in Wine. The ones that won't, I run in vmware running my old copy of XP.

Best of both worlds, and i no longer pay the Microsoft tax.

I haven't messed with WINE yet. Except for Quickbooks, I can do everything I need to do with native Linux apps--Open Office, Firefox, Thunderbird. Have you tried tried play on linux (http://www.playonlinux.com/en/) yet? It looks to be primarily oriented to games but I've seen some good reviews for it.

Anthony Scira
02-01-2010, 10:14 AM
Use non html email, do not download material from untrusted sites. Never open attachments unless you are expecting them. Do not trust the email from the hot Russian girl saying she wants to get to know you better. Don't click the link.

Turn on automatic updates in Windows.

I don't want to say your 100% safe if you follow these rules. But with one laptop I have just for fun I run no security on it and have never had a virus. And that is with NO AntiVirus.

Scott T Smith
02-01-2010, 11:31 AM
The abridged version (let me know if you need more help).

(1) Use regedit and find the following key:
\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\allocatecdroms

And change it from 0 (zero) to 1 (one). If you don't do this, you won't be able to burn CD's/DVD's when you're all done.

(2) Open Control Panel/Users. Create a new user. I use "Admin" (no quotes). Set a password on the new "Admin" account. If you have teenagers in the house, you may want to keep the password to yourself. If you have teenagers, and they're constantly infecting your machine, you may also want to set a password on the "Administrator" account (the "Administrator" account is a default account in Windows available when booting in "Safe Mode." Let me know if you need help on this).

(3) Now use the Users applet under control panel to change all the other accounts on the machine to "Limited user."

(4) Reboot, you're done.

If you want to install/uninstall software or make substantial changes to Windows, you'll can login to the "Admin" account to do so.

Another way that doesn't require logging into Admin is to use the "Run as." In Control Panel, hold down the shift key while right-clicking on the icon for the applet you want to run. Left-click "Run as." Now select "The following user" and select the "Admin" user and type in your password.

Let me know if anything needs any clarification or further explanation.

Like I may have said, I've done this for families that were constantly battling viruses, and (despite their best efforts), the teenagers have been unable to reinfect their PC's as long as they don't use the "Admin" account for anything but PC maintenance.

I have had a couple of dads reinfect the machines when using the "Admin" account because they're trying to get to porn. It only happens once because I'm brutally honest with the moms, and I also change the "Admin" password and don't share it with dad again.

I've also had some moms share the "Admin" password with the kids who constantly insist they need it "because I need to install something for school." Mom only falls for that once.


Phil - thanks much for the info. I think that I can follow most of it; I'll send you a PM if I get lost. Again, many thanks. Scott

Randal Stevenson
02-01-2010, 12:11 PM
I have had ONE virus in the years. It infected the antivirus program. I use Trendnet? (google online antivirus), to check the computer and as a secondary, BUT, if the virus is less then a week old (not based on another), etc. NEITHER will cure it.

I switched to Linux a few years back, and haven't looked back. While this may not work for your programs, you could use Linux as just an internet browser. (or a bootable version to get online to search for how to's on that particular virus and removing)

Eric DeSilva
02-01-2010, 12:25 PM
Do not trust the email from the hot Russian girl saying she wants to get to know you better.

Aw man. But she seems so... earnest.

Jerome Hanby
02-01-2010, 12:35 PM
I use Avast these days and have no complaints. On a side note, if you aren't reinstalling Windows at least once a year, you just ain't living right:D.

I will say it's gotten a little better over the years, but I still try to burn a cd of anything I install and store it in my cd wallet for that PC so when (not if) I have to reinstall, I can restore all the apps.

paul cottingham
02-01-2010, 1:28 PM
Then how do you know you have never had a virus?

Use non html email, do not download material from untrusted sites. Never open attachments unless you are expecting them. Do not trust the email from the hot Russian girl saying she wants to get to know you better. Don't click the link.

Turn on automatic updates in Windows.

I don't want to say your 100% safe if you follow these rules. But with one laptop I have just for fun I run no security on it and have never had a virus. And that is with NO AntiVirus.

paul cottingham
02-01-2010, 1:30 PM
I haven't messed with WINE yet. Except for Quickbooks, I can do everything I need to do with native Linux apps--Open Office, Firefox, Thunderbird. Have you tried tried play on linux (http://www.playonlinux.com/en/) yet? It looks to be primarily oriented to games but I've seen some good reviews for it.

Quickbooks may run in wine, I think. failing that run it in vmware. OR try an open source alternative. Maybe one of them will read quickbooks files.

Chuck Wintle
02-02-2010, 7:42 AM
Charles

I did something similar but it wasn't a virus, just carelessness with a partition/boot manager that nuked the MBR. Images are useful, aren't they?:D
Yes Images are very useful!!:D Last night i used an image done several months ago to restore my system and everything is up and running perfectly. I had to update a few things though including windows. :D:D

Paul Atkins
02-02-2010, 4:08 PM
After reading this I'm going to start running on Wine. My folks XP machine got infected and messed everything up. My laptop with win7 has crashed 3 or 4 times in the last few months and ready to go to linux on these machines. My Mac is the mainstay here without any problems. What version of linux is the 'best'? Doesn't seem right to buy a machine and have to re-invent it all the time. It's like buying a new car and having to rebuild the engine yourself on the kitchen table every few months. Love these time saving devices.

Chuck Wintle
02-02-2010, 4:25 PM
After reading this I'm going to start running on Wine. My folks XP machine got infected and messed everything up. My laptop with win7 has crashed 3 or 4 times in the last few months and ready to go to linux on these machines. My Mac is the mainstay here without any problems. What version of linux is the 'best'? Doesn't seem right to buy a machine and have to re-invent it all the time. It's like buying a new car and having to rebuild the engine yourself on the kitchen table every few months. Love these time saving devices.
Ubuntu is one of the best distro's around. Easy to install and very user friendly to add programs and updates.

Brian Ashton
02-02-2010, 4:28 PM
Yesterday i my computer got infected by a virus that proved hard to get rid of. AVG was of no use and neither was Spybot SD. It too repeated running's of malwareware bytes to purge the virus, in safe mode, but along the way it did damage to the OS. :mad:

I needed to reinstall several programs, repair some parts of XP that were rendered useless. :confused:

Hopefully it is back to normal! :D:D By the way AVG was next to useless so that is gone. Now what to replace it with? :D

When it actually comes to confirmed infections I've found AVG to be 0 out of 5 with respect to actually helping to do something about it. Program couldn't stop anything. Wouldn't have it on a computer even if they paid me - not worth the hassle of being informed that I've been infected and then saying your SOL.

You get what you pay for...

Now there's probably many that will say AVG is great! Waite till you actually experience an infection...

paul cottingham
02-02-2010, 6:47 PM
Ubuntu is great.

Randal Stevenson
02-02-2010, 6:53 PM
After reading this I'm going to start running on Wine. My folks XP machine got infected and messed everything up. My laptop with win7 has crashed 3 or 4 times in the last few months and ready to go to linux on these machines. My Mac is the mainstay here without any problems. What version of linux is the 'best'? Doesn't seem right to buy a machine and have to re-invent it all the time. It's like buying a new car and having to rebuild the engine yourself on the kitchen table every few months. Love these time saving devices.

NO version is "best", it is more what fits. My personal recommendation, is two fold. First, figure out what your run, and NEED to run (programs that could have compatible programs, or mostly compatible programs, like Open Office and MS office; verses programs that you NEED, that are Windows only (office app?)). The second part is two fold, look both at Distrowatch, and see if you have a local users group/computer/Linux club. AS LONG AS you have a working computer with internet connection, your ok. When I started using Linux years back, Red Hat was THE popular distro, and if you had problems, you could contact the group (especially when you only had one computer). Now there are so many forums, it is much easier to both find help, and the software has made things easier, due to more tools/gui stuff.

I am posting from a Windows machine currently (netbook/notebook hybrid), but in general, all of my web stuff, is from a Linux machine.

Phil Thien
02-02-2010, 8:48 PM
When it actually comes to confirmed infections I've found AVG to be 0 out of 5 with respect to actually helping to do something about it. Program couldn't stop anything. Wouldn't have it on a computer even if they paid me - not worth the hassle of being informed that I've been infected and then saying your SOL.

You get what you pay for...

Now there's probably many that will say AVG is great! Waite till you actually experience an infection...

Been in the same position w/ Norton, McAfee, avast!, CA, Sophos, all of them. The fact is, once the virus sneaks by the antivirus software, it gets exponentially more difficult to clean off the machine.

Paul Atkins
02-03-2010, 1:49 AM
Going to try Ubuntu tomorrow - thanks.

paul cottingham
02-03-2010, 1:56 AM
Just a thought. There are live cd versions of ubuntu so you can try it. In fact I think any ubuntu cd has a live option on bootup, so you can try it painlessly.

Brian Ashton
02-03-2010, 2:51 AM
Been in the same position w/ Norton, McAfee, avast!, CA, Sophos, all of them. The fact is, once the virus sneaks by the antivirus software, it gets exponentially more difficult to clean off the machine.

I've always said that to people that a program is only capable of dealing with code that is in it's database... With a free program you are reliant on a company that is making nothing off the program to keep it up to date... For me that's not all that confidence inspiring. Norton's on the other hand has hundreds, if not thousands, of honey pots scattered around the world just waiting to be infected so they can detect the latest scum bag incarnation...

The problem I found with AVG was it actually detected the virus attacks but let them through and infect my computer(s); I was using different OS's and browsers... It also identified a couple of the viruses and still did nothing. So for me I think the program is garbage. At least with Norton's it's quarantined anything suspicious for me to deal with as I needed even if it didn't know specifically what it was.

But now I use a mac that has so little of the market share that no one want's to invest the time to infect it... Though... I have installed XP on a separate partition for all my uni studies, but I don't give it any internet access.

paul cottingham
02-03-2010, 12:28 PM
Actually clamav has a terrific reputation and it is open source. I use it in linux, and am very pleased. The windows version doesn't filter email or I would use it there too. Many open source programs are better supported and better updated than their proprietary counterparts.