Virus infection as soon as I'm online! Help

Virus infection as soon as I'm online! Help

Post by VG90byBTYW » Wed, 01 Mar 2006 19:52:28


Hi all experts,

My home computer (XP Home) caught Trojan Horse viruses a month ago, with spy
watching (so it says). Then I couldn't figure out how to delete the virus so
I formated C: and re-installed the system.

However, as soon as I installed broadband software and got connected to the
internet, these trojan viruses attacked me again!

I've tried re-install the system serveral times. Now I do not dare to go
online at all coz each time I felt I was bombed with virus & spy watch
immediately... :(

Please help me! Why is it and how to get rid of these spy & virus?

ps, i'm using AVG free edition and I would update the DB once i'm online!

Thanks in advance!
 
 
 

Virus infection as soon as I'm online! Help

Post by Shenan Sta » Wed, 01 Mar 2006 20:14:15


Did you turn on your firewall before connecting to the Internet?
Did you install SP2 before connecting to the Internet? (You can download
the full IT version and install it before ever connecting to the Internet
with this particular system.)
Did you know you could download the AVG updates, write them to some external
media and come online with updated definitions?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.yqcomputer.com/ ~esr/faqs/smart-questions.html

 
 
 

Virus infection as soon as I'm online! Help

Post by VG90byBTYW » Wed, 01 Mar 2006 20:24:28

OK, I will check the Firewall making sure it's turned on.
No, I need to download the SP2
Yes, I do download updates onto my USB key & update my AVG at home before I
go online.

Thank you for your reply. I'll get back to you about the results!
 
 
 

Virus infection as soon as I'm online! Help

Post by Martin Spe » Wed, 01 Mar 2006 20:27:32


Prey tell me how you download something without first connecting ... or do
we assume you download from another machine that is known to be clean?


Same question as above.
 
 
 

Virus infection as soon as I'm online! Help

Post by Martin Spe » Wed, 01 Mar 2006 20:42:03


Is your XP Home SP1 or SP2. SP1 does have a firewall but its pretty basic
compared to the firewall with SP2. Have a look in your Network Connections
that are avai;able from the Control Panel. If the firewall is active you
should see firewalled after the connection name. If it is not firewalled
then right click the connection that you are using to access the internet
and then select properties followed by advanced, you should be able to
activate the firewall from there, at least then you will have a sporting
chance of avoiding contamination.

You are not stopping these exploits from getting a hold, the average
survival time for an XP system to become infected is something like 12
minutes, not enough time to get SP2 downloaded if you havent got it
already,so give your system a chance, activate the firewall as per above.


Until you think about the problem in hand and educate yourself on how to
practice "safe hex" then you are and will be a sitting duck, activate the
firewall and then whilst you download all the service patches for your XP
Home system, do some research either in the security and anti-virus
newsgroups or use google and search for spy-ware removal tools and ad-ware
removal and protection. There are plenty of free tools out there, including
Microsofts new Defender.

I hope I have helped you ... We cant get any further without more
information of the alerts you are getting or the infections that you think
you have. I am edging bets on windows messenger service and the pop up
windows that can be generated with the exploit that makes you think that you
are infected and you need to click here to buy or protect your system. If
this is the case, ignore them, dont click them, get SP2 downloaded and
installed, and those annoying windows will stop. Or, you can search for how
to disable the windows messenger service, do not confuse this service with
Windows Messenger tool or MSN Messenger, they are different.

I would do that whilst i wait for SP2 to download, and before i get
researching how to be safe online.


You are welcome ...

TpwUK
 
 
 

Virus infection as soon as I'm online! Help

Post by Martin Spe » Wed, 01 Mar 2006 20:47:21


Excellent ... you are well on your way to being better protected.

TpwUK
 
 
 

Virus infection as soon as I'm online! Help

Post by VG90byBTYW » Wed, 01 Mar 2006 20:47:27

Yes, I download from work which is clean.
 
 
 

Virus infection as soon as I'm online! Help

Post by Martin Spe » Wed, 01 Mar 2006 20:56:28


<snipped>

Another suggestion here Toto, if your workplace is allowing access to the
internet, this suggests that your workplace would have an IT Manager or
System Administrator .... If so, go talk to them in the lunch break, gleam
some knowledge if they are not too busy to talk to you, when it comes to
computer security most administrators and IT managers I have had experience
with are more than happy to discuss the subject, and what tools they use to
keep your workplace up and running...

Also if you are using XP machines at work, then the chances are they are on
SP2, maybe your administrator or IT manager already have a copy they can let
you borrow, as long as it is only the SP2 and not a full blown XP with SP2.

TpwUK
 
 
 

Virus infection as soon as I'm online! Help

Post by VG90byBTYW » Wed, 01 Mar 2006 21:11:31

reat! I'm downloading SP2 & AVG updates at work now! Will install it at home
even before I install the Broadband components. Will update you with the
result.

Unfortunately, I am the new and the first IT administrator here... very
ashamed (a small company and I just got this job and a lot a lot to learn...)
Thankfully there is this great community to help me out :D

"Martin Spencer-Ford" wrote:

 
 
 

Virus infection as soon as I'm online! Help

Post by Shenan Sta » Wed, 01 Mar 2006 21:12:41

oto Sanderson wrote:

Learn to really protect your investment in your computer..

Microsoft has these suggestions for Protecting your computer from the
various things that could happen to you/it:

Protect your PC
http://www.microsoft.com/security/protect/

Outfitting a new computer for the Net
http://www.microsoft.com/athome/security/update/newcomputer.mspx

Getting started with a new PC
http://www.microsoft.com/athome/moredone/yournewpc.mspx

Although those tips are fantastic, there are many things you should
know above and beyond that. Below I have detailed out many tips
that can not only help you clean-up a problem PC but keep it clean,
secure and running at its best.

I know this text can seem intimidating - it is quite long and a lot
to take in for a novice - however I can assure you that one trip
through this list and you will understand your computer and the
options available to you for protecting your data much better -
and that the next time you go through these steps, the time it
takes will be greatly reduced.

Let's take the cleanup of your computer step-by-step.
Yes, it will take up some of your time - but consider what you use
your computer for and how much you would dislike it if all of your
stuff on your computer went away because you did not "feel like"
performing some simple maintenance tasks - think of it like taking
out your garbage, collecting and sorting your postal mail, paying
your bills on time, etc.

I'll mainly work around Windows XP, as that is what the bulk of this
document is about; however, here is some places for you poor souls
still stuck in Windows 98/ME where you can get information on
maintaining your system:

Windows 98 and 'Maintaining Your Computer':
http://www.microsoft.com/windows98/usingwindows/maintaining/

Windows ME Computer Health:
http://www.microsoft.com/windowsME/using/computerhealth/articles/

Pay close attention to the sections:
(in order)
- Clean up your hard disk
- Check for errors by running ScanDisk
- Defragment your hard disk
- Roll back the clock with System Restore


Also - now is a good time to point you to one of the easiest ways to find
information on problems you may be having and solutions others have found:

Search using Google!
http://www.google.com/
(How-to: http://www.google.com/intl/en/help/basics.html )


Now, let's go through some maintenance first that should only have to be
done once (mostly):

Tip (1):
Locate all of the software you have installed on your computer.
(the installation media - CDs, downloaded files, etc)
Collect these CDs and files together in a central and safe
place along with their CD keys and such. Make backups of these
installation media sets using your favorite copying method (CD/DVD Burner
and application, Disk copier, etc.) You'll be glad to know that if you
have a CD/DVD burner, you may be able to use a free application to make a
duplicate copy of your CDs. One such application is ISORecorder:

ISORecorder page (with general instructions on use):
http://isorecorder.alexfeinman.com/beta.htm

Yes - it is BETA software - but very useful and well tested.
(Don't know what "BETA" means? In simplest terms, it is the stage of a
softwares' life where it is tested for bugs, crashes, errors,
inconsistencies, and any other problems.)

More full function applications (free) for CD/DVD burning would be:

CDBurnerXP Pro
http://www.cdbu
 
 
 

Virus infection as soon as I'm online! Help

Post by UGFuZGFfbW » Wed, 01 Mar 2006 22:44:06

ou use SP1 and this is probably why you got infected on your Windows XP.
Both Service Pack 1 and Service Pack 2 for Windows XP have firewall in them
but SP1 don't turn on the firewall for the high speed internet automatically.


By the way , what is this broadband software?
It is good practise and we all do it to first install the OS , then dirvers
, make sure it is all right and so on...
Nowadays many drivers and even the legal one comes with malware in them -
trojans or spyware.

Is your Windows legal ?
Are your drivers legal ?
What I do as soon as installing Windows and the dirvers for my computer is
to install antivirus software which I update even before updating Windows and
clean nasty infections...I hate these guys who insert trojans (high level
dangerous) or hacking tools and then say:"No,we didn't installed them , it is
false positives...bla bla..."

So download all tools from work , make sure they are 100% malware free
-check them with antivirus or using this online scanner
http://www.activescan.com

Install your Windows , install the drivers,install the antivirus , make sure
your Windows firewall (in SP1 it is called ICF) is on.
See how here:
http://www.microsoft.com/windowsxp/using/security/learnmore/enableicf.mspx



Now visit Windows Update and update Windows.Read this before installing SP2
http://www.microsoft.com/windowsxp/sp2

and do not install it until you make sure your computer is clean.

Don't hesitate to contact the Community again !

Learn how to protect your PC:
http://www.microsoft.com/protect

If you need help removing malicious software , visit my web-page:
http://pandaman.hit.bg


Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg


"Toto Sanderson" wrote:

 
 
 

Virus infection as soon as I'm online! Help

Post by Phil Wilso » Thu, 02 Mar 2006 05:13:05

It might be useful to tell people what trojan/worm/virus you got infected
with. A firewall won't help at all if you're getting infected because you
are opening email attachments, allowing too much active content in Internet
Explorer, or downloading dubious stuff from the internet and running it.
--
Phil Wilson [MVP Windows Installer]
----
 
 
 

Virus infection as soon as I'm online! Help

Post by UGFuZGFfbW » Thu, 02 Mar 2006 05:57:29

Yes... but because he have SP1 the ICF is not turned on by default for the
LAN (high speed internet) whereas it is on for SP2.

So without a firewall every hacker and ... *** ager without work can get
into his PC.
When I leave a software firewall ON on a computer always online , the
firewall reports "Port scan attack blocked" every 30 minutes on average.So if
30 minutes , 60 minutes or more he is without firewall , the first port scan
will be seen and his computer will be attacked.
As he is using SP1 and wothout updates SP1 is vulnerable to Sasser,for
example , and many other well known threats...and fresh install of XP Sp1
(without any firewall) ...=> what does this mean?! :)

Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.yqcomputer.com/
http://www.yqcomputer.com/
 
 
 

Virus infection as soon as I'm online! Help

Post by John McGa » Thu, 02 Mar 2006 07:49:08


What does "these trojan viruses attacked me again!" really mean? Did
your anti-virus software tell you this or did you simply see a window
pop up on your screen telling your that you were infected? If you have
the firewall turned on and a legitimate AV program running then I
suspect that what you are seeing is simply a messenger window trying to
convince you to pay a company to "repair" your system. Try running a
full system can with AV software and see what turns up. But _first_
disable the messenger service -- you don't need it.

John McGaw
http://www.yqcomputer.com/
 
 
 

Virus infection as soon as I'm online! Help

Post by Jaso » Thu, 02 Mar 2006 11:53:15

* Toto Sanderson < XXXX@XXXXX.COM >:

Isn't windows just wonderful? Less then 5 minutes to get it patched
before it's infected. wheeeeeeee

Jason