XP Internet Security Virus HELP
in [Windows Viruses]
|
From: sandy on 8 Mar 2010 02:15 ODBC files problem is here dBase ms driver *.dbf excel *.xls ms access database "David Kaye" wrote: > =?Utf-8?B?RGluYQ==?= <Dina(a)discussions.microsoft.com> wrote: > > >This program started and I know it's a virus. I ran Malwarebytes in safe > >mode and it removed 3 infected files from the registry: antivirus disable > >notify, firewall disable notify and updates disable notify. I reboot and the > >program was back. I then removed them manually in safe mode. I reboot and > >it was back again. It has also disabled my internet. Last update in > >Malwarebytes was 12/2009. > > Did you run MB in full scan or quick scan? Do it twice in full scan. You may > need something like ComboFix if it's a serious rootkit and the thing is > booting in Linux or something that Windows can't see. > > The three "infected files" you mention are simply the notifications from the > Security Center, so in essence, MB didn't find anything. Try running a copy > of Avast. I'm not sure, but I think you can DL and run it in safe mode with > networking. > > . >
From: David Kaye on 8 Mar 2010 03:25 "FromTheRafters" <erratic @nomail.afraid.org> wrote: >One might think that it would be easier to detect viruses than would be >to detect malware since it is known that at least one function of the >virally infected program will cause replication - it is at least >something constant to look for, but virus authors have complicated >things somewhat. In February 2009 I had a virus on my main computer that was the very worse I've ever seen. I never did find it because I shut down the machine as soon as I saw what was happening. It kept copying an html snippet to each and every stored web page, text file, and Word document it could find. The URL pointed to a place in Poland. The thing was a menace. When I searched on the URL within files on my HD I found no fewer than 2500 files had been infected in a very short amount of time, maybe 10 minutes. Luckily I had a recent backup of all the files I needed, so I just reformatted the drive.
From: David H. Lipman on 8 Mar 2010 06:47 From: "David Kaye" <sfdavidkaye2(a)yahoo.com> | "FromTheRafters" <erratic @nomail.afraid.org> wrote: >>One might think that it would be easier to detect viruses than would be >>to detect malware since it is known that at least one function of the >>virally infected program will cause replication - it is at least >>something constant to look for, but virus authors have complicated >>things somewhat. | In February 2009 I had a virus on my main computer that was the very worse | I've ever seen. I never did find it because I shut down the machine as soon | as I saw what was happening. It kept copying an html snippet to each and | every stored web page, text file, and Word document it could find. The URL | pointed to a place in Poland. The thing was a menace. When I searched on the | URL within files on my HD I found no fewer than 2500 files had been infected | in a very short amount of time, maybe 10 minutes. | Luckily I had a recent backup of all the files I needed, so I just reformatted | the drive. It sounds like you had a variant of the Virut virus. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "FromTheRafters" erratic on 8 Mar 2010 18:46 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hn2c9k$vuh$1(a)news.eternal-september.org... > "FromTheRafters" <erratic @nomail.afraid.org> wrote: > >>One might think that it would be easier to detect viruses than would >>be >>to detect malware since it is known that at least one function of the >>virally infected program will cause replication - it is at least >>something constant to look for, but virus authors have complicated >>things somewhat. > > In February 2009 I had a virus on my main computer that was the very > worse > I've ever seen. I never did find it because I shut down the machine > as soon > as I saw what was happening. It kept copying an html snippet to each > and > every stored web page, text file, and Word document it could find. Probably iframes leading the user to browser vector exploits all collected together on a single website. This is part of a distribution method for both rogue security (scareware) programs and bots. > The URL pointed to a place in Poland. Over time, many places were used. Funny thing is, when an old domain name was used up and abandoned - scareware sites would pop up offering to remove "whatever.pl/something" when lame antimalware applications would detect them (the iframes) on user's harddrives. You were no longer in any danger by going there, but trying to remove this non-threat by using Google might well get you into the same trouble. > The thing was a menace. When I searched on the > URL within files on my HD I found no fewer than 2500 files had been > infected > in a very short amount of time, maybe 10 minutes. Infecting files such as already described does not make a thing a virus, these infections are not copies of itself but instead are directing browsers to additional malware. Even if it directed browsers to a copy of itself, it might not qualify as a virus under some definitions (but would be a worm instead). ....but if this is "Virut" - it also does copy itself into some executable files, virally infecting them. > Luckily I had a recent backup of all the files I needed, so I just > reformatted > the drive. It is luck that you *made* for yourself by having such a plan in place.
From: ~BD~ on 9 Mar 2010 05:05
David Kaye wrote: > I'm still amazed at how many customers don't have backups of things like their > accounting, their precious family photos, their masters thesis, whatever. But > then again, when their computers get infected they call on me because I can > fix them up without having to wipe their HDs. I used to be like that! ;) Do you have a website for your business, David? If so, may I visit? -- Dave |