Prev: Any decent 500-700 watt power supplies no more than $95 US?
Next: Difference between DDR2 800 and DDR3 1600?
From: Trevor Smithson on 17 Feb 2010 19:14
I have a second pc that I use with a home theater system. The other
day I finally got around to putting an anti-virus program on, had been
running fine for over two years without it, no viruses or popups.
Downloaded avg from download.com.

Two DAYS after installing, and there's a firestorm of
malware/scareware/ransomware on the machine. Didn't install anything
else. The system has always been fully patched Windows update wise.

Only rational reason I can come up with is that there was something
lurking on the machine, and that installing avg activated the malware
somehow...maybe defending itself?

Paranoid reason is that avg and/or download.com have been compromised.
Anyone had any problems with them, or heard of such a thing?
From: Mike Easter on 17 Feb 2010 19:45
Trevor Smithson wrote:

> Downloaded avg from download.com.

The free avg site download steps doesn't lead to download.com but
download.cnet.com -which page looks like CNET (in a red ball)
download.com and if you just use WGET www.download.com redirects to
download.cnet.com.

Whenever you turn a search engine on to access something like avg, you
are besieged with ads and links to various AV junk, some of which is
dangerous.

When I follow the avg free links, besides avg working hard to get me to
'free download' one of the pay versions, by the time I get to the cnet
(call it download.com if you like) page, there are 3 different download
arrows; download now, and 2 start download, one of them bright yellow.

Two thirds of those are not AVG free.


--
Mike Easter
From: Flasherly on 17 Feb 2010 19:54
On Feb 17, 7:14 pm, Trevor Smithson <trevor_smith...(a)yahoo.com> wrote:
> I have a second pc that I use with a home theater system. The other
> day I finally got around to putting an anti-virus program on, had been
> running fine for over two years without it, no viruses or popups.
> Downloaded avg from download.com.
>
> Two DAYS after installing, and there's a firestorm of
> malware/scareware/ransomware on the machine. Didn't install anything
> else. The system has always been fully patched Windows update wise.
>
> Only rational reason I can come up with is that there was something
> lurking on the machine, and that installing avg activated the malware
> somehow...maybe defending itself?
>
> Paranoid reason is that avg and/or download.com have been compromised.
> Anyone had any problems with them, or heard of such a thing?

I redid a drive after loading a SMART HD diagnostics utility. Had a
nasty crash sometimes after and Windows reported bad sectors, so I
booted into DOS formatted the drive and restored it. Partial binary,
partial direct copies. Easy way to say No to Windows' mapping of a
drive for "bad" sectors.

Haven't used AVG in ages. Protection in the wrong hands is an
opportunity to prey on those who wouldn't know otherwise -- there's
stories of software that creates contentious situations for monetary
purposes. . .I'm not saying AVG, though.

Free. I use CLAM -- find it on Sorceforge.net. MJ Registry Watcher
monitors realtime registry attempt entries. Free. COMODO firewall.
Also free last I looked and if you're into that sort of thing. Then
there's many sites that explain how to take preventative steps to
"hardening" at the system level Windows.

None can beat a first-defense backup. Becomes second nature to
remember what you did last before something tried to burn you. Rest
is just not getting too far ahead and caught without one.

I also have another computer integrated into a decent stereo. If
build a computer, I exercise care...if I install software, same deal.
Simple. Since it's entirely for my entertainment, a standalone
operation and not networked, why take any static? (Apart from not
minding a thought to replace the Carver with a Chinese EL84 vacuum-
tubed amp @80W a channel -- sweet).
From: Paul on 17 Feb 2010 20:05
Trevor Smithson wrote:
> I have a second pc that I use with a home theater system. The other
> day I finally got around to putting an anti-virus program on, had been
> running fine for over two years without it, no viruses or popups.
> Downloaded avg from download.com.
>
> Two DAYS after installing, and there's a firestorm of
> malware/scareware/ransomware on the machine. Didn't install anything
> else. The system has always been fully patched Windows update wise.
>
> Only rational reason I can come up with is that there was something
> lurking on the machine, and that installing avg activated the malware
> somehow...maybe defending itself?
>
> Paranoid reason is that avg and/or download.com have been compromised.
> Anyone had any problems with them, or heard of such a thing?

I would sooner assume *your* machine was compromised, than assume a
major web site was.

Major web sites *do* get hacked. The main page at Asus was hacked a few
years back, and was handing out some kind of viral payload. I think the
MSI site suffered from the same thing, and I did get something from them.
So it does happen. It probably gets the most publicity, if tons of users
immediately notice what has happened. And then it cannot be swept under the rug.
I suspect a good number of compromise situations, are from legit sites
that got hacked.

Occasionally, commercial media (the driver CD that came with something,
the installable software or the like), will have something viral on the
CD. So that kind of thing has happened too. Even some hardware devices
have shipped, with viruses on them.

Maybe you could give MBAM a try, and see what it manages to find. MBAM
apparently runs best, booted in regular Windows mode. The most trouble
you'd have, is in cases where the malware won't let MBAM run.

Or, you could use one of the Linux LiveCD based scanners. There is
one from Bitdefender and one from Kaspersky. (And a third package, you
could run on any other Linux LiveCD environment you might have.) So that is
another approach to finding the culprit.

First, disconnect the compromised machine from your network.

Using a clean machine, burn this ISO9660 file using something like
Nero or Imgburn (to make a bootable CD), and then boot the CD on the infected
machine. And see what it digs up. The program on the CD, will use DHCP
to get an IP address on the infected computer, and then go to the Internet
to get 27MB of virus definitions. As long as the infected machine can
reach the Internet without any complicated login procedures or the like,
you shouldn't have a problem with it getting the automated downloads.

The only thing to be careful with here, is when a Linux LiveCD quarantines
Windows files, it may store them on a RAM disk, rather than on one of the
hard drives. If you need the files, to be able to get the OS booted later,
you may want to save those quarantined files. Or, you may recognize you're
in a lot of trouble, if for example "userinit" ends up in quarantine.

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

23 Jun 2009 10:05:01 119701504 kav_rescue_2008.iso

I keep a packet sniffer running all the time, and if some malware is
stupid enough to immediately kick up a fuss, I can walk back through the
log and check to see where the "t=0" event is. But with the better
quality malware snoozing and waking later, there is no guarantee
you'll be able to correlate what happened, to your surfing habits.
It could have happened ten seconds ago, or a month ago.

Oh, and ask me how secure I feel, using a computer for financial things :-)
There is no banking done on this machine... A PC is a leaky bucket, with
extra holes drilled in it to enhance the leak rate.

Happy bailing,
Paul
From: TVeblen on 17 Feb 2010 20:45
On 2/17/2010 7:14 PM, Trevor Smithson wrote:
> I have a second pc that I use with a home theater system. The other
> day I finally got around to putting an anti-virus program on, had been
> running fine for over two years without it, no viruses or popups.
> Downloaded avg from download.com.
>
> Two DAYS after installing, and there's a firestorm of
> malware/scareware/ransomware on the machine. Didn't install anything
> else. The system has always been fully patched Windows update wise.
>
> Only rational reason I can come up with is that there was something
> lurking on the machine, and that installing avg activated the malware
> somehow...maybe defending itself?
>
> Paranoid reason is that avg and/or download.com have been compromised.
> Anyone had any problems with them, or heard of such a thing?

Never had a problem with either.
Open AVG and go to Help > About AVG
It should say version 9.0.733 and the license # should start with 9AVFREE.

You've gone 2 years without virus protection. It is highly likely that
you picked up something along the way. Trojans will try and not show up
obviously. So the AV may be finding them all now.

I would advise installing Spybot Search & Destroy also and run that. If
it picks up a lot of computer clap then it should be obvious what is
happening.

Also, clear your browser caches (everything). Do IE even if you don't
use it. Most of the clap that AV and spyware progs pick up isn't even
installed on your computer, just lurking in the browser's cache.
 |  Next  |  Last
Pages: 1 2
Prev: Any decent 500-700 watt power supplies no more than $95 US?
Next: Difference between DDR2 800 and DDR3 1600?