More darned malware - now is it dying?

[freddiemercurystwin]

Firstly my post was not directed to the OP. Secondly the 'advice' I have seen banded about in this Software Forum is embarrassing compared to the kind of thorough advice you can get on dedicated forums. I've directed posters to these kind of Forums before but they stick with the two minute half arsed fixes posters push in this Forum. I've had various bits of horrific malware or viruses bug my machine over the 5 years or so I've had it and have spent an hour or two getting rid of this bits and bobs with the good advice of proper experts. It runs as fast now as it did when I had it. Never had to do a re-install and have never been advised to do so by proper experts and frankly I wouldn't want know where to start. Like I say, it's the be-all end-all fix pushed by people who know no better. No skin off my nose if you're not the experts you think you are.

 

[Monkeh]

Firstly my post was not directed to the OP. Secondly the 'advice' I have seen banded about in this Software Forum is embarrassing compared to the kind of thorough advice you can get on dedicated forums. I've directed posters to these kind of Forums before but they stick with the two minute half a***d fixes posters push in this Forum. I've had various bits of horrific malware or viruses bug my machine over the 5 years or so I've had it and have spent an hour or two getting rid of this bits and bobs with the good advice of proper experts. It runs as fast now as it did when I had it. Never had to do a re-install and have never been advised to do so by proper experts and frankly I wouldn't want know where to start. Like I say, it's the be-all end-all fix pushed by people who know no better. No skin off my nose if you're not the experts you think you are.

Your so-called 'experts' would last about five minutes in the security industry. The very fact that you need their help shows you don't have the knowledge or right to criticise our advice.

 

[freddiemercurystwin]

OOH try a few 2 second 'fixes' what do you mean it hasn't worked oh I know, lets do a re-install cos I know how to do that! I bet you work in IT!

 

[Monkeh]

OOH try a few 2 second 'fixes' what do you mean it hasn't worked oh I know, lets do a re-install cos I know how to do that! I bet you work in IT!

Actually I don't presently. I have no patience for dealing with the likes of you and your 'experts'.

Go back to a typewriter, even you can't get a virus on one of those. Unless you let someone else sneeze all over it.

 

[Igorian]

That's the nature of forums i'm afraid. Anyone can be who they want to be.

I wasn't having a dig at you, I was generalising on the nature of malware. I agree, it's often the case that a repair can be made, but sometimes it is easier, from the Users point of view, to rebuild the O/S.

Don't be too hard on those who suggest a rebuild. It's not always a cop out.

The only part of your post I would disagree with is not wanting to know how to do a rebuild. While this is your personal choice, and I'm not suggesting that you or the OP should know, I certainly think it would be a benefit. If a hard disk were to fail for example.

 

[VaporTrail]

I'll ask again, what do you guys use as an AV program to sit on your machines??

The best solution is this:
A root kit virus cann NOT be detected by any anti-virus software so you have to be sure you haven't got it before you use these tools and feel safe.

0. Starting with a 100% clean install (no borrowed dodgy copy OS)
1. AVAST free home edition, least intrusive, fast and trustworthy.
2. ProcessGuard by Diamond (if you use online banking this is a must). Protects from root kit viruses.
3. Peerblocker (if you download films!)
4. that's it.

If you install ProcessGuard after having a root kit virus (not detected) then you basically protect the root kit virus.

I have done extensive tests and with any major ISP, being connected with no anti-virus software for 20 minutes means you probably have a root kit virus infection.

PS If you dont want to re-install then this is a 99% solution:
diconnect internet!
1.dis-infect PC with AVG rescue CD booting Linux from USB stick or CD.
2. install processguard from usbstick
3.install avast from usb stick
4. reconnect internet

The 1% risk with this solution is that a root kit virus is already installed but not become known to anti-viral definition databases (highly unlikely).

PS can you fix a leaking stop cock for me in lead pipes in W1, please? I will pay a reasonable fee & throw in all of the above!

 

[VaporTrail]

Classic response from people who don't really know what they're doing is to do a re-install!

Well it's the appropriate response then isn't it? .
I don't even slightly know how to do a reinstall.

A re-install may loose all your files. XP re-install can be done without losing your files but the route to achieve this is not logical (thanks Microsoft) and people do get caught out.

To be 100% sure, you have to install a clean OS, install up to date anti-virus software & ProcessGuard BEFORE connecting to the internet. You need both in case the viral database is out of date for your particular infection (highly unlikely but we are talkign 100% here). Millions of bank passwords were found in the US by thieves using root kit viruses.

If I cannot do a re-install for you (are you near SW or W1 London) then next best bet is to run the AVG rescue CD but to study the instructions first as if done wrongly will overwrite windows with Linux which means you've probably lost everything.

 

[ChrisR]

VT that all sounds pretty deperate!
I've googled a bit and the "info" out there is inconsistent to say the least. Some places say just reinstall XP and all will be well. Others quote
ComboFix, Root Repeal and GMER
which claim to deal with rootkits.
Are there such things as reliable scanners which aren't just a scam to get money out of you, which can tell if there is a virus?

I'm not doubting what you say - I've heard similar before, but it seems ridiculous that you can just connect to the net and something can get into a computer.

While I was away I was with a guy who now works for the OFT looking into dodgy websites. Used to be with Special Branch digging into same, and before that some sort of network consultant. Quite alarming, the stories and figures he had!

W1 - is a pita to work in! Half a day travelling, nowhere to park, nowhere to get bits, nightmare. That's how Pimlico do so well, but they always want to do loads of work. It depend what exactly is leaking. Take a picture of the offending tap and access to it and any other polaces the lead can be reached, and post it in the Plumbing section. Can the water be turned off upstream, like on the pavement?

I'll keep looking for the XP discs - you know how it is...

 

[freddiemercurystwin]

VT that all sounds pretty deperate!
I've googled a bit and the "info" out there is inconsistent to say the least. Some places say just reinstall XP and all will be well. Others quote
ComboFix, Root Repeal and GMER
which claim to deal with rootkits.
Are there such things as reliable scanners which aren't just a scam to get money out of you, which can tell if there is a virus?

If you want to sort it go somewhere like this and follow their instructions to the T and read the first thread before you post, they'll sort you out. http://www.techsupportforum.com/forums/f50/ and they won't even mention a reinstall.

 

[Monsterminty]

this may help you with a replacement disk

http://support.microsoft.com/kb/326246/en-gb

 

[ChrisR]

Thanks all
I just ran the microsoft rootkit finder thingy:
http://technet.microsoft.com/en-us/sysinternals/bb897445
and it didn't find anything other than a few bytes here and there which looked like nothing.
SO, for now, happy days.
But I'll check my bank statements very carefully!

 

[VaporTrail]

VT that all sounds pretty deperate!
I've googled a bit and the "info" out there is inconsistent to say the least. Some places say just reinstall XP and all will be well. Others quote
ComboFix, Root Repeal and GMER
which claim to deal with rootkits.
Are there such things as reliable scanners which aren't just a scam to get money out of you, which can tell if there is a virus?

I'm not doubting what you say - I've heard similar before, but it seems ridiculous that you can just connect to the net and something can get into a computer.

While I was away I was with a guy who now works for the OFT looking into dodgy websites. Used to be with Special Branch digging into same, and before that some sort of network consultant. Quite alarming, the stories and figures he had!

W1 - is a pita to work in! Half a day travelling, nowhere to park, nowhere to get bits, nightmare. That's how Pimlico do so well, but they always want to do loads of work. It depend what exactly is leaking. Take a picture of the offending tap and access to it and any other polaces the lead can be reached, and post it in the Plumbing section. Can the water be turned off upstream, like on the pavement?

I'll keep looking for the XP discs - you know how it is...

W1- yes, I can't get a decent plumber that leaves things dry. They want 4 times the rate for a 4 hour day. I've reverted to doing it all myself but this leaking stopcock on lead pipes might be beyond me. I can turn the water off (I fitted stop valves post this stopcock) but I haven't dealt with the leak. There is about 10 inchs either side of the stop cock. I think it just needs re-packing but turning the water off and draining is a 30 minute affair so I'd rather get someone to do it right first go. Pimilico charged me £600 to replace a toilet (2 hrs & used stupid flexi pan connector so I couldn't boss to a sink) and left it dripping. Like I say, I mostly do it myself now, if I can.

Anyway, pm me!

I have found variuous dodgy root kit/virus scan sites. I used to use Panda Anti-virus until I caught them releasing 'new' (therefore undetectable)viruses themselves- 100% verified. ProcessGuard gives you this information. Windows7 has ProcessGuard technology built-in. I helped write it and so I can give you it for free as I think there are some dodgy copies of it on the net & the main web site is no longer maintained.

In my opinion there is no point doing any virus scan if there is reasonable suspicion that there is a root kit virus installed. Hence the AVG rescue disk recommendation. Its a DOS like product and if you use the CD version there is no risk of damaging windows. (It is the process of making a USB stick bootable that might damage windows). If you are not confident, then do not use the USB stick version.

Can you burn an image to an ISO disk then boot from it? Get the ISO here, choose the ISO file http://www.avg.com/gb-en/avg-rescue-cd-download

How to use here http://www.avg.com/ie-en/226386

or here:
"go into BIOS to boot from CD or select BOOT OPTIONS during computer startup"
"Boot from AVG Rescue CD & wait!
Select “AVG Rescue “
Select Update, offline & use local files, navigate to USB stick with viral definition updates *.bin files, probably on sdb1 or sdb2 etc., sda1 would be C:
Return to main menu, & run viral scan
Choose delete or rename all infected files. This may disable Windows OS but you have no choice in order to be virus free.
If Windows is dis-abled, obtain replacement files or re-install & over write existing installation to leave data & programs. A new install can loose programs & data.
"

This should remove root kit viruses. The proble is that if a Windows system file is infected (likely) then you'll need to do a re-install anyway (pm me!)

 

[VaporTrail]

Thanks all
I just ran the microsoft rootkit finder thingy:
http://technet.microsoft.com/en-us/sysinternals/bb897445
and it didn't find anything other than a few bytes here and there which looked like nothing.
SO, for now, happy days.
But I'll check my bank statements very carefully!

Root kits are a real problem because htey look like Windows updates. Microsoft cannot detect them. No one can 100% detect them. A poorly written root kit might be detected but serious root kit writers don't write poor designs. The poor ones come from internet free source code compiled by some twacker.

May I humbly point you to what micrsoft say about this tool you have quoted: "Is there a sure-fire way to know of a rootkit's presence?
In general, not from within a running system. "

But the AVG rescue disk boots linux so it can detect the fingerprint of the root kit virus (unless you mess up the scan options etc.). basically a root kit tells Windows to lie about its presence. There is no back door viewer in Windows. linux can look at all windows files so can see the root kit.

Seriously, don't online bank unless you are 100% root kit virus free. The only reason people don't get hit more often is that these hackers have so many bank passwords that only a few are used for crime.

 

[VaporTrail]

Thanks all
I just ran the microsoft rootkit finder thingy...quote]

By the way, I write software, I have never had a virus on any of my computers... ever. I'm not being smug but I know how software works so I know how viruses work. I am validating my posts here which are offered in response to ChrisR's demonstration of quality as a rare & excellent plumber.

I use these techniques successfully on other user's computers.

 

[VaporTrail]

VT that all sounds pretty deperate!
I've googled a bit and the "info" out there is inconsistent to say the least. Some places say just reinstall XP and all will be well.

Here's the thing. An XP re-install may overwrite Windows files or it may not. It depends how you run it as a new install or an overwriting copy etc. The only way a re-install can be 100% sure to delete a root kit virus is if you do an NTFS format (LONG) first.

New hard disk, new OS then ProcessGuard and you are 100% safe. Aside from that you need the AVG linux rescue.