Viruses

[dragon wench]

About a week ago, after realising that Norton was not working properly, I downloaded a new antivirus programme (PC-cillan by Trend Micro). Shortly thereafter I discovered that my computer had no less than 1069 files that had been infected by viruses... One of these was Nimda, and I am assuming this was the culprit that disabled Norton.

Anyway, so far PC-cillan has been very good. I have it set to do automatic daily updates as well system scans. I seem to be getting on average one or two viruses every day, and I am wondering what I can do to stop this.

So far I have my firewall set on high, and I halt all internet traffic when I go to bed at night (I have a high speed connection).
I never open email attatchments directly from Outlook, and I run Ad-Aware a couple of times a week. I also have Outlook set so that emails in the preview pane are not automatically downloaded, in addition to actually removing it from view.

I would appreciate any suggestions.
Thanks!

[Tamerlane]

Bookmark or more importantly subscribe to Symantec. They will warn you about newly reported viruses etc. Especially keep an eye on their hoaxes page. I know of a few people who in their moments of weakness deleted a system file because an email told them to.

[dragon wench]

@Tam,
thanks I should mention though that the viruses I am getting are those being detected by my anti-virus programme...

[Tamerlane]

Do you use an email address book, or know of people who have you on their address book. I've gone to great lengths to tell people not to place me on such things, thats how viruses tend to spread themselves.

[dragon wench]

Originally posted by Tamerlane
Do you use an email address book, or know of people who have you on their address book. I've gone to great lengths to tell people not to place me on such things, thats how viruses tend to spread themselves.

Yes to both.... *sigh*
Dealing without an email address book would be tough though... and it would be even tougher to get my name removed from those of people I know. However, I will definitely see what I can do to come up with address book alternatives; maybe I could put all my email adresses onto a Word document or something instead...

[HighLordDave]

@dragon wench:
Have you at any time every downloaded and installed either Bonzai Buddy (aka The Purple Monkey Virus) or Gator? Both of those programs act very much like viruses (but to their credit, they tell you exactly what they're going to do in the licensing agreement that no one reads) and they leave lots of back doors open in your security and firewall protections for themselves that other viruses are known to exploit.

The only way to get rid of either is to do a full fdisk>reformat>reinstall and even then you want to reset your master boot record, clear out your NVRAM and flash your BIOS.

The only sure way not to get a virus is to never connect your system to the internet. Since this is generally not a feasible solution, you just need to be careful about opening email. I never open attachments from most anyone, including most of my family members. I have a list of around four people I trust implicitly not to send me a file that is infected; anyone else's attachments are suspect.

You might also disable HTML viewing of email; conventionally, there is no way to contract a virus through text email, but clever virus authors can embed a virus in HTML-formatted email. Even in Outlook or Outlook Express, if you view a HTML document that has a virus in the preview window, your computer may become infected.

Next to not opening email, the best thing you can do is to make sure your virus subscriptions are up to date and scan your HDD regularly. If you contract a virus and can't seem to get rid of it, that may be due to the fact that many virus authors have become very good at disguising viruses and generally stay one step ahead of the anti-virus software. If you get this kind of virus, you may need to resort to a clean reinstallation of your OS and software to fully eradicate it.

[Mr Sleep]

Another thing to do is turn off the preview pane, always turn off the preview pane. It's one of the major causes of virii and guess what, it's a default with outlook express

Got to view --> layout and it should be in there.

[KidD01]

Originally posted by HighLordDave
<SNIP>
The only way to get rid of either is to do a full fdisk>reformat>reinstall and even then you want to reset your master boot record, clear out your NVRAM and flash your BIOS.
<SNIP>

WHOA ! HLD, are you sure AdAware can't remove them completely without having to undergo such horrid procedure ?

[dragon wench]

Originally posted by Mr Sleep
Another thing to do is turn off the preview pane, always turn off the preview pane. It's one of the major causes of virii and guess what, it's a default with outlook express

Got to view --> layout and it should be in there.

I've done that, thanks though

@HLD... I have actually been considering doing all of that, though I was hoping to be able to hold off until I'm able to obtain a second hard drive... However, I may well need to just back all of my files onto CDs instead, since at this rate my entire hard drive will consist of quarentined files...

[HighLordDave]

@KidD01:
Ad-Aware is a very good program, although I have a network admin friend of mine who says that the Gator and Bonzai Buddy code is so insidious that it re-writes itself to evade spyware killing utilities, which presumably includes Ad-Aware. Personally, I don't know if Ad-Aware will completely eradicate Gator or the Purple Monkey Virus because I have never downloaded either and I won't allow anyone in my house to install either program.

[Mr Flibble]

@DW, if your antivirus software is identifiying only one particular virus I'd recommend going to either Symantec or Trend Micro's support sites and downloading the appropriate removal tool and run it from Windows safe mode. Quite often viruses copy themselves into several locations to avoid being completely removed by antivirus software, and you may find several .exe files in the base of your "Program Files" folder or in "c:\windows\temp".

[dragon wench]

Mr.Flibble! thank you! I will try that

[Tamerlane]

Having to spend a considerable amount of time removing worms and such stuff after my cousin decided to place me on his address book, I'd just like to further add my discomfort at people using such tools.

DON'T USE EMAIL ADDRESS BOOKS PEOPLES...

I'd also like to voice my displeasure at the homepage hijacker polivation. Found this site however which has worked wonders and saved me a lot of time.

[Yshania]

Norton Antivirus has just intercepted and deleted the klez worm, details which was attached to an email that ironically informed me it was a dangerous worm, and to go to Trend Micro in order to clean my system. According to Trend Micro (in the link I posted) it is not uncommon for this worm to be attached to emails coming from an apparently trustworthy site.

This is what the virus log report on Norton said:

Source: install.zl9
Description: The email attachment install.zl9 is infected with the W32.Klez.H@mm virus.
Click for more information about this virus : W32.Klez.H@mm

[Xandax]

The reason Klez can "come from a trustworth" site is due to its mechanics.

It is, along with several of the lather worms, made up to read the email-cache from the infected machine and use a random email from there.
Thus if person A gets infected and have emails from corpertion B laying around, the worm can on chance alone look like it origins from corperation B.

That is what makes latter day worms so dangerous.
It is not as much, per se, the spread alone. The spread comes from the fact that the email looks plausible and thereby gets to infect many more computers then a simple .exe file recived from some obscure email.

(btw - Klez.H@mm is one of the vira I recive often )

[Yshania]

Originally posted by Xandax

(btw - Klez.H@mm is one of the vira I recive often )

*sigh* well in five years I have never been hit by a virus (not that I am aware of anyway ) and today I receive my second dose of Klez in two days.

Norton immediately picked it up and deleted it, this time the attachment was called Gold..zlo and automatically tried to save itself to disk.

[Mr Sleep]

You might want to check to make sure that Norton is in fact deleting and not quarantining or some such, it can end up causing a lot of problems.

I've never heard a virus trying to install itself without prompting, preview pane, perhaps?

[Xandax]

Originally posted by Yshania
*sigh* well in five years I have never been hit by a virus (not that I am aware of anyway ) and today I receive my second dose of Klez in two days.

Norton immediately picked it up and deleted it, this time the attachment was called Gold..zlo and automatically tried to save itself to disk.

Think my record was about 100ish vira on one day.....
If I remember right - they were of the "Magister" type.

[dragon wench]

virus alert

no joke here


There is a new email virus spreading. The emails seem to come from support@microsoft.com, so most filters don't block them. Please don't open any attachments in these emails. The details about the virus can be found at

http://www.europe.f-secure.com/v-descs/palyh.shtml

[Minerva]

I've got new virus (I believe) during weekend, via university email system. It is Dispatch@McAfee with an attachment (I received 5 in one day). It is worrying that McAfee is anti virus program maker/vender, just like support@microsoft.com virus. Norton Anti Virus intercepted them before I opened the attachment, fortunately.