A question for the computer geniuses

[Shadowsdream]

A malicious software has been found on My computer...I do not get the name of the software..the only info is that it is malicious.

Anyone have any insight on what this could be and how one goes about removing and identifying its source.

Which programs could I use to prevent this happening again..I was only using Zone Alarm as a firewall and ad aware for removal of spy programs...and AVG..I have no idea why I was using that.

I am being advised to make a backup but the only option is making the backup úsing a floppy. My computer does not have floppy capabilities.

Any and all info about what could have already been seen or taken from My computer would be appreciated as well as what is the other intentions of such programs?

I suspect this malicious software is a back door program and if so how does one eliminate a backdoor program?

 

[m wisdom]

Step one would be to identify the software.
What program told you that you had a malicious software on your computer?
That program should also tell you the name of the software. If it's a spyprogram adaware or similar programs should find it, if it's a virus an antivirus program should find it.

When you have identified the software a simple search on the internet will tell you how to remove it, or just ask here again.

If you get the warning when you are on the internet, the warning itself might just be some sort of advertisment. Some people will do anything to sell there stuff.

Happy hunting

 

[Shadowsdream]

Thank you for the info...it was Panda Anti Virus that said I had a malicious beast running....I am running it again to see if it still detects it after quarenteening it.

 

[RavenSpirit2k4]

Thank you for the info...it was Panda Anti Virus that said I had a malicious beast running....I am running it again to see if it still detects it after quarenteening it.

If it can quaranteen it, it shouldn't detect it again. However, you can update AVG and have it scan your computer; AVG is much better at detecting worms than Panda or Norton's. However, AVG will detect viruses in Panda's quaranteen directory - you can safely have it ignore them.

Good luck.

 

[Kajira Callista]

http://www.javacoolsoftware.com/spywareguard.html to prevent
http://www.safer-networking.org/en/index.html to remove and also block
http://www.noadware.net/?hop=wintech because spybot doesnt always pick up everything

 

[redelicious]

I am by no means an expert, but I have found that running Adaware and Spybot (the second of Kajira's suggestions) in addition to my virus software works for me. It's interesting that they don't always find the same things.

It's important to update these programs before you use them each time, as new threats are constantly arrising.

 

[catalina_francisco]

If Panda antivirus (good Bask (Spanish province) product) has detected and quarantined the malware, you should be safe and you should have nothing to worry about. It sounds as if you are fairly well protected.

My own configuration is the following.

Zonelabs personal FW but not the freeware I actually have bought the professional version …..much better and it comes with an antivirus installed IM message encryption, popup blocker etc etc.

SPYBOT is a very good program for free which I also use.

On top of that I use Symantec antivirus not the best antivirus, best on the market has to be f-secure.

To top it all off I use swat-it which I have running once a week a full system scan, Trojan horse scanner.

And of course to have a double opinion on the spy-ware I also use spysweeper… very good program.

And of course run update window every day.

Better even is to throw away your MICROSOFT SHIT and install Linux.

http://www.linuxiso.org/

Francisco
.

 

[Shadowsdream]

If it can quaranteen it, it shouldn't detect it again. However, you can update AVG and have it scan your computer; AVG is much better at detecting worms than Panda or Norton's. However, AVG will detect viruses in Panda's quaranteen directory - you can safely have it ignore them.

Good luck.

Thank you..it has been quaranteed but without telling Me what it is other than malicious...

 

[Shadowsdream]

http://www.javacoolsoftware.com/spywareguard.html to prevent
http://www.safer-networking.org/en/index.html to remove and also block
http://www.noadware.net/?hop=wintech because spybot doesnt always pick up everything

Thank you kajira

I will put the slave to work...right after he is finished cooking dinner of course...

 

[RavenSpirit2k4]

Thank you..it has been quaranteed but without telling Me what it is other than malicious...

It's possible that it doesn't recognize it other than realizing it's malicious by it' code configuration. When I'd had my first computer about a month and was using Norton's, I had the misfortune to trip over a virus that some hacker had cooked up and put on a site's server. Norton's warned me about it but couldn't quaranteen it. I never could find out what virus that was and have learned since it may have been unique, perhaps a weapon in a personal vendetta against that site. But some of the anti-virus programs are sophisticated enough to recognize a primitive virus even if it is unique.

Unfortunately, much of Windows is written in Visual Basic, and any wannabe hacker can download virus-making programs and learn enough VB to make his own virus. Real hackers, of course, learn python and other languages and don't code viruses.

 

[snowy ciara]

Thank you kajira

I will put the slave to work...right after he is finished cooking dinner of course...

<hijack> waitasecond.. slaves cook dinner AND fix computer thingies? This Domme Gig looks more and more enticing as time goes on.. <end hijack>

I use norton and spybot and also I use cookie wall. Whenever I get a cookie-d, it tells me where it came from and who'se it is and I can accept, temporary accept, or always delete. It puts them in a cache that you dump whenever you need to, or want to. I know, this thread wasn't really about cookies, BUT, it did catch a weird one that I knew had nothing to do with the site I was on. A few days later, when my favorite hacker was over, I pulled up Cookiewall and showed it to him (it was in the always delete box, which I hadn't dumped yet) and he said it was one of those evil cookie viruses.

 

[catalina_francisco]

Unfortunately there is a lot of misconception about anti virus programs, especially the way they scan and what they scan. Virus protection programs use two different technologies to protect from viruses. Both technologies scan a set of files which are predefined by the user of the virus protection software. Most programs only scan executable files, this is not only the .exe or the .com files but all files that can by executed and carry malicious code.

The file that is to be scanned can now be scanned by two technologies, the first one is the safest and the one that can actually recognise and clean files. It will compare the file with a database of known malware( Malicious software) and if the file has a known malware (one that is in the database) it will identify the malware and give the choices of clean, delete or quarantine.

The second technology is called heuristics scanning, instead of working with a database of known malware programs it tries to detect if a file contains a malware by predicting the behaviour of the file and possible malware inside.

Heuristic scanning is the future, database or signature scanning has one big major drawback it can only detect the malware it knows, which is why users of virus protection software need to update their virus protection software regulary, if possible daily. The databases have been growing enormously over the years and by now they contain over 70,000 malware. The bigger the database becomes the slower the virus protection software gets.

Heuristic scanning still makes a lot of mistakes killing off programs that are not malware and letting through programs that are.

Spyware and Trojans are not normally detected by Antivirus programs which is why users need to install additional software like spysweeper or spybot.

Personal Firewalls like Zone Alarm protect users from malware by only allowing programs that are known and approved to access the computer or the internet.

To effectively protect you pc you need to make an effective combination of virus protection software, spyware protection software and a personal Firewall.

Important to remember is that whatever program you use to protect yourself, the only 100% effective protection is to not turn on your pc. As long as it is turned on and it goes on the internet you should always realise that you are not safe.

As a note, Visual basic is not used to make Windows, that is a fable… there are some tools written in VB but the majority of the Windows kernel is in C, there was a very small amount of assembler in the original Windows, C++ is also used for the libraries.

For the interested parties:
http://www.usenix.org/events/usenix-win2000/invitedtalks/lucovsky_html/
http://www.winsupersite.com/reviews/winserver2k3_gold1.asp

Hackers use the language of the application or Operating system they are attacking, in most cases that would be C++.

Francisco.

 

[James G 5]

<hijack> waitasecond.. slaves cook dinner AND fix computer thingies? This Domme Gig looks more and more enticing as time goes on.. <end hijack>

<hijack>
Sheesh, you got a LOT to learn little girl...
</hijack>

 

[snowy ciara]

<hijack>
Sheesh, you got a LOT to learn little girl...
</hijack>

starts to stick out tongue and snap "so teach me!" and then thinks better of it...

<hijack> see, all that sparring with AA is helping some.. </hijack>

 

[m wisdom]

Spyware and Trojans are not normally detected by Antivirus programs which is why users need to install additional software like spysweeper or spybot.

As an interesting fact: In Germany an antivirus company (don't remember which one) added Spyware checks to it's antivirus software but was sued by a company making spyware programs on the grounds that it's software was not a virus, so thay had to remove the checks for spyware. Not sure it's the same reson in other countries but now you know why you need more then one program.

To effectively protect you pc you need to make an effective combination of virus protection software, spyware protection software and a personal Firewall.

I would also add a hardware firewall to stop the viruses that spread by using bugs in the operating system, like Blaster and Sobig.

And make sure that your operating system is updated with the latest updates and patches.

Important to remember is that whatever program you use to protect yourself, the only 100% effective protection is to not turn on your pc. As long as it is turned on and it goes on the internet you should always realise that you are not safe.

How true.

 

[James G 5]

As an interesting fact: In Germany an antivirus company (don't remember which one) added Spyware checks to it's antivirus software but was sued by a company making spyware programs on the grounds that it's software was not a virus, so thay had to remove the checks for spyware. Not sure it's the same reson in other countries but now you know why you need more then one program.

Hmmm...the newest versions of McAffee Suite include spyware search with the antivirus.
I've seen it catch a good percentage of it.
As far as I know, they haven't had any legal issues yet.

 

[AngelicAssassin]

As an interesting fact: In Germany an antivirus company (don't remember which one) added Spyware checks to it's antivirus software but was sued by a company making spyware programs on the grounds that it's software was not a virus, so thay had to remove the checks for spyware. Not sure it's the same reson in other countries but now you know why you need more then one program.

No, it's not in the US.

Properly ID "spyware" as malware which slows down users' machines, changes homepages to the point users' can't change them to anything else, redirects searches to select pages that add more shit to users' machines and does exactly what the name says: spies on users' browsing habits ... frequently without letting users know they've added the shit to their machines.

Every asshole that programs this shit needs a TENS anal probe rammed up their ass, turned on to the point of intolerable pain, and left twitching in a room by themself. Then, add the idiots from MS that came up with the million security holes with activeX on a tandem feed and start the process all over again.

Norton Anti-Virus frequently picks up most of the crap. Using Spybot Search and Rescue in tandem with SpywareBlaster usually catches the rest. Changing to Opera, or another lesser used web surfing program as a browser avoids 90% of this shit.

 

[m wisdom]

Hmmm...the newest versions of McAffee Suite include spyware search with the antivirus.
I've seen it catch a good percentage of it.
As far as I know, they haven't had any legal issues yet.

This was in Germany and I haven't heard of anything simular happening elsewhere. It was also a while ago and things might have changed.

 

[Kajira Callista]

here is another one if you dont like a messy computer
http://www.dougknox.com/xp/tips/xp_messenger_remove.htm

 

[m wisdom]

Every asshole that programs this shit needs a TENS anal probe rammed up their ass, turned on to the point of intolerable pain, and left twitching in a room by themself.

I can only agree.

This is also acceptable Click me

 

[AngelicAssassin]

That deserved a spew alert ...

Here's a bulletin board for free help as well:

http://boards.cexx.org/index.php

 

[cellis]

The secret to having a computer free of malware or viruses is to run the utilities that are installed on a regular basis.

I have AVG - the free edition - I run it every day on both of my computers and am virus free... however for those using AVG a word of note... if it finds a virus and puts it in the virus vault... empty the vault immediately and then empty your trash... the virus can escape from the vault and wreck havoc on your computer.

Ad-aware has a new version with updated definitions that again is only helpful if you run it regularly and remove the mal/spyware once you have run the scan. I had a friend install it on her computer... she did and she ran it and found over 700 pieces of spyware on her computer but she just left them there.... lol I told her she had to remove them... she thought that once they were found they were removed.

 

[A Desert Rose]

I defer to AA and cellis with all my computer problems.

AA is threatening to start charging a fee. ;-)

 

[catalina_francisco]

I can only agree.

This is also acceptable Click me

Good site did not know that one yet.

Francisco

 

[ghosst_K&H]

for those of you using windows xp, make sure you disable any and all spyware/adaware/antivirus programs before you download and install XP Service Pack II there are conflicts between the patch and any spyware type software, that will lock up your system.