ZoneAlarm firewall, AVG 2011 Free anti virus and Malwarebytes anti spy/mal ware are installed on my PC. AVG is updated and runs every day; ditto for Malwarebytes. The other day the PC contracted a virus (how?) which ultimately trashed the PC;
The hard disc has had to be reformatted followed by a clean install of XP
Some questions, please :
How did the virus get on the PC? I thought that's what the firewall stopped.
How did the virus start running? I thought that's what AVG Resident Shield was meant to prevent.
How was it that the first thing the virus did was to disable AVG so I couldn't run a scan? Isn't an anti virus program which can be immediately disabled - how can I put it - not a lot of use?
I think the answer to my subject line question is naive, but given that the thing trashed the machine, the main question is what more can I do to prevent it happening again, please?
Thanks
Silverback
Naive or unlucky?
-
- Administrator
- Posts: 78620
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Naive or unlucky?
A firewall won't stop a virus, that's the task of your anti-virus program.
There's a continuous race between virus writers to create more devious code to bypass anti-virus programs, and the developers of anti-virus software to detect all new threats. There are many new viruses and variants of existing viruses every day. You may have been caught by a very new one.
Also, if you inadvertently allow a virus to run by clicking Yes to a prompt on a malicious web page, the damage may have already been done before your anti-virus program has had a chance to kick in.
Do you have any idea what action let the virus in (not on purpose, of course)? Were you surfing the net at the time? If so, did you get an unusual prompt such as "Click here to update <program X>"?
There's a continuous race between virus writers to create more devious code to bypass anti-virus programs, and the developers of anti-virus software to detect all new threats. There are many new viruses and variants of existing viruses every day. You may have been caught by a very new one.
Also, if you inadvertently allow a virus to run by clicking Yes to a prompt on a malicious web page, the damage may have already been done before your anti-virus program has had a chance to kick in.
Do you have any idea what action let the virus in (not on purpose, of course)? Were you surfing the net at the time? If so, did you get an unusual prompt such as "Click here to update <program X>"?
Best wishes,
Hans
Hans
-
- 5StarLounger
- Posts: 780
- Joined: 29 Jan 2010, 13:30
Re: Naive or unlucky?
I am sure I didn't answer Yes to a question like you suggest. I don't actually remember any online activity before, apart from getting email and looking at this forum. The first indication I got that something was amiss was a dialogue box entitled Windows File Manager. The accompanying message was that some system files had been corrupted or replaced by others and this was likely to make the system unstable. I was asked to insert my Windows XP SP3 CD. (I assume this was the first manifestation of the virus running, so presumably there was already a lot of damage). I dont' have an SP3 CD as I downloaded SP3 online. I decided that this was not a good sign and tried to institute an AVG scan but it had already been disabled.
From that point, more and more files were disabled, immediately starting with internet access applications like IE and Firefox (presumably to stop me finding out how to get rid of the darn thing).
Silverback
From that point, more and more files were disabled, immediately starting with internet access applications like IE and Firefox (presumably to stop me finding out how to get rid of the darn thing).
Silverback
-
- GoldLounger
- Posts: 2599
- Joined: 24 Jan 2010, 15:26
- Location: Olympia, WA
Re: Naive or unlucky?
Sounds more like a Hijacking malware thing than a virus.
These come in emails and at web sites.
These come in emails and at web sites.
I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living
Genealogy....confusing the dead and annoying the living
-
- 5StarLounger
- Posts: 780
- Joined: 29 Jan 2010, 13:30
Re: Naive or unlucky?
Well, I would normally agree but whatever this was, it was disabling random .exe files, so gradually, desktop icons stopped working. Also, .dll files were being infected; AVG Resident Shield told me this. Doesn't this behaviour make it a virus?DaveA wrote:Sounds more like a Hijacking malware thing than a virus.
These come in emails and at web sites.
Anyway, that's all in the past, now. I would still like to know if there's anything more I can do to prevent it happening again.
Thanks
Silverback
-
- Administrator
- Posts: 12628
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Naive or unlucky?
The two most important things to do are:silverback wrote:...Anyway, that's all in the past, now. I would still like to know if there's anything more I can do to prevent it happening again...
- Update your antivirus signatures regularly and check that the antivirus software is enabled and working properly.
- Use Windows Update to ensure that you have all available security patches installed, and check that it is still working properly at least once a week.
StuartR
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Naive or unlucky?
Hi silverback, this is what I am using and why I am not using your stated security programs.
I ran Comodo Leaktest ZoneAlarm failed badly.
Avg, I have'nt used for a long time as it slowed down my pc.
MBAM, I prefer doing a weekly scan in 'safe mode' with SuperAntispyware Portable
My security is at present Outpost Security Suite Free which passed Comodo's test.
I ran Comodo Leaktest ZoneAlarm failed badly.
Avg, I have'nt used for a long time as it slowed down my pc.
MBAM, I prefer doing a weekly scan in 'safe mode' with SuperAntispyware Portable
My security is at present Outpost Security Suite Free which passed Comodo's test.
Windows 11 Home 22H2
Regards,
George.
-
- StarLounger
- Posts: 97
- Joined: 05 Feb 2010, 11:06
- Location: Jakarta, Indonesia
Re: Naive or unlucky?
Silverback,
Although I am anything but an expert, I wonder what your reaction was to the dialog box that said you had a problem? If you clicked anything on that box, including the 'X' to close, that may have initiated the problems you experienced. Although the first reaction is to close such boxes, I think the current recommendation is to end them through the Task Manager, or even to use the Task Manager to shut down the computer immediately.
Others may have thoughts?
Of course that doesn't answer how the dialog box got there in the first place, but I have occasionally experienced dialog boxes at start up saying my Windows is not legal, that this will result in MSE being stopped, and asking me to click a button to correct the problem. On one occasion I did so, and ended up with some problems, which I managed to correct with a number of tools. I don't know how those dialogs got there. On later occasions, I have immediately shut down with the Task Manager, re-booted and run the AV tools. These have not found any problem,
Chris
Although I am anything but an expert, I wonder what your reaction was to the dialog box that said you had a problem? If you clicked anything on that box, including the 'X' to close, that may have initiated the problems you experienced. Although the first reaction is to close such boxes, I think the current recommendation is to end them through the Task Manager, or even to use the Task Manager to shut down the computer immediately.
Others may have thoughts?
Of course that doesn't answer how the dialog box got there in the first place, but I have occasionally experienced dialog boxes at start up saying my Windows is not legal, that this will result in MSE being stopped, and asking me to click a button to correct the problem. On one occasion I did so, and ended up with some problems, which I managed to correct with a number of tools. I don't know how those dialogs got there. On later occasions, I have immediately shut down with the Task Manager, re-booted and run the AV tools. These have not found any problem,
Chris
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Naive or unlucky?
Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.
Windows 11 Home 22H2
Regards,
George.
-
- 3StarLounger
- Posts: 397
- Joined: 24 Jan 2010, 19:43
- Location: Salt Lake City, Utah, USA
Re: Naive or unlucky?
Windows XPMCE Task Manager has Shut Down options as part of the menu. (IT management may disable the menu through policy.)Roderunner wrote:Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.
You do not have the required permissions to view the files attached to this post.
Last edited by Goshute on 22 Feb 2011, 05:17, edited 1 time in total.
Goshute
I float in liquid gardens
I float in liquid gardens
-
- StarLounger
- Posts: 97
- Joined: 05 Feb 2010, 11:06
- Location: Jakarta, Indonesia
Re: Naive or unlucky?
Sorry, of course you are right!Roderunner wrote:Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.
I should have said the 'three-finger salute' (Crtl-Alt-Del).
Chris
-
- 2StarLounger
- Posts: 129
- Joined: 17 Jun 2010, 14:35
- Location: Edge of the Cotswolds - UK
Re: Naive or unlucky?
Were I in your position (Silverback), I too would want to know what this malware was & how it got past my defences.
Unfortunately we'll never know because IMHO you have taken the correct course of action by formatting the hard drive & reinstalling the operating system.
In my experience & depending on the particular malware infection you've contracted, this is often the quickest & easiest route to take. I once spent a couple of days trying to get rid of one particular nasty on a laptop (not mine) & still not being sufficiently happy with the results, ended up doing a format & reinstall.
I have heard about a 'drive by' virus where you only have to visit a web page to get infected but as yet I have no further information so it may be that it is just some scaremongering.
Unfortunately we'll never know because IMHO you have taken the correct course of action by formatting the hard drive & reinstalling the operating system.
In my experience & depending on the particular malware infection you've contracted, this is often the quickest & easiest route to take. I once spent a couple of days trying to get rid of one particular nasty on a laptop (not mine) & still not being sufficiently happy with the results, ended up doing a format & reinstall.
I have heard about a 'drive by' virus where you only have to visit a web page to get infected but as yet I have no further information so it may be that it is just some scaremongering.
Regards
wasbit
wasbit
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Naive or unlucky?
No problem Chris.ChrisJakarta wrote:Sorry, of course you are right!Roderunner wrote:Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.
I should have said the 'three-finger salute' (Crtl-Alt-Del).
Chris
Windows 11 Home 22H2
Regards,
George.