Naive or unlucky?

[silverback]

ZoneAlarm firewall, AVG 2011 Free anti virus and Malwarebytes anti spy/mal ware are installed on my PC. AVG is updated and runs every day; ditto for Malwarebytes. The other day the PC contracted a virus (how?) which ultimately trashed the PC;
The hard disc has had to be reformatted followed by a clean install of XP

Some questions, please :
How did the virus get on the PC? I thought that's what the firewall stopped.
How did the virus start running? I thought that's what AVG Resident Shield was meant to prevent.
How was it that the first thing the virus did was to disable AVG so I couldn't run a scan? Isn't an anti virus program which can be immediately disabled - how can I put it - not a lot of use?

I think the answer to my subject line question is naive, but given that the thing trashed the machine, the main question is what more can I do to prevent it happening again, please?

Thanks
Silverback

[HansV]

A firewall won't stop a virus, that's the task of your anti-virus program.

There's a continuous race between virus writers to create more devious code to bypass anti-virus programs, and the developers of anti-virus software to detect all new threats. There are many new viruses and variants of existing viruses every day. You may have been caught by a very new one.

Also, if you inadvertently allow a virus to run by clicking Yes to a prompt on a malicious web page, the damage may have already been done before your anti-virus program has had a chance to kick in.

Do you have any idea what action let the virus in (not on purpose, of course)? Were you surfing the net at the time? If so, did you get an unusual prompt such as "Click here to update <program X>"?

[silverback]

I am sure I didn't answer Yes to a question like you suggest. I don't actually remember any online activity before, apart from getting email and looking at this forum. The first indication I got that something was amiss was a dialogue box entitled Windows File Manager. The accompanying message was that some system files had been corrupted or replaced by others and this was likely to make the system unstable. I was asked to insert my Windows XP SP3 CD. (I assume this was the first manifestation of the virus running, so presumably there was already a lot of damage). I dont' have an SP3 CD as I downloaded SP3 online. I decided that this was not a good sign and tried to institute an AVG scan but it had already been disabled.
From that point, more and more files were disabled, immediately starting with internet access applications like IE and Firefox (presumably to stop me finding out how to get rid of the darn thing).

Silverback

[DaveA]

Sounds more like a Hijacking malware thing than a virus.
These come in emails and at web sites.

[silverback]

Sounds more like a Hijacking malware thing than a virus.
These come in emails and at web sites.

Well, I would normally agree but whatever this was, it was disabling random .exe files, so gradually, desktop icons stopped working. Also, .dll files were being infected; AVG Resident Shield told me this. Doesn't this behaviour make it a virus?

Anyway, that's all in the past, now. I would still like to know if there's anything more I can do to prevent it happening again.
Thanks
Silverback

[StuartR]

...Anyway, that's all in the past, now. I would still like to know if there's anything more I can do to prevent it happening again...

The two most important things to do are:

1. Update your antivirus signatures regularly and check that the antivirus software is enabled and working properly.
2. Use Windows Update to ensure that you have all available security patches installed, and check that it is still working properly at least once a week.

[Roderunner]

Hi silverback, this is what I am using and why I am not using your stated security programs.
I ran Comodo Leaktest ZoneAlarm failed badly.
Avg, I have'nt used for a long time as it slowed down my pc.
MBAM, I prefer doing a weekly scan in 'safe mode' with SuperAntispyware Portable
My security is at present Outpost Security Suite Free which passed Comodo's test.

[ChrisJakarta]

Silverback,

Although I am anything but an expert, I wonder what your reaction was to the dialog box that said you had a problem? If you clicked anything on that box, including the 'X' to close, that may have initiated the problems you experienced. Although the first reaction is to close such boxes, I think the current recommendation is to end them through the Task Manager, or even to use the Task Manager to shut down the computer immediately.

Others may have thoughts?

Of course that doesn't answer how the dialog box got there in the first place, but I have occasionally experienced dialog boxes at start up saying my Windows is not legal, that this will result in MSE being stopped, and asking me to click a button to correct the problem. On one occasion I did so, and ended up with some problems, which I managed to correct with a number of tools. I don't know how those dialogs got there. On later occasions, I have immediately shut down with the Task Manager, re-booted and run the AV tools. These have not found any problem,

Chris

[Roderunner]

Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.

[Goshute]

Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.

Windows XPMCE Task Manager has Shut Down options as part of the menu. (IT management may disable the menu through policy.)

[ChrisJakarta]

Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.

Sorry, of course you are right!

I should have said the 'three-finger salute' (Crtl-Alt-Del).

Chris

[wasbit]

Were I in your position (Silverback), I too would want to know what this malware was & how it got past my defences.

Unfortunately we'll never know because IMHO you have taken the correct course of action by formatting the hard drive & reinstalling the operating system.

In my experience & depending on the particular malware infection you've contracted, this is often the quickest & easiest route to take. I once spent a couple of days trying to get rid of one particular nasty on a laptop (not mine) & still not being sufficiently happy with the results, ended up doing a format & reinstall.

I have heard about a 'drive by' virus where you only have to visit a web page to get infected but as yet I have no further information so it may be that it is just some scaremongering.

[Roderunner]

Hi Chris, FYI the computer cannot be shut down using Task Manager, only if using Process Explorer.

Sorry, of course you are right!

I should have said the 'three-finger salute' (Crtl-Alt-Del).

Chris

No problem Chris.

Drink.gif