Howdy everyone,
Not so long ago i ran my virus checker (Norton Anti Virus Corporate Edition) and it came up with a few viruses of which i got rid of.
Ever since then my Windows Security Centre tells me that i may not have anti virus software installed and that my computer could be at risk (the balloon comes up near the time, and the Security Centre remains red instead of yellow).
The other day i ran an online virus checker that come up with nothing but i still dont think i’m clean…
When i went onto eBay today it came up almost as if someone else had been on my computer using their eBay account as it said ‘Welcome “username of the random person”, if this is not you please sign in’ so i searched up the username and they are a eBay member that has been on there for 8 years.
I have always kept my virus def files up to date and dont know where to go to from here.
Any help would be greatly appreciated.
Thanks
Jono
Well my novice solution is to get AVG (which a lot of people swear by), adaware se 2008, and spybot search and destroy, all of which are free downloads and you can get from www.download.com and run them all.
I’m sure JC or someone clever will help you more!
Well i’m no expert and I can tell you that is wrong. What you mean is, don’t enter personal information into sites like that, and don’t download .exe files from them if you come across a rogue site - remember, all you have to do when you get a download popup like that is just click cancel and close the page. Another good thing you can get for when you’re browsing the internet is mcafee siteadvisor. This basicly tells you if the website you’re on is good or bad.
Is it still saying you could be at risk? There’s probably a button they want you to press to “fix” the problem, which will install updates or something random like that.
I have McAfee and it sounds pretty similar.
I would recommend McAfee Site Adviser as well. Sounds like you maybe got into a phishing site or something. Was there anything else suspicious about the ebay page you saw?
I’d be careful about that if I were you, if it’s still trying to log in as someone else maybe you should contact ebay or something.
If they start buying stuff you can just not use your internet for a mounth so they lose interest, people I know have done that.
Thanks for all the suggestions:)
I will be installing your suggestions over the next few days and see how i go…
Yeah, it does say ‘to fix this problem click this balloon’ but all that does is tell me to install anti virus, which i have!
I did a quick google about the eBay problem and it seems it has happened to others with the same username appearing - i couldnt really suss out exactly what it all meant but it doesnt seem anything too hard core.
I guess i should have said what made me think i had a virus in the first place… my computer was taking about an hour to load up and was going through scandisk twice each time and giving weird messages, of which silly me didnt note down.
If you suspect that there is an unknown virus or rootkit installed the only way to make sure that you are clean is to reformat and reinstall the OS from scratch (or a full backup made before the suspected infection).
Antivirus software and antirootkit software does not have a good detection rate with some of the new baddies. The antivirus software has a fair detection rate against downloaders (small programs that download additional malware and give the attacker full control of your machine). But once the attacker has run the downloader and the downloader has installed additional software the game is over.
Antorootkit detection in antivirus programs and specialized antorootkit programs is pretty poor. Just because scans come up clean doesn’t mean that you are clean.
Backup all of your “my documents” and other data files. Save the settings for your email and other program settings. Then reformat and start over.
Thanks John,
I was hoping it wouldnt come to that but i guess its the only way.
Looks like a day will be taken from my weekend to do it:(
Is it safe to hook up my external HD to back up? What is the risk of getting reinfected when transferring files back over?
Porn sites are a source of malware. Porn sites that you find from Google or linked for porn link sites will sometimes try to hack you using known browser vulnerabilties. Others will try to trick you and say you need to install a special viewer or codec to be able to watch the videos.
If you must surf for porn then make sure you have all of your software up to date and your browser up to date. Consider using an alternative browser like Opera rather than IE for porn surfing. And don’t ever install any helper applications or codecs from a porn site.
The common ways of getting infected are:
Getting an infected email attachment (word document, or exe, or other) and viewing or running the attachment. These attacks are more aimed at business users.
Downloading and running random game mods, game hacks, or warez.
Installing helper applications for porn.
Running other types of warez.
Strange attachments and links from instant messaging programs.
Browsing the web with an out of date browser, OS, or browser helper applications (iTunes, QuickTime, Adobe Acrobat, Flash, etc., any program that hooks into the browser). Stay up to date on patches and updates for all software.
It is safe to connect the external HD and backup your data files and such to the external HD.
File infectors are out of vogue so if you do have malware running it is not very likely to infect random executables on the external HD. Still a good idea though to give the external HD a full antivirus scan now and then again after you install the OS.
There are viruses that infect USB drives and other USB drive devices like digital picture frames. Antivirus programs are pretty good at being able to catch those.
JC, I love how you talk so seriously about the risks of watching porn , but at the end of the day it is true… .
Just to clear the porn convo up… it didnt come through this, the virus’ that Norton found were in an MP3 file/files… I have no idea how they got on my computer as i dont download music and i hadnt even heard of the band/song that the supposed MP3s where of.
This has nothing to do with the fact that Ivan and I phoned you when we were absolutley bladdered last Friday either.
I’m pretty sure, anyway.
Apologies for that btw.
Haha, thats cool!
Was good talking to you!
How did you pull up the following day?
I was as rough as a badger’s nonsense.
Can’t speak for Ivan.
Ask him to tell you about the lady with the tattoos and the big dogs.
Ah yes, the Windows “ultimate solution.” Happily, I can say I’ve never had to do that again since I started using Macs.
Surf for porn on a Mac (or Linux machine), that’ll prevent them viruses (remember when porn (aside from debates over its morality) was safe to look at?
Or run a virtual machine (like VM Ware or Microsoft’s Virtual PC). Run Linux inside the virtual machine. Surf for porn. … Profit!
The MP3 files could have been dropped on your computer by whatever downloader (malware) got installed. For all you know, your computer could have been seeding that MP3 to some P2P network.
There are MP3 files that are specially crafted to exploit old vulnerabilities in Winamp, QuickTime, or some other popular player. When the MP3 is played it exploits a buffer overflow in the MP3 player software and runs executable code. Not all that common, but such files do exist out in P2P. Such exploits are specific to a particular version of a particular player.
If you still have the MP3, upload it to VirusTotal to see what other AV software detects. That will rule out whether it’s a false positive by Norton or the real thing.
The pr0n stuff was a bit of a threadjack tangent. Not directly relevant. Wink wink nudge nudge say no more.
The threats from bad porn sites is not limited to just porn sites. Those threats have been popping up elsewhere and on respected sites as well. There are exploit kits setup for script kiddies. The exploits are all packaged and ready to be put on a web site. There are various exploits included. Exploits on JavaScript, ActiveX controls, browser plugins, IE, Firefox, etc. The challenge is to get people to visit the site hosting the exploits. One way is to make a quick porn link site and people will come to you through searches or other means (build it and they will come).
But it’s not just fly by night porn sites that try to run browser exploits. Banner advertising services have been tricked and swindled into delivering exploit code. Then any web site that uses that banner ad service ends up delivering exploits to their users.
A newer technique is to infiltrate trusted web sites through SQL injection or a cross-site scripting vulnerability. The attacker then injects exploit code into the pages of a trusted web site. Anyone visiting that site is at risk of being caught by one of the exploits. There are cases of tens of thousands and even hundreds of thousands of web sites being hijacked in these sorts of campaigns to distribute malware.
So even if you never visit porn sites you can still end up getting exposed to the same sorts of attacks.
The defense against these sorts of attacks is to keep your browser and plugins and other software up to date and patched. You can also enable OS protection features like DEP, UAC, not running as admin, and other security minded settings.