Open Side Menu Go to the Top
Register
Virus/Spyware/Malware Q&A - Please read before posting Virus/Spyware/Malware Q&A - Please read before posting

10-15-2008 , 01:42 AM
Viruses, Trojans, Spyware, Malware.

Q: I think I have a virus, trojan, spyware, or other malware, what should I do?

A: Create a new thread and we will help you out. Please tell us what problems you are having, and when you first noticed them. In your thread title please mention what operating system your computer is running, and which service pack. Please don't abandon your thread after getting help initially, there may be some final things you need to do, such as resetting your system restore, so please keep checking your thread until you get the OK from your helper.


Download and save this tool (DDS) to your desktop.

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable your Anti-Virus and any other real time protection, then double click dds.scr to run it. It will generate two logs, copy and post both. Ignore the notice to attach the second log, you can simply copy and paste it in a post in your thread. After you have posted both logs, you can delete dds.scr from your desktop.


Please download Malwarebytes' Anti-Malware to your desktop.
http://www.malwarebytes.org/mbam.php
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Paste that log in your thread.


Also, download, install and do a system scan and save a logfile with HiJackThis, post the log in your thread. Do not fix anything with HJT unless instructed, randomly fixing various entries with HJT can cause problems with your operating system or applications, only fix entries with HJT after being instructed. Please don't make any changes to your system after posting your HJT log, such as installing new software or uninstalling old software, until after you've received help.

http://www.download.com/Trend-Micro-...-10227353.html

If you are having problems with more than one computer, and need to post logs for both, please create separate threads for each computer and title them "computer 1 XP SP3" "computer 2 Vista SP1" etc.


Q: I'm having a similar malware related problem as someone else, can I just post my logs in their thread?

A: No, please don't. Create a new thread and you'll get help.


Q: I created my thread and posted my logs, but I haven't gotten any responses yet, can I just send someone a private message about my problem?

A: No, please don't. We will get to your thread when we have time. Our volunteers are just that, volunteers. They do not get paid for the time and effort they spend helping people, and they help out on their own time. If they haven't yet gotten to your thread just be patient and they will get to it when they have a chance to.


Q: Can I offer a cash reward so I'll be more likely to get help quickly?

A: No, you may not offer cash rewards. If you offer a cash reward your thread will be edited in accordance with the forum rules, and you'll receive a small infraction.


Q: Internet explorer is suddenly very slow for some reason, what should I do?

A: Internet explorer running slowly is often a symptom of a malware infection, follow the steps above and create a new thread.



Anti-Virus, Anti-Spyware, Firewalls, Browsers.

Q: I only use my computer to play online poker, do I still need an Anti-virus?

A: Yes, absolutely. Because you use your computer for online financial matters (poker), an Anti-virus and Firewall are even more important. They shouldn't be thought of as a hassle or optional program, they should be thought of as a necessary tool for protecting your bankroll. If you don't use an Anti-virus and Firewall, you will have malware related problems and a hacker could possibly gain access to your poker account.


Q: I have an Anti-virus, do I really need a Firewall also?

A: Yes. An Anti-virus protects against viruses and other malware, Firewalls monitor and block or allow internet connections, incoming and outgoing.


Q: Doesn't Windows have a built in Firewall? That's enough, right?

A: While Windows does have a built in Firewall, it is very inadequate because it offers no outbound leak protection, and isn't very good in general. You should use a 3rd party Firewall.


Q: If I use Windows firewall and a 3rd party firewall it will give me even more protection than just using one, right?

A: No. Using more than one Firewall can cause problems because they will interfere with each other, only use one. If you use a 3rd party Firewall, disable Windows Firewall.


Q: If I use more than one Anti-virus it will give me even more protection than just using one, right?

A: No. Just like with Firewalls, using more than one AV can cause problems because they will interfere with each other. Only use one.


Q: I need a good AV, preferably free. Can you recommend one?

A: There are a few I can recommend.

avast! has a version that is free for home use

http://www.avast.com/eng/avast_4_home.html


AVG has a version that is free for home use

http://free.avg.com/


Avira also has a version that is free for home use

http://www.free-av.com/


Q: Which AV is the best?

A: That's not really a question that has a correct, definitive answer. All AVs have strengths and weaknesses. However, you can visit www.av-comparatives.org for AV testing, it can give you an idea of how well the different AVs do under testing conditions and how well they detect malware. I personally use Avira, as I feel it's currently the best Anti virus for me.


Q: I need a good Firewall, preferably free. Can you recommend one?

A: Yes. Comodo is a free, very stable and very powerful firewall that will do a good job of protecting you.
Install without Safe Surf or other toolbars. Uncheck those options during installation.
Uncheck the option to install the Anti virus if you just want the firewall during installation.

http://www.personalfirewall.comodo.com/

You can visit www.matousec.com for Firewall leak testing.


Q: What is the difference between Anti-Virus and Anti-Spyware? Do I need both?

A: They detect different types of malware. Viruses can self replicate and spread on your computer or even through networks, and spyware stays hidden on your system and can transmit data through your internet connection without your knowledge. The terms virus and spyware are used interchangeably and most scanners detect both, but running an Anti-Virus and Anti-Spyware is a good idea.


Q: I need a good Anti-Spyware, preferably free. Can you recommend one?

A: Sure. SUPERAntiSpyware is very good and is free for on demand scanning. You can purchase a license to enable real time protection.

www.superantispyware.com


If we find that you have a bad malware infection, we may request you to run multiple scans with different scanners and use tools to delete temporary files.


Q: Why should I use different scanners, isn't one enough?

A: The bottom line is that no single product can catch everything, so using SAS+MBAM, etc. is always a "better" solution as they each process different samples and have different technologies.


Q: What can I do to prevent malware infections?

A: There are several things you can do. Use a safe web browser. Internet Explorer is probably the most unsafe browser you could use. It's vulnerable to home page hijacks, drive by downloads, and other attacks. You really should use a different browser, such as FireFox, which is free and open source.

http://www.mozilla.com/en-US/firefox/


There are many different add-ons you can use with Firefox to add functionality and improve safety, one of the most popular is NoScript, which helps protect against many types of exploits and cross site scripting. Using Firefox with NoScript is much much safer than using Internet Explorer.

https://addons.mozilla.org/en-US/firefox/addon/722


You also need to keep Java updated, older versions have vulnerabilities that can be an entry point for malware infections.

Download the newest Java Runtime Enviornment

http://java.com/en/download/

Before installing it, uninstall all older versions of java.

Start>control panel>add/remove programs

Then close all browsers and install the newest version.


Make sure your operating system is fully updated by visiting update.microsoft.com with Internet Explorer, or you can check for updates by clicking
Start>Control Panel>Check for the latest updates from Windows Update

It's very important to keep your operating system fully updated because Microsoft regularly patches vulnerabilities that are discovered. Not keeping your operating system updated will leave those vulnerabilities open, and you could be infected with malware or a hacker may even gain control over your system through those vulnerabilities.


You also need to keep Internet Explorer updated as well.

http://www.microsoft.com/windows/Int...ide-sites.aspx

Finally, there is no substitute for safe web browsing habits, such as never downloading codecs from pornography sites, never open emails if you don't know who they're from, always make sure your connection is encrypted when making online purchases, always use good passwords with random numbers and letters, and don't click random links if you don't know what web site they lead to, and who posted the link.

Safe web browsing habits, combined with safe browsers, updated operating systems, updated java, and updated Anti-virus and Firewalls will protect you from most threats, and you shouldn't have any malware related problems.

Last edited by kerowo; 06-15-2009 at 11:07 PM.
10-15-2008 , 01:47 AM
Thanks LirvA, I'll leave this open for a couple of days for discussion and then close it up.
10-15-2008 , 01:49 AM
Glad to help out. I just hope people will read it before posting, it will help add structure to the forum.

It's really hard to keep track of things when people post logs in someone elses thread.

Last edited by LirvA; 10-15-2008 at 02:04 AM.
10-15-2008 , 01:17 PM
Nice post. This should help a ton in this forum.
10-20-2008 , 04:48 AM
One last thing I need to mention here, and should have mentioned.

Don't download and install "cracked" software, especially Anti virus software.

That awesome cracked software you got for free could install a trojan on your system and your computer could become part of a botnet, you could have all your passwords stolen, WW3 might break out if you accidentally hit the End key, who knows?

Think about it, would you let a burglar install your home security alarm?

Don't use cracked software, it's that simple. Just find a free alternative or pay for the software.




This thread is a perfect example of what can happen if you download and install cracked software.

http://forumserver.twoplustwo.com/48...earing-318522/


Over 500 infections.




Malwarebytes' Anti-Malware 1.28
Database version: 1253
Windows 5.1.2600 Service Pack 2

10/11/2008 12:41:36 PM
mbam-log-2008-10-11 (12-41-36).txt

Scan type: Quick Scan
Objects scanned: 154960
Time elapsed: 1 hour(s), 17 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 87
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 45
Files Infected: 458

Last edited by LirvA; 10-20-2008 at 04:54 AM.
Closed Thread Subscribe
...

      
m