timmy2take

iTrader: (7)

I've had this on my pc and now my boss has it as well.

My AVG anti virus couldn't remove it for some reason and I had to re-install windows.

Anyone know a way of removing this virus?

Boro

iTrader: (1)

I didnt think it was that hard to remove?

AVG is pretty poor IMO. Might be worth investing in something like NOD32, you can get a free trial version. Run everything in SAFE MODE

timmy2take

iTrader: (7)

I downloaded a trial version of NOD32 and restarted in safe mode and it wouldn't load any further than the black windows screen saying safe mode. Tried rebooting in normal mode and it wont load at all now.

Going to try the Compaq system recovery now.

spectrum48k

it can be pretty nasty

I'd advise you download this, which solved the problem for me:
Malwarebytes.org

I'd also advise to ditch AVG and get a proper solution like NOD32 by ESET

scoobyverysoon

iTrader: (1)

I use avast pro - never had any problems using that

spectrum48k

Avast is more for people with pink bathrooms

Dedrater

Anti-virus software are all garbage really anyway, they are all reactive, not a preventative measure. Your computer is protected from you, not from a Virus.

I have never run Virus software on any of my home machines, my internet habits are such that it's impossible for a virus to infect my computer, rendering software like this pointless.

Keeping Windows patched and staying behind a hardware based firewall is all that is needed.

Boro

iTrader: (1)

Iain Young

Please ignore this person. He obviously does not know very much about viruses. Firewalls and Windows patches provide no protection whatsoever.

Antivirus programs are not just reactive, but block the things getting onto your system into the first place. I have on occaision been sent documents, or other files from trusted sources (customers, family relations etc), only to find them infected with stuff. No dodgy internet browsing habits here, but I would still have been infected. Why take the risk?

I can only assume that Mr Dedrater never clicks on any internet links, downloads anything, or simply just likes living life on the edge. Then again, if he has never run any antivirus software on his systems, how does he know if he has been infected or not?


Nod32 is one of the best bets out there. Please do not install the buggy and ineffective pile of poo that is AVG...

Dedrater

The opposite actually, I am just doing my MPhil CS thesis, titled Heuristic functions I wont go into detail on this, I take it you know all about its use in AV programs. I am also a civilian position in the MOD in a computer security related position. Firewalls and Windows patches provide no protection whatsoever? Again, I am not going into detail on this, that is just an insane comment.

I let my IMAP webmail service provider sort this, there is zero risk to me.

I use Firefox and only allow scripts to run from trusted sites only. I use Usenet for file downloads.

Because I know what I am doing, if I am in doubt, then I simple run Hijackthis. In any case, all my data is backed up in raid arrays and I can format my C: drive and reinstall Windows within 30 minutes, if the absolute worst happened. It never has, ever.

Dedrater

Also, when I said
Take this thread for example, in regards to the Anti virus 2009 Virus, it is advertised on misleading/rouge web sites that attempt to make you think your computer is infected with a variety of malware, thus the user installs this piece of Malware.

If the OP would have been using FF, this thread would not exist.

Dedrater

To the OP run this..

http://download.bleepingcomputer.com...mbam-setup.exe

or delete these from the registry..

JackClark

Feel free to detail your thoughts on Heuristic Analysis, I'd be more than interested as I spoke of it's use in Antivirus products from '93 to '07.

Are there any Antivirus products that don't use Heuristics?

Iain Young

and.. I've been writing professional software for 20+ years (compilers, language analysis tools, security related software etc). What is your point?

Not against viruses they don't. Firewalls protect from outside attack (i.e. hackers trying to get acces to your computer). Viruses do not fall into this category. They infect you machine in variety of ways, none of which will be deflected by a firewall. The best windows patches can do is to fix a problem that already exists. They do not employ any sort of heuristics, and are not released that often. Thus, they will not protect you either.

Assuming their software is up to date of course, and assuming the files have been sent via email. How about files on a cd? There has been more than one magazine coverdisk over the years that has contained infected files.

You think Usenet is free from viruses

If this is the mentality running our defense industry, I seriously worry for our national security...

What if you've backed up a virus, (entirely possible seeing as you don't run any antivirus software). Restoring your files will just restore the virus. Entirely ineffective data security policy. You'd be laughed out of my place of work I can tell you that

Dedrater

Not to my knowledge, I don't know any that are pure SBD, I assume they would now be pointless, They would all need to use it as a general strategy. Heuristic engines in AVs are still massivly hit and miss though, to reduce the amount of false positives most AVs have reduced the level of heuristics they use. I think it will be years before computers can number crunch the huge amount of data needed to be of absolute benefit.

Avg and other subprime AVs use a Sandbox (File emulation), whereas Nod32 searches line by line for any dodgy pieces of code (File analysis). If you want to use Sandbox you might aswell go straight to the source..

Virtual Sandbox Free Edition - Free software downloads and reviews - CNET Download.com

Jack, I am more Algorithm/Metaheuristic than Analysis.

Dedrater

I never said a Firewall would protect you from a virus. To use your "fix a problem that already exists" approach, how is your AV going to protect you from say a zero day threat? In regards to AV Heuristics, unless you dedicate a server to it, it will be largely unsuccessful.

I will assume they are, if I am unsure I will run it in a Sandbox, I do not normally feel the need to though.

Tell me, as a coder, how you would compile a Virus to run in an AVI or MP3 file?

Exe files I can Sandbox. If I was the only member of staff using the computers there, I would switch off of the AV servers, as there are there to protect against the users.


I don't use images.

TonyBurns

iTrader: (3)

Well all that is gibbledigook to me
I sit here with my pc (i like to build them and make them run ) i use windows vista, i even use IE!!!!! now isnt that scary?!

Well no, because i have a GOOD internet security package, anti virus, anti spam, firewall etc etc etc (you get the picture).
I will not use hacked versions of anti virus software (though my brother in law swears by them, if its been tampered with then it could have been really tampered with leaving gaps in your security) so its an off the shelf package for me

On part of my previous job was security in the telecommunications enviroment (and not low level stuff either!) and the one thing you always remember is that you can never have enough security, the more the better, the better the more secure.
Complacency isnt your friend, you are and only you, if you know what you have put in place then you know what level of protection you are running, pop's n stuff still baffle me a bit (but im getting there ) though its all the same, protection is protection and complacency is dangerous!

Tony

Iain Young

Actually, if you read your post, that was clearly implied

It won't, (although the current AV heuristics are better than nothing at all). Having said that, companies like Eset (Nod32) release updates at regular intervals (sometime numerous updates per day). Windows patches sometimes take weeks, and rarely cover most of the viruses out there. They generally just patch security holes in the operating system / software (which isn't the same thing at all).

There is a well known saying in the computer industry. "Assumpution is the mother of all f**k ups". Do you run a virus scanner in your sandbox? If not and it appears ok, do you then assume it's ok to have on your main system? Most viruses do not flash a message on the screen to say they have installed themselves. Very often they just sit in the background silently looking for your banking details etc.

Well, for a start, an AVI file could be written to use a particular codec / decoder which would contact a server and download something nasty. Not saying that it's a common thing, but it is certainly possible to do damage if you are determined enough

How about coms, dlls, batch files, vb scripts, active-x controls etc etc. Do you really not use any of those things, even from "trusted" sources? How about if you install software demos, shareware programs etc. All can be infected.

No, they are there to protect the business. That can be from users, unexpected attacks, or genuine mistakes. You would quickly get the sack at most companies out there for bypassing data security in this manner.

Lol, even if I believed all that, it hardly makes you a typical internet user does it? Why are you even bothering to try and make recommendations like this to "normal" people, as it is obvious that most people don't live in your utopian world? It's irresponsible at best, and potentially downright dangerous advice.

Boro

iTrader: (1)

hodgy0_2

to a degree Dedrater is correct,

as I stated in a previous post on this issue we have a communal computer at home, used by 4 people, my wife and my three older kids, the youngest is 6 and tbh I reload it every 2/3 months all my software is MSI files on an external Drive, the OS is on a seperate volume to the data, My documents is redirected etc

AV programs give a false view of security, most trojans get installed by the user -- who accepts increasing byzantine messages, even Microsoft get in on the act asking you to skip active X warning messages on your browser to download updates in fact I would argue that the WGA tool is spyware anyway etc -- no wonder the consumer is confused

you can have as many locks on your front door, but if you give a bloke who knocks on iyour front your credit card and pin code -- then what good have all the locks and alarms done

its education really, even Vista's UAC just gives more prompts to which most people say yes too

the best defence is to browse the internet within a VM -- then just close the file -- job done

plus have your ever monitored the rsources that AV programs use it frightening.

I think Jack Schofield the technology journalist ran a test machine with just a natted firewall and a basic software fw with a patched OS -- he did this for a few years with no infections

Iain Young

Good ones don't use very much at all Got Symantec Endpoint software running on my work laptop, and at the moment it is using 0% cpu power, and only 460k of memory (i.e. hardly anything).

I have seen software installation cds from trusted vendors (big names) with viruses on in the past. Although not common, the interweb is not the only way of contracting them.

If you want to risk it, then that's fine. The number of virus riddled machines I've had to recover over the years suggest that the less technically minded need all the protection they can get

I've never fallen off a motorbike, or crashed my car at a track day. Doesn't stop me wearing a helmet though...

hodgy0_2

yes Iain I dont disagree with anything you say, but my point is, ultimatly it's education that will win, blind trust in technology is not the way to go (which is what the AV vendors like to push)

And I too have recovered virus riddled machines and in ALL cases recently (the days of Vendor CD's infected is long gone IMO) its the user that has installed the trojan in the first place, the machines have been fully patched and upto date virus deffs on them

on my corporate laptop -- i don't browse the internet, period, i dont open emails from people i dont know

I think the subtext of Dedraters point (although I,m sure he can speak for himself) is that people should take more rsponsibilty for their actions and not trust technology to sort it all out coz it wont

if you give the keys to the car thief -- no amount of technology is going to stop them nicking it, thats why its a people problem not a technology problem

Iain Young

I had one just before Christmas. Don't trust anyone, that's my motto

Yes and no. The only way that would work is if you make people take a technology exam before being allowed to buy a machine (not a bad idea imo ). Trouble is 99% of users out there just aren't aware of this stuff (and don't seem to be inclined to learn).

Dedrater

Iain, a few other people in my office have looked at this thread now, all came to the same conclusion, you don't sound like some who has been programming for 20+ years, not a dig, but some of the stuff you have said doesn't correlate.

In regards to this infected vendor CD, how do you know your AV software didn't reacted to it as a false positive? Would you send me this 'virus' or tell me what the cover disk was, where from etc, I will be able to decompiler and tell you actually what virus it is, or more likely is not.
For someone one cares so much about your Windows install, why are you assuming you AV is going to protect you? Most people would just run Virtual Machine, that is guaranteed secure, bar hack attacks, as detailed here..

http://www.symantec.com/avcenter/ref...ne_Threats.pdf

this is when the firewalls come in. So that is an odd comment,not to mention the fact there there are Rootkits that are undetectable by AV software.

RootkitRevealer

I can only assume that you think a computer virus spreads like a biological virus among computers and would of thought someone in the business for 20+ years would have a much more technical view point of such things.

At its heart, anti-virus software is little more than a blacklist and is a deeply flawed approach to security. Relying as you seem to do, on a blacklist model for security is tantamount to admitting failure, I can back this up. Lets look at the latest results from an independent AV test site, AV Comparatives.

The pro active test.
Retrospective / ProActive Test November 2008

The max score in this test was 71% (Antir & Kaspersky) So 71% of 45.831 virus signatures, do the math, hardly secure computing is it.

The on demand test.
August 2008

These results are distorted, max score was 99.6%, but again this was for 3 million signatures, a lower score of 99.1% (for 1.096.202 signatures) for newer virus's within a 9 month period. Nod32 scored a lowly 93%. Considering that it only takes one virus to do a machine over, it is a pointless exercise trying to "protect" against the rest. An AV is to protect against the user, Iain, why are you using it?

But who cares about most of these virus, a patched system is unaffected by most of the security risks and the rest are user input.

Lets have a look at the top 5 threats at the minute..

Virus Threats and Analysis

As you can see, to get any of these involves the user being dumb and running the virus themselves or using a unpatched version of Windows and clicking things they shouldn't.
VLC or GOM players will not do this, if any other player does then it shouldn't be a problem as you will have a Firewall running ready to block the request.
I am obviously not going to start shutting down security mainframes am I. IBM,Google and a whole load of others do not use AV software in there research divisions, they only use Whitelisting and VM.
That's not the issue with realtime AVs, it is disk usage, top end games can blue screen if you keep an AV running.

Is there no MS Cert pros on this forum? Have you got last years or the year before that, exam answer on the limitations of AVs?

Boro, good input.

Iain Young

Like what exactly?

Actually I've been programming a lot longer than that, (used to get programs published in magazines and public domain libraries right from the Dragon32 days) but I've been doing it professionally for 20+ years. Started working mainly on mainframe and unix environments (SCO and AIX mainly), and now work mostly on Windows (although still do some of the former). Worked mainly on developing compilers / language analysis tools, and software I've written is used by the majority of the major financial institutions in the world, (as well as government departments, supermarkets etc). But you can believe what you like. Doesn't bother me. There are plently of people on here who know me and know that I speak the truth

Because at the time I knew the name of the virus, and the customer admitted to the infection after the event.

No. The files/software came from a customer and is covered by NDA agreements.

I never said that it would. In fact, I did say above that no antivirus offers 100% protection. However, most good antivirus software updates on a regular basis (sometimes several time a day), so it greatly reduces the risk of you falling prey to one of the critters. Think of it as insurance

Why do you insist in being so blinkered to basic logic? The original poster (and majority of internet users) do not use a VM, probably wouldn't know how to, and most likely don't have more than one operating system license to install one with anyway. Advising these people to not use any form of protection is dangerous, and downright stupid.

I have never said that. You are inventing things to try and cover up your obvious naivety and lack of knowledge of things in the "real world". Of course viruses can only be installed by the user, however they are often very clever (and sneaky) bits of software which can trap the unwary. Just look at how many people click on those "send us your bank account details" emails.

Even 71% is better than 0%.

Sigh, this is getting boring now. I use antivirus to protect myself from other people. You may accept an attachment from a "trusted" source, but how do you know that they have scanned their files? If copying files from a server at work, how do I know they are safe and not been infected by somebody with less that careful approach to security than myself. By not running any software of this kind, you are exposing yourself to unncessary trisk,

Very few (if any) windows patches cover viruses. They cover security holes and exploits which are not really the same thing.

Which is the case in the majority of situations. Hence, most people should run an antivirus client, and people like you and me should run one to protect us against those people.

What is a "security mainframe"? Do you mean a "secure mainframe"? What has this got to do with Windows viruses?

The majority of IBM and google development is done on unix systems, so they wouldn't need windows antivirus software. I know that IBM do use av on their windows boxes (at least all the divisions I have dealt with do).

I've never had a problem with games running on the PC whilst having an AV running. I have heard of this happening with Norton and AVG, but those are well known as badly written resource hogs. Good, modern AVs (like Nod32) have a very small memory, resource, and disk footprint.

p.s. Boro, that was good input

New_scooby_04

iTrader: (4)

Just a vote for Esnet's smart security internet package here: excellent protection and small system footprint.

Made Norton look like a complete POS to be honest!

Andy Tang

iTrader: (3)

A small memory footprint is all well and good, but how does it perform?

Look at most of the reviews and the product that consistancy performs well with a small footprint, you should be looking at Avira.

I work in network security, and I would recommend a good anti virus product along with ensuring your operating system and applications are patched. A firewall would be good, but all to often I see this hindering home users rather than protecting them (as they normally turn them off completely). Please apply some level of security to wireless networks as well!!!

ScoobLou

iTrader: (21)

Not being funny here but to expect, for example, my mum to know all this is stupid! hence why virus software is a must!

Seriously if you expect everyone to know all about what you say above, then you are being silly

hodgy0_2

and thats why there is a good chance she will get infected with a Trojan/Malware, they rely on the people trusting AV products, then just clicking away on the internet/email links etc

ScoobLou

iTrader: (21)

You will never be fully protected but least by having Nod32 there is a good chance she will be ok. Not everyone is fully qualified in what the other poster is saying.

Edited as I read your reply too quick