Author Topic: how to fight off a *nasty* computer infection  (Read 4004 times)

0 Members and 1 Guest are viewing this topic.

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
how to fight off a *nasty* computer infection
« on: November 08, 2010, 03:47:33 PM »
This isn't robot related, but I learned a lot today from a really nasty virus that hit my computer. And hopefully it'll save you time and money better spent on robots . . .

How nasty of a computer virus? Picture this: it'll block you from going to Windows Update, downloading/installing anti-virus programs, is mostly undetectable by the top 5 anti-virus programs, and will prevent you from posting on webforums so that you can get help (that last one shocked me the most).

Step 1: Prevention
Always update all of your software that's most likely to get you infected: your browser, Adobe Acrobat, Windows Update, Flash, and Java. IE9, Firefox 3.6, and Chrome are about equally safe (I was infected while using Chrome, thought to be the safest).

Always have at least two browsers installed. In my infection, Chrome stopped functioning completely, but Firefox still worked (although it kept randomly loading malware sites).

Always keep your firewall on. I recommend Comodo, with sandbox enabled:
http://personalfirewall.comodo.com/
However, I was infected despite the firewall - it did however prevent the virus from transmitting data out, the first sign that I was infected.

Always have your anti-virus program running at full, even if it occasionally slows your computer. It's better than having your credit card information sent to some guy in Russia!

Always be aware of what programs normally run on your computer, so that you can identify the bad programs when they come. I use HijackThis for this, and it also helps me remove all the harmless crapware that slows down my computer as well: http://free.antivirus.com/hijackthis/

IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user. If you delete an important registry value, you could completely f' up your computer :-X

Step 2: Prepare for the Worst
Despite preventative measures, the nastiest of viruses will squeeze right past your defenses. The worst would even be undetectable by most anti-virus software. So it's only a matter of when, not if.

I might take some flack for this comment, but Linux will make a great backup OS. If your windows is f'ed up beyond repair, you can use Linux to:
- search the web for help
- download anti-virus software
- recover lost data
It's actually the only reason I keep Linux installed . . . :-X

Download all the anti-virus software you think you'll need *now*, before the virus blocks you from getting it later. Even install a few, just in case. See my links below.

And of course backups . . .

Create a System Restore Point by -> Start Menu: Click Start, Programs, Accessories, System Tools, System Restore. Then just follow the instructions.

Backup your important data on a USB Key and keep it in an OFF SITE location, such as a bank safety deposit box, your locked work office desk, or at a friends place (as a trade). After all, a house fire destroys everything in your house :(

Step 3: Armeggedden
Now that you're seriously infected, follow these steps one by one. It'll take you probably the entire day - but don't skip a step or think you're done because your problem appears fixed. Do all, to the very end. Each program is likely to find a virus/issue that the others missed (which happened in my case).

1) do a full virus scan with your favorite AV software (in my case, Norton AV)

2) do a full scan with AVG 2011:
http://free.avg.com/us-en/download-avg-anti-virus-free

3) do a full scan with Ad-Aware:
http://www.lavasoft.com/
restart your PC if it finds anything

4) do a full scan with Malwarebytes:
http://www.malwarebytes.org/
restart your PC if it finds anything

5) Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file. You may need your Windows installation disk.

6) do a short scan with DrWeb:
http://www.freedrweb.com/

Once the short scan has finished, Click Settings > Change Settings. Under the Scanning tab UNcheck Heuristic analysis and click OK. Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.

If it finds anything, restart. If you get to this point and are still infected . . . well . . . don't bring your computer even close to mine! lol

Step 4: Save the World
Make sure you recorded everything that infected your computer, for future reference. You may need to look up the virus later to make sure you fully cleaned it.

More importantly, keep note at the URLs the virus is sending data to/from. Or websites it forces you to go to. Report these websites. For example, in the Firefox browser under Help, there is the 'Report Web Forgery' button. This will help reduce the damage the virus will do to others who are later infected.

You can also go here:
http://www.google.com/safebrowsing/report_badware/

And lastly, teach the noobs you know how to defend themselves - otherwise we'll suffer the spam their computers spew out. Forward them this thread!

Offline roboSonny

  • Jr. Member
  • **
  • Posts: 35
  • Helpful? 0
Re: how to fight off a *nasty* computer infection
« Reply #1 on: November 08, 2010, 04:42:21 PM »
how u got infected?u couldn't remove it from safe mode?

Offline madsci1016

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,450
  • Helpful? 43
    • Personal Website
Re: how to fight off a *nasty* computer infection
« Reply #2 on: November 08, 2010, 05:06:29 PM »
Don't forget to use an Ad-Block plugin for your browser, most web based viruses load through ads. (white list your favorite sites to show support, but only if you trust their webmasters do proper Ad screening :-)

Use OpenDNS, an open alternative to your ISPs DNS servers. OpenDNS will block requests to know virus infested sites and phishing sites, keeps your credit card # from going to Russia. It will also alert you if it detects outbound virus traffic from your whole network. And it loads much faster then your ISP DNS (usually) and updates there records much faster.

If you have Win 7, your OS has built in Automatic Backup scheduling. Use it, portable hard drive, network share, anything external.

File sharing is a sure fire way to get viruses, and usually illegal. If you must do it, do it carefully. Use trusted sources, check others comments, and always scan a downloaded file before you open it.

I like the free Avast Anti-virus. AVG is buggy IMHO, and has been called out for some sketchy practices (Search Slashdot).


My setup is 5 computers, Netgear router using OpenDNS, and a Windows Home server with an Avast site license. The Windows Home server wakes up all my computers at night, performs and incremental backup, scans for viruses, applies any automatic updates, and puts them back to sleep. If anything is found across my network, I get a pop-up when I turn a computer on the next day. Been virus and problem free for years.

It's also nice that I can pull past file version of source code from the backup history whenever I really mess something up. I can restore a computer from a server image using a boot-able restore disk.

Yes, Windows Home Server is the best thing M$ has ever made, you can try it free for 90 days, and it only costs $100 if you build your own server hardware. I built one with an Atom board, uses 30 Watts of power.
« Last Edit: November 08, 2010, 05:16:18 PM by madsci1016 »

Offline madsci1016

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,450
  • Helpful? 43
    • Personal Website
Re: how to fight off a *nasty* computer infection
« Reply #3 on: November 08, 2010, 05:09:02 PM »
What was the name of the virus you got anyway?

Also, Inb4 the linux fanatics. No need to tell us why we should be using linux.
« Last Edit: November 08, 2010, 05:19:35 PM by madsci1016 »

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: how to fight off a *nasty* computer infection
« Reply #4 on: November 08, 2010, 08:25:31 PM »
Quote
Don't forget to use an Ad-Block plugin for your browser, most web based viruses load through ads. (white list your favorite sites to show support, but only if you trust their webmasters do proper Ad screening :-)

Use OpenDNS, an open alternative to your ISPs DNS servers. OpenDNS will block requests to know virus infested sites and phishing sites, keeps your credit card # from going to Russia.
Chrome and Firefox also link to anti-phishing/badwire lists, and I had those turned on . . . but even then, hackers compromise legit trustworthy sites and infect them with viruses. SoR was once compromised, infecting everyone that came . . .

Quote
What was the name of the virus you got anyway?
Viruses these days aren't singular. They come as large packages of *many* viruses, hoping that at least some of them stick. It was like 20 different viruses doing pretty much everything you can imagine. DrWeb found 12 more that all the others in the above list combined couldn't find - so I'd recommend you give it a try.

Offline Redcap

  • Full Member
  • ***
  • Posts: 80
  • Helpful? 11
Re: how to fight off a *nasty* computer infection
« Reply #5 on: November 11, 2010, 11:39:46 AM »
Just thought I'd add it's a nice idea to have Linux (or other OS) on a "LiveCD" that can be booted from at start up. [Given the system to save has a CD/DVD drive].
It saves disk space and is easy to set up for those who dislike the idea of duel booting.

http://www.livecdlist.com/ - will list a lot of LiveCD's that may help if safe mode cannot.

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: how to fight off a *nasty* computer infection
« Reply #6 on: November 11, 2010, 11:51:54 AM »
Speaking of LiveCDs, DrWeb has an anti-virus live cd, just in case you can't boot up into windows:
http://www.freedrweb.com/livecd/?lng=en

Offline garrettg84

  • Robot Overlord
  • ****
  • Posts: 187
  • Helpful? 8
  • Armchair Roboticist Extraordinaire
    • http://www.garrettgalloway.com/
Re: how to fight off a *nasty* computer infection
« Reply #7 on: November 18, 2010, 02:12:47 PM »
Don't forget to use an Ad-Block plugin for your browser, most web based viruses load through ads.

Use OpenDNS, an open alternative to your ISPs DNS servers. OpenDNS will block requests to know virus infested sites and phishing sites,

The previous are the two most important suggestions you will find on this page.

I will add four to the list:
3) UPDATE YOUR SYSTEMS REGULARLY!!! Most vulnerabilities are discovered and patches made available before they are widely exploited. These updates are to include your operating system and other installed applications *poke poke* ADOBE.

4) Find an alternative PDF reader to Adobe reader (Foxit?). The majority of 0-days I've seen out lately are in Adobe products, Adobe Reader mainly. While the other readers often have the same vulnerabilities, due to the way MOST exploits actually work the exploit simply crashes the alternatives instead of compromising your system entirely.

5) Use an alternative browser. Chrome, Opera, Firefox, etc.

6) Stop looking for inappropriate adult material on the internet  :P

Also, Inb4 the linux fanatics. No need to tell us why we should be using linux.

I am one of those linux fanatics. I use OS X and Linux exclusively. Any time I get 'technical support' calls from friends or family I send them a Ubuntu CD and walk them through installing it. They either never call me again because they are happy they never have problems, or pissed they can no longer install their malware filled time wasting games. It works out well for me.

I have no problem with the masses using and 'requiring' Windows. It keeps the bull's eye off my systems, and also keeps me employed as a security specialist. Thanks Microsoft!  ;D
« Last Edit: November 18, 2010, 03:23:56 PM by garrettg84 »
-garrett

Offline madsci1016

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,450
  • Helpful? 43
    • Personal Website
Re: how to fight off a *nasty* computer infection
« Reply #8 on: November 19, 2010, 08:07:50 AM »
Any time I get 'technical support' calls from friends or family I send them a Ubuntu CD and walk them through installing it.

I think this is only possible for a small subset of people. For example, my Mother's blood glucose meter only has Windows drivers and software. Even if I got her over her fear of change, she still couldn't use Linux because of this. And that's one of several windows only software packages she uses.

So for me, I still have to handle her tech support calls. Though now with Win7, a good anti-virus, and her using firefox; I have gotten much fewer calls then usual. Microsoft has gotten better at what they do.

and btw, I use both linux and windows everyday.

Offline totalis

  • Full Member
  • ***
  • Posts: 89
  • Helpful? 0
Re: how to fight off a *nasty* computer infection
« Reply #9 on: December 01, 2010, 12:27:54 PM »
Just a note to admin (et al)

Avira is a wonderful piece of software that will remove virii and malware etc.
I worked at a computer shop for about a year, we used the free version of this software to remove all the virii we ever had

Avira also provides a boot disk so you can get rid of nasties without even booting windows.

did i mention its free

and a lot lighter/better/faster/more free than Norton/Mcafee/Kaspersky ...

just my opinion,

T




Just checking, i did say it was free didnt i?

Offline madsci1016

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,450
  • Helpful? 43
    • Personal Website
Re: how to fight off a *nasty* computer infection
« Reply #10 on: December 02, 2010, 09:12:12 PM »
do a full scan with AVG 2011:
AVG is buggy IMHO, and has been called out for some sketchy practices (Search Slashdot).

Last night's mandatory update of AVG 2011 Free edition has caused most 64-bit Windows 7 PCs to fail while loading Windows.

And this isn't the first time. AVG has had issues like this before, and some other questionable practices. I just don't recommend it at all.

paulstreats

  • Guest
Re: how to fight off a *nasty* computer infection
« Reply #11 on: December 03, 2010, 04:16:53 AM »
1) dont ever let anybody near your main PC. other people have a habit of messing it up either with viruses or just the old "i dont know what happened, it just stopped woing but i didnt do anything".

2)if you have windows install cd then search for "Bart PE" this creates a bootable cd with a windows pre-install environment and basic tools for scanning, looking visually at directories and also running virus scanners.

3)keep a selection of virus scanners on an external drive, you can use them with Bart PE or just in windows if you lose your internet. They can also be used for repairing other PC's

4)remember to try to invoke "chkdsk /r"in windows, sometimes its not a virus but a disk error. the check disk although given a bad name by some is actually quite useful.

5)dont let anybody else use your pc (again). Windows now hides extensions by default(I suggest turning them on). Somebody can download a picture, the icon looks like a picture but there is no .jpg extension because in windows it doesnt show it. in fact the picture has a .exe extension and installs 500 viruses (its true they do).

6)Malwarebytes antimalware is free and by far the most effective malware remover.

7)any persistent pop ups requesting you to buy an antivirus program to get rid of some viruses it "found" on your PC is actually a virus. Dont pay any money and try to get rid of it.

8)if you still have a virus and know its name (you can usually find out) then do a google search for manual removal of it. It usually involves laboriously removing registry entries but it is worth taking the time to do it.

Offline Redcap

  • Full Member
  • ***
  • Posts: 80
  • Helpful? 11
Re: how to fight off a *nasty* computer infection
« Reply #12 on: December 03, 2010, 04:36:34 PM »
Quote
7)any persistent pop ups requesting you to buy an antivirus program to get rid of some viruses it "found" on your PC is actually a virus. Dont pay any money and try to get rid of it.

I recently had this kind of thing on my main pc.
It would not allow me to open any programs and safe mode didn't help.

I -did- manage to at least stop it from opening by using a program called "killbox" (run as an administrator). This in turn allowed me to update my virus scanner and get rid of it.

You may not need it often, but it's definitely a nice addition to any "toolbox", IMHO.
(And yes, it's free)

http://www.killbox.net/
« Last Edit: December 03, 2010, 04:39:59 PM by Redcap »

Offline madsci1016

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,450
  • Helpful? 43
    • Personal Website
Re: how to fight off a *nasty* computer infection
« Reply #13 on: December 13, 2010, 08:26:23 AM »
Here's case and point why you should be running with Ad Block installed on all your computers.

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: how to fight off a *nasty* computer infection
« Reply #14 on: December 13, 2010, 08:52:17 AM »
Here's case and point why you should be running with Ad Block installed on all your computers.
Yea, adblock for Chrome came out not too long ago so I use that now.

I got annoyed by all those 'trusted' ad networks that didn't test their own ads for viruses, and websites that abused the right to use ads (ie used the really annoying types of ads).

I'd really like to support websites I like, so I unblock some of them occasionally. Don't forget to unblock SoR - I only use non-intrusive non-flash image/text based ads. ;D

 


Get Your Ad Here

data_list