a virus hunt

  • Thread starter Thread starter RB
  • Start date Start date
R

RB

Just finished working on a friend's computer. He's one of those guys with
no protection. Hope there's something in here that might be of help to
someone else.

Took approx 10 hrs of trial and error stuff to get rid of the pests. One
was w32blaster. I suspect there was at least one more I couldn't positively
identify. Jitter, lockup, and instability were the up front indicators of
problems.

Restore didn't have any points prior to the problems, so that didn't help.

The way we did it was to keep running a combo of A/Vs, Spybot, and Adaware
(I brought these over on a CD, as his pc couldn't go online), and then a
Symantec W32blaster "virus specifc" tool.

Once I got the pc to where it would go online, I used Bitdefender and Panda
for scans. Something had his Norton disabled. Later, Norton was the scan
that found W32Blaster.

Strangely, I'm not sure which tool finally got rid of the pests. The hard
drive just got successively cleaner after combinations of runs of the above
programs (20-40 pests on each Spybot and Adaware runs was the norm for
awhile). I never did get the usual "quarantine" or "kill" indications you
usually get with the occasional virus that one of the programs catches. The
big deal was to get to where the A/Vs, Spybot, and Adaware would do a
complete scan without problems.

I left him with resident copies of Spybot, and Adaware, and turned his WIn
XP firewall (for what it's worth) on, with instructions to run Adaware and
Spybot every day or so.

And a good time was had by all.........
 
RB:

You didn't completely help your friend. You had to install following patch for the
RPC/RPCSS Buffer Overflow Vulnerability that is addressed by Microsoft Security Bulletin
MS03-39 http://support.microsoft.com/?kbid=824146

Please read: http://www.microsoft.com/security/incident/blast.asp

Your friend also need's a FireWall. If you don't patch the PC and him not using a FireWall
then your friend will just be re-infected.

I also suggest the installation of *ALL* MS Critical Updates ASAP.

Dave



| Just finished working on a friend's computer. He's one of those guys with
| no protection. Hope there's something in here that might be of help to
| someone else.
|
| Took approx 10 hrs of trial and error stuff to get rid of the pests. One
| was w32blaster. I suspect there was at least one more I couldn't positively
| identify. Jitter, lockup, and instability were the up front indicators of
| problems.
|
| Restore didn't have any points prior to the problems, so that didn't help.
|
| The way we did it was to keep running a combo of A/Vs, Spybot, and Adaware
| (I brought these over on a CD, as his pc couldn't go online), and then a
| Symantec W32blaster "virus specifc" tool.
|
| Once I got the pc to where it would go online, I used Bitdefender and Panda
| for scans. Something had his Norton disabled. Later, Norton was the scan
| that found W32Blaster.
|
| Strangely, I'm not sure which tool finally got rid of the pests. The hard
| drive just got successively cleaner after combinations of runs of the above
| programs (20-40 pests on each Spybot and Adaware runs was the norm for
| awhile). I never did get the usual "quarantine" or "kill" indications you
| usually get with the occasional virus that one of the programs catches. The
| big deal was to get to where the A/Vs, Spybot, and Adaware would do a
| complete scan without problems.
|
| I left him with resident copies of Spybot, and Adaware, and turned his WIn
| XP firewall (for what it's worth) on, with instructions to run Adaware and
| Spybot every day or so.
|
| And a good time was had by all.........
|
|
|
| ---
| Outgoing mail is certified Virus Free.
| Checked by AVG anti-virus system (http://www.grisoft.com).
| Version: 6.0.556 / Virus Database: 348 - Release Date: 12/26/2003
|
|
 
He does say he turned on the WinXP firewall, Dave.
what do you reckon? is it as good as ZA?
MJD
 
"Your friend also need's a FireWall. If you don't patch the PC and him not using a FireWall
then your friend will just be re-infected."

The above is an overall, encompassing, statement.

Dave



| He does say he turned on the WinXP firewall, Dave.
| what do you reckon? is it as good as ZA?
| MJD
| | > RB:
| >
| > You didn't completely help your friend. You had to install following
| patch for the
| > RPC/RPCSS Buffer Overflow Vulnerability that is addressed by Microsoft
| Security Bulletin
| > MS03-39 http://support.microsoft.com/?kbid=824146
| >
| > Please read: http://www.microsoft.com/security/incident/blast.asp
| >
| > Your friend also need's a FireWall. If you don't patch the PC and him not
| using a FireWall
| > then your friend will just be re-infected.
| >
| > I also suggest the installation of *ALL* MS Critical Updates ASAP.
| >
| > Dave
| >
| >
| >
| > | > | Just finished working on a friend's computer. He's one of those guys
| with
| > | no protection. Hope there's something in here that might be of help to
| > | someone else.
| > |
| > | Took approx 10 hrs of trial and error stuff to get rid of the pests.
| One
| > | was w32blaster. I suspect there was at least one more I couldn't
| positively
| > | identify. Jitter, lockup, and instability were the up front indicators
| of
| > | problems.
| > |
| > | Restore didn't have any points prior to the problems, so that didn't
| help.
| > |
| > | The way we did it was to keep running a combo of A/Vs, Spybot, and
| Adaware
| > | (I brought these over on a CD, as his pc couldn't go online), and then a
| > | Symantec W32blaster "virus specifc" tool.
| > |
| > | Once I got the pc to where it would go online, I used Bitdefender and
| Panda
| > | for scans. Something had his Norton disabled. Later, Norton was the
| scan
| > | that found W32Blaster.
| > |
| > | Strangely, I'm not sure which tool finally got rid of the pests. The
| hard
| > | drive just got successively cleaner after combinations of runs of the
| above
| > | programs (20-40 pests on each Spybot and Adaware runs was the norm for
| > | awhile). I never did get the usual "quarantine" or "kill" indications
| you
| > | usually get with the occasional virus that one of the programs catches.
| The
| > | big deal was to get to where the A/Vs, Spybot, and Adaware would do a
| > | complete scan without problems.
| > |
| > | I left him with resident copies of Spybot, and Adaware, and turned his
| WIn
| > | XP firewall (for what it's worth) on, with instructions to run Adaware
| and
| > | Spybot every day or so.
| > |
| > | And a good time was had by all.........
| > |
| > |
| > |
| > | ---
| > | Outgoing mail is certified Virus Free.
| > | Checked by AVG anti-virus system (http://www.grisoft.com).
| > | Version: 6.0.556 / Virus Database: 348 - Release Date: 12/26/2003
| > |
| > |
| >
| >
|
|
 
Quoth the raven named MJD:
He does say he turned on the WinXP firewall, Dave.
what do you reckon? is it as good as ZA?
Click to expand...

The WinXP firewall is an inbound firewall only. While it might suffice
to keep internet probes from finding your machine, it won't do
anything about unsolicited /outbound/ calls, such as trojans you may
catch, or spyware, or viruses trying to send emails.

I'd recommend keeping the ZoneAlarm and forgetting about the XP thing.
You might also want to consider something a little more upscale, such
as Kerio. It's free, and after the 30-day trial period, the web
content filtering shuts itself off, but all else works fine. Version
4.0.10
http://www.kerio.com/kpf_home.html
 
Quoth the raven named MJD:
Thanks for answering an honest, relevant question, and not trying
to score points!
Click to expand...

Panthers 29, Cowboys 10 *

Another data point: two unrelated friends both asked me recently why
their XP firewall was discovered to be Disabled when they knew it had
been Enabled. Both are too clueless to have turned it off themselves.

A visit proved they had no viruses or trojans, or any other type of
malware. I do not know why this occurred. (Win2K is my last MS OS.)

* American NFL football. The 'Boys couldn't score points either.
 
Back
Top