Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: elzar on April 11, 2009, 07:38:07 PM
-
I have a friend who has a PC which I believe is infected with god knows how many instances of malware (viruses, trojans, spyware, etc). I haven't had a chance to work on her PC yet but from her description of what is going on I know that has to be the problem(s). I routinely help out friends, relatives, and neighbors with this kind of thing and am amazed at all the malware I see biting peoples' PCs.
This latest case though has a different wrinkle to it. I will not be working on her PC in her house, and even if I did, I do not think she has a highspeed 'net connection, only dialup, which makes this much more difficult to work with. She will be bringing her PC over to my house to drop it off so that I can spend the time on it here.
One of the things I plan on doing is to take the avast setup_eng.exe from my PC and run it on her's to install it via a USB thumbdrive - but I'd like to know how I can then get the updates over to her PC? Is there a way for me to download those seperately onto my PC then put them on hers? Also how can I "register" the program on her PC to use it for cleaning if it is not connected to the internet, or is that not an issue? She already has Norton anti-vir on her PC and says that she is still within the license for that, so I don't plan on leaving Avast on her PC when I'm done, I just DON'T want to use Norton to scan/clean it for now since I don't trust the norton install that is already there (I will reinstall it later when I am all done if possible - otherwise I will set her up with Avast permanently).
Also if anyone has any hints for how to do the same thing for spyware (spybot, adaware, spyblaster, etc), even winxp updates, how to get the updates manually to my PC then copied over to hers with no 'net connection, that would be appreciated. I may even reverse direction and try to get her PC setup with a 'net connection in my house if that is what it takes though.
I also have a bunch of different anti-rootkit type programs that I will be using but no issues with those getting updates since they are all self-contained/as is.
Hope this question makes sense. Any advice appreciated!
-
Hi Elzar,
Ok, I'll try to help as much as possible but I'm not all that sure.
1.For VPS update with out internet connection you can go to:
http://www.avast.com/eng/updates.html
and get the latest VPS from there. Install avast and then run the file you got from there.
2.The Norton anti-virus might pose a problem. When Un-installing make sure it's completly removed by using the Norton removal tool found at:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
3.For Xp updates I am not Sure at all. I believe (don't take my word for it) that you can download the various Service Packs and install those one at a time since they should contain all the prior updates released for the system. Again this is beyond me and I make no guaranties.
Hope this helps.
-
I believe (don't take my word for it) that you can download the various Service Packs and install those one at a time since they should contain all the prior updates released for the system.
Yes, the Service Pack 3 for Windows XP includes all previously released updates for that operating system (included SP1 and 2).
You can download the Service Pack 3 installation package from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4 (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4)
Or if you want to download an ISO image:
http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en)
Also, if you want obtain updates released after SP3, you can use non-official programs, like WinUp (a pack that includes all official updates for Windows XP SP3 until 25 March [for now]). You can get WinUp from here:
http://www.winup.es/descargar.php?lang= (http://www.winup.es/descargar.php?lang=)
I hope this is enough.
-
Download and save on USB device an move to infected pc
Norman Malware Cleaner http://www.norman.com/Virus/Virus_removal_tools/24789/en
Dr.Web Cureit http://www.freedrweb.com/
-
::) Hi :
I recommend starting by using Malwarebytes' Anti-Malware AND
"SUPERAntiSpyware", NOT the other programs you mentioned .
-
Jepp true spiritsongs, but you don`t have to move any updates, norman and Dr.web are fully updated when downloading
-
I believe (don't take my word for it) that you can download the various Service Packs and install those one at a time since they should contain all the prior updates released for the system.
Yes, the Service Pack 3 for Windows XP includes all previously released updates for that operating system (included SP1 and 2).
You can download the Service Pack 3 installation package from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4 (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4)
Or if you want to download an ISO image:
http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en)
Also, if you want obtain updates released after SP3, you can use non-official programs, like WinUp (a pack that includes all official updates for Windows XP SP3 until 25 March [for now]). You can get WinUp from here:
http://www.winup.es/descargar.php?lang= (http://www.winup.es/descargar.php?lang=)
I hope this is enough.
Thanks Alioth for the confirmation. (I also have a similar issue so you've helped me out as well)
Download and save on USB device an move to infected pc
Norman Malware Cleaner http://www.norman.com/Virus/Virus_removal_tools/24789/en
Dr.Web Cureit http://www.freedrweb.com/
Solid gold... I never heard of Norman Malware Cleaner but Dr.Web Cureit is recommended by most on this forum.
-
Took me a wile to find this but here is a tried and, in my opinion, proven method of taking care of viruses. It could come in handy in the future.
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
THANKS very much for all the suggestions! I appreciate it very much.
I will start preparing some things on a thumbdrive tonight. And I forgot, but I do already have the XP SP3 update downloaded on my PC so that's a start right there as far as getting her opsys somewhat updated using that. Wouldn't surprise me if she was still virgin XP with no updates at all but I don't know yet. Ooh, I have to check to make sure I can go direct from original XP straight to SP3 or if I need to incrementally apply SP2 first. I'll check that on the MS website.
Thanks again. Once I sink my teeth into this if I find any nasties or suspicious stuff that I'm not sure what to do with I will post questions in the appropriate subforum.
-
I forgot, but I do already have the XP SP3 update downloaded on my PC so that's a start right there as far as getting her opsys somewhat updated using that. Wouldn't surprise me if she was still virgin XP with no updates at all but I don't know yet. Ooh, I have to check to make sure I can go direct from original XP straight to SP3 or if I need to incrementally apply SP2 first.
The answer was already given to that issue. You also have a download link posted. See quote below.
You can download the Service Pack 3 installation package from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4 (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4)
Or if you want to download an ISO image:
http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en)
Also, if you want obtain updates released after SP3, you can use non-official programs, like WinUp (a pack that includes all official updates for Windows XP SP3 until 25 March [for now]). You can get WinUp from here:
http://www.winup.es/descargar.php?lang= (http://www.winup.es/descargar.php?lang=)
I hope this is enough.
For your other point:
Once I sink my teeth into this if I find any nasties or suspicious stuff that I'm not sure what to do with I will post questions in the appropriate subforum.
There will be somebody willing and able to help.
Cheers.
-
Took me a wile to find this but here is a tried and, in my opinion, proven method of taking care of viruses. It could come in handy in the future.
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
I wanted to especially say thanks for these steps. I usually run something like CCLEANER to cleanout the temp stuff when everything is done disinfecting but it makes more sense to clean that temp stuff out first b4 scanning/cleaning to save time. And Step6 is a great idea! No sense leaving behind any maleware hiding in an old sysrestore backup, good idea to clear all that out too.
-
The thanks go to Tech.
I take no credit for this list. That is why I used the quotes. Tech has more experience than me so i wanted you to have it from the source.
-
WinPatrol will warn you of things making changes to the system that could affect its performance:
http://www.winpatrol.com
I have the 1GB USB Wristband and a Scotty Sports Shirt that I wear on service calls. ;D
-
I have the 1GB USB Wristband and a Scotty Sports Shirt that I wear on service calls. ;D
I didn't get it until I went to the site ;D
-
::) Hi :
I recommend starting by using Malwarebytes' Anti-Malware AND
"SUPERAntiSpyware", NOT the other programs you mentioned .
I agree having been down that road before. The updates are small and can be done via dialup as well.
NOTE: When pluging a USB key into a infected machine. Assume that infections are now on that key IE Autorun.ini threat as well as others. Plugging it back into your system could infect YOU!! Ha ha then you'll have two to work on. Been their as well having got the autorun.ini from a clients machine.
Also Microsofts Malicious software removal tool can be downloaded from their site and run but take a long time.
Run the recommended software in SAFE MODE the result are better although slower to complete. But this is not a race and many scans and reboots are usually required before their is confidence that the infections are gone. This is a process that take a lot of time. > than an hour unless you have nothing on the drive, few do and they wonder why virus removal takes so long.
PS: Boot in safe mode with networking. You can ensure the AV updates are their before scanning. I found once that even though I had updated Malware in Normal mode, it also need to be done again in Safe Mode. Odd other that different account status as this will save you some headaches.
-
Some USB's have write protection on them. See if yours has a switch similar to the old floppys.
-
Few do, however I do have a Verbatim key which has a mechanical switch which have used in working on other peoples machines. Easily write proteched. But that is rare and 99% done have this. The cost much more. I have three other keys that don't.
-
Avast also have USB protection http://www.avast.com/eng/avast-u3.html ......not free :'(
-
Yes guys, another great point, about the USB thumbdrive contamination risk.
I have 2 USB drives but neither of them have a write protect feature. I wish they did!
I only use one of those for "bad" PCs, then when I take it back to my PC I make sure I first have my anti-vir (Avast) updated & running OK b4 putting the drive in my PC. I've also done things to hopefully defeat both autorun & autoplay on my PC as an extra precaution but I 4get exactly what those were.
Searching around now I found these links that explain the various stuff - hopefully these might help someone else too:
http://www.raymond.cc/blog/archives/2008/04/22/stop-windows-from-executing-instructions-found-in-autoruninf/
http://techbybucky.blogspot.com/2008/01/how-to-disable-usb-and-cd-autorun.html
http://blog.ashfame.com/2008/03/disable-usb-autorun-save-pc-usb-viruses/
http://antivirus.about.com/od/securitytips/ht/autorun.htm
http://www.associatedcontent.com/article/303866/how_to_disable_autorun_usb_flash_drives.html?cat=15
-
This is free, with ClamWin antivirus http://portableapps.com/
-
A couple interesting things about the PC I was asking about (working on it today):
My friend's main complaints were that "people told me they got emails with dirty photos in them that they say came from me so I must be infected with the conficker worm", and "I keep getting a windows error message" at various times, and "my PC runs too slow".
Putting 2+2 together and getting 5, I assumed her PC was like the other computer illiterate folks' PCs that I try to help with similar complaints (and end up finding tons of malware running, windoze not updated thus open to possible known exploits, firewall not even running, etc etc on their PCs) I figured her PC is probably infected with god knows what and in some terrible state....but after doing a lot of work on it today I see that...
- It is not infected by any malware that i can see, testing it with several different anti-virus, anti-rootkit, anti-spywares; instead it is a pleasant surprise security wise - if anything it is protected too strongly (for the amount of resources the machine actually has)!
- Her PC is slow as hell because it is running latest XP, has tons of startup processes (mostly just needless junk as far as i am concerned), is running "NORTON INTERNET SECURITY v15.something" (suite with anti-vir, anti-spy, firewall, +more), spybot teatimer, plus another security anti-vir type program called "THREATFIRE" in realtime, and worst of all - it has only 512MB RAM!!!!!!
IMO Norton by itself is bad enough resource wise but all that other stuff too, it is just dragging the PC down to disk swapping hell. Turns out from learning more that her PC last year was badly corrupted by a bunch of viruses and another friend of hers had to reformat/reinstall XP and he got her setup with Norton and other anti-malware apps like THREATFIRE.
On principle i think it is bad to be running more than one realtime antivirus in memory at a time, setting them up to fight over things and cause some kind of unexpected havoc, let alone the system resource drain that they both may be causing, but after researching it i think that THREATFIRE can coexist with norton (please correct me if i am wrong) but i am uninstalling THREATFIRE anyway, for now at least.
I've done a bunch of things to streamline her PC, update some apps like SPYBOT, following some Secunia component update recommendations, cleanup temp files/registry/etc with CCLEANER, and most important of all will be recommending that she upgrade the PC's ram. From just a quick check on the 'net the PC can take up to 4gb ram - and it is not very expensive either. Just going from 512mb to 1gb would make a world of difference. Checking with process explorer now, at startup with not even running any applications (other than those firing up on boot like Norton) it only has about 120mb of free ram. Just running Word gets her down to about 80mb, adding her web browser it goes down to like 40mb.....
What I don't think I will be able to help her with is her windows system error that she has been getting. She saved the message and it is some kind of "stop error" relating to either hardware or a driver. It appears that she installed some kind of hardware/software thing related to how she does dictation b4 she started getting this problem, which causes windoze to crash/dump. I think she needs to go back to that hardware/software vendor and discuss the problem with them as I haven't a clue as to what that is all about. I did unselect the "dumprep 0 -u" startup command in msconfig since I don't think it needs to keep running that (?) & disabled the error reporting function in XP for now.
If folks have run into anything similar & have suggestions please comment. THANKS!
-
Well here goes nothing.
My friend's main complaints were that "people told me they got emails with dirty photos in them that they say came from me so I must be infected with the conficker worm", and "I keep getting a windows error message" at various times, and "my PC runs too slow".
Never had this and I'm not certain we can assume it's done by Confiker. As a rule of thumb, you can try and suggest changing the password for the E-mail account. Other than that I have no idea what else to do.
- Her PC is slow as hell because it is running latest XP, has tons of startup processes (mostly just needless junk as far as i am concerned), is running "NORTON INTERNET SECURITY v15.something" (suite with anti-vir, anti-spy, firewall, +more), spybot teatimer, plus another security anti-vir type program called "THREATFIRE" in realtime, and worst of all - it has only 512MB RAM!!!!!!
Well having the latest XP is not bad, in fact it's to be expected if you want to be safe. To give an example it's like saying I don't want to put airbags in my car since they add weight and it slows down the vehicle. Lame example but meant to point out that you are neglecting security for speed. My opinion anyway.
True, the multitude of security apps is overwhelming (even for me and I'm a fanatic about this) I think you can cut off some of those apps but I'm not willing to say how exactly. I use the apps listed at the bottom of each of my posts (the signature as it's called) and I have not had any problems virus wise so far.
IMO Norton by itself is bad enough resource wise but all that other stuff too, it is just dragging the PC down to disk swapping hell. Turns out from learning more that her PC last year was badly corrupted by a bunch of viruses and another friend of hers had to reformat/reinstall XP and he got her setup with Norton and other anti-malware apps like THREATFIRE.
On principle i think it is bad to be running more than one realtime antivirus in memory at a time, setting them up to fight over things and cause some kind of unexpected havoc, let alone the system resource drain that they both may be causing, but after researching it i think that THREATFIRE can coexist with norton (please correct me if i am wrong) but i am uninstalling THREATFIRE anyway, for now at least.
Yes, it's bad to have two active anti-viruses on your computer. Keep one real-time and the other as a on-demand scanner at most.
I'm not sure about Norton and Threatfire so wait for some other replies.
As for the rest, Upgrading the Ram seems sensible but i would go for 2 GB rather than just one. The error issue is something that will have to be discussed with the vendor.
Cheers
-
Thanks CCU :-)
Yeah the "conficker worm" thing was really stupid. Unfortunately it is something I've noticed recently with my non-computer friends. They've heard all this hype on the news about conficker lately and now assume any computer problem that they have is "the conficker worm". It's crazy. Her first words to me about asking for help were something like "my PC has the conficker worm and I need help to get rid of it". Sheesh.
I'm 99.9% sure that whatever that picture was that was sent out from "her" had nothing to do with any type of virus on HER PC. More likely, if it was of virus origin, then someone else that she knows is infected, and the virus acted on their PC and took an address (hers) from that person's address book or sent/received emails and made her addy the "reply to" address for sending out the wierd email.
More likely someone got access to her email account and manually sent the crap out, which in my mind is the most logical explanation, especially since she told me her mail account is YAHOO! I did tell her to change her yahoo email password but I don't think she did yet and I need to remind her to do that.
About my XP comment, I didn't mean it like it was bad that her XP is the latest/updated, just saying she is running XP on a PC with only 512mb, and also wanted to say it that it does have all the latest updates. Then adding all this other stuff on top of that like Norton Security + THREATFIRE + a bunch of other stuff that Dell preloaded, I believe that is why it is so slow.
As far as RAM goes, if it was me I would go up to whatever the max it is that the PC can take (I think it goes to 4gb), especially since it is cheap these days. 2gb would be fine too. 1gb would even have a positive impact. My PC can only go to 1gb or I would put more in it (wish I could). Sigh...gotta get a new PC someday.
T'anks!
-
T'anks!
Sure, happy to help.