Virus problems. How can I remove them? *EDITED*

[DavidR]

I need to know simply if the avast home program is enough to remove the trojandownloader:win32/renos.jm. Or is other way to remove it. Windows deffender show me the error but if i press (fix it, remove all) or anything, still running and no resolve at all.
Thanks in advance!

There really is no way to say for certain other than by testing as malware names aren't set to any standard naming convention, so they can differ from one AV or anti-spyware to another.

[Misuzu]

Ok. I put in a clean flashdrive and I couldn't seem to figure out where to change the settings...

So eventually I just gave up and put in the flashdrive that I thought might have malware. I scanned the flashdrive with Avast! and MBAM. Avast said that there was no files found on the flashdrive, so I just clicked "Skip" and Avast went ahead and scanned it and it only couldn't scan one thing, it was something called Boot Read... Or something. But other than that, Avast and MBAM both said the flashdrive was clean and malware-free. 

Is there something I'm missing or is my flashdrive really just clean?
Sorry haha, I'm just making sure. 
This should be my last question, unless something else happens... 

Thanks again to everyone who helped me! 

[Tarq57]

The flashdrive probably is clean, based on that.
I'm not sure what you meant when you said "I couldn't figure out where to change the settings"
I might have already suggested it, but consider installing Autorun Eater which will block an unknown/malicious autorun entry attempting to install from a (possibly) infected flash drive.

[Misuzu]

^ Thank you. 

Sorry, I guess I have another question:

Sorry if someone already said so, but computers who share the same network can "share" malware with each other and if it's a wireless network people nearby can access your network right?

Would just simply disconnecting from the network prevent one or both of those things ("Sharing" malware or someone else using your network) from happening?

Also, how do I get a "network key" (That is what it's called right?)? A "network key" is basically a password right?
Sorry again, and thanks in advance!

[DavidR]

Computers on the same physical network can be infected across the network. People can only access your wireless network if 'you' fail to protect it, you must block access to those not specifically allowed to join the wireless network. Use strong passwords, don't have it signal its presence and secure it using WAP2 (Wireless Access Protocol 2nd version) not the old WEP (Wireless Encryption Protocol) or WAP (1st generation of the protocol), which are easier to break and gain access to the wireless network.

Google Wireless Network Security and you should get some helpful info (I don't use wireless).

If the wireless router/modem doesn't have power then it can't work, so it won't be able to connect, so the same is true for anything else in the network.

[Misuzu]

Computers on the same physical network can be infected across the network. People can only access your wireless network if 'you' fail to protect it, you must block access to those not specifically allowed to join the wireless network. Use strong passwords, don't have it signal its presence and secure it using WAP2 (Wireless Access Protocol 2nd version) not the old WEP (Wireless Encryption Protocol) or WAP (1st generation of the protocol), which are easier to break and gain access to the wireless network.

Google Wireless Network Security and you should get some helpful info (I don't use wireless).

If the wireless router/modem doesn't have power then it can't work, so it won't be able to connect, so the same is true for anything else in the network.

Thanks! 

But do you mind if I ask you this?:
If you disconnect from your network can you still get a virus/malware from another computer that has malware on it that's connected to your same network?
Thanks in advance!

[DavidR]

I don't know, not using a network, so I will ask:
If the network connection is closed from one system, then is the system visible from the other networked systems or from the network controller/interface ?

If so then in theory it would be possible. If not then what you can't see how do you infect it.

[llariel]

If you have Network Sharing & Discovery enable is visible to others. But in the same Network (router)

[DavidR]

Well you have effectively answered your own question, if visible then it may be possible.

You can try a simple test in trying to copy a file to a system that has disconnected from the network ?

[Misuzu]

I went under "Network Computers and Devices" in the control panel on my family's computer and both my computer and my family's computer has the same name. So I couldn't tell if the computer listed under the "Network Computers and Devices" was my computer or my family's computer.

Does it list your computer under the network computers? If not, then it has to be my computer. And if it is, sorry for being so computer stupid ( ) but a malware warning popped up on the YouTube video on how to secure your network, so I don't want to watch that video again, so how do you create a new "Network" or whatever it is that makes it so both my computer and my family's computer is on totally different networks so we can't spread malware to each other?

Thanks! 

EDIT: I read your last post DavidR. How exactly does that work? Do you mean that you copy a file to another computer's file sharing thing and see if the file appears in the other computer's "File Sharing" thing (Sorry I don't know what it's called) I don't totally understand. 

EDIT 2: Forget the first edit, I changed the computer's name of my computer and restarted my computer so it can apply the changes (A.K.A the new computer's name) now I should be able to tell the difference between the computers now, right? Or won't the computer's new name be shown under "Network Computers and Devices" on my family's computer?

Oh wait, nevermind, I see my new computer's name AND my family's computer's name under my family's computer's "Network Computers and Devices". I'm going to disconnect my computer from the network and see if it works. If my computer's name disappears from the network computers then my family's computer won't be able to share malware with mine? Correct?

EDIT 3: Yep, my computer's name disappeared. But my computer keeps telling me that it's trying to block a printer. I'd imagine it's trying to block the printer that was under "File Sharing" that was on my Family's Computer?

Sorry for the long post and all the questions.

[DavidR]

As I said much earlier I don't use a network, so I can't give you any practical help in that regard, but yes you are trying to copy a file from one computer to another computer on the network, having first disconnected that computer from the network.

I would suggest you only use sites to gain information on network security and not youtube as that is rife with potential for bumping into malware. Would you believe that these scum would take advantage of someone seeking help to hook them. Check out this site, http://www.onguardonline.gov/topics/wireless-security.aspx.

You don't just share files but printers also as the two come under the same heading "File and Printer Sharing for Microsoft Networks" if you check in Windows Help and Support. Because of the security implications of this sharing and not using a network I have this disabled anyway.

[Misuzu]

Thanks DavidR!

Sorry, I know I keep saying that "this is my last question" but I have more questions if you guys don't mind.

I'm very sure I don't have any kind of malware right now but I do have questions.

I have no idea how to get a better firewall... Do you buy one? Do you install one off the internet? How do you get one? Do you guys suggest any?

Now on to the malware questions:

1. How can you be sure a virus/malware is really gone? Can it come back after you remove it? If the malware can come back, how long does it normally take to come back? I trust MBAM and Avast's scans, they are accurate right? I really like them so far. But can malware "hide" from antivirus (etc...) programs?

2. What is the best way to be able to be sure (or close enough) that malware is gone?

3. The malware I got before seems to still be infected, but Avast has them locked away in it's Chest. Someone told me to just delete the malware from Avast's chest if it keeps saying their infected. What does that do? Does it remove it from my computer and totally get rid of the malware or does it just delete them from the chest's infected files list? Is there a chance that the malware could come back?

4. Can malware hide on your computer for a long period of time (Like a month or even more) and not be able to get detected by any antivirus programs and then 'appear' all of a sudden?

5. How do you get the top threat worms/malware? Like Sality or Conflicker (Not sure if I spelled them right)? Or can you just get them just like any normal more "harmless" viruses/malware?


I can really get freaked out if I get a virus/malware, so I have really been limiting myself on the internet, maybe to much. Mainly just because I barely know anything about them and I feel helpless when I get them. Is MBAM and Avast good enough programs to protect my family's computers from MOST of the virus threats out there? I need a better firewall I'm sure.

Please can someone answer all my questions? Sorry for all the questions and thanks in advance!
Sorry about any typo's.


EDIT: I found a trojan downloader tonight after updating MBAM, I know where it came from, but MBAM just simply deleted it. It should be gone before it did any harm (I didn't notice anything different), right?

[DavidR]

Really additional unrelated questions should be in their own topic or this one gets very big and confused fr those who may check them out in the future.

1. The short answer is you can't be 100% certain but given what we have done you can be reasonably sure. Of course it could come back by the same means it got there in the first place if your system is vulnerable. This topic is getting too long to go back over everything that e have covered or recommended for protection. The whole point of rootkits is to try and hide malware from systems and security applications.

2. I simply can't answer that other than what has already been covered in this topic and in my point above.

3. - You have done the right thing, 'first do no harm' don't delete, send virus to the chest and investigate.
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

4. Generally no, but all of the above and previous posts apply.

5. your best defence is ensure your OS is fully up to date as this is frequently the rout of entry for many, exploiting vulnerabilities in old software. To the same end your security applications need to be kept up to date as other applications that have any connection to the internet.

- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

6. without information, about said MBAM detection, I simply haven't got a clue what to advise.

[Misuzu]

Alright, thank you DavidR! I wasn't sure if I should have made a new topic or what, I thought the viruses/worms section was for only if you had a virus/malware. Thank you for your answer!

And I got a Trojan Downloader, but it was only called that, MBAM didn't call it anything else. All I know is I clicked "Remove Selected" after a thorough MBAM scan and it said it removed it. Oh, and I'm pretty sure the computer got it from my family member opening up a bad E-mail.

Thanks for all your help. If I have anymore questions I'll make a new topic for it.

[DavidR]

Yes, but what were the details, e.g. file name and location or registry key, etc. that is where posting the MBAM log is so valuable (and previous logs should be saved).