Do I have a virus?

  • Thread starter Thread starter Øyvind Granberg
  • Start date Start date
Sorry....!
Some snipping went wrong...

--

Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com

"Kayman" skrev i nyhetsmeldingen:
#rhhVO5QJHA.4848@TK2MSFTNGP05.phx.gbl ...
> On Mon, 10 Nov 2008 22:40:28 +0100, Øyvind Granberg wrote:
>
>>>
>>> Or take it to a professional.
>>>
>>> From a post by Kayman in m.p.s. newsgroup
>>
>> I will NOT! The "professionals" around here is not much of profesionals.
>> hehe... don't mean to brag!
>>
> Get your facts right! I never posted this comment!
 
Øyvind Granberg" wrote

A sentence you don't want to hear from your surgeon. Ouch!
 
"Kayman" wrote in message
news:%23rhhVO5QJHA.4848@TK2MSFTNGP05.phx.gbl...
> On Mon, 10 Nov 2008 22:40:28 +0100, Øyvind Granberg wrote:

> Get your facts right! I never posted this comment!

--

I'd like to watch the video you recommended Kayman - but I get this message
when I try to install Silverlight
http://www.microsoft.com/silverlight/resou...px?errorID=1503

Are you (or anyone else here) aware of any other way to access the video -
might it be on YouTube for example? I wouldn't have a clue what to search
for in this instance!

Dave
 
On 11/10/2008 01:52 PM, Øyvind Granberg sent:
> What about this?
> If you reinstall from your original cd things still can get wrong.
> Some viruses are writing themselves to the boot sector, I think they are
> called MBF-viruses, and to the memory.
> If you delete the one on the harddisk, it rewrites it self down on the
> harddisk immidiately from a copy in RAM.
> Think about it:
> A virus is in both the memory and on the harddisk.
> You turn off the computer.
> During shut down the virus secure a copy of it self on the harddisk.
> You put in the original OS cd and boot on that.
> The virus is then activated i the same instance the OS is reaching for
> the HDD and reproduce it self again into the RAM.
> As a result you format the harddisk with the virus active i memory.
> After reformatting, and many reboots, forcing the virus to rewrite it
> self to memory and HDD many times, you still have an infected computer.
> I addition to this I think it don't have to be the virus itself, maybe a
> trojan holding the backdoor open to a certain virus.
>
>
> Am I right?

I regret to inform you, but no.

Hello ØG:

All good computer technicians will tell you:

During a proper "level and rebuild" operation, absolute strict adherence
to best industry practices and due diligence would have erased and
protected the system from any malware proliferation.

Under the same rules as above, restoring the system from known good
media will render a clean, malware free system. Guaranteed, and without
further qualification.

Warm regards to you ØG.

Pete

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
The situation is hopeless
ohmy.gif
{

Flatten and rebuild - don't worry about how some malware may
hiding somewhere waiting to reinfest your system. The chances
are small to begin with, and those cases where it isn't completely
removed - it *is*, at least, disabled.

Familiarize yourself with the process, you will be needing it again.

ohmy.gif
)

"Øyvind Granberg" wrote in message
news:8E7B6157-38A2-4A8D-8210-0BF78A45C72E@microsoft.com...
> Yes, I have disabled UAC!
> I'm like most people; Don't read what's on screen before clicking yes...
> hehe
>
>
>
>>
>> Are you running as admin and with UAC disabled?
>>
>> Maybe "flatten & rebuild" is the best choice - and learn to live with
>> UAC and limited user rights.
>>
 
"Bill Ridgeway" wrote in message
news:Oght5j9QJHA.420@TK2MSFTNGP03.phx.gbl...
> Øyvind Granberg" wrote
>
> A sentence you don't want to hear from your surgeon. Ouch!

I wouldn't even want to hear "Oops!"
 
"FromTheRafters" wrote in message
news:uBejv9DRJHA.4732@TK2MSFTNGP03.phx.gbl...
> The situation is hopeless
ohmy.gif
{
>
> Flatten and rebuild - don't worry about how some malware may
> hiding somewhere waiting to reinfest your system. The chances
> are small to begin with, and those cases where it isn't completely
> removed - it *is*, at least, disabled.
>
> Familiarize yourself with the process, you will be needing it again.
>
>
ohmy.gif
)
>

--

Hahaha!
smile.gif


However, 1PW disagrees with you FTR. He (?) said::-

"All good computer technicians will tell you:

During a proper "level and rebuild" operation, absolute strict adherence
to best industry practices and due diligence would have erased and
protected the system from any malware proliferation.

Under the same rules as above, restoring the system from known good
media will render a clean, malware free system. Guaranteed, and without
further qualification".

I'm no guru, but I think he's wrong (sorry Pete!)

Dave

--
 
Hi, it's me again ... :-)
Well, I guess the problem is solved.
I bought, downloaded and installed Malwarebytes Anti Malware for about ?20.
After scanning the system it found 10 infected locations.
Infected by a Trojan.DNS.Changer and a Trojan.Agent
After choosing to remove them all, and a reboot, everything seems to be just
fine.

Really, my friends:
Can I throw out all of my anti-mal/spy/ad/virus-ware and just keep
Malwarebytes? (hehe....?)

Nah.. seriously:
But anwer me this; why didn't Microsoft's Windows Defender, Grisoft's AVG
8, Spybot Search & Destroy and Lavasoft's AdAware stop it from establishing
itself on my system, let alone afterwards find it and erase it, while a
program like Malwarebytes did? I am flabbergasted!

--

Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com

"Øyvind Granberg" skrev i nyhetsmeldingen:
8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com ...
> Hi...
>
> There is a virus in my computer. I am convinced about that.
> I cannot download anything concerning updates to Ad-Aware or Spybot.
> I cannot download anything at all from Microsoft.com like the Outlook
> Connector or anything else I've tried.
> Neither can I download the afore mentioned files from these sites with
> FF3, Google Chrome or Opera 9.26.
>
> When browsing using IE8, I get a message stating that a pop up has been
> prenvented. Even on my own web pages where there is no pop up at all.
>
> Something is preventing me from downloading anything that I can use to
> remove it!?!?!
>
> I need help...
> Running Windows Vista Ultimate with all updates.
> AVG 8 Free
> Windows Defender
> Spybot once a week
> UAC disabled
> Firewall disabled
>
>
> Tried Bitdefender's online scanner and even that couldn't update it
> definition file.
> I have scanned thouroughly twice with AVG 8
> So too with Spybot and Windows defender.
>
> What is wrong, and how can I get rid of it?
>
> --
>
> Vennlig hilsen
> Øyvind Granberg
>
> tresfjording@live.no
> www.tresfjording.com
 
"~BD~" wrote in message
news:eSQggDERJHA.3880@TK2MSFTNGP04.phx.gbl...
>
> "FromTheRafters" wrote in message
> news:uBejv9DRJHA.4732@TK2MSFTNGP03.phx.gbl...
>> The situation is hopeless
ohmy.gif
{
>>
>> Flatten and rebuild - don't worry about how some malware may
>> hiding somewhere waiting to reinfest your system. The chances
>> are small to begin with, and those cases where it isn't completely
>> removed - it *is*, at least, disabled.
>>
>> Familiarize yourself with the process, you will be needing it again.
>>
>>
ohmy.gif
)
>>
>
> --
>
> Hahaha!
smile.gif

>
> However, 1PW disagrees with you FTR. He (?) said::-
>
> "All good computer technicians will tell you:
>
> During a proper "level and rebuild" operation, absolute strict adherence
> to best industry practices and due diligence would have erased and
> protected the system from any malware proliferation.
>
> Under the same rules as above, restoring the system from known good
> media will render a clean, malware free system. Guaranteed, and without
> further qualification".
>
> I'm no guru, but I think he's wrong (sorry Pete!)

He is not incorrect.
 
"Øyvind Granberg" wrote in message
news:253C3A03-51AE-4BB1-BA53-04492EC18FD4@microsoft.com...
> Hi, it's me again ... :-)
> Well, I guess the problem is solved.
> I bought, downloaded and installed Malwarebytes Anti Malware for about
> ?20.
> After scanning the system it found 10 infected locations.
> Infected by a Trojan.DNS.Changer and a Trojan.Agent
> After choosing to remove them all, and a reboot, everything seems to be
> just fine.
>
> Really, my friends:
> Can I throw out all of my anti-mal/spy/ad/virus-ware and just keep
> Malwarebytes? (hehe....?)
>
> Nah.. seriously:
> But anwer me this; why didn't Microsoft's Windows Defender, Grisoft's AVG
> 8, Spybot Search & Destroy and Lavasoft's AdAware stop it from
> establishing itself on my system, let alone afterwards find it and erase
> it, while a program like Malwarebytes did? I am flabbergasted!

There are gaps in coverage for all types of anti-malware/adware/spyware
applications. There are overlaps in them also. The more the merrier as far
as that goes - until something conflicts with something else.
 

> ...why didn't Microsoft's Windows Defender, Grisoft's AVG
> 8, Spybot Search & Destroy and Lavasoft's AdAware stop it from
> establishing itself on my system

That's not their job - it's *yours*!
 
From: "FromTheRafters"


| "Øyvind Granberg" wrote in message
| news:253C3A03-51AE-4BB1-BA53-04492EC18FD4@microsoft.com...
>> Hi, it's me again ... :-)
>> Well, I guess the problem is solved.
>> I bought, downloaded and installed Malwarebytes Anti Malware for about
>> ?20.
>> After scanning the system it found 10 infected locations.
>> Infected by a Trojan.DNS.Changer and a Trojan.Agent
>> After choosing to remove them all, and a reboot, everything seems to be
>> just fine.

>> Really, my friends:
>> Can I throw out all of my anti-mal/spy/ad/virus-ware and just keep
>> Malwarebytes? (hehe....?)

>> Nah.. seriously:
>> But anwer me this; why didn't Microsoft's Windows Defender, Grisoft's AVG
>> 8, Spybot Search & Destroy and Lavasoft's AdAware stop it from
>> establishing itself on my system, let alone afterwards find it and erase
>> it, while a program like Malwarebytes did? I am flabbergasted!

| There are gaps in coverage for all types of anti-malware/adware/spyware
| applications. There are overlaps in them also. The more the merrier as far
| as that goes - until something conflicts with something else.


Also I think its due to MBAM's behavioural algorithm. Bruce described it to me and its
eloquent.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
"Øyvind Granberg" wrote in message
news:253C3A03-51AE-4BB1-BA53-04492EC18FD4@microsoft.com...


> But anwer me this; why didn't Microsoft's Windows Defender, Grisoft's AVG
> 8, Spybot Search & Destroy and Lavasoft's AdAware stop it from
> establishing itself on my system, let alone afterwards find it and erase
> it, while a program like Malwarebytes did? I am flabbergasted!
>
> --

Maybe you have heard about 'turning Queen's evidence' OG?
http://www.answers.com/topic/turn-state-s-evidence

Maybe a black hat or two has/have switched sides and is/are better equiped
to help develop this relatively new anti-malware facility known as
Malwarebytes.
wink.gif


Please note, though, that it is NOT an anti-virus programme - you will still
need one of those!

Dave
 
"FromTheRafters" wrote in message
news:eD6oUjERJHA.1164@TK2MSFTNGP03.phx.gbl...
>



>> However, 1PW disagrees with you FTR. He (?) said::-
>>
>> "All good computer technicians will tell you:
>>
>> During a proper "level and rebuild" operation, absolute strict adherence
>> to best industry practices and due diligence would have erased and
>> protected the system from any malware proliferation.
>>
>> Under the same rules as above, restoring the system from known good
>> media will render a clean, malware free system. Guaranteed, and without
>> further qualification".
>>
>> I'm no guru, but I think he's wrong (sorry Pete!)


>
> He is not incorrect.

Have you time to explain, FTR?

Maybe I mis-understood.

I thought we had established that ........ um ....... 'code' *could* remain
(somewhere) within a machine (even if a shiny brand new hard disk was
installed) - albeit inactive - *until*. just possibly, it could join forces
with additional elements captured from the Internet.

Your further thoughts would be most welcome.

Dave

--
 
On 11/11/2008 01:03 PM, ~BD~ sent:
> "FromTheRafters" wrote in message
> news:uBejv9DRJHA.4732@TK2MSFTNGP03.phx.gbl...
>> The situation is hopeless
ohmy.gif
{
>>
>> Flatten and rebuild - don't worry about how some malware may
>> hiding somewhere waiting to reinfest your system. The chances
>> are small to begin with, and those cases where it isn't completely
>> removed - it *is*, at least, disabled.
>>
>> Familiarize yourself with the process, you will be needing it again.
>>
>>
ohmy.gif
)
>>
>
> --
>
> Hahaha!
smile.gif

>
> However, 1PW disagrees with you FTR. He (?) said::-
>
> "All good computer technicians will tell you:
>
> During a proper "level and rebuild" operation, absolute strict adherence
> to best industry practices and due diligence would have erased and
> protected the system from any malware proliferation.
>
> Under the same rules as above, restoring the system from known good
> media will render a clean, malware free system. Guaranteed, and without
> further qualification".
>
> I'm no guru, but I think he's wrong (sorry Pete!)
>
> Dave

Hi Dave:

I'll just paraphrase here: "I don't agree with what you said, but I will
defend to the death your right to say it..."

Pete

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
On 11/11/2008 02:04 PM, FromTheRafters sent:

Snip, snip...


> There are gaps in coverage for all types of anti-malware/adware/spyware
> applications. There are overlaps in them also. The more the merrier as far
> as that goes - until something conflicts with something else.

Probably for years to come, these words are suitable for framing. Well
said FTR.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
On 11/11/2008 01:17 PM, Øyvind Granberg sent:
> Hi, it's me again ... :-)
> Well, I guess the problem is solved.

Snip, snip...

Hello ØG:

It's simply splendid that your system is OK now. I am very happy for
you.

Using the gentlest and most respectful terms; the absolute first reply
to your original post would have shown you the path - two days ago.

I do hope we have gained an evangelist for safe computing.

Now - the posts of others in this, and similar, newsgroups will spell
out the many effective procedures for self protection. What will you
do now?

Warm regards and good wishes to you.

Pete

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
"~BD~" wrote in message
news:erwON2ERJHA.420@TK2MSFTNGP03.phx.gbl...
>
> "FromTheRafters" wrote in message
> news:eD6oUjERJHA.1164@TK2MSFTNGP03.phx.gbl...
>>
>
>
>
>>> However, 1PW disagrees with you FTR. He (?) said::-
>>>
>>> "All good computer technicians will tell you:
>>>
>>> During a proper "level and rebuild" operation, absolute strict adherence
>>> to best industry practices and due diligence would have erased and
>>> protected the system from any malware proliferation.
>>>
>>> Under the same rules as above, restoring the system from known good
>>> media will render a clean, malware free system. Guaranteed, and without
>>> further qualification".
>>>
>>> I'm no guru, but I think he's wrong (sorry Pete!)
>
>
>>
>> He is not incorrect.
>
> Have you time to explain, FTR?
>
> Maybe I mis-understood.
>
> I thought we had established that ........ um ....... 'code' *could*
> remain (somewhere) within a machine (even if a shiny brand new hard disk
> was installed) - albeit inactive -

So far so good, but here's where you might have misunderstood.

> *until*. just possibly, it could join forces with additional elements
> captured from the Internet.

Any foreign code residing in EEPROM would still run during boot.
Any code that belonged there but had been relocated to disk by the
infecting malware, wouldn't (obviously). You end up with corruption
in EEPROM but no malware.

If there is malware ITW actively flashing EEPROM then a *proper*
[whatever he said] with *strict adherence* to [what he said] would
have to include reflashing EEPROMs with the proper code.

It seems he chose his words carefully.

He also didn't suggest bringing back any programs from outside of
the "known good media". At that point it is as free of malware as it
was when new. His statement is correct.
 
On 11/11/2008 06:06 PM, FromTheRafters sent:

Snip, snip...

>> Maybe I mis-understood.
>>
>> I thought we had established that ........ um ....... 'code' *could*
>> remain (somewhere) within a machine (even if a shiny brand new hard disk
>> was installed) - albeit inactive -
>
> So far so good, but here's where you might have misunderstood.
>
>> *until*. just possibly, it could join forces with additional elements
>> captured from the Internet.
>
> Any foreign code residing in EEPROM would still run during boot.
> Any code that belonged there but had been relocated to disk by the
> infecting malware, wouldn't (obviously). You end up with corruption
> in EEPROM but no malware.
>
> If there is malware ITW actively flashing EEPROM then a *proper*
> [whatever he said] with *strict adherence* to [what he said] would
> have to include reflashing EEPROMs with the proper code.

....and of course reflashing would render new/good checksums for both
BIOS and CMOS, *individually*. Malware that /had/ flashed an EEPROM,
would have had to account for the current configuration and many custom
values, only usable then and there. The amount of code to support such
activities, even if written in assembler, would make the size of the
malware much greater and much more noticeable.

Malware only has a few places to hide. Careful cleaning of all those
places will make the problem cease to exist. In everyday practice,
most malware just lives on one's hard disk drive.

> It seems he chose his words carefully.

> He also didn't suggest bringing back any programs from outside of
> the "known good media". At that point it is as free of malware as it
> was when new. His statement is correct.

With every keystroke, I was besieged by multitudes of attorneys... :-)

Comedy aside, I'm sure you'd agree that if a flawless procedure isn't
adhered to, an exercise in futility might result. Now - how do we tell
the world?

Peace be with you always FTR.

Pete

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
Hi 1PW

According to my wife nothing will change and I will go about my life as
usual.

Are there lessons to be learned?
Yes, of course. But let me assure you that your advice regarding the process
of removing unwanted malware, was read and acknowledged early on in this
thread.

But, as an old man learning about computer twenty five years ago when
everything was free, I was reluctant to jump into my wallet and shuffle out
buckets of money to any, for me, unknown anti malware producer on the net.
I had to check around to see if this Malwarebytes was the real McCoy or just
another adware trap.
Googling around surfaced a lot of suggestions to a solution, some involving
dubious methods including shutting down firewalls and antivirus software. A
man must be cautious, you know.

Action taken:
Well, I have restartet my MS firewall. Zonealarm or Kerio or any other
similar software will not be installed due to too much inconvenience, i.e.
network wise.

So let me, here at the end, thank you all for all possible and valuable help
regarding the removal of the Trojan.DNS.Change virus, and let me tell you
that newsgroups have, for me, always been a never ending source of
information I will continue to explore in yet another twenty five years...
(I hope)

Again, thanks to you all...


--

Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com

"1PW" skrev i nyhetsmeldingen:
gfd719$8i9$1@registered.motzarella.org ...
> On 11/11/2008 01:17 PM, Øyvind Granberg sent:
>> Hi, it's me again ... :-)
>> Well, I guess the problem is solved.
>
> Snip, snip...
>
> Hello ØG:
>
> It's simply splendid that your system is OK now. I am very happy for
> you.
>
> Using the gentlest and most respectful terms; the absolute first reply
> to your original post would have shown you the path - two days ago.
>
> I do hope we have gained an evangelist for safe computing.
>
> Now - the posts of others in this, and similar, newsgroups will spell
> out the many effective procedures for self protection. What will you
> do now?
>
> Warm regards and good wishes to you.
>
> Pete
>
> --
> 1PW
>
> @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
You must log in or register to reply here.
Back
Top