Found a virus infection that could not be cleared easily :-(.
Customer is running Norton IS (suprise suprise), but the kids did a lot of instant messenger (also seems to happen a lot), so this is what I suspect happens:
- Children and teens are much more suceptible to social engineering attacks, compared to us cynical adults.
- As kids do the messaging, they occasionally stumble across an offer to download and install 'messenger plus'.
- They think: wow, the emoticons/smiley faces are much cooler than boring microsoft & yahoo messenger
- The desire to show their friend their new 'cool' messenger overrides any boring warning messages that a firewall / antivirus / anti-malware program might pop up.
- Malware is now installed & its downhill from there
In this particular case, Norton said everything is fine, but occasionally, a red box would pop up in the bottom left hand corner, saying something like: warning, your system is infected by a virus.
I think: ok, I'll install and scan with antivir (www.free-av.com) and ewido (www.ewido.net) but they also find nothing!
This is looking like a true virus infection (probably an infected dll)
I take the laptop back to the office & have a think of the best way to fix this.
I can think of 2 options:
- I can create a boot CD with the latest anti-virus
- I can plug the drive into my main system (as a drive D: ie: not the main drive), & then do a scan from my already up-to-date antivir
Since I'm short on time, I decide option 2. I find some nasties (mostly trojans) & clean them up. Most trojans are very recent (they were added to the antivir list just 6 weeks prior to my scan!).
After that, everything is just fine.
Now, I just need to find a simple way to implement solution 1. above, while making sure I always have the most recent virus definitions… Maybe a boot disk & a virus def. file on usb.
Unless someone has a suggestion, it looks like I'll be spending some time reseaching the latest antivirus applications.