Tricky virus infection
Found a virus infection that could not be cleared easily :-(.
Customer is running Norton IS (suprise suprise), but the kids did a lot of instant messenger (also seems to happen a lot), so this is what I suspect happens:
- Children and teens are much more suceptible to social engineering attacks, compared to us cynical adults.
- As kids do the messaging, they occasionally stumble across an offer to download and install 'messenger plus'.
- They think: wow, the emoticons/smiley faces are much cooler than boring microsoft & yahoo messenger
- The desire to show their friend their new 'cool' messenger overrides any boring warning messages that a firewall / antivirus / anti-malware program might pop up.
- Malware is now installed & its downhill from there
In this particular case, Norton said everything is fine, but occasionally, a red box would pop up in the bottom left hand corner, saying something like: warning, your system is infected by a virus.
I think: ok, I'll install and scan with antivir (www.free-av.com) and ewido (www.ewido.net) but they also find nothing!
This is looking like a true virus infection (probably an infected dll)
I take the laptop back to the office & have a think of the best way to fix this.
I can think of 2 options:
- I can create a boot CD with the latest anti-virus
- I can plug the drive into my main system (as a drive D: ie: not the main drive), & then do a scan from my already up-to-date antivir
Since I'm short on time, I decide option 2. I find some nasties (mostly trojans) & clean them up. Most trojans are very recent (they were added to the antivir list just 6 weeks prior to my scan!).
After that, everything is just fine.
Now, I just need to find a simple way to implement solution 1. above, while making sure I always have the most recent virus definitions… Maybe a boot disk & a virus def. file on usb.
Unless someone has a suggestion, it looks like I'll be spending some time reseaching the latest antivirus applications.
hi,
little flashing warnings?
Sounds like one of the smitfrad variants.
It pops up in various incarnations such
as spy sherrif,spyax etc
It can be a bugger to move, but there is an automated tool.
Sometimes even this doesn’t work.”Hijack this”
can then help dig out remnants.The forum guys
are really helpful at reading the logs HJ creates
and ID’ing problems.
I’d suggest doing a search on google
for info on it.
Hope this may help.
Cheers.
Hi Dave,
I don’t think the warning flashed. It was a small dark box with a red border.
It appeared for a few seconds, then dissapeared… Similar to how Norton pops up a notification box to say it blocked (or allowed) some traffic, based of one of its rules.
Anyway, it was easy to remove once the drive was not the primary drive.
I’ve used Hijack This for lots of spyware, but HJT cannot detect a true virus which attaches itself to an exe or dll.
Yep, the forum guys are helpful, & I usually find a solution by just finding someone else who had a similar problem (I don’t want to clutter the forums with duplicate requests).
Thanks for stopping by.
Now I just need to find some time to work on an “in the field” virus/spyware removal system…