|
09. Oct 2010, 02:54 PM
|
#1 (permalink) |
|
Editor
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 324
|
Virus infection from my friend's computer
As I was discussing in my previous thread (please refer here):
What is the best portable anti virus software? I went with the portable emsisoft and was able to clean up his system (it wasn't so bad..mainly adware and spyware and useless startup entries (weather forecast toolbars and stuff). With Autoruns, I deleted a few entries and cleared up his system...So far so good! I was running all programs from my USB sticks.... I reached home and inserted the USB sticks and Microsoft Security Essentials immediately gave a popup about "Worm:Win32/Conficker.B!inf" and cleaned them out quickly...(too bad that there is no MSE portable  )Mercifully, I had disabled Autorun and Autoplay, thanks to Tweak ui (here: http://www.microsoft.com/windowsxp/D...powertoys.mspx)...  Some questions: 1. So the Emsisoft portable emergency kit was unable to detect this despite the fact that I had run updates till yesterday (Friday October 9, 2010). 2. The USB was powerless to protect itself from any sort of infection. Your recommendations to protect USBs please! Didn't even realize that this would happen..Oh well! Guess I'm learning more and more as the days go by....  3. Since this is conficker, I'm assuming that my friend's system needs all the latest updates including the conficker update. He has Win XP SP2...I upgraded his system today to SP3 which sadly does not have the conficker update. Guess a utility like autopatcher (http://www.autopatcher.com/) would solve his update problem since he does not have a net connection. As always your recommendations and comments are welcome. Thank you! |
|
|
|
09. Oct 2010, 03:25 PM
|
#2 (permalink) |
|
Moderator
Join Date: Jul 2008
Location: India
Posts: 9,484
|
What a coincidence! I just bought home a system of my friend, and it is infected with Conficker, and other virus. I will attempt to clean the system later tonight.
Conficker is a nasty one. I saw it in action today. It does not let you start the system in Safe Mode. It will just restart before entering into Safe Mode. It did not let me install Superantispyware. My friend wanted to install SQL Server 2008 Express on her system, but it interfered with the setup. It did not let the software install properly, and now cannot uninstall it too. The system is fairly new, and my friend was dumb enough not to install an antivirus. I tried to install Avast, but the system would restart on running the setup. It even deleted the Avast setup  .I was able to install MalwareBytes Antimalware, and I was able to run it too. It found the infections and cleaned them, but still Conficker remains, and the problems are still occurring. So, I think other virus have been removed, but Conficker remains. My pen drive got infected too. I had put in the pen drive to copy antivirus, MBAM, SAS etc. Although I have the pen drive vaccinated with Panda USB Vaccine, and so it won't autorun when I put it into my system, but I am not going to take the risk. I have not come across any reliable software, which can protect virus infection on pen drive. Incidentally, the system of my friend was infected from her cousin's pen drive. Microsoft's Malicious Software Removal Tool claims to remove the Conficker worm and I will try to run the tool, and see. It is available here : http://www.microsoft.com/security/worms/conficker.aspx There is also a Conficker removal tool from Symantec too available here : http://www.symantec.com/security_res...011316-0247-99 I will try the one from Microsoft, and see how it goes. I will inform back. I will be writing the tool, amongst other security tools on a DVD-RW, and try removing the infection. A format would be the last option. My advice would be to run the tool on your friend's system, and yours too, just to be sure that there is no infection left. If the PC is infected with Conficker, turn off the System Restore, and then scan the PC. In case of infections, it is advised to turn off System Restore. These nasties hide there, and resurface later on, even when you have cleaned the whole system.
__________________
Anupam |
|
|
|
|
09. Oct 2010, 04:20 PM
|
#3 (permalink) |
|
Editor
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 324
|
Thanks! Microsoft's malicious software removal tool is good..Never realized that this would be so useful. Added this to the list of useful portable security solutions....A scan indicates that my system is normal
 Kind of disappointed with emsisoft free emergency kit ....I think that the GUI is good and the application itself is a good idea. Too bad that it could not detect conficker (one of the worst infections) though. Guess the full paid version provides full protection against conficker.
|
|
|
|
|
09. Oct 2010, 04:34 PM
|
#4 (permalink) |
|
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 809
|
Regarding protection of a USB stick / drive, I've just recently bought a new one for use on other people's (potentially infected) computers.
After a web search I eventually managed to find one with a write protect switch. They used to be easy to get hold of, but seem less common these days. A simple but effective solution to the problem as long as you remember to flick the switch into the locked position before you plug in
|
|
|
|
|
09. Oct 2010, 04:38 PM
|
#5 (permalink) |
|
Moderator
Join Date: Jul 2008
Location: India
Posts: 9,484
|
I never gave much importance to MS Malicious Remover Tool too, until now. There are other such tools available too, to remove targeted infections, but you won't need them, or won't know about them, unless you are infected with that particular virus.
I once encountered a virus on a system, where it infected every exe file. Other antivirus could not remove the infection, and the only solution seemed to be to delete the exe files. But, then I searched for the virus name, and then found a very small tool from AVG called VCleaner, and it removed the infection completely!! No security software is foolproof. I pretty much believe in Avast, and still do, but it too failed to protect the system from infected pen drive. Even today, MBAM failed to remove the Conficker worm. This is quite a surprise, to me atleast, because I thought that Conficker being a common worm now, MBAM would be able to remove it. Seems like it can't.
__________________
Anupam |
|
|
|
|
09. Oct 2010, 04:40 PM
|
#6 (permalink) | |
|
Moderator
Join Date: Jul 2008
Location: India
Posts: 9,484
|
Quote:
__________________
Anupam |
|
|
|
|
|
09. Oct 2010, 04:54 PM
|
#7 (permalink) | |
|
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 809
|
Quote:
|
|
|
|
|
|
09. Oct 2010, 05:18 PM
|
#8 (permalink) | |
|
Copy Editor
Join Date: Sep 2009
Posts: 622
|
Quote:
__________________
Torres-no-tan-magnifico |
|
|
|
|
|
09. Oct 2010, 07:44 PM
|
#9 (permalink) | |
|
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 809
|
Quote:
|
|
|
|
|
|
09. Oct 2010, 08:04 PM
|
#10 (permalink) |
|
Senior Member
Join Date: Sep 2010
Location: Planet X
Posts: 487
|
you can manually set write protect with registry edit
or use this http://www.nareshmdr.com.np/index.ph...nfo&soft=usbwp problem is getting this onto infected drive to run without getting usb infected before then lol my solution is to have xpud/puppy linux boot off of usb drive then copying file overr to computer. remove stick and boot into windows then run usbwriteprotect and turn it on. Now stick usb drive back in and windows cant write to it now. |
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
