Trojans

B

B.W.

I have had in the past on my laptop three different Trojans (all the WIN 32
varieties). With the help of the experts from this very useful Newsgroup I
have been able to remove them.

As I have been unable to set up the free version of Avast to automatically
perform a daily schedule to run a scan, I run a scan once a week manually.

My question is, if one of these Trojans has been on my PC for a week before
being detected what kind of damage may it have done to my computer. When I
did a search to find out what kind of problems they may cause (so could not
be on the look out for specific kinds of behaviours) I could not find any
information. So once this has happened can you ever be certain your PC has
not been compromised and is clean? The only change I seem to notice
recently is a slight slow down in operation, but then it could be my
imagination.

TIA

B.W.
 
L

Leythos

In article <#dqVmxP7HHA.484@TK2MSFTNGP06.phx.gbl>,
bwaller@aapt.net.auxxx says...
> My question is, if one of these Trojans has been on my PC for a week before
> being detected what kind of damage may it have done to my computer.

The amount and type of damage is unknown without having the PC before
you've "cleaned" it.

A "cleaned" PC is only suspected of being Clean no matter what/how you
clean it. The only clean system, after a compromise, is a wiped and
rebuilt system.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
B

B.W.

You mean reformatting the hard drive?

B.W.

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.2143e668ff720bcf9898b5@adfree.Usenet.com...
> In article <#dqVmxP7HHA.484@TK2MSFTNGP06.phx.gbl>,
> bwaller@aapt.net.auxxx says...
>> My question is, if one of these Trojans has been on my PC for a week
>> before
>> being detected what kind of damage may it have done to my computer.
>
> The amount and type of damage is unknown without having the PC before
> you've "cleaned" it.
>
> A "cleaned" PC is only suspected of being Clean no matter what/how you
> clean it. The only clean system, after a compromise, is a wiped and
> rebuilt system.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
 
R

Robert Moir

"B.W." <bwaller@aapt.net.auxxx (del xxx)> wrote in message
news:uoVJYeQ7HHA.1444@TK2MSFTNGP05.phx.gbl...
> You mean reformatting the hard drive?

That's the only way to guarantee it's clean, yes. Of course, you may well
decide that the odds of it being clean are in your favour enough, and that
it would be very inconveniant to rebuild the machine and hence take your
chances, and you may well be right if you do that too, but if we're talking
about guarantees...
 
K

Kayman

"B.W." <bwaller@aapt.net.auxxx (del xxx)> wrote in message
news:uoVJYeQ7HHA.1444@TK2MSFTNGP05.phx.gbl...
> You mean reformatting the hard drive?
>

Yes, that is what he meant. It's the only way to be 99.99% sure :)

As an alternative for the inexperienced you may wish to scan with:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Ad-Aware - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html

Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html

After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
Alternatively:
click onto Start==>Run, type "msconfig" (without quotation marks), click OK.
Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click
Restart. To go back to Normal Mode, you must access the System Configuration
utility again and click the General tab then click/check the radio button
'Normal Startup'- load all device drivers and services'.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222

For viral malware...
Download David H. Lipman's MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose Unzip
Choose Close

Execute C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your FireWall to allow it to download the needed AV vendor related
files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode. This way all the components can be downloaded from each AV
vendor's web site.
The choices are Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.

You can choose to go to each menu item and just download the needed files or
you can download the files and perform a scan in Normal Mode. Once you have
downloaded the files needed for each scanner you want to use, you should
reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again
and choose which scanner you want to run in Safe Mode.
It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.
http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

Good luck :)
 
L

Leythos

In article <uoVJYeQ7HHA.1444@TK2MSFTNGP05.phx.gbl>,
bwaller@aapt.net.auxxx says...
> You mean reformatting the hard drive?

Sort of, I mean deleting the partitions, rewriting the MBR, doing all of
this from a clean machine or from a BOOT CD.....

There really is no way to "Clean" a compromised machine, at best you can
only get the stuff YOU can find or stuff that someone else has
identified and written into a program to remove for you - and if you
consider that many newer malware are active for days and weeks before
they are detected...

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
M

Milo \(MSPSS\)

Sad to say there is no general design for W32 infection after effects, but
there are thing for sure ( quite common that manifest ) Slowdown in your
system, ad pop-ups, lockdowns on your options to open some parts of the
system ( access denied ), to the point it would say no internet connection -
but it still does. - This instances changes depending on such infections
some are as potent for 2 days or instantly some in the other hand takes a
month or more to manifest.

Rule of the thumb to avoid such ( be carefull what you click on - video
streaming sites ), and what you download in your system from music within
folders to actual applications which the company you dont know.

"B.W." <bwaller@aapt.net.auxxx (del xxx)> wrote in message
news:%23dqVmxP7HHA.484@TK2MSFTNGP06.phx.gbl...
>I have had in the past on my laptop three different Trojans (all the WIN 32
>varieties). With the help of the experts from this very useful Newsgroup I
>have been able to remove them.
>
> As I have been unable to set up the free version of Avast to automatically
> perform a daily schedule to run a scan, I run a scan once a week manually.
>
> My question is, if one of these Trojans has been on my PC for a week
> before being detected what kind of damage may it have done to my computer.
> When I did a search to find out what kind of problems they may cause (so
> could not be on the look out for specific kinds of behaviours) I could not
> find any information. So once this has happened can you ever be certain
> your PC has not been compromised and is clean? The only change I seem to
> notice recently is a slight slow down in operation, but then it could be
> my imagination.
>
> TIA
>
> B.W.
>
 
M

Milo \(MSPSS\)

Reformating the Hard Drive should be the a last option, as a preventive
measure if you have some family members who love browsing the web give them
or make sure to make them understand and use a limited account, than
administrators - On limited account you still have a buffer zone ( you can
pretty much do what you regularly do but you cant install things directly,
which can make a difference if anyone in your familty or yourself was
mislead by things while browsing the web, quite common this guys who make
this "infections", use quite a lot the reverse psychology method in luring
browsers )

"B.W." <bwaller@aapt.net.auxxx (del xxx)> wrote in message
news:uoVJYeQ7HHA.1444@TK2MSFTNGP05.phx.gbl...
> You mean reformatting the hard drive?
>
> B.W.
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.2143e668ff720bcf9898b5@adfree.Usenet.com...
>> In article <#dqVmxP7HHA.484@TK2MSFTNGP06.phx.gbl>,
>> bwaller@aapt.net.auxxx says...
>>> My question is, if one of these Trojans has been on my PC for a week
>>> before
>>> being detected what kind of damage may it have done to my computer.
>>
>> The amount and type of damage is unknown without having the PC before
>> you've "cleaned" it.
>>
>> A "cleaned" PC is only suspected of being Clean no matter what/how you
>> clean it. The only clean system, after a compromise, is a wiped and
>> rebuilt system.
>>
>> --
>>
>> Leythos
>> - Igitur qui desiderat pacem, praeparet bellum.
>> - Calling an illegal alien an "undocumented worker" is like calling a
>> drug dealer an "unlicensed pharmacist"
>> spam999free@rrohio.com (remove 999 for proper email address)
>
>
 
B

B.W.

Thanks to everyone for their replies to this query. I will take note of
what you have all advised and will be on the lookout for any suspicious
behaviour from these Trojans. I will also look at using Limited accounts.

B.W.


"Milo (MSPSS)" <V-4jpaca@mssupport.microsoft.com> wrote in message
news:A60EACBF-D19D-40B8-ADA0-E495BF9828FF@microsoft.com...
> Sad to say there is no general design for W32 infection after effects, but
> there are thing for sure ( quite common that manifest ) Slowdown in your
> system, ad pop-ups, lockdowns on your options to open some parts of the
> system ( access denied ), to the point it would say no internet
> connection - but it still does. - This instances changes depending on such
> infections some are as potent for 2 days or instantly some in the other
> hand takes a month or more to manifest.
>
> Rule of the thumb to avoid such ( be carefull what you click on - video
> streaming sites ), and what you download in your system from music within
> folders to actual applications which the company you dont know.
>
> "B.W." <bwaller@aapt.net.auxxx (del xxx)> wrote in message
> news:%23dqVmxP7HHA.484@TK2MSFTNGP06.phx.gbl...
>>I have had in the past on my laptop three different Trojans (all the WIN
>>32 varieties). With the help of the experts from this very useful
>>Newsgroup I have been able to remove them.
>>
>> As I have been unable to set up the free version of Avast to
>> automatically perform a daily schedule to run a scan, I run a scan once a
>> week manually.
>>
>> My question is, if one of these Trojans has been on my PC for a week
>> before being detected what kind of damage may it have done to my
>> computer. When I did a search to find out what kind of problems they may
>> cause (so could not be on the look out for specific kinds of behaviours)
>> I could not find any information. So once this has happened can you ever
>> be certain your PC has not been compromised and is clean? The only
>> change I seem to notice recently is a slight slow down in operation, but
>> then it could be my imagination.
>>
>> TIA
>>
>> B.W.
>>
>
 
L

Leythos

In article <A457CA3B-E9BF-4898-8BA6-4E7DBC766462@microsoft.com>, V-
4jpaca@mssupport.microsoft.com says...
> Reformating the Hard Drive should be the a last option, as a preventive
> measure if you have some family members who love browsing the web give them
> or make sure to make them understand and use a limited account, than
> administrators - On limited account you still have a buffer zone ( you can
> pretty much do what you regularly do but you cant install things directly,
> which can make a difference if anyone in your familty or yourself was
> mislead by things while browsing the web, quite common this guys who make
> this "infections", use quite a lot the reverse psychology method in luring
> browsers )

Actually, since you can't ensure that your drive is clean, even if you
use multiple anti-malware tools, formatting should be your first option
if you want a clean system.

Secondary options are only to make the machine clean enough to salvage
data from it before you format/wipe it.

If you take a typical machine that's been compromised by kids/ignorant
people browsing, loading P2P apps, and then the malware loading it's
friendly other malware, you have a machine with 20+ different malware on
it. Of those 20, you don't really know what they are doing, what they
have loaded, you don't know what unknown malware they've loaded.... So,
while you can clean it of all KNOWN malware you can't possibly be sure
you got it all.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
You must log in or register to reply here.

Similar threads

A
Keystroke Intrusion
Replies
0
Views
19
AlexanderJustice
A
M
User account causing laptop fan to spin
Replies
0
Views
15
MichaelY79
M
B
I want to SCHEDULE a FULL security scan on my Windows 10 pc for every night. I do NOT want to schedule a "quick scan". I do NOT want to perform a full
Replies
0
Views
27
BillyWood3
B
B
I want to SCHEDULE a FULL security scan on my Windows 10 pc for every night. I do NOT want to schedule a "quick scan". I do NOT want to perform a full
Replies
0
Views
33
BillyWood3
B
S
DPC_WATCHDOG_VIOLATION, so I've been getting this blue screen a lot and can't get my laptop open.
Replies
0
Views
35
SyedVista
S
Back
Top Bottom