Need advice for possible virus / spyware.

TetraNitroCubaneTetraNitroCubane The DjinneratorAt the bottom of a bottleRegistered User regular
edited February 2007 in Help / Advice Forum
Sorry if this is the wrong place to ask a question like this, but it seemed like G&T wouldn't be the right forum.

So, I've got a potential virus / spyware problem... Just as a note of background, I'm running XP sp2, with Norton Antivirus (I know it sucks, but it's free from my campus, and it's not as big a resource hog as some AV programs... Plus, getting it removed from a system is damned difficult).

This morning while I was doing nothing more than browsing a few pages (This forum, CNN, and PVPonline - I am ashamed to admit that last one), Norton Anti-virus jumped to the front of my screen and told me it had caught a virus, and prevented infection. I was just reading at the time, not even loading a page. There were eight instances of a virus labeled simply as "Downloader", and Norton immediately deleted them all. It then linked to this page for the secuity response description. The files it had deleted were html files in my Opera cache.

Now, since no pages were being loaded at the time of the alert, I got a bit worried. Paranoid, I guess, is the better term. I did a full system scan with Norton (up to date), Spybot Search and Destroy (also current), and F-Secure Backlite to see if anything else was up. None of these programs came back with any problems. To make sure, I ran a Hijackthis log and put it through an auto-anaylzer, and everything on the list came back good.

To get a second opinion, I ran Panda ActiveScan's online virus scanner - And THAT program told me that I had 43 instances of spyware on my computer! Of course, it wouldn't tell me what they were - just that I had to pay them money to have the spyware removed. I was surprised that Spybot would miss any of them, let alone 43 of them.

My questions are these, in a nutshell: 1.) How on earth could a trojan downloader get into my system through a cached html file? Is there any way to combat this? I thought Opera was pretty secure this way.

2.) Is there anyway to ensure whether or not my computer is compromised or infected? So much of the software is telling me that everything's golden, but the fact that anything got through in the first place is worrying. Panda ActiveScan is only making me more uneasy. Do most of these security programs disagree with each other often? What would be the most definitive way to ensure that there are no problems, or at least to identify which problems exist?

Thanks for any help.

TetraNitroCubane on

Posts

  • robaalrobaal Registered User regular
    edited February 2007
    Meh, it's probably just some javascript that some ancient version of IE is vulnerable to.

    The other big anti-malware app is Ad-Aware, and people seem to like Trend Micro's Housecall on-line scanner.

    I would suggest getting the Ultimate Boot CD for Windows - which is a very neat live CD that can run windows apps and comes with a lot of utilities that might be helpful in checking your system.
    It comes with a couple free anti-virus programs, and some malware-removal tools (apart from the mentioned also EzPCfix) and can use them to scan your installed system's registry.
    Before burning it be sure to update all the definitions and clear the expiration option for the PreLogon module, without the latter the disc will refuse to boot :x


    and addresses in URL tags don't need quotes

    robaal on
    "Love is a snowmobile racing across the tundra when suddenly it flips over, pinning you underneath.
    At night, the ice weasels come."

  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited February 2007
    Thanks a lot for the help. It seems like everything's clean, but that Ultimate boot CD is something I'm very glad to have on hand, and I appreciate the link.

    And damn it, don't I feel like a fool now....

    TetraNitroCubane on
Sign In or Register to comment.