The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
A pathetic plea for help. Virus side.
Teslan26
Registered User regular
Registered User regular
So I had a text message from my girlfriend this morning. It said that on msn there was a message from me - standard stuff for a virus:
'Lost 30 pounds, amazing pills, go to www.youmast.### or something along those lines. '
Now. When I went on my computer (it was running overnight with itunes playing me soothing tunes to sleep to) there was no evidence of that message, though it definitely went to other people as well. Since then I have spent about 4 hours nuking through my registry. Files. etc.
I have anti virus and firewall. Last night I did nothing out of the ordinary apart from load up TF2 for the first time in a while (considered custom maps pack as a possible source, not yet deleted them).
The message was sent at 8:30 in the morning whilst I was fast asleep. Odd time for it to suddenly strike.
So, this is a rough list of what I have done:
AVG free found nothing. I shan't be retaining the use of it I feel. Zonelabs free firewall is probably fine?
Turned sys-restore off. As I understand it that is a useless feature since pretty much all viruses either delete or corrupt it.
Unistalled msn live messenger. Any hints on related folders to that that I should manually delete?
Deleted every instance of cftmon in my registry. There were a lot. Also shut down every legitimate cause for the actual proccess to be running. Deleted a ton of entries for internet sites that I have NEVER visited that were listed under ###/####/domain/(list of porn/torrent/garbage sites) etc. Searched my computer for cftmon and deleted at least 3-4 different instances of it. I then, after several google searches on viruses and the like, searched for related virus attributes and some of them seemed to be there and I eliminated them.
I did trendmicro-housecall online scan twice. Found nothing.
Downloaded spybot search and destroy, and tea-timer with it. Deleted a tracker cookies me thinks.
Downloaded reg scrub xp, ran it 3 times and cleared up a bunch of stuff.
I have just run Kaspersky online scan and it comes up with nothing. No infections, or anything of that sort.
My point (sorry for taking so long).
1) Is that sufficient evidence to say my PC is now clean?
2) I believe the online cannot do a 'boot scan' - I do not know what that is or what it means. Is it likely to be important.
3) Viruses change ports/tcp-ip/etc and I would not know how to reset everything back to basic settings on that front.
Basically. I am out of ideas of things to do. Want to download a full virus scan (month trial or something for now) - but is it possible that the installation would be corrupted by something still on my machine?
I really do not want to reformat again. Really, really do not want to.
'Lost 30 pounds, amazing pills, go to www.youmast.### or something along those lines. '
Now. When I went on my computer (it was running overnight with itunes playing me soothing tunes to sleep to) there was no evidence of that message, though it definitely went to other people as well. Since then I have spent about 4 hours nuking through my registry. Files. etc.
I have anti virus and firewall. Last night I did nothing out of the ordinary apart from load up TF2 for the first time in a while (considered custom maps pack as a possible source, not yet deleted them).
The message was sent at 8:30 in the morning whilst I was fast asleep. Odd time for it to suddenly strike.
So, this is a rough list of what I have done:
AVG free found nothing. I shan't be retaining the use of it I feel. Zonelabs free firewall is probably fine?
Turned sys-restore off. As I understand it that is a useless feature since pretty much all viruses either delete or corrupt it.
Unistalled msn live messenger. Any hints on related folders to that that I should manually delete?
Deleted every instance of cftmon in my registry. There were a lot. Also shut down every legitimate cause for the actual proccess to be running. Deleted a ton of entries for internet sites that I have NEVER visited that were listed under ###/####/domain/(list of porn/torrent/garbage sites) etc. Searched my computer for cftmon and deleted at least 3-4 different instances of it. I then, after several google searches on viruses and the like, searched for related virus attributes and some of them seemed to be there and I eliminated them.
I did trendmicro-housecall online scan twice. Found nothing.
Downloaded spybot search and destroy, and tea-timer with it. Deleted a tracker cookies me thinks.
Downloaded reg scrub xp, ran it 3 times and cleared up a bunch of stuff.
I have just run Kaspersky online scan and it comes up with nothing. No infections, or anything of that sort.
My point (sorry for taking so long).
1) Is that sufficient evidence to say my PC is now clean?
2) I believe the online cannot do a 'boot scan' - I do not know what that is or what it means. Is it likely to be important.
3) Viruses change ports/tcp-ip/etc and I would not know how to reset everything back to basic settings on that front.
Basically. I am out of ideas of things to do. Want to download a full virus scan (month trial or something for now) - but is it possible that the installation would be corrupted by something still on my machine?
I really do not want to reformat again. Really, really do not want to.
Teslan26 on
0
Posts
That would require me to purchase avast?
I see it is free. Sorry. Downloading it now.
Again with the 'can a virus screw the install so avast would not be able to find it?'
Going to do another one, then a full scan. If nothing comes up can I safely call my computer clean?
I re formatted my PC about 2 months ago, because I thought I had a virus, it was running slow and being a bit crap generally. So figured I'd try to blow all the cobwebs out and reformat. The first reformat I got another virus before I had downloaded an antivirus and all the service packs. Did it again.
I still have never done internet banking on here since I lost confidence in the security of my pooter.
From my housemate's account.
His PC was turned off.
Perhaps your IM account was compromised, not your PC.
chair to Creation and then suplex the Void.
Despite the goofy name, I found it very nicely complements AVG (which came with my desktop when I bought it). It also seems to be good at finding things like registry editors, that most antivirus clients tend to miss.
Avast! is good too, but given that you already tried it...scratch that off.
Oh, and download whatever the latest service pack is for your OS (service pack 3 for XP, SP1 for Vista) and burn it to a cd, put it on a flash drive, whatever. Reformat, then immediately install the service pack before you go online to download any other updates. XPSP3 can be downloaded here.
Can I do this from my own, possibly infected computer? Or would this not simply re-infect myself?
If I were to save all my data upon an external hard drive, and then reinstall everything, including up to date virus scanner, it would scan the drive before I put it all back onto the pooter, and therefore be safe, yes?
This firewall is far from fine. Zonealarm hasn't been a good product in years. It even modifies (damages) the Windows TCP/IP stack without user permission of any kind of notification.
If you want more protection than the standard Windows Firewall then try Comodo. They offer the firewall for free as well as a whole Security Suit completely free. http://www.comodo.com/
I no longer use AVG because it has problems with False positives and misses a fair amount of items.
That... sounds like a bad thing. How serious are we talking here? Because I use Zonealarm as I was under the impression it was a decent firewall. Seems I was wrong.
If it sucks however I figure I should look into this Comodo.
Look at your Firefox extensions. Note the AVG one. Disable it and restart Firefox. Woo!
I do agree that AVG safe surf is annoying though, especially since Google already warns you if you click a malicious site in their search listing.
Give the man a silver dollar! If you can't find anything, this may be why...
That just seems, impossible. Major password changing operation to be initiated.... :-(
What web browser do you use and if you use a dedicated email program instead of web based email, what is it?
Also, running hijackthis and posting your hijackthis log here (as a linked download) us uber nerds can have a look to tell you if you've got anything dodgy still on there. Although hijackthis is useless against rootkits which hide themselves from the filesystem.
I'd also like to add that AVG has gone downhill quite a bit, I personally recommend Avira.
---
I've got a spare copy of Portal, if anyone wants it message me.
Maybe it's time for me to start looking at options......
I use firefox, with noscript add-on.
Hotmail.com for personal and outlook online university email. Sometimes I use my old excite account.
Sorry I didn't reply sooner I've been busy. Anyway it's like a time bomb, nothing usually goes wrong until it goes off. Zonealarm was a good firewall years ago. Superior up and coming competitors Sygate & Kerio were both bought out and made not free. This is what has allowed ZA to continue on for the last 5 years with all of it's problems. Because ZA is established is a big up hill batter for Comodo.
A big problem is also uninstalling ZA because it leaves a lot of junk behind. If you want to get rid of it use a program like Revo Uninstaller, it's free.