| Author |
Message |
Curt Palme CRT Tech
Joined: 08 Mar 2006 Posts: 24396 Location: Langley, BC
TV/Projector: All of them!
|
| Posted: Wed Mar 17, 2010 11:46 pm Post subject: Virus attack! |
|
|
FYI,. I got hit bad this morning on my main computer. It was running slow, so I rebooted, and got all sorts of 'YOU'RE INFECTED' messages on the screen, did I want to start my virus scanner? While I argued with the screen, saying my pap smears are all fine now, I knew I'd been hit. With what, I don't know, but after an hour of trying to get my virus scanner to start, it seems this virus more or less shuts down any program I try and open.
So eff it, off to the computer place I went, and dropped it off.
I'm trying on my laptop, but have no access to email, as once the email is downloaded to the computer, it's no longer on the Shaw server. That sucks!
So, email is down for a bit, until I get my computer back hopefully tomorrow. I can't even change my auto reply, as my ID was cookied on the old computer.
But, my phone still works if someonen wants to get a hold of me.
IN a week, I had my GPS swiped out of my car, my cell got stolen last night, I finally HAD to go to a phone with a QWERTY keypad, as basic phones are no longer available, and now the damn computer. THat's three. Stop now, OK?
At least I got a cantankerous 909 SMPS working today. That one was a TOUGH fix, but now I know....
|
|
| Back to top |
|
 |
Tom.W
Joined: 09 Mar 2006 Posts: 6635
|
| Posted: Wed Mar 17, 2010 11:57 pm Post subject: |
|
|
Do you have your hard drive backed up on an external hard drive ?
Did you try a system restore to an earlier date ?
|
|
| Back to top |
|
 |
AnalogRocks Forum Moderator
Joined: 08 Mar 2006 Posts: 26706 Location: Toronto, Ontario, Canada
TV/Projector: Sony 1252Q, AMPRO 4000G
|
| Posted: Wed Mar 17, 2010 11:59 pm Post subject: |
|
|
You thinking restore disk Tom?
_________________ Tech support for nothing
CRT.
HD done right!
|
|
| Back to top |
|
 |
Tom.W
Joined: 09 Mar 2006 Posts: 6635
|
|
| Back to top |
|
 |
Curt Palme CRT Tech
Joined: 08 Mar 2006 Posts: 24396 Location: Langley, BC
TV/Projector: All of them!
|
| Posted: Thu Mar 18, 2010 12:20 am Post subject: |
|
|
|
I was going to try that, but with a virus lurking, I figured I'd just take it into the shop.
|
|
| Back to top |
|
 |
Tom.W
Joined: 09 Mar 2006 Posts: 6635
|
|
| Back to top |
|
 |
Tom.W
Joined: 09 Mar 2006 Posts: 6635
|
|
| Back to top |
|
 |
Curt Palme CRT Tech
Joined: 08 Mar 2006 Posts: 24396 Location: Langley, BC
TV/Projector: All of them!
|
| Posted: Thu Mar 18, 2010 12:52 am Post subject: |
|
|
I did get one virus scanner to work that I had on the computer, but 1/2 hour later, and it locked up and a porn window had opened. Started it again, and the next time it opened www.viagra.com.
With my work PC, I don't have time to screw around. I'm better off working on CRTs, and letting the pros do the computer stuff. I will update the virus scanners once I get the unit back. Bitdefender was doing a good job, but I let the subscription expire before Christmas, and 'forgot' to renew it. I wasn't too worried, since I never download anything onto my main work computer, I have another one to surf and download, but I got screwed this morning...
|
|
| Back to top |
|
 |
Tom.W
Joined: 09 Mar 2006 Posts: 6635
|
| Posted: Thu Mar 18, 2010 3:02 am Post subject: |
|
|
I did get one virus scanner to work that I had on the computer, but 1/2 hour later, and it locked up and a porn window had opened. Started it again, and the next time it opened www.viagra.com. Smile
So does that mean it's back up and the meters running ?
|
|
| Back to top |
|
 |
Curt Palme CRT Tech
Joined: 08 Mar 2006 Posts: 24396 Location: Langley, BC
TV/Projector: All of them!
|
| Posted: Thu Mar 18, 2010 4:04 am Post subject: |
|
|
|
No, I'm on my laptop. Computer place says they will probably need to reload Windows after saving all my files. Piss me off!
|
|
| Back to top |
|
 |
zaphod
Joined: 16 Jun 2006 Posts: 2002 Location: Cloverdale
|
| Posted: Thu Mar 18, 2010 5:37 am Post subject: |
|
|
curt - you gotta get the virus s/w that comes with your shaw account. i can help if you want it installed. it's cleaned my PC at least once and blocked a few bad things too.
_________________ walk gently. leave a good impression.
|
|
| Back to top |
|
 |
ecrabb Forum Moderator
Joined: 13 Mar 2006 Posts: 15909 Location: Utah
TV/Projector: JVC RS40, Epson 5010
|
| Posted: Thu Mar 18, 2010 6:44 am Post subject: Re: Virus attack! |
|
|
| Curt Palme wrote: | | I'm trying on my laptop, but have no access to email, as once the email is downloaded to the computer, it's no longer on the Shaw server. That sucks! |
My God, Curt... Ask (or pay) someone to help you setup an IMAP email account, so your email isn't downloaded to that one machine and removed from the server. POP is a pain in the ass... It's the way we did things ten years ago.
Oh, and get a Mac.
SC
|
|
| Back to top |
|
 |
akajester
Joined: 09 Jul 2008 Posts: 934 Location: Wisconsin
|
| Posted: Thu Mar 18, 2010 11:53 am Post subject: |
|
|
The majority (90%) of windows viruses and malware going around right now get in via flash and pdf exploits. With those two things being almost necessary to run these days, I've found only one way to protect yourself well. Use flash player as no substitute exists. Then use foxit pdf reader (free) instead of adobe acrobat. Get any decent antivirus, free is fine, AVG works great. DO NOT use Internet Exploder! Get Firefox and install the Adblock Plus and NoScript plugins. This will prevent all scripts and most ads from loading while browsing. This is how they slip your computer the mickey. For instance, my wife got infected checking yahoo mail! So, you set this combination up and for example you go to curtpalme.com and you'll notice things don't work right. Click on the NoScript icon (bottom right "S" icon in the browser window) and say "allow curtpalme.com". This will allow the main site but not any third party linked sites for instance outsourced ads. It's an extra step but it remembers your setting for that website so you set it once per website. The majority of the websites that infect you are not from the main site! Only a few websites require other sites to work. For instance Ebay and Amazon have separate sites to load images. I had to approve the main site and a secondary site usually named something having to do with "images". This has helped me avoid viruses and other nasties for quite some time now. That is, after I had to reformat and reinstall windows about 10 times in one week for myself and other clients. It's good money though! In a few cases I was able to clean with malwarebytes antimalware another free tool, but even that isn't perfect. No software is perfect. You could even get infected using noscript, but it puts another wall between yourself and the web, one that you can control.
http://adblockplus.org/en/
http://noscript.net/
Enjoy!
|
|
| Back to top |
|
 |
WTS
Joined: 08 Mar 2006 Posts: 1276 Location: Calgary
|
| Posted: Thu Mar 18, 2010 1:08 pm Post subject: |
|
|
CUrt,
Yes for sure use Shaws F Secure for anti virus and also you can setup Outlook to keep a copy of all your emails on the shaw server, they will remain on the Shaw server until you delete them from your own computer. As for downloading F Secure just go to Shaw's website and download it. I beleive it will also delete any other forms of antivirus SW on your computer at the time of install, it's free do it. I've been using it for years and have never had a problem period no matter what I've download or whatever sites I've been to, shaw secure seems to catch them all.
_________________ Thanks
Walter
|
|
| Back to top |
|
 |
WanMan
Joined: 19 Mar 2006 Posts: 10270
|
| Posted: Thu Mar 18, 2010 1:13 pm Post subject: |
|
|
While I did get rid of some mirrored disks, I chose not to give up the mirror for my boot disks. I am wondering now if it might be wise to disconnect the second disk from that boot RAID and only reconnect it once per week or two to resync the information therein. This would have certainly reduced (minimized) the notion of a filesystem corruption across the RAIDed disks and provided a 1-2 week window of backing up in case something like this happened.
_________________ Trust no one. Absolutely no one. Advice of the board.
|
|
| Back to top |
|
 |
Curt Palme CRT Tech
Joined: 08 Mar 2006 Posts: 24396 Location: Langley, BC
TV/Projector: All of them!
|
| Posted: Thu Mar 18, 2010 2:41 pm Post subject: |
|
|
Thanks guys! I don't typically download anything onto my work computer. THe last thing I did was a service manual through a secure link from an eBay seller. Can't see the porn spam coming from there. Will do that Shaw thing as soon as I get it back. Still working on my laptop.
BTW, I am using Firefox..
|
|
| Back to top |
|
 |
akajester
Joined: 09 Jul 2008 Posts: 934 Location: Wisconsin
|
| Posted: Thu Mar 18, 2010 3:23 pm Post subject: |
|
|
You might think it couldn't possibly come from Ebay, but it can came from the ads that third parties are loading on their site. Heck, would you ever think yahoo mail would infect someone? I don't believe anyone that says one product will protect you from everything. It's just not possible. If you already use Firefox that's great, add the noscript plug-in (at least) to prevent those ads from loading in your browser without your consent. The anti-virus/security software is one of the last methods of defense you have, next to a full restore from backups. I've worked on hundreds of computers that have all had different security software install and they're all 99% effective. You need to add a block to prevent these things from loading in your web browser period.
It's like saying the airbag in your car is enough to save you. If you don't drive safe to begin with you're still at risk.
Another thing I do is use acronis backup. hang a removable drive (usb/esata/etc) off your computer and tell acronis to do a full backup (or incremental) when the computer is idle. It can do a backup of a full drive in about 10 minutes. Amazing! Then when this happens again, just do a full restore from yesterday and you're set and saved a bunch of cash too. Curt, if you want a beta copy of acronis let me know and I'll send it your way. Acronis had it free for download a while back and it works great! No need to spend a bunch of money.
|
|
| Back to top |
|
 |
lexx21
Joined: 10 Oct 2008 Posts: 119
|
| Posted: Thu Mar 18, 2010 8:20 pm Post subject: |
|
|
It sounds like you had the "antivirus live" virus. I was hit with that from a webpage. It makes it look like you have tons of virus alerts coming up but won't allow your antivirus to run. You don't have to reinstall for that one, but wipe out some reg entries and use a removal tool. It's a pain in the ass once you get it though.
I agree with one poster here. If Shaw allows for IMAP email, then that is what you should use. The emails would stay on the mail server so you can access them from any pc.
|
|
| Back to top |
|
 |
km987654
Joined: 25 Jul 2007 Posts: 2874 Location: Australia
TV/Projector: Barco BG809s
|
| Posted: Thu Mar 18, 2010 8:38 pm Post subject: |
|
|
| akajester wrote: | The majority (90%) of windows viruses and malware going around right now get in via flash and pdf exploits. With those two things being almost necessary to run these days, I've found only one way to protect yourself well. Use flash player as no substitute exists. Then use foxit pdf reader (free) instead of adobe acrobat. Get any decent antivirus, free is fine, AVG works great. DO NOT use Internet Exploder! Get Firefox and install the Adblock Plus and NoScript plugins. This will prevent all scripts and most ads from loading while browsing. This is how they slip your computer the mickey. For instance, my wife got infected checking yahoo mail! So, you set this combination up and for example you go to curtpalme.com and you'll notice things don't work right. Click on the NoScript icon (bottom right "S" icon in the browser window) and say "allow curtpalme.com". This will allow the main site but not any third party linked sites for instance outsourced ads. It's an extra step but it remembers your setting for that website so you set it once per website. The majority of the websites that infect you are not from the main site! Only a few websites require other sites to work. For instance Ebay and Amazon have separate sites to load images. I had to approve the main site and a secondary site usually named something having to do with "images". This has helped me avoid viruses and other nasties for quite some time now. That is, after I had to reformat and reinstall windows about 10 times in one week for myself and other clients. It's good money though! In a few cases I was able to clean with malwarebytes antimalware another free tool, but even that isn't perfect. No software is perfect. You could even get infected using noscript, but it puts another wall between yourself and the web, one that you can control.
http://adblockplus.org/en/
http://noscript.net/
Enjoy! |
Good advice learned the hard way:thumbsup:
One of the first things a virus or trojan software often does if it breaks free on your computer is to prevent the antivirus software from starting and even if you do manage to get that going the restore points are effected so that when the machine restarts the virus is restored.
In all these cases prevention is far better than any cure.
Last edited by km987654 on Fri Mar 19, 2010 1:59 am; edited 1 time in total
|
|
| Back to top |
|
 |
Curt Palme CRT Tech
Joined: 08 Mar 2006 Posts: 24396 Location: Langley, BC
TV/Projector: All of them!
|
| Posted: Thu Mar 18, 2010 9:11 pm Post subject: |
|
|
Well, $100 later and I'm running again. The computer Dr. got rid of it through DOS. He said it was a strange one that he hadn't seen before. Still, I lost no data. He's got me set up on AVG, we'll see how that goes.
Everything so far is working, so I'm backing up EVERYTHING to DVD in case it crashes again.
|
|
| Back to top |
|
 |
|
|