Titan01
join:2001-08-14
New York, NY
| constant trojans....
need some help / advise..
been helping a friend fix her comp.. keeps getting trojans every time i format. basically only uses the comp for email. but been getting trojans every single time.
what software should i use? or have actively running
currently running symantec firewall and antivirus
installed is lavasoft, spybot, and a2-squared.. |
|
Thug21
Just Chillin'
Premium
join:2005-08-21
1 edit | What exactly was found?
Could she be getting reinfected from removable media like external hard drives or usb flash drives, etc? Do you keep seeing the same exact infection?
In addition to a reformat, these days I think you need to do a fixmbr to get rid of any possible rootkits there.
Also, what version of Symantec? Is it an old one? |
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
1 edit | reply to Titan01
said by Titan01  :need some help / advise.. been helping a friend fix her comp.. keeps getting trojans every time i format. basically only uses the comp for email. but been getting trojans every single time. what software should i use? or have actively running currently running symantec firewall and antivirus installed is lavasoft, spybot, and a2-squared.. Possible Master Boot Record infection, anyone?
I've read on the internet that MBR infections are now way out of fad, however hackers are going more for hijacking your computer for spamming and identity theft purposes not to destroy your hard drive/Windows Configuration.
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/
|
|
BdoneWithIt
| reply to Titan01
As all she does is email, format, then install ubuntu, or something similar, and be done with the problems. |
|
redwolfe_98
join:2001-06-11
 ·RoadRunner Cable
1 edit | reply to Titan01
you should make sure that some firewall is running before reconnecting to the internet, after reformatting..
also, to insure that no malware survives a reformat, you should overwrite the "MBR" (master boot record), on the harddrive, before reformatting..
lastly, make sure that no malware is stored in the files that are being used for backups..
to overwrite the "MBR", you should be able to use some program from the harddrive manufacturer, for that..
if nothing else, you could run win xp's "recovery console" and, within the "recovery console", use the "fixmbr" command, which will re-write the "MBR".. then reformat.. |
|
Titan01
join:2001-08-14
New York, NY
| reply to Thug21
said by Thug21 :What exactly was found? Could she be getting reinfected from removable media like external hard drives or usb flash drives, etc? Do you keep seeing the same exact infection? In addition to a reformat, these days I think you need to do a fixmbr to get rid of any possible rootkits there. Also, what version of Symantec? Is it an old one? i dont think its from removable media... symantec is the newest one i believe... its from the school website. |
|
Titan01
join:2001-08-14
New York, NY | reply to BdoneWithIt
said by BdoneWithIt :
As all she does is email, format, then install ubuntu, or something similar, and be done with the problems.
whats ubuntu ... how does it wokr? |
|
BdoneWithIt
| It's a non-windows, free operating system. |
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
1 edit | reply to Titan01
said by Titan01 :said by BdoneWithIt :
As all she does is email, format, then install ubuntu, or something similar, and be done with the problems.
whats ubuntu ... how does it wokr? I prefer Redhat Fedora myself!
»www.ubuntu.com/
»en.wikipedia.org/wiki/Ubuntu
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/
|
|
planet
join:2001-11-05
Olmsted Falls, OH
·Cox HSI
1 edit | reply to Titan01
said by Titan01 :need some help / advise.. been helping a friend fix her comp.. keeps getting trojans every time i format. basically only uses the comp for email. but been getting trojans every single time. what software should i use? or have actively running currently running symantec firewall and antivirus installed is lavasoft, spybot, and a2-squared.. Is all her software up to date, including Windows updates, java, adobe flash and reader? What type of browser is she using? Is she running java and active x wide open?
And, is she opening questionable attachments or spam? |
|
Titan01
join:2001-08-14
New York, NY
| said by planet :said by Titan01 :need some help / advise.. been helping a friend fix her comp.. keeps getting trojans every time i format. basically only uses the comp for email. but been getting trojans every single time. what software should i use? or have actively running currently running symantec firewall and antivirus installed is lavasoft, spybot, and a2-squared.. Is all her software up to date, including Windows updates, java, adobe flash and reader? What type of browser is she using? Is she running java and active x wide open? And, is she opening questionable attachments or spam? everything is up to date after i formatted it... no spam or attachments being opened to my knowledge. |
|
Titan01
join:2001-08-14
New York, NY
| well aside from trying to figure out the problem... what do you guys recommend as in terms of trojan removers and if i do get it removed should i have a trojan/spyware blocker running in the background??
as i mentioned earlier. i only have symantec running in the background usually for my computer as well as hers. |
|
a4nic8er
Tempus Fugit, Carpe Cerevisi
join:2001-03-09
New Zealand
clubs:
 ·Xnet
·Xtra Broadband
1 edit | reply to Titan01
said by Titan01 :need some help / advise.. basically only uses the comp for email. but been getting trojans every single time. Step 1: Clean out (uninstall) any ActiveX, browser plugins, toolbars, cursors. Turn off scripting and Active Content. Disable Autorun (so she doesn't keep trying to reinfect with that manky CD of 'cool stuff' someone gave her).
Step 2: Create a new Administrator (Power User) account and password it, log on to it and change her account to Limited User. Then, while still logged on the Administrator account...
Step 3: Install Avast!, SpywareBlaster, SpybotS&D.
Step 4: Update and run all of the above (including SpybotS&D Immunise & Hosts).
Step 5: Ensure all software is patched (Windows, Browser, Java, Flash). If you don't want her using flash, initiate the 'Flash Killer' in SpywareBlaster.
Step 6: Set Windows "Automatic Updates" to Automatic (recommended).
Step 7: Log on to her Limited User account and run SpywareBlaster then SpybotS&D.
That's pretty much what I did to protect my sister from herself. The 2nd step is the most effective. About once a month I log on the Administrator account and update SpywareBlaster and SpybotS&D, then Immunise and do a scan with it. I let her use Flash. Instead of having to "fix" her laptop every couple of months, she is amazed that it hasn't "slowed down" or started opening all those "weird windows" any more.
--
If laughter can be contagious, why do we never hear of any mirth epidemics? |
|
redwolfe_98
join:2001-06-11
·RoadRunner Cable
2 edits | reply to Titan01
titan, i forgot to mention.. when you say that you reformat, a "dirty install" will not get rid of malware.. you have to do a "clean" re-install.. with win xp, a clean re-install is where you boot from the win xp cd and format the harddrive, as opposed to just sticking the cd in the cd-rom drive, while windows is running, and then running the install, which woud be a "dirty install".. (you also can do a "dirty install" when booting from the cd-rom drive, if you select to do a "repair install")..
if you erase the "MBR" before installing windows, you won't have to worry about doing a "dirty install" because you won't have that option..
i don't use "norton", myself, but i believe it is is good enough (to say the least) to help to keep you from getting infected with malware.. however, there is a lot of bad stuff on the internet, these days, and so you have to try to do whatever you can to keep from getting infected with malware..
if you want to run a supplemental antimalware-program, well, in most cases, you can do that, if you want to, but there are some exceptions, where some antivirus programs do not get along with other antimalware programs.. i don't know if "norton" is one of those exceptions, or not..
anyway, there are different things that you can do, like using a limited-user account, using high security-settings, in IE, using "firefox", with "noscript".. you also could use "adblock plus", with "firefox".. i use it..
also, use a HOSTS file, which will block access to a lot of malcious stuff.. you should use both the winhelp2002 HOSTS file and the hpHosts HOSTS file.. (i use others, too, all merged together)..
also, try to keep everything up-to-date..
also, if you want to go to the trouble, you could create some custom firewall-rules, to block access to some malicious stuff, on the internet..
i sympathize with your friend.. it really isn't her fault that she is picking up malware, there is so much bad stuff on the internet, these days.. it seems almost impossible to use the internet, now, without getting infected with malware..
i think that if you reformat your friend's computer, again, she will be OK, where she won't get any more malware..hopefully..
p.s. if you are going to use a relatively large HOSTS file, like the hpHosts HOSTS file, it would be best to use some program, like "funky toad's HOMER", along with it.. also, when using a relatively large HOSTS file, you need to disable the "DNS client service", in window's "services".. |
|
