Re: [OT] Need Computer Geek Advice


"Brian Running" <brunning@xxxxxxxxxxxxxxxxx> wrote in message
news:Dbybi.40203$5j1.1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Couple of general thoughts: One, the AV software on this machine was
fully up-to-date. It DID tell me that there was a problem, it just
couldn't do anything about it. I don't know what to make of that. What
else could I have done? Two, several people have said that a virus won't
execute itself, you have to execute a file to make it go. However, in this
case, all I did was start Thunderbird, and blammo. Thunderbird didn't even
finish loading, and alerts started popping up as fast as they could. No
other program was started, no other executables were opened. Something's
fishy there, but I'm not knowledgeable enough to begin to guess what.


Ok, I've read the other postings up to this time - and I looked up the Trend
Micro product to see its specs. Your description of the problem sounds to me
like some of the more virulent malware rather than a virus. A multitude of
warning popups reminds me of the worst machine I've worked on this year (I
put about 19 hours in it - capped the billing at 4 hours). This particular
malware was pretending to be an Anti-Spyware product, and generated many
warnings to the extent that the computer was unusable. Unfortunately, I
didn't write down the name. A Google search showed it to be malware (this
was the first search I made where Google themselves warned not to go to the
site). It was one of the most difficult I ever saw to remove. AVG would not
remove it. I found several sites on a Google search that purported to remove
it - but I am inherently suspicious of programs from unknown sources. I
finally went to a site that gave a three page long list of files to search
and remove (with the machine in safe mode) and of registry entries to
delete. The program would seem to be gone, then overnight it would generate
yet another copy of itself - from yet another set of wierd name dlls.

I ran into a PC World review of the Trend Micro product, they didn't think
much of it (of course a review of any similar product can be found the same
way.)

I am inclined to think that what got to you originally may have been a zero
day exploit - one new enough that the AV companies didn't yet have a
signature for it. If you have time, let things sit for a week or so, then
copy the data from it that you need, fdisk and format it, and do a brand new
install (I also do NOT connect to the Internet until I at least have XP SP2
installed from CD on any fresh install - and my Internet connection goes
from cable modem to a SonicWall hardware based firewall (which also converts
its IP range so it acts as a router as well) then on to my network switches.

HTH,

Jim


.