NationStates Jolt Archive

On Saturday one of my friends used one of the computers in my office. Today it's sending hundreds of emails out. Norton antivirus didn't solve the problem. It's slowing down everything in the office. Plus it's probably spamming the hell out of some poor, unsuspecting folks. Can anyone give me some advice?

You have some SpyWare. Get a SpyWare Detector. I don't have any recondmendations though.

I used adaware and spybot. No dice. If I can't get it fixed today I'll have to take it to the computer repair shop.

www.grisoft.com. it may be a dot de, now. but the avast! free download is the best going.

do you have the Microsoft Antisypware thing?

its pretty good

do you have the Microsoft Antisypware thing?

its pretty good
Service pack 2? It was causing problems so I removed it months ago. If my idiot coworker hadn't been surfing questionable sites it everything would still be OK.

Service pack 2? It was causing problems so I removed it months ago. If my idiot coworker hadn't been surfing questionable sites it everything would still be OK.
not Service Pack 2, theres an antispyware thing MS put out that seems to be very good

here is a link: http://www.microsoft.com/athome/security/spyware/software/default.mspx

Service pack 2? It was causing problems so I removed it months ago. If my idiot coworker hadn't been surfing questionable sites it everything would still be OK.
There's a new Beta spyware program from their main page. I advise getting that.

On Saturday one of my friends used one of the computers in my office. Today it's sending hundreds of emails out. Norton antivirus didn't solve the problem. It's slowing down everything in the office. Plus it's probably spamming the hell out of some poor, unsuspecting folks. Can anyone give me some advice?
Ok first thing

Reboot in safe mode with networking (if windows xp)

At that point give it a full scan with
http://www.trendmicro.com/download/dcs.asp

Under the heading of “you are not a trend micro customer”

Download and read the read me … run full scan

I know this seems simplified but this is one of the best scanners out there … takes a bit to get used to it but it catches stuff that avg/Symantec/Norton/Mcaffee miss every time I run it.

Thanks for the suggestions, but I'm just going to save the data I need and reformat the hard drive. Once again, thank you to all those who replied.

Thanks for the suggestions, but I'm just going to save the data I need and reformat the hard drive. Once again, thank you to all those who replied.
Np ... probably best idea anyways

What you probably have there is a worm.

GABOT, SDBOT and a couple others do that.

The checkers can't keep up with them because for example GABOT has 5000 versions of it. You simply encrypt the binary to fool the detectors.

Get fport from foundstone. It's a port checker and the obvious sign is one program accessing several ports. Check the tasklist as well. A program you don't recognise doing major cpu percentages are another indicator.

Locate the file and any similar files and put them in a zip. Send them to your AV company and they will generate a patch.

Don't like symantec! :)

What you probably have there is a worm.

GABOT, SDBOT and a couple others do that.

The checkers can't keep up with them because for example GABOT has 5000 versions of it. You simply encrypt the binary to fool the detectors.

Get fport from foundstone. It's a port checker and the obvious sign is one program accessing several ports. Check the tasklist as well. A program you don't recognise doing major cpu percentages are another indicator.

Locate the file and any similar files and put them in a zip. Send them to your AV company and they will generate a patch.

Don't like symantec! :)
But it is infinatly better then MacAfee

Trash your computer and buy a Mac.

Trash your computer and buy a Mac.
It's company property. Also, if everyone followed that advice the assholes would just switch to writing viruses for Mac Operating System, no?

But it is infinatly better then MacAfee

Ahh but I have seen symantec trash a couple computers when you uninstall it. Never saw McAfee do that.

To me they are about equal when you examine their "features"

On Saturday one of my friends used one of the computers in my office. Today it's sending hundreds of emails out. Norton antivirus didn't solve the problem. It's slowing down everything in the office. Plus it's probably spamming the hell out of some poor, unsuspecting folks. Can anyone give me some advice?

Security (http://deilir.is/forrit.php)

The text is in my language but you can reed the titles of the programs and if you have any questions just ask here.

It's company property. Also, if everyone followed that advice the assholes would just switch to writing viruses for Mac Operating System, no?

Yup. Far more Windows boxes then Macs so why not write for the greater reach?

Ok first thing

Reboot in safe mode with networking (if windows xp)

At that point give it a full scan with
http://www.trendmicro.com/download/dcs.asp

Under the heading of “you are not a trend micro customer”

Download and read the read me … run full scan

I know this seems simplified but this is one of the best scanners out there … takes a bit to get used to it but it catches stuff that avg/Symantec/Norton/Mcaffee miss every time I run it.

housecall.trendmicro.com is what ive used in the past and what i recommend to my friends.

its free and its good.

It's company property. Also, if everyone followed that advice the assholes would just switch to writing viruses for Mac Operating System, no?
It would take a while though. And Mac would design a nice way of protecting them anyways, unlike Microsoft.

housecall.trendmicro.com is what ive used in the past and what i recommend to my friends.

its free and its good.

It's good to a point. They don't want to make it all powerful because you won't buy their product.

It's good but it can give false positvies(ie cleanned). GABOT sometimes works with multiple attacks. Trend says they cleanned one file but it doesn't recognise the other. After a few moments you are back to where you are started.

Also one bad drawback is you have to be on the network. So you have a dope user with a laptop, he gets infected with a version the checkers will miss, he jumps on the net and starts infecting everybody.

To the original poster, you might have it everywhere now. Some worms also hop across shares......

Security (http://deilir.is/forrit.php)

The text is in my language but you can reed the titles of the programs and if you have any questions just ask here.
Thanks for the site. I downloaded antivir and installed it on my working computer.

It's good to a point. They don't want to make it all powerful because you won't buy their product.

It's good but it can give false positvies(ie cleanned). GABOT sometimes works with multiple attacks. Trend says they cleanned one file but it doesn't recognise the other. After a few moments you are back to where you are started.

Also one bad drawback is you have to be on the network. So you have a dope user with a laptop, he gets infected with a version the checkers will miss, he jumps on the net and starts infecting everybody.

To the original poster, you might have it everywhere now. Some worms also hop across shares......
The other computers in the office don't seem to be affected. Yet. Also everyone's computer seems to be running faster now that the screwed up one has been removed.

What kind of sites might my friend (the boss's brother in law) have been browsing to download something like this?

Drunk Commie- check your tg's

Drunk Commie- check your tg's
TG'ed you back.

The other computers in the office don't seem to be affected. Yet. Also everyone's computer seems to be running faster now that the screwed up one has been removed.

What kind of sites might my friend (the boss's brother in law) have been browsing to download something like this?

There are countless ways.

He could have been in a hotel that provides network access.
Downloading music, games, or any file from a less then reputable source.
Get's a cd from an infected user.
From email(if you con't have a scanner).

The P2P sites are well known for distribution.

It's good that you aren't infected. Well you still could be. Some people have worms that distribute a virus that kicks off a few days after the worm went through.

Watch your network more then normal for about a week or 2 if you don't identify the infection.

I don't think it's spyware. They "usually" try to keep the network clean as to avoid detection.

For help avoiding this problem in the future, look at this (http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy). Also, NOD32 is currently the best (http://www.virusbulletin.com/vb100/archives/products.xml?table) antivirus program at finding viruses but not generating false positives.

For help avoiding this problem in the future, look at this (http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy). Also, NOD32 is currently the best (http://www.virusbulletin.com/vb100/archives/products.xml?table) antivirus program at finding viruses but not generating false positives.

We tried it awhile back for one the big servers. It did "ok"

I have had the "luck" of dealing with some rather nasty bugs in my career. I have talked to the backroom support of a few vendors and what I found in each of their labs?

Kaspersky

It seems to be one they try new bugs out first.

Not an endorsement as I have not tried it myself......