?
Solved

how did this virus get on my computer?

Posted on 2005-03-02
13
Medium Priority
?
233 Views
Last Modified: 2010-04-11
I have had Trojans before and gotten rid of them with my AVG, etc.
I had nothing open just now but my Outlook Express and was not even sending or receving.
Up popped AVG to tell me this virus had been detected:
C:\SystemVolume Information\_restore478450E9 and so on .dll (backdoor trojan)

My question is how did it get on my computer and when?
did it arrive on a clean virus free e-mail, part of a virus free attatchment, from visiting a website or how and when?

It seems to me, from my memory, that the last trojan I had was noticed by me in a similar way. I am online but inactive, not surfing or anything, and after a period of idleness up pops the AVG.

why would being idle for awhile cause the detection of the virus?
0
Comment
Question by:nickg5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 37

Accepted Solution

by:
Harisha M G earned 600 total points
ID: 13445563
Hi nickg5,

It is not possible to tell how a virus enters one's system...
But it seems that a trace of the virus was left on your system and it has activated itself again.
Run these tools from SAFE MODE with SYSTEM RESTORE OFF:
__________________________________________________________________________________________
Spy Bot Search & Destroy:
http://www.safer-networking.org/en/mirrors/index.html
http://www.spychecker.com/program/spybot.html
__________________________________________________________________________________________
Spy Sweeper:
http://www.spychecker.com/program/spysweeper.html
__________________________________________________________________________________________
Ad-Aware SE Personal Edition:
http://www.spychecker.com/download/download_adaware.html
__________________________________________________________________________________________
Free Online Scan:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&close_parent=true
__________________________________________________________________________________________
SpywareBlaster
http://www.spychecker.com/program/spywareblaster.html
__________________________________________________________________________________________
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
__________________________________________________________________________________________
HijackThis
http://tools.radiosplace.com/HijackThis.exe
Submit logfile to http://www.hijackthis.de
__________________________________________________________________________________________

Bye
---
Harish

Bye
---
Harish
0
 
LVL 25

Author Comment

by:nickg5
ID: 13445611
ok, but I have done much of that before and hijackthis and others did not even find the previous trojan. It took AVG to find it. I have it vaulted now and can delete it. you say there may be a trace left?
I am not sure how to do things in safe mode.
0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 400 total points
ID: 13445676
> It is not possible to tell how a virus enters one's system...

incorrect

> hijackthis and others did not even find the previous trojan

it is for adware, which is another matter. It is not an operating system either.

> I am online but inactive

online is sufficient.

Check out the Microsoft knowledgebase.

> and when?

When you connected to internet

What you have to do is contantly go to the Windows update website to get all of the latest patches. You have to run all of them, including the latest patches, prior to connecting to the internet.  If it has been awhile since you have done so, that can last not much more than a weekend
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 37

Expert Comment

by:Harisha M G
ID: 13445721
Boot your PC. After the motherboard screen is shown, keep tapping F8. You will get a menu with many choices. There you can select "Safe Mode with Networking" or "Safe Mode with Command Prompt" etc. Get into safe mode and run those tests again
0
 
LVL 37

Expert Comment

by:Harisha M G
ID: 13445778
>> It is not possible to tell how a virus enters one's system...
> incorrect

I had recently (2 months back) had freshly installed XP Pro and installed NAV with full updates.
But when I connected to Internet, I was attacked by Sasser. Can you tell how?
0
 
LVL 25

Author Comment

by:nickg5
ID: 13445857
I do not have all those things on my computer, I'll have to download all of them before I can go to safe mode, etc.
Do I need to scan with all those things when I already have the Trojan in the virus vault?
or do all those scans to locate the existing trace?
and to keep out Trojans in the future?
0
 
LVL 37

Expert Comment

by:Harisha M G
ID: 13445885
You won't be knowing whether you have virus or not before running the tools :-!
0
 
LVL 25

Author Comment

by:nickg5
ID: 13445922
I already know I had the virus, it was detected by AVG, put in the virus vault and deleted two hours ago.
I can do all that but I will have to download all of it.
I have used alot of those before and they did not find 4 trojans last month that were on my system when they were run. Even Hijack did not find it. AVG did.
I'll do those procedures any way.
0
 
LVL 25

Author Comment

by:nickg5
ID: 13445952
Sunbow:
my system gets the windows updates automatically.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 13446212
Installing does not update, and A/V is non-prophylactic, they are not defense but after-the -fact handiwipe.

> gets the windows updates automatically.

Now what was that twas said about getting infected as soon as you plug in, and making sure you are updated first?

(this is btw a very serious problem in the industry, companies also want to provide their own computers with automatic updtaes.  Too bad for them)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 13446223
In Plain-talk you get infected before completing the upgrade process and go down for the count
0
 
LVL 25

Author Comment

by:nickg5
ID: 13446285
What I mean is I am set up to get the updates automatically. It is in the lower right hand corner and when there are new updates it gets them for me and tells me there are new updates. I do not have to go to some site to get them as far as I know.
0
 
LVL 25

Author Comment

by:nickg5
ID: 13454085
and I know what you mean. My system checks for updates every day at 10am. But, after 10am if a trojan or something sneaks in I need other tools to find it.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question