Discussion on:

Poll Results: When was the last time you had to deal with an actual computer virus?

Well actually the funny thing here is that 2 days after I posted to this Poll I had to deal with a Root Kit that was installed from a Bogus E-Mail from a supposed fuel company demanding payment on a nonexistent account.

Wasn't on my personal system but one of the business systems and it arrived at exactly the wrong time for that place who where in dispute with their fuel provider so this e-mail was opened and infected the system because of what it was.

A nasty one to to get rid of as it seemed to leave all existing scanners functional and could be removed in Safe Mode for a day or two before reappearing. I eventually hit the system with F Secure which did away with all networking devices that could not be reinstalled and then to add insult to injury after a In Place Install of XP with the Original Disc that came with the system I was introduced to a Activation Loop which M$ insisted was brought about because I had not used the correct Install Disc to Rebuild the system with. Apparently I should have used one of those XP SP2C Disc's not the XP SP3 Disc that I bought when I built this NB as the product Key didn't match the Disc well at least according to M$. It didn't matter that the package was unopened when I bought it from one of their 3 Wholesalers here in AU and kept this systems Install Disc's separate form the rest of things in that business because they loose things.

Anyway a wipe and reload cured the problems which is what I should have done in the first place if only they had a more up to date Backup in place.

Col

My laptop was infected with malware, the fake security alert one. This is the second time this year too.
Avast anti virus did nothing to stop it and when I ran a scan, completely missed it. It is the free version though!
Re-booted in safe mode with networking, downloaded the Malwarebytes updates, ran a scan and cleared off eight infections.
The worst part of this was the first I noticed the malware was when I opened an email from Argos sent to my hotmail account. I don't know if it was Argos who sent me this little treasure, or if it was hotmail. But after I cleared the infection and re-booted, I could not sync any of my hotmail accounts with Windows live mail. Everything worked fine this morning.
Could Microsoft Hotmail system had a problem and let the malware through?
Could Argos had a problem and was sending out malware?
We might never know.
Anyone else had a problem with malware or Hotmail last night?

I don't know what to make of this data because the question is too vague. Does 'deal with' mean infected or encountered? Is it strictly viruses or malware as well? If you don't see the symptoms, you may never know your computer is infected. I would guess that techrepublic readers are more security conscious than the regular user too. I haven't been infected since windows 95 when the internet was taking off. Since then, I've armed my computer to the teeth.

These days, I mostly work as an indy computer tech, so viruses are a large part of my work. I can tell you this, the viruses are getting past every security program with ease. They help, but to the degree a bullet proof jacket helps when you are being shot at with a 50 calliber machine gun!

Also, I am seeing a lot of hidden rootkits and one or two which appear to have corrupted the motherboard bios, as I have one which has survived a replacement drive and re-install.

Go and tell us all this?

Now I gots to hide further under my bed.

now that is nasty even after a replacement drive uhh... just glad i haven't come across it.

I find it unbelievable the BIOS can be infected.

Sometimes a virus can corrupt the motherboards software, not the board itself but the BIOS and CMOS can get corrupted and for instance not boot, or erase the BIOS.

BIOS can be updated (firmware) and doing a BIOS update is a scary thing (for me) waiting for the computer to "wake up" when the BIOS update has ended.

The point is that the BIOS update is done by an .exe file, and usually from a removable media device. If the BIOS can be altered reasonably easly, then so too can a rogue program 'update' the BIOS and presumably instal malware into the BIOS memory.

G Harlow: I suggest a BIOS update for the motherboard. This is the only way you can be sure the malware isn't loaded there.

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html

by running a computer program, then it can be "updated" by running a malware program, too.

the "hidden rootkits"?? In my experience, all I could ever see was some of the things that it was doing, such as (1) connecting to other computers via the Internet, and (2) altering executable files.

Most of the time, system behavior is the key to determining the presence of rootkits. After that many can be removed using a bootable disk and attacking them as I like to say when they are asleep in their coffins. I am a bit suspicious of the origins of programs like Combofix, but there are times this is the last resort.

One thing for sure is that standard virus protection programs are hopeless when a rootkit has taken control.

since last time i stoped worryimg about getting a virus. if you keep yourself updated, you shouldnt have a problem, unless your using any of these Bit Torrents- LIMEWIRE,FROSTWARE,KAZAA,BEARSHARE,MORPHEUS,WAREZ, .......Stay away from these!!!!

My Enterprise sees one infected PC a week at least. I know if I were to run Malwarebytes, on every one of my enterprise PCs I would find several infections each.

Most of the time these are just Adware infections but when we get a call about a PC running really slow it is pretty much a guarantee that it has something running in the background infecting it.

We are not seeing this type of infection for some time now, maybe our M$ Forefront is helping.

On my personal machines I havent encountered a virus on my machine since Windows ME, in the work environment its been at least 2 years since I have had to deal with one(XP).

Last week I visited an apparently innocent web site and Firefox suddenly asked for elevated privileges. Reboot did not help, reinstalling Firefox helped. I guess it was a virus. Glad I did not turn UAC off.

The last time I had to deal with an actual computer virus was Today.

As an independent IT Consultant fixing infected Windows PCs is my bread and butter (thanks Bill Gates!). These are PCs with highly rated commercial anti-malware tools and "suites" from all the big names.

To avoid infections I have even tried "forcing" my clients to stay safe by setting them up as Limted-level access accounts instead of the default Admin level access that Windows sets all users up as. But even those systems have been infected! To the extent some of my customers even jokingly ask (but in truth they really are wondering) if I am deliberately infecting their systems to give myself ongoing work: I am happiest if my customer never calls me back to fix an infection.

But there IS light at the end of the tunnel. I have ONE - just the one - customer who has been unaffected for the past 16 months. This must be a world record of sorts! They are still using Window (Vista) but have accepted ALL my recommendations of never entering the Admin (bypass) password if prompted unless they run it past me first (and they have not called me about it too!), use Firefox with Adobe Flash, Thunderbird (all emails retained on the IMAP server as remote backup), Foxit PDF reader, Open Office (with default Save As in MS Office-2003 format) iDrive for encrypted online backup of their data files, and Pidgin instant messaging. In short apart from the operating system, they do not run any Microsoft applications at all - no Internet Explorer and definitely not Microsoft Messenger (these are honey pots for infections). And lastly, Windows Vista's and ALL other automatic updates (Java, Flash, Mozilla etc) is turned off. Follow these steps and you will not be affected or your Windows PC slowed by malware.

skris88
Sydney, Australia
http://www.crossloop.com/skris88

I am (and they are) the worst enemy.

You look Aboriginal. If you are, that explains your connection to what is.

I thought you are going to say the customer who never got infected uses linux or Apple.. phew! .. Btw I'm pretty much of the very similar opinon on the toolset used and the elevated privileges prompts.. One suggestion though I give to the users who 'have to' connect to certain sites, or they don't but 'their kids do it', is to use virtual PC (WMVare player or another brand alike) and roll back to stable snapshot after each session. It costs a license, true, but its still far cheaper than paying me for half a days worth of job to fix their computer and they are far less likely to to loose any data.

I personally don't have AV on my home PC, but I do use SuperAntiSpyware and I use its settings that protect IE.

Occasionally when I'm 'researching' less reputable sites, a msg will flash up from SAS saying it's blocked something nasty.

I used to use Comodo but got rid of it because it was so annoying with its constant alerts and requests.
I also have used AntiVir but I got rid of that because a virus got through.

I don't consider reinstalling the OS a huge deal and I do have backups of my data. I guess the only thing that would really kill me (as I keep my backup HD connected to my PC) is if I got one of those virii that encrypted the HD and would only let me access my data if I gave them ???. (But do they really exist?)

I use FFox, Windows Firewall and all security updates.

Not for over a year, Norton is great. Used Avast for a long time until I became infected, Norton is always in the more protected mode and stops you from hitting a site and warns you first, seems like viruses in the past are from malicious websites, I would never execute an attachment from an email.

While interesting, these statistics may be limited in their accuracy. Just as an interesting note about why I voted myself, I had just taken care of a virus in the past week so the article caught my attention. Therefore, I read it and voted. If I would not have just had a virus it probably would not have caught my attention.

Another point is that most of the people reading this type of thing are geeks who have their systems protected, and know what to do to avoid viruses. The average user with a vulnerable computer is not hanging out on TechRepublic

I have yet to have to deal with a virus on a Mac machine.

I deal with them many weeks because I work on other people's computers. I clean them up as well as doing other things - installations, updating websites, etc.

This was one of those "can't believe it happened, but knew it would happen" scenarios. I cleaned a computer January of this year for a friend of mine's sister. Last week, the person whose computer I cleaned called me to let me know they had a possible virus issue. At first thought, I wondered how could that be, since I thought I ahd the computer locked down. Yes, I know that was naive and downright crazy of me to think so, but I try to give the user some benefit of the doubt. But after hearing the problem...it was obvious user fault.

The person went to a website and then a popup window appeared for a antivirus program called Antivirus 7. Ok...decision time. Do we A, rememebr that the computer already has an antivirus program installed (Avira Free Edition) or B, we download Antivirus 7? Do you have to guess which one was picked? And that started the usual issues. Interesting enough, she waited 2 MONTHS after the infection started. 2 MONTHS!!! Amazingly enough, there wasn't any major damage and I was able to clean the computer of the malware.

No matter how secure you think you haev a computer and no matter how diligent you are in informting the user of what to do and what not to do...the user always seems to find a way to forget all of them anyway.

You say "And the results of the poll seem to back me up." however only 4% never had a virus. Considering the potentially catastrophic nature of a virus, you seem overly complacent. If only 4% of Doctors had never had a patient die as a direct result of taking prescribed medicine, you'd think the other 96% had a significant problem!