- Follow via:
- RSS
- Email Alert
Question
0
Votes
april 1st virus
please help me, i am a grandfather on disability raising three grandchildren. we have 4 computers and i am the only one that runs scans everyday. how do i protect these computers from this new virus. what i have running is avg free 8.5 and avira antivir personal and ccleaner.i also use mozilla firefox for my browser. i update at least 5 to 9 times a day. i can't afford to replace all of these computers with new motherboards and new hard drives all the time. is there anymore free anti-virus programs out there that i can get to help with this virus. i read tech republic everyday and certain ones i keep to reread. i am not an it person so some of the jargon used goes over my feeble brain.i would really like any help thrown my way. it would be greatly appreciated. thomas
26th Mar 2009
Answers (7)
0
Votes
These are a couple of good tools
to have installed in case of an attack.
Download Malwarebytes Anti-Malware, install it and update it.
Malwarebytes
Download Spybot - Search & Destroy and install it. Update it.
Spybot
Download Malwarebytes Anti-Malware, install it and update it.
Malwarebytes
Download Spybot - Search & Destroy and install it. Update it.
Spybot
26th Mar 2009
Replies
I might suggest that you have all of your Backups up to date just in case.
http://blogs.techrepublic.com.com/security/?p=1218
http://blogs.techrepublic.com.com/security/?p=1218
Jacky Howe
29th Mar 2009
0
Votes
For normal Domestic Applications
You should be perfectly OK with what you already have and provided that there is a working Internet Connection when you turn on the computers they will remain updated with the newest Possible Virus Definitions as both of the listed AV Products try to update whenever the computer that they are loaded on are turned on.
You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434
If you have any problems just ask and we'll try to help you is clear English terms.
Col
You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434
If you have any problems just ask and we'll try to help you is clear English terms.
Col
26th Mar 2009
0
Votes
I would feel unsafe without a good firewall
1. I recommend use of a Firewall.
I use the free firewall from Comodo.
It protects against incoming malware,
and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
You may however do on-demand scans with different products at different times.
3. Firefox is a good choice - safer than I.E.
4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.
6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.
Regards
Alan
I use the free firewall from Comodo.
It protects against incoming malware,
and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
You may however do on-demand scans with different products at different times.
3. Firefox is a good choice - safer than I.E.
4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.
6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.
Regards
Alan
28th Mar 2009
0
Votes
If you have Windows XP or Vista up to date
with Windows Update patches, you are fine.
This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.
What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.
Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)
Edit:
See also this post, about disabling autorun:
http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484
This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.
This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.
What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.
Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)
Edit:
See also this post, about disabling autorun:
http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484
This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.
Updated - 31st Mar 2009
0
Votes
I am a little concerned about your post
So I'll try to remove your fears.
The Conficker will only hurt you if your windows is not up-to-date.
Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.
I don't believe it is a browser vulnerability, using FF won't make any difference.
Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?
The Conficker will only hurt you if your windows is not up-to-date.
Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.
I don't believe it is a browser vulnerability, using FF won't make any difference.
Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?
Updated - 31st Mar 2009
Replies
it can only hurt you if not up to date statement.
I have read on several places that, the patch only helps in some instances (like an infection from the Internet), however, it can still infect from flash drive or local network (network share). Note, the US-Cert even states to disable autorun
US Cert sent this to me this morning, I include it because it gives a few links to test if you have it.
National Cyber Alert System
Technical Cyber Security Alert TA09-088A
Conficker Worm Targets Microsoft Windows Systems
Original release date: March 29, 2009
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.
I. Description
The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.
III. Solution
US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.
IV. References
* Virus alert about the Win32/Conficker.B worm -
* Microsoft Security Bulletin MS08-067 - Critical -
* Microsoft Windows Does Not Disable AutoRun Properly -
* MS08-067: Vulnerability in Server service could allow remote code
execution -
* The Conficker Worm -
* W32/Conficker.worm -
____________________________________________________________________
The most recent version of this document can be found at:
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
I have read on several places that, the patch only helps in some instances (like an infection from the Internet), however, it can still infect from flash drive or local network (network share). Note, the US-Cert even states to disable autorun
US Cert sent this to me this morning, I include it because it gives a few links to test if you have it.
National Cyber Alert System
Technical Cyber Security Alert TA09-088A
Conficker Worm Targets Microsoft Windows Systems
Original release date: March 29, 2009
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.
I. Description
The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.
III. Solution
US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.
IV. References
* Virus alert about the Win32/Conficker.B worm -
* Microsoft Security Bulletin MS08-067 - Critical -
* Microsoft Windows Does Not Disable AutoRun Properly -
* MS08-067: Vulnerability in Server service could allow remote code
execution -
* The Conficker Worm -
* W32/Conficker.worm -
____________________________________________________________________
The most recent version of this document can be found at:
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
The Scummy One
31st Mar 2009
to disable autorun from flash drives and such?
I remember cause there was a patch, then a week later another patch to actually do what the first patch was intended to do.
I am curious how this virus resides on a flash drive. If the drive does not autorun, does this virus just appear as a file or something?
I remember cause there was a patch, then a week later another patch to actually do what the first patch was intended to do.
I am curious how this virus resides on a flash drive. If the drive does not autorun, does this virus just appear as a file or something?
Slayer_
31st Mar 2009
it replicates to this the same way it replicates to a network share.
I am not sure about an autorun patch, whenever I plug in a flash drive it asks me what I want to do, however, does it open the virus first?
I am pretty sure that I do not have it, however, I am still going to double check with those websites later and turn my system off for a few days.
I still got the linux machine working, so no problem with Internet or other things.
I am not sure about an autorun patch, whenever I plug in a flash drive it asks me what I want to do, however, does it open the virus first?
I am pretty sure that I do not have it, however, I am still going to double check with those websites later and turn my system off for a few days.
I still got the linux machine working, so no problem with Internet or other things.
The Scummy One
31st Mar 2009
I mean, doesn't a virus have to plant itself somewhere where the OS will run it?
If this is true, how does a virus use a network share to infect? Like I can picture how you place a file there, but how do you get the target OS to run it?
If this is true, how does a virus use a network share to infect? Like I can picture how you place a file there, but how do you get the target OS to run it?
Slayer_
31st Mar 2009
there were still vulnerabilities exposed even after patching. Much complaining ensued.
The Scummy One does have a very good point.
The Scummy One does have a very good point.
seanferd
31st Mar 2009
0
Votes
To be quite honest. i would not worry too much.....
You say you have AVG, so as long as it is up to date i would not worry too much about this Virus that is supposed to be roaming the internet. Bad things happen but they can be repaired or re-installed again. So chin up, as my dad says to me. There are more good things to think about instead of this so called virus. If you are still too concerned then pull the plug for the whole day on April 1st, that way you will have piece of mind. 
If not we will be here to help you out with any problems that you may have.
If not we will be here to help you out with any problems that you may have.
31st Mar 2009
Replies
Read it all here:
http://www.abc.net.au/pm/content/2008/s2531345.htm
http://www.abc.net.au/pm/content/2008/s2531345.htm
Peconet Tietokoneet
31st Mar 2009
0
Votes
^What they said +
You really should have at least a software firewall on each PC, a hardware firewall would be better. The MS patch is KB958644 and, yes autorun should be disabled. As for the grandkids I won't let mine on any machine that doesn't have Threatfire installed, I find that it's pretty good at blocking bad stuff before it downloads.
31st Mar 2009
