id="info"

Question

Locked

april 1st virus

By wolfsden515 ·
please help me, i am a grandfather on disability raising three grandchildren. we have 4 computers and i am the only one that runs scans everyday. how do i protect these computers from this new virus. what i have running is avg free 8.5 and avira antivir personal and ccleaner.i also use mozilla firefox for my browser. i update at least 5 to 9 times a day. i can't afford to replace all of these computers with new motherboards and new hard drives all the time. is there anymore free anti-virus programs out there that i can get to help with this virus. i read tech republic everyday and certain ones i keep to reread. i am not an it person so some of the jargon used goes over my feeble brain.i would really like any help thrown my way. it would be greatly appreciated. thomas

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

These are a couple of good tools

by Jacky Howe In reply to april 1st virus

to have installed in case of an attack.

Download Malwarebytes Anti-Malware, install it and update it.
<a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

Download Spybot - Search & Destroy and install it. Update it.
<a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

Collapse -

After reading this article

by Jacky Howe In reply to These are a couple of goo ...

I might suggest that you have all of your Backups up to date just in case.

http://blogs.techrepublic.com.com/security/?p=1218

Collapse -

For normal Domestic Applications

by OH Smeg In reply to april 1st virus

You should be perfectly OK with what you already have and provided that there is a working Internet Connection when you turn on the computers they will remain updated with the newest Possible Virus Definitions as both of the listed AV Products try to update whenever the computer that they are loaded on are turned on.

You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434

If you have any problems just ask and we'll try to help you is clear English terms.

Col

Collapse -

I would feel unsafe without a good firewall

by alan In reply to april 1st virus

1. I recommend use of a Firewall.
I use the free firewall from Comodo.
It protects against incoming malware,
and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
You may however do on-demand scans with different products at different times.
3. Firefox is a good choice - safer than I.E.
4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.

6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.

Regards
Alan

Collapse -

If you have Windows XP or Vista up to date

by seanferd In reply to april 1st virus

with Windows Update patches, you are fine.

This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.

What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.

Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)

Edit:

See also this post, about disabling autorun:
http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484

This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.

Collapse -

I am a little concerned about your post

by Slayer_ In reply to april 1st virus

So I'll try to remove your fears.

The Conficker will only hurt you if your windows is not up-to-date.

Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.

I don't believe it is a browser vulnerability, using FF won't make any difference.

Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?

Collapse -

I am uncertain as to

by The Scummy One In reply to I am a little concerned a ...

it can only hurt you if not up to date statement.
I have read on several places that, the patch only helps in some instances (like an infection from the Internet), however, it can still infect from flash drive or local network (network share). Note, the US-Cert even states to disable autorun


US Cert sent this to me this morning, I include it because it gives a few links to test if you have it.

National Cyber Alert System

Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows


Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.


I. Description

The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:

* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com

If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.


III. Solution

US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.


IV. References

* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>

* Microsoft Security Bulletin MS08-067 - Critical -
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

* Microsoft Windows Does Not Disable AutoRun Properly -
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

* MS08-067: Vulnerability in Server service could allow remote code
execution -
<http://support.microsoft.com/kb/958644>

* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>

Collapse -

wasnt there a patch

by Slayer_ In reply to I am uncertain as to

to disable autorun from flash drives and such?

I remember cause there was a patch, then a week later another patch to actually do what the first patch was intended to do.

I am curious how this virus resides on a flash drive. If the drive does not autorun, does this virus just appear as a file or something?

Collapse -

Likely

by The Scummy One In reply to wasnt there a patch

it replicates to this the same way it replicates to a network share.

I am not sure about an autorun patch, whenever I plug in a flash drive it asks me what I want to do, however, does it open the virus first?
I am pretty sure that I do not have it, however, I am still going to double check with those websites later and turn my system off for a few days.
I still got the linux machine working, so no problem with Internet or other things.

Collapse -

I honestly don't understand how that works

by Slayer_ In reply to Likely

I mean, doesn't a virus have to plant itself somewhere where the OS will run it?


If this is true, how does a virus use a network share to infect? Like I can picture how you place a file there, but how do you get the target OS to run it?

Back to Browser Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Software Forums