General discussion

Locked

Viruses that disable antivirus software

By raybonney1 ·
I just recently found an Trojan "con??>EJS hiden on my machine which diabled Norton live update and wasnt picked up on either bye Norton or MSN scans, how can I double check I have clear virus.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by eribro In reply to Viruses that disable anti ...

Some viruses protect themselves by blocking security Web sites, antivirus programs, and other tools that could be used against them, including Windows' System Configuration utility (Msconfig) and Registry Editor (Regedit). They cleverly block antivirus Web sites by altering your Hosts file--a text file with no extension that individual programs use to assign a specific IP address to a Web page.

In Windows XP, this file is in the C:\Windows\system32\drivers\etc folder; in Windows 2000, it resides in C:\WINNT\system32\drivers\etc; and in Windows 98 and Me, it inhabits C:\Windows. To correct the problem, double-click the Hosts file and choose Notepad or another text editor to open it. Delete any line in the file that refers to an antivirus Web site. Or simply delete the Hosts file; Windows re-creates it automatically with zero entries.

Now browse to an online virus scanner to check your hard drive and remove the virus. A good one

Collapse -

by jkn1ck In reply to Viruses that disable anti ...

This rather lengthly. Use a clean AV boot disk. I used McAfee for this one. option 10 under first part is the command line for removing the virus.

. 1. Create a folder on the root of the System Drive (typically C:\) and name it "scan" (without the quotes) a) Double-click on 'My Computer' b) Double-click on the System Drive (typically C:\) c) Click FILE d) Hightlight NEW e) Click FOLDER f) Type: scan g) Press [ENTER] 2. Set the "scan" folder to Read-Only a) Right-click on the scan folder & select Properties b) Place a checkmark in the Read-only box c) Click APPLY d) Click OK 3. Download the latest SuperDAT file from: http://www.networkassociates.com/us/downloads/updates/ 4. Make sure to save the sdatxxxx.exe (where xxxx is the current version number) to the "scan" folder. 5. Restart the computer and go into 'Safe Mode with Command Prompt' a) Reboot the system b) Press [F when prompted c) Select 'Safe Mode with Command Prompt' d) Press [ENTER] NOTE: This is necessary due to the possibility of a file infecting virus, trojan, or worm still running in memory. Rebooting the computer will remove the virus, trojan, or worm from memory. Logging into 'Safe Mode with Command Prompt' will prevent 99% of all viruses, trojans, or worms from loading into memory. 6. Type "cd\" (without the quotes) and hit [ENTER] 7. Type "cd scan" (without the quotes) and hit [ENTER] 8. Type "sdatxxxx.exe /e" (without the quotes and where xxxx is the version of the current SuperDAT file) and hit [ENTER] 9. After approx. 45 seconds, the extraction will be complete 10. Type scan.exe /clean /all /adl /program /unzip /secure /report report.txt NOTE: YOU CAN CHANGE THE /CLEAN TO /DEL IN ORDER TO DELETE ALL INFECTED FILES INSTEAD OF CLEANING THEM.

Collapse -

by sgt_shultz In reply to Viruses that disable anti ...

we need your os to answer.
boot in safe moded and turn off system restore
to scan and you should be fine.
i remain disconnected from the internet until i have a clean scans in a row with reboot inbetween.
i scan with ad-aware se personal, hijack this and norton anti-virus.
if they show me clean and i can surf the web for a few minutes and am still pretty clean after a rescan, i figure i am clean.
as others will point out tho, if you have had a trojan infection you have been wide open. there is no guarantee that another backdoor program is installed on your pc. altho i have had customers carry on after massive virus spyware infection with seemingly no ill after effects.
you'd have to repartiton and reinstall to be sure, is what i am trying to say

Collapse -

by HAL 9000 Moderator In reply to Viruses that disable anti ...

Sgt Shultz has the right answer for a Windows Y2K or XP unit but if you really want security you'll have to dump Windows all together and go with a real OS that has Security built in and not just tacked on as an afterthought that doesn't really count.

What you have to remember here is that Windows was never Secure and with its code never will be truly secure it just isn't possible as it was never intended that way from the first place. Forget all about MS's "Trusted Computing" as that is only Marketing to attempt to provide confidence in the flawed product.

If you want to keep using Windows you'll have to constantly keep the AV up to date and any Spy Ware applications as well and even then there is no guarantee of never getting an infection as with all of these products they are relying on finding the problem before they can address a solution for it so there will always be a time frame where you can pick up an infection as this is play Follow the Leader where the leader is the Virus writers who are constantly changing the way that they do things.

Col

Collapse -

Viruses that disables anti virus program..

by sohaibfalam In reply to Viruses that disable anti ...

hi! my name is Sohaib Alam.. I am working on windows security since last 5-6 months. If your anti virus program is disabled at every startup then checkout the startup programs.. if it is removed then add it..
Go to start> Run
Type "msconfig" without quotes and then press enter.. now msconfig will open and go to STARTUP tab and add your anti virus program.. hope that it helps you!!

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums