| Author |
Message |
|
pg2114
Doesn't have much of a life
Joined: Sat Apr 25, 2009 9:17 pm
Posts: 741
|
 Hello all, Ever since my ISP phoned me to report a virus on my computer, AVG keeps warning me about viruses in my Temporary Internet Files folder. These viruses seemingly have completely random names and no matter how many times I remove them, they simply return. I have performed the following tasks to remove the viruses, but to no avail. All of these have been done in and out of safe mode with restore facilities disabled. - AdAware: Full scan with the latest definitions. No malware detected whatsoever.
- AVG: Full scan with the latest definitions. One unnamed virus detected, which keeps reappearing no matter how many times it is removed.
- SuperAntiSpyware: Full scan with the latest definitions. No malware detected whatsoever.
- Trend Micro HijackThis: No suspicious entries in log, verified through the HijackThis website.
- Trend Micro HouseCall: Full scan with the latest definitions. One unnamed virus detected, which keeps reappearing no matter how many times it is removed.
I always thought this computer was secure with anti-virus, anti-spyware and firewall software, all active and kept up-to-date. I never download illegal files or open suspicious emails. If it was just one anti-virus software reporting the virus, I would assume it was a false positive, but the telephone call from my ISP suggests that something is happening. Is anybody able to suggest a definite method to detect and remove the offending virus, please? Many thanks, Peter. _________________A Mac user 
|
| Thu Sep 24, 2009 9:48 pm |
|
|
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
Full format and fresh OS install. Only guaranteed way as backed up files may also be infected _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Thu Sep 24, 2009 10:05 pm |
|
|
|
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm
Posts: 8767
Location: behind the sofa
|
Finlay is totally correct, and anyone that disagrees is placing too much confidence in something which can't actually be guaranteed.
There is one command I ask people to do which might absolutely prove you have a contagious virus. However, it can't prove you're clean.
Open a command box (start - run - type CMD and click OK)
type netstat and press return.
That lists all the network connections. That is, it shows you all the other computers that are talking to yours. You should see a few things if you have MSN, email and some web pages open. There might be some software checking for updates. However, if you see loads of unexpected entries then it's likely you're spreading the disease and your ISP could cut you off. Ignore any entries which say "localhost" under "foreign address" because that's just you talking to yourself.
Technically, you'd be in breach of the misuse of computers laws and various "you're a terrorist" acts which mean you could be shot dead, and held for questioning indefinitely. Probably in that order.
_________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
| Thu Sep 24, 2009 10:38 pm |
|
|
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
Some of the Virii can manifest in shared folders where you also have write access so bear that in mind I'm suprised there hasn't been an iPhone virus written yet given the numbers of that particular platform and how most users aren't exactly IT literate yet obviously have an internet connection for iTunes _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Thu Sep 24, 2009 11:58 pm |
|
|
|
JohnSheridan
Doesn't have much of a life
Joined: Mon Apr 27, 2009 9:10 pm
Posts: 1057
|
Have you turned-OFF System Restore, then done a full check, rebooted and restarted system restore?
_________________
|
| Fri Sep 25, 2009 8:04 am |
|
|
|
pg2114
Doesn't have much of a life
Joined: Sat Apr 25, 2009 9:17 pm
Posts: 741
|
I really don't want to resort to a reformat, if at all possible. I only reformatted this machine a few weeks ago and have just got it set up the way I want! I had never come across this command before, so I can't really tell what's suspicious or not. I've pasted the resulting log below, and would really appreciate it if someone could have a quick look through it. Yes. In fact, I never have System Restore enabled, so I'm sure the virus isn't hiding there. Many thanks to all of you for your help. Peter. _________________A Mac user
|
| Fri Sep 25, 2009 10:46 am |
|
|
|
saspro
Site Admin
Joined: Thu Apr 23, 2009 5:53 pm
Posts: 8603
Location: location, location
|
malwarebytes might find some more stuff
Run the command without any webpages open.
|
| Fri Sep 25, 2009 11:28 am |
|
|
|
pg2114
Doesn't have much of a life
Joined: Sat Apr 25, 2009 9:17 pm
Posts: 741
|
I'll certainly try MalwareBytes a bit later. Following suggestions in another thread, I am currently running a scan with Avira AntiVir, which has found four instances of a virus thus far. The strange thing was that I had no webpages open when I ran the command. Despite this, I can see a few websites mentioned in the log, which is somewhat suspicious. Thank you, Peter. _________________A Mac user
|
| Fri Sep 25, 2009 11:32 am |
|
|
|
pg2114
Doesn't have much of a life
Joined: Sat Apr 25, 2009 9:17 pm
Posts: 741
|
 It proceeded to delete the detected files, which it completed successfully. I shall now run another full scan with Avira AntiVir and MalwareBytes to check there are no more instances. Thanks, Peter. _________________A Mac user
|
| Fri Sep 25, 2009 11:45 am |
|
|
