11-17-2007, 08:25 PM | #1 (permalink) |
part of the problem
Location: hic et ubique
|
virus questions and help/advice needed
i think i have a virus, i might be overreacting or paranoid but a few days ago
my computer suddenly wouldn't connect to the internet even though it's cable on all the time, it slowed and acted groggy for a bit, and there was an empty folder from crap i downloaded that i couldn't delete cause it said my computer was using it, so i suspect i was infected. but here is the thing... i have the free avast that i downloaded, which has caught stuff in the past, but when i scan it says everything is ok. (i hate norton, not a fan of panda, and avg doesn't pick up shit for me. i've tried them all.) i don't trust my free avast cause it's free, and i think "if i pay for anti-virus, it will be great! so i bought kaspersky. but it won't load on my computer. i brought it back, thinking it was a bad cd, got a new one, still, won't load. (i've uninstalled avast and rebooted before trying to load). i get a "1304 can't write to disk, make sure you have permission" error, then when i try again, it says i must re-start my computer. this makes me extra paranoid, thinking whatever virus i have won't let the software load. i tried the online scan of my computer, and it picked up nothing (but now they know all the pron i look at, which is probably the cause of the virus). here are my questions: 1: nothing picks up a virus on my computer. am i being extra paranoid? is there a virus? how can i truly tell? 2: i can't load kaspersky. is it cause i have zone alarm running? is it a virus that is preventing it? how can i load this? any advice is greatly appreciated. (other than "don't download porn", i know that, i do it anyway, i'm asking for trouble, etc etc.). thanks.
__________________
onward to mayhem! |
11-17-2007, 08:40 PM | #2 (permalink) |
Young Crumudgeon
Location: Canada
|
First off, one does not get a virus from downloading porn. One may get a virus from a combination of malicious websites and poorly designed web browsers (not mentioning any names *cough*), but the porn itself is not the problem.
Please, don't blame the porn. That said, you can try House Call and see if it picks up anything. House Call is a free online virus scanning utility, so if you do have a virus and Avast! isn't picking it up, House Call might be able to help you out with that. Based on the symptoms you've described, though, I'm not actually convinced you do have a virus. Internet goes up and down. It happens to everyone, especially with broadband connections; outages are a part of life. Sometimes stuff gets write-protected too, or flagged as in use by a current process even if it's actually not. Usually in that situation simply restarting fixes the issue. Have you since been able to delete the empty folder? As to why Kaspersky wouldn't install, do you still have Avast! running? Anti-virus programs as a rule don't play well with each other. That could very well be the problem. In the off chance that you do have a virus, you probably won't have to do anything anyway. Avast! updates it's definitions automatically by default, so you should have the latest updates unless you've changed that. Definitions are something of a chicken-and-egg situation, and sometimes there's a bit of a lag between a new virus getting out into the wild and the definition files of AV X being updated to include it. These delays do not generally last more than 24-48 hours, so if you've managed to pick up a virus that avoids heuristics and is not in the defs, all you really need to do is wait a day or two and it should be detected. Without knowing more about the specific threat (or indeed, if there is one) that's really all there is for you to do anyway. EDIT- Confirmed : Kaspersky is not friends with ZA or Avast!.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame Last edited by Martian; 11-17-2007 at 10:38 PM.. |
11-17-2007, 08:56 PM | #3 (permalink) |
part of the problem
Location: hic et ubique
|
i tried house call, thanks. it didn't pick up anything. i uninstalled avast and rebooted before trying to install kaspersky. i wasn't blaming porn, i was blaming a virus (if i even have one) attached to the porn by a third party fucktard.
but, according to what you said, i don't feel as bad, perhaps i don't have a virus. one fear i have is the virus (if there is one) will tell the anti-virus it's an ok program, and the anti-virus won't detect it. is that even possible?
__________________
onward to mayhem! |
11-17-2007, 09:16 PM | #4 (permalink) | |
Young Crumudgeon
Location: Canada
|
Quote:
Modern anti-virus programs generally use several methods to protect your computer. One common method is to use definitions; basically, the company producing the AV program maintains a list of virii. The company will periodically publish updates to the list and the program on the user's computer will connect to the server and download the updates; this typically happens once every 24 hours, although that's by no means set in stone. In fact, Kaspersky is known for it's particularly fast response time, with updates for an infection usually coming within hours of the new threat being spotted in the wild. This is what I was alluding to above; if you've managed to catch a brand new virus that hasn't been included in the definitions yet, all you really have to do is wait; when the definitions are updated to include your little friend Avast! (or Kaspersky, or whatever you're running) will be able to pick it up and deal with it. Virus coders, though, they're crafty. They sometimes employ techniques to try to fool the anti-virus programs; this can include things like encrypting part of the program or writing adaptive or self-modifying code. This can make pinning the virus in the definitions a bit tricky. As well, the clear downside to the dictionary approach of keeping a list of known virii is that there's a lag between a new virus being released and the definitions being updated to catch it. For this reason, your typical AV software will use what's referred to as a heuristic approach as well. The specifics of this are a bit more in-depth than I'm really willing to talk about just now, but the broad overview is that the program monitors processes for suspicious activity and flags them if they 'act like a virus.' Early anti-virus software was also periodically subject to direct attacks; the virus would actually modify and/or disable part of the program in order to be able to run unimpeded. Again, technology has adapted and modern software contains self-integrity checks to prevent this from happening. So in other words, yes what you said is possible. Sort of. But it's not terribly likely. Also, what I meant when I said don't blame the porn was precisely that. Porn is generally either pictures in the form of jpegs or video in the form of mpegs or avi files. All of these are simply container files and cannot carry malicious code any more than a book can carry your groceries. If you have caught a virus, it'll be from a seperate source. And finally, I neglected to ask first but will correct this oversight now; have you run checks for adware or other forms of malware? Sometimes virus-like symptoms can come from malware that isn't actually a virus. Kaspersky has a full protection suite that catches spyware and adware, but Avast! doesn't. So if you haven't actually installed and run Kaspersky yet, there's a possibility you've got something else on there. EDIT - What the hell. I've already typed all this crap out, I'll do the whole nine for ya. If you're still convinced you may have a virus, go run HijackThis! and post the log here. I'm not a big fan of poring through logfiles when I'm not getting paid to do it, but there's no sense in going this far and then stopping.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame Last edited by Martian; 11-17-2007 at 09:19 PM.. |
|
11-18-2007, 11:05 AM | #5 (permalink) |
part of the problem
Location: hic et ubique
|
ok, ran HijackThis, here is the log file. i don't know what i'm looking for, but it all looks kosher to me.
also, and again, i don't know what i'm talking about, i thought you could attach virii to mpgs and avi's and such using things like Silkrope, which is where i thought i got a virus from porn. Logfile of HijackThis v1.99.1 Scan saved at 12:07:38 PM, on 11/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership?...33353730313741 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
__________________
onward to mayhem! Last edited by squeeeb; 11-18-2007 at 11:11 AM.. |
11-18-2007, 11:45 AM | #6 (permalink) |
Upright
|
Honestly, while most of what Martian says is true, when you asked whether its possible for a virus to 'hide' itself, it's not 'yes and no' - it's just plain possible. I'm not saying that is what is going on here, though.
The best, IMO, way to check your computer for viruses is to boot into safe mode and run a virus/adware scan. Some scanners won't boot into safe mode, and I've never used avast, so I couldn't say. Just try 'em all in safe mode. |
11-18-2007, 12:07 PM | #7 (permalink) |
Playing With Fire
Location: Disaster Area
|
And...yes it could be zone alarm itself. About 6 months ago I updated zone alarm & when ever I tried to get online my PC would crash and restart. I uninstalled ZA , used the windows firewall temporarily, and I was backonline......
I dont know if they ever came out with a patch for ZA, I ended up going with comodo firewall, also free.... I would also suggest using spybot, adaware, spywareblaster, & microsoft also has spyware software, windows defender.....all free. Spyware Blaster is great at blocking all those porn sites that try to install malicious software. Spybot works great too, you can thin out your start up menu, see all the BHO"s & Active X running on your PC and it shows which ones are safe. I see you have an unidentified BHO......... Windows defender is similar. HijackThis can be hard to understand
__________________
Syriana...have you ever tried liquid MDMA?....Liquid MDMA? No....Arash, when you wanna do this?.....After prayer... |
11-18-2007, 06:29 PM | #8 (permalink) | ||
Young Crumudgeon
Location: Canada
|
It does make my job easier when you have a clean system. There are no malicious processes running on your computer. Sir, I certify you virus-free.
Quote:
No. Again, mpegs and avis are container files. They do not contain any code and therefore cannot be a vector for an attack. Silkrope is a cracker utility that appends malware code to an executable, but you can't use it to make a file be something it isn't. What does sometimes occur is that a file will carry a misleading name (for example, xxx.mpg.exe), which causes the user to believe it to be something it's not. However, the bottom line is that a virus can only affect your system if it is run as an executable. Quote:
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
||
Tags |
help or advice, needed, questions, virus |
|
|