Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 11-17-2007, 08:25 PM   #1 (permalink)
part of the problem
 
squeeeb's Avatar
 
Location: hic et ubique
virus questions and help/advice needed

i think i have a virus, i might be overreacting or paranoid but a few days ago
my computer suddenly wouldn't connect to the internet even though it's cable on all the time, it slowed and acted groggy for a bit, and there was an empty folder from crap i downloaded that i couldn't delete cause it said my computer was using it, so i suspect i was infected.

but here is the thing...

i have the free avast that i downloaded, which has caught stuff in the past, but when i scan it says everything is ok. (i hate norton, not a fan of panda, and avg doesn't pick up shit for me. i've tried them all.) i don't trust my free avast cause it's free, and i think "if i pay for anti-virus, it will be great!

so i bought kaspersky.

but it won't load on my computer. i brought it back, thinking it was a bad cd, got a new one, still, won't load. (i've uninstalled avast and rebooted before trying to load). i get a "1304 can't write to disk, make sure you have permission" error, then when i try again, it says i must re-start my computer.

this makes me extra paranoid, thinking whatever virus i have won't let the software load.

i tried the online scan of my computer, and it picked up nothing (but now they know all the pron i look at, which is probably the cause of the virus).

here are my questions:

1: nothing picks up a virus on my computer. am i being extra paranoid? is there a virus? how can i truly tell?

2: i can't load kaspersky. is it cause i have zone alarm running? is it a virus that is preventing it? how can i load this?


any advice is greatly appreciated. (other than "don't download porn", i know that, i do it anyway, i'm asking for trouble, etc etc.).

thanks.
__________________
onward to mayhem!
squeeeb is offline  
Old 11-17-2007, 08:40 PM   #2 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
First off, one does not get a virus from downloading porn. One may get a virus from a combination of malicious websites and poorly designed web browsers (not mentioning any names *cough*), but the porn itself is not the problem.

Please, don't blame the porn.

That said, you can try House Call and see if it picks up anything. House Call is a free online virus scanning utility, so if you do have a virus and Avast! isn't picking it up, House Call might be able to help you out with that.

Based on the symptoms you've described, though, I'm not actually convinced you do have a virus. Internet goes up and down. It happens to everyone, especially with broadband connections; outages are a part of life. Sometimes stuff gets write-protected too, or flagged as in use by a current process even if it's actually not. Usually in that situation simply restarting fixes the issue. Have you since been able to delete the empty folder?

As to why Kaspersky wouldn't install, do you still have Avast! running? Anti-virus programs as a rule don't play well with each other. That could very well be the problem.

In the off chance that you do have a virus, you probably won't have to do anything anyway. Avast! updates it's definitions automatically by default, so you should have the latest updates unless you've changed that. Definitions are something of a chicken-and-egg situation, and sometimes there's a bit of a lag between a new virus getting out into the wild and the definition files of AV X being updated to include it. These delays do not generally last more than 24-48 hours, so if you've managed to pick up a virus that avoids heuristics and is not in the defs, all you really need to do is wait a day or two and it should be detected. Without knowing more about the specific threat (or indeed, if there is one) that's really all there is for you to do anyway.

EDIT- Confirmed : Kaspersky is not friends with ZA or Avast!.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame

Last edited by Martian; 11-17-2007 at 10:38 PM..
Martian is offline  
Old 11-17-2007, 08:56 PM   #3 (permalink)
part of the problem
 
squeeeb's Avatar
 
Location: hic et ubique
i tried house call, thanks. it didn't pick up anything. i uninstalled avast and rebooted before trying to install kaspersky. i wasn't blaming porn, i was blaming a virus (if i even have one) attached to the porn by a third party fucktard.

but, according to what you said, i don't feel as bad, perhaps i don't have a virus.

one fear i have is the virus (if there is one) will tell the anti-virus it's an ok program, and the anti-virus won't detect it. is that even possible?
__________________
onward to mayhem!
squeeeb is offline  
Old 11-17-2007, 09:16 PM   #4 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
Quote:
Originally Posted by squeeeb
one fear i have is the virus (if there is one) will tell the anti-virus it's an ok program, and the anti-virus won't detect it. is that even possible?
Yes and no. I'm going to try to answer this without getting overly technical, but I'm not sure I can.

Modern anti-virus programs generally use several methods to protect your computer. One common method is to use definitions; basically, the company producing the AV program maintains a list of virii. The company will periodically publish updates to the list and the program on the user's computer will connect to the server and download the updates; this typically happens once every 24 hours, although that's by no means set in stone. In fact, Kaspersky is known for it's particularly fast response time, with updates for an infection usually coming within hours of the new threat being spotted in the wild. This is what I was alluding to above; if you've managed to catch a brand new virus that hasn't been included in the definitions yet, all you really have to do is wait; when the definitions are updated to include your little friend Avast! (or Kaspersky, or whatever you're running) will be able to pick it up and deal with it.

Virus coders, though, they're crafty. They sometimes employ techniques to try to fool the anti-virus programs; this can include things like encrypting part of the program or writing adaptive or self-modifying code. This can make pinning the virus in the definitions a bit tricky. As well, the clear downside to the dictionary approach of keeping a list of known virii is that there's a lag between a new virus being released and the definitions being updated to catch it. For this reason, your typical AV software will use what's referred to as a heuristic approach as well. The specifics of this are a bit more in-depth than I'm really willing to talk about just now, but the broad overview is that the program monitors processes for suspicious activity and flags them if they 'act like a virus.'

Early anti-virus software was also periodically subject to direct attacks; the virus would actually modify and/or disable part of the program in order to be able to run unimpeded. Again, technology has adapted and modern software contains self-integrity checks to prevent this from happening.

So in other words, yes what you said is possible. Sort of. But it's not terribly likely.

Also, what I meant when I said don't blame the porn was precisely that. Porn is generally either pictures in the form of jpegs or video in the form of mpegs or avi files. All of these are simply container files and cannot carry malicious code any more than a book can carry your groceries. If you have caught a virus, it'll be from a seperate source.

And finally, I neglected to ask first but will correct this oversight now; have you run checks for adware or other forms of malware? Sometimes virus-like symptoms can come from malware that isn't actually a virus. Kaspersky has a full protection suite that catches spyware and adware, but Avast! doesn't. So if you haven't actually installed and run Kaspersky yet, there's a possibility you've got something else on there.

EDIT - What the hell. I've already typed all this crap out, I'll do the whole nine for ya. If you're still convinced you may have a virus, go run HijackThis! and post the log here. I'm not a big fan of poring through logfiles when I'm not getting paid to do it, but there's no sense in going this far and then stopping.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame

Last edited by Martian; 11-17-2007 at 09:19 PM..
Martian is offline  
Old 11-18-2007, 11:05 AM   #5 (permalink)
part of the problem
 
squeeeb's Avatar
 
Location: hic et ubique
ok, ran HijackThis, here is the log file. i don't know what i'm looking for, but it all looks kosher to me.

also, and again, i don't know what i'm talking about, i thought you could attach virii to mpgs and avi's and such using things like Silkrope, which is where i thought i got a virus from porn.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:38 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership?...33353730313741
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
__________________
onward to mayhem!

Last edited by squeeeb; 11-18-2007 at 11:11 AM..
squeeeb is offline  
Old 11-18-2007, 11:45 AM   #6 (permalink)
Upright
 
Honestly, while most of what Martian says is true, when you asked whether its possible for a virus to 'hide' itself, it's not 'yes and no' - it's just plain possible. I'm not saying that is what is going on here, though.

The best, IMO, way to check your computer for viruses is to boot into safe mode and run a virus/adware scan. Some scanners won't boot into safe mode, and I've never used avast, so I couldn't say. Just try 'em all in safe mode.
Vitter is offline  
Old 11-18-2007, 12:07 PM   #7 (permalink)
Playing With Fire
 
DaveOrion's Avatar
 
Location: Disaster Area
And...yes it could be zone alarm itself. About 6 months ago I updated zone alarm & when ever I tried to get online my PC would crash and restart. I uninstalled ZA , used the windows firewall temporarily, and I was backonline......

I dont know if they ever came out with a patch for ZA, I ended up going with comodo firewall, also free....

I would also suggest using spybot, adaware, spywareblaster, & microsoft also has spyware software, windows defender.....all free.

Spyware Blaster is great at blocking all those porn sites that try to install malicious software. Spybot works great too, you can thin out your start up menu, see all the BHO"s & Active X running on your PC and it shows which ones are safe. I see you have an unidentified BHO......... Windows defender is similar. HijackThis can be hard to understand
__________________
Syriana...have you ever tried liquid MDMA?....Liquid MDMA? No....Arash, when you wanna do this?.....After prayer...
DaveOrion is offline  
Old 11-18-2007, 06:29 PM   #8 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
It does make my job easier when you have a clean system. There are no malicious processes running on your computer. Sir, I certify you virus-free.

Quote:
Originally Posted by squeeeb
also, and again, i don't know what i'm talking about, i thought you could attach virii to mpgs and avi's and such using things like Silkrope, which is where i thought i got a virus from porn.

No. Again, mpegs and avis are container files. They do not contain any code and therefore cannot be a vector for an attack. Silkrope is a cracker utility that appends malware code to an executable, but you can't use it to make a file be something it isn't. What does sometimes occur is that a file will carry a misleading name (for example, xxx.mpg.exe), which causes the user to believe it to be something it's not. However, the bottom line is that a virus can only affect your system if it is run as an executable.

Quote:
Originally Posted by Vitter
Honestly, while most of what Martian says is true, when you asked whether its possible for a virus to 'hide' itself, it's not 'yes and no' - it's just plain possible.
Perhaps I wasn't entirely clear. What I was getting at is that while this is technically possible, it is no longer a common form of attack and current AV software employs counter-measures to prevent it. So yes, it can happen, but it very rarely does.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
Old 11-18-2007, 07:17 PM   #9 (permalink)
part of the problem
 
squeeeb's Avatar
 
Location: hic et ubique
Martian, dude, YOU FREAKIN ROCK!

thank you for your help.
__________________
onward to mayhem!
squeeeb is offline  
 

Tags
help or advice, needed, questions, virus


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 04:40 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360