This morning I noticed my pc behaving kind of odd. Apps would load slow or not at all. My Computer drive listing was empty and took a while to refresh. So I thought it was because I had modded my bios or my ssd raid trim experiment failed or someother reasonable conflict had occured. Then I noticed my second computer with a totally different chipset and setup started doing the same thing. Worse case senario its a virus. I had downloaded a lot of rom modding software from all over the darkest places of the internet. Like that mydigitallife forum. Maybe a piece of software either unintentionally corrupted both drives or it was a virus - one that three different AV scanners couldn't detect (MalwareMalbytes, Norton, Bitdefender, and Eset). Even after I restored from my last weeks back up it still persisted. Had to go six months back as I did a bad job making frequent backups and deleted ones from few months ago in favor of the more recent infected ones. Now every thing seems at ease. No issues so far but got to be careful on the net!
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Had a Virus infect my PC. AV was useless!
- Thread starter davidm71
- Start date
No. I have no idea. To make matters worse I just installed BorderLands 2 and getting Fatal error message from steam upon exiting that game. But I googled the error and lots of people are getting that error so could be unrelated though I did recently upgrade my ram from 1600mhz ram to 2100mhz ram but its weird that my other machine with different hardware was doing the same thing. So I don't know. Will have to rule out the ram by dropping its speed and see what happens but I doubt its the ram.
Thanks.
Time to get some sleep..
Thanks.
Time to get some sleep..
BurntToast
2[H]4U
- Joined
- Jun 14, 2003
- Messages
- 3,677
What OS are you running?
Never scan an infected drive using itself. Whether in Safe mode or otherwise it is a waste of time. The virus/trojans use stealth to hide themselves. You wont get all of it, hence why it will keep coming back. Biggest mistake people make when trying to clean their machines. It just makes it worse in most cases.
Always remove it at the first sign of weirdness and scan it with another machine.
Do an initial scan with MSSE and then use a couple of others (your choice but as you have found Malwarebytes is now next to useless) to mop up.
Then install back in the PC and run Combofix as mentioned above to put stuff right. Make a donation to these guys, they deserve it!
After that remove all other AV software and install MSSE and then install EMET3.0 and configure to max settings. Then add in all the applications that go to the internet (browsers/Java/Flash/email etc).
http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx
http://www.rationallyparanoid.com/articles/microsoft-emet-3.html
Always remove it at the first sign of weirdness and scan it with another machine.
Do an initial scan with MSSE and then use a couple of others (your choice but as you have found Malwarebytes is now next to useless) to mop up.
Then install back in the PC and run Combofix as mentioned above to put stuff right. Make a donation to these guys, they deserve it!
After that remove all other AV software and install MSSE and then install EMET3.0 and configure to max settings. Then add in all the applications that go to the internet (browsers/Java/Flash/email etc).
http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx
http://www.rationallyparanoid.com/articles/microsoft-emet-3.html
Last edited:
wtburnette
2[H]4U
- Joined
- Jun 24, 2004
- Messages
- 3,580
I agree with this and other posts stating to make sure you've scanned in depth enough to verify you've removed all of the infection.
Question for daglesj, is EMET v3 an automated process for hardening your system? Something similar to Stigs? I haven't had time to read those articles you linked, but that's what a quick glance seems to indicate.
OP, another article I like is this one that links personal scanners that will tell you about vulnerabilities on your system:
http://www.pcworld.com/article/2013...pc-security-tools-for-system-wide-audits.html
EMET3.0 is Microsoft's application for avoiding Zero Day Exploits and stuff that 'isnt coded in a nice way'.
It essentially tailors your system and applications to fully use DEP/ASLR and SEHOP technology to stop nasty things taking over.
If EMET finds anything out of the ordinary it will just shut the application down before it can do any harm or let it through and advise you.
I've been running it for about 6 months with no ill effects other than a couple of older applications that were not coded to follow the newer standards.
It essentially tailors your system and applications to fully use DEP/ASLR and SEHOP technology to stop nasty things taking over.
If EMET finds anything out of the ordinary it will just shut the application down before it can do any harm or let it through and advise you.
I've been running it for about 6 months with no ill effects other than a couple of older applications that were not coded to follow the newer standards.
Hi,
Thanks for the advice. I never was able to find what kind of virus caused this trouble. I just finished restoring a backup on both machines from 6 months ago and it looks good now. Symptom free for the time being. I'm most concerned about my USB keys and external USB drives as being compromised. Maybe I'll install the av software you guys mentioned in a virtual windows environment using virtual box on a Mac and scan each drive? Or just wipe them?
In any case I was running windows 7 64. Had a few ssd drives in there and probably this all aged them a bit rewriting the partition again. I ran tdsskiller and at first it found nothing but after setting its options to scan drivers it found what it considered low risk suspicious files that were unsigned. Not sure what to do about that leave it or quarantine them. Some programs may depend on them. Not sure.
And about scanning off line the drive your right. Going to need to make a bootable scanner that can read an intel raid array.
Thanks so much. Happy holidays.
Thanks for the advice. I never was able to find what kind of virus caused this trouble. I just finished restoring a backup on both machines from 6 months ago and it looks good now. Symptom free for the time being. I'm most concerned about my USB keys and external USB drives as being compromised. Maybe I'll install the av software you guys mentioned in a virtual windows environment using virtual box on a Mac and scan each drive? Or just wipe them?
In any case I was running windows 7 64. Had a few ssd drives in there and probably this all aged them a bit rewriting the partition again. I ran tdsskiller and at first it found nothing but after setting its options to scan drivers it found what it considered low risk suspicious files that were unsigned. Not sure what to do about that leave it or quarantine them. Some programs may depend on them. Not sure.
And about scanning off line the drive your right. Going to need to make a bootable scanner that can read an intel raid array.
Thanks so much. Happy holidays.
Hi,
Update: I installed the MSE into a virtual windows 7 64 Virtualbox. Took a snapshot. Then I plugged in my usb key that I suspect was spreading this virus. MSE came up empty BUT then it happened again! Same symptom. My computer drive listings failed to display. Programs wouldn't load!
Also Microsoft Updates were updated at the same time. So right now its either a virus or blunder on MS update but I suspect virus. Need to find out what this is!
Thanks.
PS: Guess all my usb drives are trashed?!
Update: I installed the MSE into a virtual windows 7 64 Virtualbox. Took a snapshot. Then I plugged in my usb key that I suspect was spreading this virus. MSE came up empty BUT then it happened again! Same symptom. My computer drive listings failed to display. Programs wouldn't load!
Also Microsoft Updates were updated at the same time. So right now its either a virus or blunder on MS update but I suspect virus. Need to find out what this is!
Thanks.
PS: Guess all my usb drives are trashed?!
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
MSE is popular because it's free, has a simple interface, and has no nag-ware built in. However, MSE has signatures to only find the most common malware, which is about 85% of what's out there.
That said, how well it fares compared to the competition has really declined the past couple years. MSE has been ranking at the bottom of the free AV's on AV-Test.org for over the past year now. The most recent report it ranks 24/24 for their home products tested.
It may be time to consider an upgrade. The current top ranked free AV:
1 - Checkpoint Zone Alarm Free
2 - Avast 7
3 - AVG 2013 Free
4 - Panda Cloud
Other notable free products:
Avira Free Antivirus
Not recommended:
MSE
My personal recommendation is Avast 7. It has a file shield, behavior shield, web shield, and network protection all free. It's currently at 16MB of ram usage. I also set my DNS to Norton DNS which will prevent any PC's in my home from connecting to a known bad site.
That said, how well it fares compared to the competition has really declined the past couple years. MSE has been ranking at the bottom of the free AV's on AV-Test.org for over the past year now. The most recent report it ranks 24/24 for their home products tested.
It may be time to consider an upgrade. The current top ranked free AV:
1 - Checkpoint Zone Alarm Free
2 - Avast 7
3 - AVG 2013 Free
4 - Panda Cloud
Other notable free products:
Avira Free Antivirus
Not recommended:
MSE
My personal recommendation is Avast 7. It has a file shield, behavior shield, web shield, and network protection all free. It's currently at 16MB of ram usage. I also set my DNS to Norton DNS which will prevent any PC's in my home from connecting to a known bad site.
Well I find it strange that MSE always scored really well up until...........
..it was installed as standard in Windows8 as of a few months ago.
Since then I have seen quite a few 'independent reports' that state it isn't very good.
Hmmm could this be sponsored FUD from the likes of Norton and McAfee etc. scared because their awful products are no longer required?
After all it's odd these reports have all mostly appeared since August.
MSE and EMET3.0, works great. No nagging to upgrade, no pop-ups, no locking your system out, no baffling security groups to assign your applications to everytime you fire them up.
..it was installed as standard in Windows8 as of a few months ago.
Since then I have seen quite a few 'independent reports' that state it isn't very good.
Hmmm could this be sponsored FUD from the likes of Norton and McAfee etc. scared because their awful products are no longer required?
After all it's odd these reports have all mostly appeared since August.
MSE and EMET3.0, works great. No nagging to upgrade, no pop-ups, no locking your system out, no baffling security groups to assign your applications to everytime you fire them up.
I ended up repartitioning the stick. Hope that's enough to kill what was on it. I have up looking for whatever virus that was on it after spending a handful of hours scanning the drive with different AV trial software and coming up with nothing. Was the easy way out I know..
Thanks your help.
Happy holidays.
Thanks your help.
Happy holidays.
Hi again,
Tonight I updated my version of PerfectDisk and read the update logs which says:
Fixed occasional system lock-ups in OptiWrite driver and its compatibility with ESET Antivirus software.
Makes me wonder as I had both installed and still could not find a virus!
Edit: The following is a description of someone experiencing the same issues as me:
I am another victim of the NOD32 5.0.95/5.2.9.1 USB Hard Disk detection issue under XP (XP Home 32bit, SP3). I submitted a support request to ESET UK with all the relevant material (which included a Complete Memory Dump taken at the time of the system hang and the SysInspector data file). I was advised to uninstall V5 and install V4.2.71.2 and this has 'fixed' the problem. However, there appears to be a remaining issue in that at first boot everything seems to load quickly, but nothing happens when I click on a Desktop icon and no programs, including Task Manager, will run. Explorer will only open 'My Computer' but right-clicking is inactive. A restart resolves this issue. This was also a problem with V5 and also I noted on many occasions that several system tray icons failed to load. A Shutdown would then take 5-10 minutes.
Tonight I updated my version of PerfectDisk and read the update logs which says:
Fixed occasional system lock-ups in OptiWrite driver and its compatibility with ESET Antivirus software.
Makes me wonder as I had both installed and still could not find a virus!
Edit: The following is a description of someone experiencing the same issues as me:
I am another victim of the NOD32 5.0.95/5.2.9.1 USB Hard Disk detection issue under XP (XP Home 32bit, SP3). I submitted a support request to ESET UK with all the relevant material (which included a Complete Memory Dump taken at the time of the system hang and the SysInspector data file). I was advised to uninstall V5 and install V4.2.71.2 and this has 'fixed' the problem. However, there appears to be a remaining issue in that at first boot everything seems to load quickly, but nothing happens when I click on a Desktop icon and no programs, including Task Manager, will run. Explorer will only open 'My Computer' but right-clicking is inactive. A restart resolves this issue. This was also a problem with V5 and also I noted on many occasions that several system tray icons failed to load. A Shutdown would then take 5-10 minutes.
Last edited:
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
You really are off base. MSE has been scoring poorly for a long time now. The poor scores have nothing to do with Windows 8 being released. Semantically, Windows 8 includes "Windows Defender" not MSE (even though we all know it's the same thing, it's not marketed OR reviewed that way).
MSE caught fire a few years ago for the reasons I listed, and at that time MSE was a good product compared to the other free products. Times have changed but Microsoft has not kept up with it, while many other products are improving. Many people in the tech world are now unwilling to let go of MSE. ESET was another product, that for a few years was very good, but has since fallen behind. It's also an example of something people are unwilling to let go of.
I'm not saying there's anything wrong with MSE. I still install it on almost all of my client PC's because it's easy to manage, catches common threats, and there's no hassle with yearly registration or prompts to buy. I will not run it on my own PC, though, because I know better and superior free products are available.
Last edited:
Well I fix PCs for a living and I get a lot of machines in for virus cleaning.
The top three AV's that are installed on these infested machines?
In order of frequency they turn up on my desk - (anacdotal I know)
1. McAfee (why Intel bought into these clowns....
)2. AVG Free
3. Avast Free
After that its a mix of Norton, Avira and Kaspersky usually. Rarely do I get a machine with MSE installed on it for virus cleaning. I put it on all my customers machines and when they come back two+ years later for a service they are always clean. For the past few months I have added EMET3.0 to some customers machines also. Usually the more virus prone.
At the end of the day its a crap shoot.
Guys it Christmas day take it easy! Anyhow I think your forgetting one thing about the efficacy of these free AV products. That being the human factor of who is using it. The socioeconomic factor. The fact that these people using free software might be more likely to use their PCs in not so safe kind of ways. That said I don't think there is a perfect AV product. I remember some years back I was playing around with software i got from torrents and got a worm trojan horse virus. Was using bitdefender which at best only was able to inform me that multiple viruses where jumping around system to system. Only thing that cleaned my machines properly at the time was Norton IS. Since then it became more bloated and not as accurate. So I now use two AV products side by side. Eset and Norton the later only because I get these free after rebate deals. Thanks.
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
As mentioned, I use Avast 7. Avira is an alright product, it ranks in the middle of the pack. It has had a reputation in the past for many false-positives.
McAfee, AVG, and Avast are some of the most popular programs so I would expect that you see them the most. That doesn't mean they provide the worst protection.Well I fix PCs for a living and I get a lot of machines in for virus cleaning.
The top three AV's that are installed on these infested machines?
In order of frequency they turn up on my desk - (anacdotal I know)
1. McAfee (why Intel bought into these clowns....
2. AVG Free
3. Avast Free
After that its a mix of Norton, Avira and Kaspersky usually. Rarely do I get a machine with MSE installed on it for virus cleaning. I put it on all my customers machines and when they come back two+ years later for a service they are always clean. For the past few months I have added EMET3.0 to some customers machines also. Usually the more virus prone.
At the end of the day its a crap shoot.
With your logic, some unheard of product that hardly anyone uses would be the most superior product because you never have seen it. Also, you could install the worst AV product available on your system and as long as you browse safety, not become infected with malware. That doesn't mean that product is the most superior.
lash_larue
Limp Gawd
- Joined
- Nov 26, 2006
- Messages
- 149
All scientific arguments aside, I would say its a pretty damn good indicator that they don't provide good protection.
You can say that again.
wtburnette
2[H]4U
- Joined
- Jun 24, 2004
- Messages
- 3,580
While I agree with most of what you've said in this thread, this is no longer true. While safe surfing habits (and email habits) will help you to not get infected, it's too easy these days to get infected through no fault of your own. I've been infected with malware through ArsTechnica and I've heard there was an infection some people got from this site. All it takes is an infected ad banner and numerous sites that are normally perfectly safe could be serving up malware.
The advice I give people is to harden your system as well as you can. If there is no exploit open on your system and you practice safe web surfing as well, you should be safe.
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
You're absolutely right, I was simply trying to make sure he could clearly see the holes in his cheese.
I've been hit by infections delivered through advertisements on Microsoft's Live email service. No amount of safe browsing can prevent that as Live.com is not a site to avoid for malware (maybe avoidable for non-malware reasons though
)What is 'its' and 'they'?
Drive-by infections account for 90% of the virus clean ups I do. They are written daily by the crime gangs and all the AV companies are constantly 24 hours behind the curve.
Thats the window of opportunity. Then they release the next adjusted version of the virus the next day.
Rinse and repeat.
Thats the window of opportunity. Then they release the next adjusted version of the virus the next day.
Rinse and repeat.
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
This is spot on. The one truth about all av products is that the hardest part about detecting is the day zero threats. Weeks and months old malware is much easier to detect and remove, even with poor products.
About 2 years ago my computer got infected with a fake AV visiting [H]. Win 7 with all updates, updated AV. Happened so quickly and transparently! It was a fake AV, so at least I immediately knew I got it.
Have had a similar thing happen on a work computer. One day I visited the Amex site and got a VERY authentic looking screen asking to verify all my personal info. Was on the phone with Amex at the time and the person immediately told me I had a infection from somewhere (not Amex) and not to input anything. Again, somehow the logger had installed and AV had not detected it. It was just luck that I was on the phone with Amex at that time...
This really threw some needed cold water in my face and made me realize I needed to be more open minded about infections only happening to "clueless" users.
While I agree with you, I've found the hardening process quickly becomes intolerable. No Java, avoid adobe products, flashblock/adblock/noscript in Firefox, AV, malwarebytes, firewalls, sandboxes, etc. I'm a tech nerd and I find some of this stuff (like noscript, no acrobat) to be very intrusive to my daily use. Hard to expect an average user to keep up.
Guys check out this article!
https://www.nsslabs.com/system/files/content/report/files/Can%20Consumer%20AV%20Products%20Protect.pdf
https://www.nsslabs.com/system/files/content/report/files/Can%20Consumer%20AV%20Products%20Protect.pdf
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
Holy mother .. Bitdefender just released a free AV product...
zero2dash
Supreme [H]ardness
- Joined
- Oct 23, 2007
- Messages
- 6,100
http://www.bitdefender.com/solutions/free.htmlI like the Sandbox of Avast but I think I'm still gonna give this at least a VM test run or two...
Avast has gotten a little ridiculous with the ad and related product popups lately.
[head asplodes]
I will say this....the downloader on their website is an online downloader, but the x64 variant that just DL to my system is only 8.73 MB!
I'm trying to dig up a full/offline downloader just to cover all bases though (to throw on my thumb drive).
They all suck, just some of them suck less than others.
FBI Virus is the #1 variant of all the malware I see
ZeroAccess rootkit and TDSS variants are #2
#3 is the fake security scanner tools.
The common thread with 95% of these infected PC's:
Weatherbug.
As soon as you see that on the PC you know
A) the user is stupid
B) they routinely download every damn thing on the
net that flashes and says it bakes cakes and gives them
handjobs while doing it
C) They have outdated / garbage / multiple AV programs on
their system, cause if bulk food warehouse shopping has
taught us anything its that MOAR is BETAR
FBI Virus is the #1 variant of all the malware I see
ZeroAccess rootkit and TDSS variants are #2
#3 is the fake security scanner tools.
The common thread with 95% of these infected PC's:
Weatherbug.
As soon as you see that on the PC you know
A) the user is stupid
B) they routinely download every damn thing on the
net that flashes and says it bakes cakes and gives them
handjobs while doing it
C) They have outdated / garbage / multiple AV programs on
their system, cause if bulk food warehouse shopping has
taught us anything its that MOAR is BETAR
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
You can disable the popup news boxes that you see when it updates. As for the banner on the product, I don't mind that as I'm not paying, so what can I expect? It doesn't nag you like Avira.
I like the Sandbox of Avast but I think I'm still gonna give this at least a VM test run or two...
Avast has gotten a little ridiculous with the ad and related product popups lately.
zero2dash
Supreme [H]ardness
- Joined
- Oct 23, 2007
- Messages
- 6,100
True.
re: Bitdefender
So far very barebones/simple. Requires activation within 30 days using MyBitdefender account.
Only way I've figured out to scan something on demand is by right click.
I'm half and half on the simple. I like that it's more of a 'thinking' AV but at the same time it's definitely 'new' (to me) to not have a window filled to the gills with options and features and things to click or whatnot.
re: Bitdefender
So far very barebones/simple. Requires activation within 30 days using MyBitdefender account.
Only way I've figured out to scan something on demand is by right click.
I'm half and half on the simple. I like that it's more of a 'thinking' AV but at the same time it's definitely 'new' (to me) to not have a window filled to the gills with options and features and things to click or whatnot.
bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
I read BD free is cloud based. If that's the case I will pass.
zero2dash
Supreme [H]ardness
- Joined
- Oct 23, 2007
- Messages
- 6,100
Well BAFE certainly is a bit of a bloated pig.
7x64 Pro
Clean VM, up to date, no other apps installed.
Bitdefender Antivirus Free Edition, default settings
2 processes
214,224K Private Bytes, 6,460K Working Set
Avast 7 Free, default settings
3 processes
125,976K Private Bytes, 124,360K Working Set
7x64 Pro
Clean VM, up to date, no other apps installed.
Bitdefender Antivirus Free Edition, default settings
2 processes
214,224K Private Bytes, 6,460K Working Set
Avast 7 Free, default settings
3 processes
125,976K Private Bytes, 124,360K Working Set
wtburnette
2[H]4U
- Joined
- Jun 24, 2004
- Messages
- 3,580
Yeah, I feel your pain there. I've worked on my stepmother's computer more times then I can count and every time I remove all of the toolbars and Weatherbug and explain to her why she can't use them. Invariably within a week or two, I get another call about her computer "acting funny" and there's a ton of toolbars and weatherbug loaded back on her computer, with at least 2 - 3 infections on top of it. Unfortunately, I can't really do anything because hardening her system would prevent her from doing half the crap she wants, like flash games and cat videos...