M
mm
Flightless Bird
Follow-up and still need help on ex-gf's virus!
So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
just find 4 viruses like I said, it found 23 threats and 7 suspected
threats spread out over 230 occurrences.
However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think they
could be the problem. She doesn't even use the Baltimore County
Public Library anymore, because they only had dial-up.**
Nonetheless, when we booted to XP, it worked much better than before!!
She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.
What makes HTTP and HTTPS so different?
It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)
IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.
What did work after using the BitDefender Rescue CD that she said
didn't before:
1) She said nothing else worked before and most things worked now.
And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.
2) She can dl her email now!!
3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".
I restarted the computer but web browsing didn't improve.
I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.
I restarted the copmputer but web browsing didn't improve.
So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?
I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?
**Obsolete info: Many of the infected emails apppeared twice, once in
the Inbox and once in the Junk. I think she used Netscape for email at
the time. If it's anything like Eudora, moving to Junk left a copy in
the Inbox until she compressed the Inbox. Eudora will do this
automatically eventually, but maybe not Netscape.
So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
just find 4 viruses like I said, it found 23 threats and 7 suspected
threats spread out over 230 occurrences.
However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think they
could be the problem. She doesn't even use the Baltimore County
Public Library anymore, because they only had dial-up.**
Nonetheless, when we booted to XP, it worked much better than before!!
She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.
What makes HTTP and HTTPS so different?
It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)
IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.
What did work after using the BitDefender Rescue CD that she said
didn't before:
1) She said nothing else worked before and most things worked now.
And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.
2) She can dl her email now!!
3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".
I restarted the computer but web browsing didn't improve.
I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.
I restarted the copmputer but web browsing didn't improve.
So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?
I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?
**Obsolete info: Many of the infected emails apppeared twice, once in
the Inbox and once in the Junk. I think she used Netscape for email at
the time. If it's anything like Eudora, moving to Junk left a copy in
the Inbox until she compressed the Inbox. Eudora will do this
automatically eventually, but maybe not Netscape.