1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is there some built-in MS anti-virus scanner, etc?

Discussion in 'Windows XP' started by mm, Sep 3, 2010.

  1. mm

    mm Flightless Bird

    Is there some built-in MS anti-virus scanner, or something that gets
    automatically downloaded on certain occasions?


    I'm sorry if part of this question is vague. My ex-gf was annoyed at
    her computer and impatient with me and I got a discription in dribs
    and drabs, and incompletely.

    She seems to have a virus. When she started winXPSP3, she got a green
    shield and a message that she may have a virus, and it gave 4 or 5
    suggestions of what to do. I don't know what the other suggestions
    were. She chose to run some anti-virus that it suggested, and hten
    changed her mind and called me.

    The only anti-virus she has is AVG, and I suggested she do a full scan
    with that, but it wouldn't start. When she clicks on AVG icon in
    systray it says: "application can not be executed if avgui.exe is
    infected"

    Restarting gave the same first message. This time she told me about
    the green shield and that the message was in an IE box.

    Should she have let that anti-virus run to completion?

    At first I thought it was one of the web scan/scams, but maybe it's
    good???

    Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    is far different from last December's version. I'm going to give her
    the CD at work today, but it would be simpler if the suggested scan
    was a good thing to run.


    Separate question: Why don't Dell computers have a reset button?

    Thanks.
     
  2. Y. Soserious

    Y. Soserious Flightless Bird

    Inline:
    "mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    news:sei286pmetot42jmm5v5kekt7eol4koos4@4ax.com...
    > Is there some built-in MS anti-virus scanner, or something that gets
    > automatically downloaded on certain occasions?


    YES, during the patch Tuesday updates. The malicious software removal tool.
    It's a barebones thing that only looks for certain malware. Not nearly what
    you need.


    >
    > I'm sorry if part of this question is vague. My ex-gf was annoyed at
    > her computer and impatient with me and I got a discription in dribs
    > and drabs, and incompletely.
    >
    > She seems to have a virus. When she started winXPSP3, she got a green
    > shield and a message that she may have a virus, and it gave 4 or 5
    > suggestions of what to do. I don't know what the other suggestions
    > were. She chose to run some anti-virus that it suggested, and hten
    > changed her mind and called me.


    That was the virus.

    us she has is AVG, and I suggested she do a full scan
    > with that, but it wouldn't start. When she clicks on AVG icon in
    > systray it says: "application can not be executed if avgui.exe is
    > infected"
    >
    > Restarting gave the same first message. This time she told me about
    > the green shield and that the message was in an IE box.
    >
    > Should she have let that anti-virus run to completion?



    No, it was the virus. It was a scam.


    > At first I thought it was one of the web scan/scams, but maybe it's
    > good???
    >


    Nope, it was a scam.

    > Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    > is far different from last December's version. I'm going to give her
    > the CD at work today, but it would be simpler if the suggested scan
    > was a good thing to run.
    >
    >
    > Separate question: Why don't Dell computers have a reset button?


    Ask Dell.

    > Thanks.
    >
     
  3. Paul

    Paul Flightless Bird

    mm wrote:
    > Is there some built-in MS anti-virus scanner, or something that gets
    > automatically downloaded on certain occasions?
    >
    >
    > I'm sorry if part of this question is vague. My ex-gf was annoyed at
    > her computer and impatient with me and I got a discription in dribs
    > and drabs, and incompletely.
    >
    > She seems to have a virus. When she started winXPSP3, she got a green
    > shield and a message that she may have a virus, and it gave 4 or 5
    > suggestions of what to do. I don't know what the other suggestions
    > were. She chose to run some anti-virus that it suggested, and hten
    > changed her mind and called me.
    >
    > The only anti-virus she has is AVG, and I suggested she do a full scan
    > with that, but it wouldn't start. When she clicks on AVG icon in
    > systray it says: "application can not be executed if avgui.exe is
    > infected"
    >
    > Restarting gave the same first message. This time she told me about
    > the green shield and that the message was in an IE box.
    >
    > Should she have let that anti-virus run to completion?
    >
    > At first I thought it was one of the web scan/scams, but maybe it's
    > good???
    >
    > Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    > is far different from last December's version. I'm going to give her
    > the CD at work today, but it would be simpler if the suggested scan
    > was a good thing to run.
    >
    >
    > Separate question: Why don't Dell computers have a reset button?
    >
    > Thanks.
    >


    You can try running this, as this is good at removing the odd piece
    of "rogue" malware. The free version is what you'd be downloading,
    which is used for extermination rather than constant monitoring.

    http://en.wikipedia.org/wiki/Malwarebytes

    http://www.malwarebytes.org/

    http://majorgeeks.com/download.php?det=5756 Apr29,2010 version 1.46

    The main problem with using a program like that, is the malware may
    prevent the tool from being started. You can try renaming the file,
    to something like "surprise.exe" and run it. If that doesn't work,
    you'll have to check some of the anti-malware sites for tools
    that can temporarily stop the malware, until you can get MBAM started.

    As far as I know, MBAM claims to work best in regular boot mode.
    It isn't supposed to work quite as well in "Safe Mode", but you
    can try that as well, if you're not making any progress. You can be
    assured, that any "rogue AV" program, is well equipped to deal with
    all the usual workarounds, so removing it won't exactly be easy.

    If the "name" of the rogue software is printed on the screen
    of the affected computer, you can use a search engine to search
    for more information on it.

    Paul
     
  4. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    > ...She chose to run some anti-virus that it suggested, and hten
    > changed her mind and called me.


    Too late now & she shouldn't have clicked on ANYTHING in the pop-up, not
    even the X to close it!

    The suggested "anti-virus" was the infection! It's a "rogue," quite
    possibly be this one:
    http://blogs.technet.com/b/mmpc/arc...of-the-microsoft-security-essentials-pie.aspx

    Avoid Rogue Security Software!
    http://www.microsoft.com/security/antivirus/rogue.aspx

    Didn't AVG do a great job!

    mm wrote:
    > Is there some built-in MS anti-virus scanner, or something that gets
    > automatically downloaded on certain occasions?
    >
    > I'm sorry if part of this question is vague. My ex-gf was annoyed at
    > her computer and impatient with me and I got a discription in dribs
    > and drabs, and incompletely.
    >
    > She seems to have a virus. When she started winXPSP3, she got a green
    > shield and a message that she may have a virus, and it gave 4 or 5
    > suggestions of what to do. I don't know what the other suggestions
    > were. She chose to run some anti-virus that it suggested, and hten
    > changed her mind and called me.
    >
    > The only anti-virus she has is AVG, and I suggested she do a full scan
    > with that, but it wouldn't start. When she clicks on AVG icon in
    > systray it says: "application can not be executed if avgui.exe is
    > infected"
    >
    > Restarting gave the same first message. This time she told me about
    > the green shield and that the message was in an IE box.
    >
    > Should she have let that anti-virus run to completion?
    >
    > At first I thought it was one of the web scan/scams, but maybe it's
    > good???
    >
    > Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    > is far different from last December's version. I'm going to give her
    > the CD at work today, but it would be simpler if the suggested scan
    > was a good thing to run.
    >
    >
    > Separate question: Why don't Dell computers have a reset button?
    >
    > Thanks.
     
  5. Mike S

    Mike S Flightless Bird

    On 9/3/2010 12:29 PM, mm wrote:
    > Is there some built-in MS anti-virus scanner, or something that gets
    > automatically downloaded on certain occasions?
    > I'm sorry if part of this question is vague. My ex-gf was annoyed at
    > her computer and impatient with me and I got a discription in dribs
    > and drabs, and incompletely.
    > She seems to have a virus. When she started winXPSP3, she got a green
    > shield and a message that she may have a virus, and it gave 4 or 5
    > suggestions of what to do. I don't know what the other suggestions
    > were. She chose to run some anti-virus that it suggested, and hten
    > changed her mind and called me.
    > The only anti-virus she has is AVG, and I suggested she do a full scan
    > with that, but it wouldn't start. When she clicks on AVG icon in
    > systray it says: "application can not be executed if avgui.exe is
    > infected"
    > Restarting gave the same first message. This time she told me about
    > the green shield and that the message was in an IE box.
    > Should she have let that anti-virus run to completion?
    > At first I thought it was one of the web scan/scams, but maybe it's
    > good???
    > Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    > is far different from last December's version. I'm going to give her
    > the CD at work today, but it would be simpler if the suggested scan
    > was a good thing to run.
    > Separate question: Why don't Dell computers have a reset button?
    > Thanks.


    Run Malwarebytes Antimalware, with the latest definition files, using a
    full scan. Run the scan once, delete anything you don't know to be good,
    then reboot and immediately run it again, doing another full scan.
     
  6. Pegasus [MVP]

    Pegasus [MVP] Flightless Bird

    "mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    news:sei286pmetot42jmm5v5kekt7eol4koos4@4ax.com...
    > Is there some built-in MS anti-virus scanner, or something that gets
    > automatically downloaded on certain occasions?
    >
    >
    > I'm sorry if part of this question is vague. My ex-gf was annoyed at
    > her computer and impatient with me and I got a discription in dribs
    > and drabs, and incompletely.
    >
    > She seems to have a virus. When she started winXPSP3, she got a green
    > shield and a message that she may have a virus, and it gave 4 or 5
    > suggestions of what to do. I don't know what the other suggestions
    > were. She chose to run some anti-virus that it suggested, and hten
    > changed her mind and called me.
    >
    > The only anti-virus she has is AVG, and I suggested she do a full scan
    > with that, but it wouldn't start. When she clicks on AVG icon in
    > systray it says: "application can not be executed if avgui.exe is
    > infected"
    >
    > Restarting gave the same first message. This time she told me about
    > the green shield and that the message was in an IE box.
    >
    > Should she have let that anti-virus run to completion?
    >
    > At first I thought it was one of the web scan/scams, but maybe it's
    > good???
    >
    > Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    > is far different from last December's version. I'm going to give her
    > the CD at work today, but it would be simpler if the suggested scan
    > was a good thing to run.
    >
    >
    > Separate question: Why don't Dell computers have a reset button?
    >
    > Thanks.


    Not built in but free: Microsoft Security Essentials -
    http://www.microsoft.com/Security_Essentials/
     
  7. Walt

    Walt Flightless Bird

    Or you could do a System Restore maybe?

    On Fri, 03 Sep 2010 13:47:35 -0400, Paul <nospam@needed.com> wrote:

    >mm wrote:
    >> Is there some built-in MS anti-virus scanner, or something that gets
    >> automatically downloaded on certain occasions?
    >>
    >>
    >> I'm sorry if part of this question is vague. My ex-gf was annoyed at
    >> her computer and impatient with me and I got a discription in dribs
    >> and drabs, and incompletely.
    >>
    >> She seems to have a virus. When she started winXPSP3, she got a green
    >> shield and a message that she may have a virus, and it gave 4 or 5
    >> suggestions of what to do. I don't know what the other suggestions
    >> were. She chose to run some anti-virus that it suggested, and hten
    >> changed her mind and called me.
    >>
    >> The only anti-virus she has is AVG, and I suggested she do a full scan
    >> with that, but it wouldn't start. When she clicks on AVG icon in
    >> systray it says: "application can not be executed if avgui.exe is
    >> infected"
    >>
    >> Restarting gave the same first message. This time she told me about
    >> the green shield and that the message was in an IE box.
    >>
    >> Should she have let that anti-virus run to completion?
    >>
    >> At first I thought it was one of the web scan/scams, but maybe it's
    >> good???
    >>
    >> Last night I dl'd the latest copy of Bit Defender Rescue Disk, and it
    >> is far different from last December's version. I'm going to give her
    >> the CD at work today, but it would be simpler if the suggested scan
    >> was a good thing to run.
    >>
    >>
    >> Separate question: Why don't Dell computers have a reset button?
    >>
    >> Thanks.
    >>

    >
    >You can try running this, as this is good at removing the odd piece
    >of "rogue" malware. The free version is what you'd be downloading,
    >which is used for extermination rather than constant monitoring.
    >
    >http://en.wikipedia.org/wiki/Malwarebytes
    >
    >http://www.malwarebytes.org/
    >
    >http://majorgeeks.com/download.php?det=5756 Apr29,2010 version 1.46
    >
    >The main problem with using a program like that, is the malware may
    >prevent the tool from being started. You can try renaming the file,
    >to something like "surprise.exe" and run it. If that doesn't work,
    >you'll have to check some of the anti-malware sites for tools
    >that can temporarily stop the malware, until you can get MBAM started.
    >
    >As far as I know, MBAM claims to work best in regular boot mode.
    >It isn't supposed to work quite as well in "Safe Mode", but you
    >can try that as well, if you're not making any progress. You can be
    >assured, that any "rogue AV" program, is well equipped to deal with
    >all the usual workarounds, so removing it won't exactly be easy.
    >
    >If the "name" of the rogue software is printed on the screen
    >of the affected computer, you can use a search engine to search
    >for more information on it.
    >
    > Paul
     
  8. Paul

    Paul Flightless Bird

    Walt wrote:
    > Or you could do a System Restore maybe?
    >


    Not if it is already infected by malware.

    Malware attacks System Restore, to prevent that very removal mechanism.

    Paul
     
  9. mm

    mm Flightless Bird

    On Fri, 3 Sep 2010 22:50:45 +0200, "Pegasus [MVP]"
    <news@microsoft.com> wrote:

    >
    >
    >"mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    >news:sei286pmetot42jmm5v5kekt7eol4koos4@4ax.com...
    >> Is there some built-in MS anti-virus scanner, or something that gets
    >> automatically downloaded on certain occasions?
    >>
    >>
    >> I'm sorry if part of this question is vague. My ex-gf was annoyed at
    >> her computer and impatient with me and I got a discription in dribs
    >> and drabs, and incompletely.
    >>
    >> She seems to have a virus. When she started winXPSP3, she got a green
    >> shield and a message that she may have a virus, and it gave 4 or 5
    >> suggestions of what to do. I don't know what the other suggestions
    >> were. She chose to run some anti-virus that it suggested, and hten
    >> changed her mind and called me.

    .......
    >>
    >> Thanks.

    >
    >Not built in but free: Microsoft Security Essentials -
    >http://www.microsoft.com/Security_Essentials/
    >


    Thanks to all of you. Yes, the screen must have been part of the
    scam. She ran bit-defender for up to 5 hours last night until it
    finished and it says she has 4 viruses. I'm going there now to look
    at the results and disinfect or delete as appropriate. I hope that
    will work.
     
  10. Hello Kitty

    Hello Kitty Flightless Bird

    "mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    news:re4586h2f4n0iidm1s49et6nirg221u0a9@4ax.com...
    > On Fri, 3 Sep 2010 22:50:45 +0200, "Pegasus [MVP]"
    > <news@microsoft.com> wrote:
    >
    >>
    >>
    >>"mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    >>news:sei286pmetot42jmm5v5kekt7eol4koos4@4ax.com...
    >>> Is there some built-in MS anti-virus scanner, or something that gets
    >>> automatically downloaded on certain occasions?
    >>>
    >>>
    >>> I'm sorry if part of this question is vague. My ex-gf was annoyed at
    >>> her computer and impatient with me and I got a discription in dribs
    >>> and drabs, and incompletely.
    >>>
    >>> She seems to have a virus. When she started winXPSP3, she got a green
    >>> shield and a message that she may have a virus, and it gave 4 or 5
    >>> suggestions of what to do. I don't know what the other suggestions
    >>> were. She chose to run some anti-virus that it suggested, and hten
    >>> changed her mind and called me.

    > ......
    >>>
    >>> Thanks.

    >>
    >>Not built in but free: Microsoft Security Essentials -
    >>http://www.microsoft.com/Security_Essentials/
    >>

    >
    > Thanks to all of you. Yes, the screen must have been part of the
    > scam. She ran bit-defender for up to 5 hours last night until it
    > finished and it says she has 4 viruses. I'm going there now to look
    > at the results and disinfect or delete as appropriate. I hope that
    > will work.


    The problem with this particular scam or malware is that it roots itself
    into your registry. You should find a free program called "Hijack This" to
    identify start up entries that keep whatever was installed to her machine
    alive. There is also a rare file called "ComboFix" that can find and remove
    a number of issues.

    Those 2 free programs I mentioned have been able to help me remove
    ad/malware completely from my PC after infection.

    Good luck.
     
  11. mm

    mm Flightless Bird

    On Sat, 4 Sep 2010 18:46:35 -0500, "Hello Kitty"
    <Hello_kitty@yahoo.com> wrote:

    >
    >"mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    >news:re4586h2f4n0iidm1s49et6nirg221u0a9@4ax.com...
    >> On Fri, 3 Sep 2010 22:50:45 +0200, "Pegasus [MVP]"
    >> <news@microsoft.com> wrote:
    >>
    >>>
    >>>
    >>>"mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    >>>news:sei286pmetot42jmm5v5kekt7eol4koos4@4ax.com...
    >>>> Is there some built-in MS anti-virus scanner, or something that gets
    >>>> automatically downloaded on certain occasions?
    >>>>
    >>>>
    >>>> I'm sorry if part of this question is vague. My ex-gf was annoyed at
    >>>> her computer and impatient with me and I got a discription in dribs
    >>>> and drabs, and incompletely.
    >>>>
    >>>> She seems to have a virus. When she started winXPSP3, she got a green
    >>>> shield and a message that she may have a virus, and it gave 4 or 5
    >>>> suggestions of what to do. I don't know what the other suggestions
    >>>> were. She chose to run some anti-virus that it suggested, and hten
    >>>> changed her mind and called me.

    >> ......
    >>>>
    >>>> Thanks.
    >>>
    >>>Not built in but free: Microsoft Security Essentials -
    >>>http://www.microsoft.com/Security_Essentials/
    >>>

    >>
    >> Thanks to all of you. Yes, the screen must have been part of the
    >> scam. She ran bit-defender for up to 5 hours last night until it
    >> finished and it says she has 4 viruses. I'm going there now to look
    >> at the results and disinfect or delete as appropriate. I hope that
    >> will work.

    >
    >The problem with this particular scam or malware is that it roots itself
    >into your registry. You should find a free program called "Hijack This" to
    >identify start up entries that keep whatever was installed to her machine
    >alive. There is also a rare file called "ComboFix" that can find and remove
    >a number of issues.
    >
    >Those 2 free programs I mentioned have been able to help me remove
    >ad/malware completely from my PC after infection.


    Thanks. I found Hijack This, which looks very good, and I"m going to
    look for CombofFix.

    I still started another thread to give my progress, such as it is.
    She can download email, virus definitinon, and according to MS, HTTPS
    and FTP.

    Only HTTP eludes her!


    >Good luck.
    >
     
  12. mm

    mm Flightless Bird

    On Sat, 4 Sep 2010 18:46:35 -0500, "Hello Kitty"
    <Hello_kitty@yahoo.com> wrote:

    >
    >The problem with this particular scam or malware is that it roots itself
    >into your registry. You should find a free program called "Hijack This" to
    >identify start up entries that keep whatever was installed to her machine
    >alive. There is also a rare file called "ComboFix" that can find and remove
    >a number of issues.
    >
    >Those 2 free programs I mentioned have been able to help me remove
    >ad/malware completely from my PC after infection.
    >
    >Good luck.
    >

    Thanks agaoin. I fund this one too.
    http://www.combofix.org/download.php

    IMPORTANT : ComboFix is extremely powerful , You should not run
    ComboFix.exe unless you are asked to by a trained helper

    Wait a second. If he's helping me, who's in charge!

    But seriously, the descriptions give a lot of warnings, but also say
    this:

    "ComboFix also displays a report that can be used by trained helpers
    to remove malware that is not automatically removed by the program.

    Please note that running this program without supervision can cause
    your computer to not operate correctly. Therefore only run this
    program at the request of an experienced helper."

    Yet the progrma removes things (malware) automatically!!!! I'm sort
    of reckless but that scares me.
     
  13. Paul

    Paul Flightless Bird

    mm wrote:

    > Yet the progrma removes things (malware) automatically!!!! I'm sort
    > of reckless but that scares me.


    You can do anything you want... as long as you have backups.

    If you haven't prepared for a "meltdown" while you're curing
    this malware, you could end up in a awful mess.

    No matter who wrote the anti-malware tool, such a tool can
    quarantine or delete enough files, to cause the OS to fail to
    boot the next time. If you took the system offline and did
    a backup when you first started working on the machine, then
    you have options if things go wrong.

    For example, I've heard of tools, that quarantine infected files,
    but they're placed on a temporary ramdisk. If you shut down
    such a tool, the ramdisk disappears with it, and if you need to
    put any of those files back, they're gone.

    If it's your own machine, then you know how valuable the
    setup and files are. You might not need a backup image for
    that. If you're working on someone else's machine, then more
    care should be taken.

    Paul
     
  14. mm

    mm Flightless Bird

    On Sat, 04 Sep 2010 23:41:35 -0400, Paul <nospam@needed.com> wrote:

    >mm wrote:
    >
    >> Yet the progrma removes things (malware) automatically!!!! I'm sort
    >> of reckless but that scares me.

    >
    >You can do anything you want... as long as you have backups.


    Well, right now the problem is not mine but my ex-gf's machine and she
    doesn't have backups. I had to urge her for 2+ years to start using
    an antivirus. In fact all those 230 viruses that I report in my next
    thread that she found from 2003 and 2004 were probably from the time
    when she didn't use antivirus.

    >If you haven't prepared for a "meltdown" while you're curing
    >this malware, you could end up in a awful mess.
    >
    >No matter who wrote the anti-malware tool, such a tool can
    >quarantine or delete enough files, to cause the OS to fail to
    >boot the next time. If you took the system offline and did
    >a backup when you first started working on the machine, then
    >you have options if things go wrong.
    >
    >For example, I've heard of tools, that quarantine infected files,
    >but they're placed on a temporary ramdisk. If you shut down
    >such a tool, the ramdisk disappears with it, and if you need to
    >put any of those files back, they're gone.


    Ha ha. I don't know if I'm the only one, but I told that story here
    last December. It was BitDefender Rescue Disk. They never replied to
    me when I wrote to tell them about this problem but they have very
    much changed how the program works and also expanded what it does.

    It no longer has quarantine at all. Now it only has no change,
    delete, disinfect, and rename.

    You know, even last December they deleted or disinfected, and maybe
    even renamed files on the hard drive. If they could do that, they
    could have written the quarantine file to the same drive, instead of
    the ramdisk. I wonder why they didn't think of that.

    >If it's your own machine, then you know how valuable the
    >setup and files are. You might not need a backup image for
    >that. If you're working on someone else's machine, then more
    >care should be taken.


    Exactly. But what gets me is not that the risk is so high -- as you
    say, it's not, if one has backups -- but that they post all these
    warnings and then, at the same time, go in the other direction by
    removing things automatically. It seems self-contradictory.

    > Paul
     
  15. Anthony Buckland

    Anthony Buckland Flightless Bird

    "mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    news:pc5686p0bj4kt8pmp5rqflgeeeht18hre1@4ax.com...
    > ...
    > Well, right now the problem is not mine but my ex-gf's machine and she
    > doesn't have backups. I had to urge her for 2+ years to start using
    > an antivirus. In fact all those 230 viruses that I report in my next
    > thread that she found from 2003 and 2004 were probably from the time
    > when she didn't use antivirus.
    > ...


    With those attitudes: maybe it's time to cement the "ex"
    in the relationship, and let her find someone else to
    bug with her careless attitude to computing; and if her
    attitudes extend to the rest of her life, maybe it's time
    to sit back and be thankful that you don't have twenty
    years of unplanned child support to look forward to.
    At least, I _hope_ you don't.
     
  16. mm

    mm Flightless Bird

    On Sat, 4 Sep 2010 21:58:15 -0700, "Anthony Buckland"
    <anthonybucklandnospam@telus.net> wrote:

    >
    >"mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    >news:pc5686p0bj4kt8pmp5rqflgeeeht18hre1@4ax.com...
    >> ...
    >> Well, right now the problem is not mine but my ex-gf's machine and she
    >> doesn't have backups. I had to urge her for 2+ years to start using
    >> an antivirus. In fact all those 230 viruses that I report in my next
    >> thread that she found from 2003 and 2004 were probably from the time
    >> when she didn't use antivirus.
    >> ...

    >
    >With those attitudes: maybe it's time to cement the "ex"
    >in the relationship, and let her find someone else to
    >bug with her careless attitude to computing; and if her


    Yes, I've cemented the "ex". She has too.

    >attitudes extend to the rest of her life, maybe it's time


    Let's just say while in some ways she was more compatible than almost
    anyone I've met, in other ways we're not at all.

    >to sit back and be thankful that you don't have twenty
    >years of unplanned child support to look forward to.
    >At least, I _hope_ you don't.


    It's not just the money. I would hate to have a child growing up in a
    household where I didn't live. And I don't have one doing that.

    But we're still friends. We do favors for each other. In this case,
    I'll probably learn a lot about computers, and I'd rather learn on
    hers than on mine.
     
  17. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    >...I had to urge her for 2+ years to start using
    > an antivirus.


    In your first post in this thread, you told us she had AVG installed which
    "wouldn't start" but you didn't tell us she'd be running without an AV app
    for 2+ years.

    See...

    Cleaning a Compromised System
    http://technet.microsoft.com/en-us/library/cc700813.aspx

    Back-up any personal data (none of which should be considered 100%
    trustworthy at this point) then format the HDD & do a clean install of
    Windows. Please note that a Repair Install (AKA in-place upgrade) will NOT
    fix this!

    HOW TO do a clean install of WinXP: See
    http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
    http://support.microsoft.com/kb/978307

    After the clean install, you will have the equivalent of a "new computer" so
    take care of EVERYTHING on the following page BEFORE otherwise connecting
    the machine to the internet or a local network (i.e., other computers) AND
    BEFORE connecting a flash drive, SDCard, or any other external drive to the
    computer:

    4 steps to help protect your new computer before you go online
    http://www.microsoft.com/security/pypc.aspx

    Other helpful references include:

    HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
    (after a clean install)
    http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c

    HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
    clean install)
    http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b

    Tip: After getting the computer fully-patched, download/install KB971029
    manually before connecting any external drive to the computer:
    http://support.microsoft.com/kb/971029

    NB: Any Norton or McAfee free-trial that came preinstalled on the computer
    when you bought it will be reinstalled (but invalid) when Windows is
    reinstalled. You MUST uninstall the free-trial AND download/run the
    appropriate removal tool BEFORE installing any updates, Windows Service
    Packs or IE upgrades AND BEFORE installing your new anti-virus application
    (which will require WinXP SP3 to be installed).

    Norton Removal Tool
    ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

    McAfee Consumer Products Removal Tool
    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

    Also see:

    Risks & Benefits of P2P file sharing
    http://www.microsoft.com/protect/data/downloadfileshare/filesharing.aspx
    http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx

    Steps To Help Prevent Spyware
    http://www.microsoft.com/security/spyware/prevent.aspx

    Steps to Help Prevent Computer Worms
    http://www.microsoft.com/security/worms/prevent.aspx
    --
    ~PA Bear


    mm wrote:
    > On Sat, 04 Sep 2010 23:41:35 -0400, Paul <nospam@needed.com> wrote:
    >
    >> mm wrote:
    >>
    >>> Yet the progrma removes things (malware) automatically!!!! I'm sort
    >>> of reckless but that scares me.

    >>
    >> You can do anything you want... as long as you have backups.

    >
    > Well, right now the problem is not mine but my ex-gf's machine and she
    > doesn't have backups. I had to urge her for 2+ years to start using
    > an antivirus. In fact all those 230 viruses that I report in my next
    > thread that she found from 2003 and 2004 were probably from the time
    > when she didn't use antivirus.
    >
    >> If you haven't prepared for a "meltdown" while you're curing
    >> this malware, you could end up in a awful mess.
    >>
    >> No matter who wrote the anti-malware tool, such a tool can
    >> quarantine or delete enough files, to cause the OS to fail to
    >> boot the next time. If you took the system offline and did
    >> a backup when you first started working on the machine, then
    >> you have options if things go wrong.
    >>
    >> For example, I've heard of tools, that quarantine infected files,
    >> but they're placed on a temporary ramdisk. If you shut down
    >> such a tool, the ramdisk disappears with it, and if you need to
    >> put any of those files back, they're gone.

    >
    > Ha ha. I don't know if I'm the only one, but I told that story here
    > last December. It was BitDefender Rescue Disk. They never replied to
    > me when I wrote to tell them about this problem but they have very
    > much changed how the program works and also expanded what it does.
    >
    > It no longer has quarantine at all. Now it only has no change,
    > delete, disinfect, and rename.
    >
    > You know, even last December they deleted or disinfected, and maybe
    > even renamed files on the hard drive. If they could do that, they
    > could have written the quarantine file to the same drive, instead of
    > the ramdisk. I wonder why they didn't think of that.
    >
    >> If it's your own machine, then you know how valuable the
    >> setup and files are. You might not need a backup image for
    >> that. If you're working on someone else's machine, then more
    >> care should be taken.

    >
    > Exactly. But what gets me is not that the risk is so high -- as you
    > say, it's not, if one has backups -- but that they post all these
    > warnings and then, at the same time, go in the other direction by
    > removing things automatically. It seems self-contradictory.
    >
    >> Paul
     
  18. Daave

    Daave Flightless Bird

    mm wrote:

    > Well, right now the problem is not mine but my ex-gf's machine and she
    > doesn't have backups.


    Not wise. Actions have consequences!
     
  19. mm

    mm Flightless Bird

    On Sun, 5 Sep 2010 09:25:52 -0400, "PA Bear [MS MVP]"
    <PABearMVP@gmail.com> wrote:

    >>...I had to urge her for 2+ years to start using
    >> an antivirus.

    >
    >In your first post in this thread, you told us she had AVG installed which
    >"wouldn't start" but you didn't tell us she'd be running without an AV app
    >for 2+ years.


    That's true, I didn't say that, but fwiw, that period ended about 5
    years ago.

    I'll send her your post and, it is to be hoped, she'll do all or at
    least some of these things.

    Thanks.

    >See...
    >
    > Cleaning a Compromised System
    > http://technet.microsoft.com/en-us/library/cc700813.aspx
    >
    >Back-up any personal data (none of which should be considered 100%
    >trustworthy at this point) then format the HDD & do a clean install of
    >Windows. Please note that a Repair Install (AKA in-place upgrade) will NOT
    >fix this!
    >
    >HOW TO do a clean install of WinXP: See
    >http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
    >http://support.microsoft.com/kb/978307
    >
    >After the clean install, you will have the equivalent of a "new computer" so
    >take care of EVERYTHING on the following page BEFORE otherwise connecting
    >the machine to the internet or a local network (i.e., other computers) AND
    >BEFORE connecting a flash drive, SDCard, or any other external drive to the
    >computer:
    >
    > 4 steps to help protect your new computer before you go online
    > http://www.microsoft.com/security/pypc.aspx
    >
    >Other helpful references include:
    >
    >HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
    >(after a clean install)
    >http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c
    >
    >HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
    >clean install)
    >http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b
    >
    >Tip: After getting the computer fully-patched, download/install KB971029
    >manually before connecting any external drive to the computer:
    >http://support.microsoft.com/kb/971029
    >
    >NB: Any Norton or McAfee free-trial that came preinstalled on the computer
    >when you bought it will be reinstalled (but invalid) when Windows is
    >reinstalled. You MUST uninstall the free-trial AND download/run the
    >appropriate removal tool BEFORE installing any updates, Windows Service
    >Packs or IE upgrades AND BEFORE installing your new anti-virus application
    >(which will require WinXP SP3 to be installed).
    >
    > Norton Removal Tool
    > ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
    >
    > McAfee Consumer Products Removal Tool
    > http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
    >
    >Also see:
    >
    >Risks & Benefits of P2P file sharing
    >http://www.microsoft.com/protect/data/downloadfileshare/filesharing.aspx
    >http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx
    >
    >Steps To Help Prevent Spyware
    >http://www.microsoft.com/security/spyware/prevent.aspx
    >
    >Steps to Help Prevent Computer Worms
    >http://www.microsoft.com/security/worms/prevent.aspx
     
  20. mm

    mm Flightless Bird

    On Sun, 5 Sep 2010 09:48:55 -0400, "Daave" <daave@example.com> wrote:

    >mm wrote:
    >
    >> Well, right now the problem is not mine but my ex-gf's machine and she
    >> doesn't have backups.

    >
    >Not wise. Actions have consequences!


    For sure.

    So far, she seems to have gotten off easy this time. I'll try to use
    this problem as a motivation for her to start doing backups. In
    truth, at least in the past, it didnt' matter much if she had no
    backups because she had no user data of any remaining importance. She
    doesn't or at least didn't engage in important email correspondence.
    Etc.


    Anyhow, the problem may be solved. Whatever it is started when she
    went to www.letmewatchthis.com , to download a tv show or movie. She
    had done this before with no trouble, but this time a screen came up
    in AVG warning her that she might have a virus and to do a scan. She
    was suspicious, but not enough and she ran the "scan" for a little bit
    before stopping it. The website has been hacked, is that a fair
    conclusion? They'll fix it eventually??

    Yesterday, after I scanned with BitDefender Rescue disk and got rid of
    6- year old emails with never-opened viruses, I scanned with AVG and
    found a trojan and an registry entry pointing to it.

    Is it possible this is a new trojan/virus that wasn't in the AVG list
    on Friday (when she got infected) and was in the list on Saturday when
    AVG found it.


    The final problem seems to have been the FFox proxy settings.

    [Almost the same text follows as in the later thread:]
    My friend called me this morning. After I left, AVG finished scanning
    everything yesterday and didn't find anything more.

    But she got a different, new message from Firefox, something about
    "can't find the proxy". So she knew I'd be sleeping that early and
    she called another friend and he had her go to:
    Firefox/Options/Advanced/Network/[Connection] Settings and she was set
    for Use System Proxy Settings. (So am I.) He had her change to No
    Proxy, and now her FF works. As far as she has noticed, everything
    works.

    She hasn't checked IE yet, but neither did I yesterday. Maybe it
    worked after I used AVG to remove the trojan. But it seems the virus
    changed soemthiing in the "System Proxy Settings" so that they no
    longer work. What in practice, before the virus, the difference
    between them and "no proxy" was, I don't know.

    Is there some way to find the System Proxy Settings and change them
    back to their proper values?

    Thank you all for the help, and even the criticism in the next thread.
     

Share This Page