Virus check

I believ my lap top got infected. It runs way slower and it jams from time to time, what program could I download to check for virusses already on the computer?

 

Log in or Sign up to hide all adverts.

Go to .....

http://housecall65.trendmicro.com/

 

Log in or Sign up to hide all adverts.

How many programs run in background? see any you dont recognize?

 

Log in or Sign up to hide all adverts.

http://free.grisoft.com/

is good.
If it's badly infected, download this on removable media; re-install the OS, then load AVG AV for prevention of infection.

Virii can hide from AV software, and disable it. May be best to start over, rather than battle endlessly.

 

Running 'Spybot Search & Destroy' helps remove many internet-acquired bugs.

Running 'CCleaner' helps remove old & unused files (especially temporary files).

This, in addition to a prior run virus scan, should make your pc perform better.

The above software is all freeware, obtainable through a google search.

 

Unfortunately, both of those programs have become very bloated. I see 2 or 3 machines a week with either or both installed with a boat-load of malware and viruses...I can't stand either of them.

I personally use AVG, because it's free...and I'm cheap.

 

AVG is also lightweight, but it's not the best scanning engine available and the support is shit (read: nonexistant) unless you buy a license. Since Mac is a PC tech, it makes sense for him to use that, but it may not be the best solution for every user (not that I'm implying that he said that, and definitely imo). I am definitely not a fan of Norton/McAfee, either.

I like the online scan provided by BitDefender myself. I also like Trojan Scan.

 

this one... it costs less and simply outperforms any other software...

Link to Avira...

also Spyware Doctor... Link to Spyware Doctor...

 

Something else to note, there are MANY fake or rogue virus checkers out there, that are just a scam. They actually install trojans on your machine, then try to convince you to spend $$$ to get the "full" version to remove them. They can be VERY difficult to get rid of, so always look up a program on google BEFORE you install it.

 

SmitFraudFix! ;-)

 

The same questions get asked over again and again here (as well as other forums) however the topic itself isn't just a simple field to answer. Afterall you have to start from the beginning; Prevention, Detection, Removal and lastly Security Protocols.

Prevention
========

• 
  [1]Get a Hardware Firewall, like your own Router. Configuration can be a pain, you can get UPnP one's for self configuration with some OS's/programs but it will lessen the ability for exploiters to access a machine to exploit.
  [2]For windows users, visit www.blackviper.com and learn about what your base installation of OS runs as Services/Processes. It's important to turn off Services you aren't going to use, and turn off programs that you don't want starting up at boot up. This lessens the places that malicious programs can hide.
  [3]Turn off NetBIOS on your Internet connection. NetBIOS is used for Windows Networking and File sharing but you should only have it on when you are actually doing those things over your home network, when you are it's best to turn it off as it cuts down the amount of information retrievable from your network. (Most firewalls do block external access to ports 135-139)
  [4]Windows users can install Spywareblaster From Java Cool Software. This is one of the main preventative installations that could save you a lot of trouble in the future, it blacklists rogue cookies, ActiveX installations (like dialers etc) and many other things that can be found from the internet. I rate it highly and you would too if you give it a chance.
  [5]Antivirus software, this is of course a must. It can be useful for catching viruses you miss in the future. However if you do all the preventative measures it can pretty much be ignored for the most part. Personally I run AVG because it's free, I turn it off when I don't intend to do any scanning however I do test every file that comes from the internet which is a good habit to have.
  [6]Be more careful with Emails. Personally I've dropped the old POP3 accounts I use to use for IMAP, IMAP allows files to stay on your server. (This can be a security concern for some since you have to tell them to delete the files from the server rather than have them just delivered to your client). However with the right client it's possible to tell it to just download the HEADER of the email, which for the most part Identifies spam, configuring it to also deal with ALL emails as just plain TEXT stops any images from loading up or exploitable code being executed. Of course if you want to read the body of the message you have to tell the client to download it.
  [7]Be more savvy. Someone you chat too on the internet through a messenger service could actually be a wannabe script kiddie. They will likely ask you to check out their programming project, or send you a program for testing your IQ or something similar. It's very likely that the program will on the face do something, however it won't necessarily shutdown after you close it leaving a Zombie process on your computer. This could allow complete exploitation of your computer, so be careful what you run and install.
  [8]Update your Operating System and Drivers. (However make sure you are Firewalled and have Spywareblaster installed prior to attempting to access the websites for downloading.)
  [9] (This is thanks to Cosmictraveller supplying an unrelated link) Check your online firewall/operating system status with Shields Up.

Detection
=======
As mentioned if you get an infection you should look out for:

• 
  [1]remittent system instability (programs not closing down properly, Windows reports being sent, or just sudden spikes in CPU usage)
  [2]Quivering mouse cursor that seems to try and shift a different direction from the direction you are moving it. (This isn't always the case but older Trojans use to create a secondary instance of the mouse driver library for remote manipulation, this usually cause a paradox to occur where the cursor is suppose to register)
  [3]Programs/Services existing that weren't installed by you (Most operating systems keep logs of which user installed the process and when, which can be very important in tracking down where the infection came from or if it's actually an infection)
  [4]Regular nagscreen/pop-up's for porn sites etc. (Your computer is likely a festering hive of inequity)
  [5]Gaining an email telling you your credit card details. (It's not just your computer that can be targeted, online shops and websites can be hacked from time to time and your information can find itself in rogue hands)
  [6]Finding logs of Messenger chat sessions, emails and passwords on your system. As daft as it is, some logging systems will hold that information on your system before attempting to send that information out as an extra Kb every so often. (Hiding 1Kb in other traffic means not noticing the sudden increase in network traffic)

Removal
======
Antivirus programs are important for dealing with removals.

Microsoft has in recent years started to include trojan removers with it's Operating System updates to try and deal with any newly discovered trojans that exploit old flaws.

There are many programs that people use for dealing with removals but for the most part Viruses/Trojans always try to leave something behind, especially if they are mutagenic.

If you can't get the programs from searching the net, you can always call on one of the professionals that costs money to clear out your problems for you, however be prepared for them to sell you Antivirus packages you don't need, potentially remote user accounts for 'On site servicing' as well as a bunch of other crap. (Some people have to make a living I guess).

Security Protocols
==============

If you were hacked get to a secure terminal (One you know is clear of trojans/viruses) and change every Password, Secret Phrase etc you have for every site you use. Do not attempt to do this on the machine that's infected, as if a trojan is outputting your every move a hacker could be one step ahead.

If you think your computer has a trojan running and suspect someone is accessing your computer, don't do anything on the computer 'PULL YOUR MODEM/Network plug". Disconnecting your machine in such a violent manner means the hacker isn't aware that you are on to them. This means you have the chance to track down what IPs/Servers they are using and/or potentially hand over your computer for the police to investigate. Starting to run Spybot search and Destroy or anti-trojan tools is going to let a hacker know they are busted and for the most part destroys any chances of tracking down what setup they are running.

If chasing them down has been done or not an option then it's a good idea to start with a clean format of your computer, this will get rid of any compromised files but make sure you change all your passwords in conjunction with it, the last thing you want to do is reinstall the OS and give them the keys to it because they know what password you use over and over again.

I'm sure I've missed a few bits and pieces but that's pretty much the jist.

 

Please Register or Log in to view the hidden image!

I use that one all the time, another good one is Vundofix.


Nice post Stryder.

 

I am starting to appreciate the works of Sysinternals a lot more. Process Explorer, Autoruns, etc. That Mark Russinovich guy is one smart cookie.

 

MD5 checksums are a good way to avoid corrupt software.
Validity of a site is somewhat more difficult, where the checksum may be listed.

Multiple sources is a good way for determining.
If you're not afraid to check the page source, that helps. You can kinda get the feel for a fake site. I've noted a lot of hackers these days are quoted of too much copy and pasting. As sure sign of invalidity. Seems that method of punching filters with rogue code is most effective, now. What works is meddled with. If you see a lot of redundancy, it's most likely not the original site.

 

I use AVG. Its free and has automatic update. I find that is really good and does not slow your system down.