Haruka's Diary
Chasing After Rainbows: multiple infections found

12 February 2009

multiple infections found

Ever since I got my new notebook PC in 3Q 2007 that came with Vista, I somewhat rarely use the desktop PC I have been using before it. Of course, I still do stuff like defragmentation and applying important updates. However, other people in the house are still using it, and they are less knowledgeable about PC. (My mother doesn't even know how to transfer files!)

However, one day, I noticed that there is a notification saying that anti-virus is not installed. I checked the folder, but it's files are still there, but unable to open. I then download the latest version of that anti-virus and tried to install, but an error occurred when it scans for files that may interfere. In the end, I can't get rid of the problem or proceed with the installation. The good thing is that Spybot-SD that I had installed a long time ago for spyware and tracker cookie removal is still working.

I wanted to get to the root of the problem, but those other people are using it. The only time which I can use and run a full scan without interruption is quite hard to come by as it takes about 6 hours to complete. Otherwise they may complain about it being slow or shut down / restart without letting me know.

Lately, I keep receiving notifications from Spybot-SD that files with gibberish names are attempting to add to system or root directory of the drive. Of course, I deny the changes, but it keeps reappearing. The same applies for scans through it.

After manually running full scan of the Jan 2009 version of Microsoft Windows Malicious Software Remover Tool, it found 12 infections and earlier today (before someone shut the PC down) another 25 (None for my Vista Laptop), I noticed that the spam mail from myself seem to have gone completely and able to install the anti-virus. Though not sure if the Automatic Updates from yesterday has anything to do with it. Of course, feeling lazy to run between the two computers, I use the Remote Desktop Connection from my Vista laptop, which I can't seem to do the same for the reverse.

After the installation, but before downloading updates, an alert (in red) saying that 1-2 infected files were found immediately. I tried to remove it, but it says to restart. So I did so after installing the updates. Since I'm in remote desktop connection, I had to open up the task manager to select restart and then reconnect to the PC again after a while for it to load up the welcome screen.

I run the full scan right after it finishes loading up (the problem from earlier is gone). Barely a few minutes after it started, it has found 6 Trojans and viruses.



As at the time of typing this, it is still scanning after 4 hours 52 minutes, it has found 37 infections. I noticed that infections also appear in user folders on the PC, except mine. That would mean that they were the cause for this on the PC. From other friends, or clicked on something that an otherwise knowledgeable person would avoid completely like "You are the 999,999th visitor!!!! CLICK YES TO CLAIM PRIZE", a window that obviously don't match or exist in the interface of the OS like a fake 9x-era interface (as a image) on XP or flashing colourful text or something. What to do... (-__-)

PS. The scan ended at 5 hours (4h 59m 17s actually) with 54 infections removed and healed.

13 Jan 2009 7:50am (GMT) edit (an hour after OmegaSpreem's comment): I forgot to mention that formatting is currently out of the question as this PC is bought secondhand and therefore does not have the Windows XP CD. Actually, I do have it, but it's for another PC and have activated it. Also, the PC is quite old, 2002-era. The 1280p TV video recordings I normally play on my laptop lag horribly on the other. I did mentioned quite a long time ago that the connector ports are failing, the processor and HDD are getting louder. Even with my stuff moved to elsewhere, malware and unnecessary programs removed, running CCleaner, the hard disk is now left with just >1GB of free space left out of the 40GB capacity. That means installing an Ubuntu Linux 8.10 and latter (which I had did with my laptop, but removed when installing windows 7 beta) is a problem due to program incompatibilities. Sure there are programs like OpenOffice.org to open Microsoft Office documents, programs supported on multiple operating system (eg. VLC Player, Mozilla Firefox) and emulator like Wine, but there are some things that I can't run without windows, or rather, the people who use that computer. I need about 4-13GB of space to install Ubuntu as a program and Live CD are quite slow.

With Windows 7 comming up quite soon, I think I would just get a new PC. The old PC is already falling apart with age, though an older and slower PC I rarely use that sits next to my laptop is still working fine.

3 comments:

OmegaSpreem said...

I can think of two good options:

1. Get your family to start using Ubuntu Linux instead. (http://www.ubuntulinux.jp/)

The latest version comes with Wubi, a program that allows you to easily install Ubuntu within Windows XP or Windows Vista without removing Windows.

This might be the best solution if your family only uses the computer to browse the web and do some work in MS Office. I did this with my mom's computer and it was problem free for three years.

Note that OpenOffice isn't as good at things like making charts or handling databases, so this might not be the best decision if, say, your family makes lots of charts in Excel.

Then there's driver problems in Linux. In general, if it works with the Ubuntu LiveCD, you're good to go! Most hardware will work right out of the box, but printer drivers are the worst. It's different for each printer manufacturer... but it's fairly easy to find a solution through Google or your search engine of choice.

Now, this is a pretty drastic solution to get away from malware. Your family is probably not that willing to dive head first into learning how to use a new operating system. Which leads to the next solution...

2. Sit down, and have a talk with your family about malware.

Avira is the best free antivirus software, and NOD32 was once the best retail antivirus software. Trouble is that no matter what virus scanner you use, none of them will clean out every last remaining trace of a virus

Many Windows power users have a routine of reformatting and reinstalling after they find a virus. Somehow, I don't think that's going to work out the best for you, and your family.

You could try locking down the PC with SteadyState (like Qubicfactor said), but that will only restrict your family from doing certain things on your PC. You'll either have a PC that removes every single change made to it (which includes new documents and bookmarks) once it's shut down, or have a few programs and features permanently disabled. It's something, but the best solution of all..

The best thing you can do is to have a talk with your family about what malware is. How malware can steal their private information, and slow down the PC. What your family can do to avoid malware in the future.

They're not as aware of what malware looks like as you are. if you let them know what to watch out for, and tell them how to be a little more cautious with their computer usage... I think you'll do your family, yourself, and your computer a world of good.

OmegaSpreem said...

1 GB of free hard disk space? Wow, no wonder that computer is getting louder!

Your computer has almost nothing left for virtual memory (10% of the HD's capacity is recommended, or 2 to 4 GB), so it's constantly swapping away at the tiny page file on the hard drive.

That just about cancels out the SteadyState and Ubuntu suggestions, since they both require a few gigs of free space. I had a feeling the Ubuntu suggestion would be unrealistic, anyway.

If you can get ahold of some, I'd add more memory if you want to use this machine a little longer. That would minimize the constant thrashing your old PC is doing to your hard drive.

See if you can't free up at least another 3 GB. That should help.

Oh, and definitely talk to your family about malware, if you haven't already.

Rinu said...

Hi,

AVG was good before a couple of years, now is pretty good Avira (as someone mentioned before). It is good to use ZoneAlarm as a firewall too, which is free for personal usage. Both have automatical upgrade, I think.

Personally, I gave my PC to family too but it isn't exactly the newest model, so I hope I'll have enough time to install and configurate Ubuntu (so it can look like XP and make them feel more comfortable with ^^). Luckily parents use only easily emulated stuff like MS Office.

Good luck with resolving the situation.

My profile

My photo
中野区, 東京都, Japan
帰国子女 英語能力は堪能。趣味はアニメや漫画やプログラムコードを編集。通常、あたしの小説を英語で書いてです。Grew up abroad &travelled to different countries. I write my own fictional novel on my blog.