17 replies to this topic

[CMROER]

Thank You Thank You Thank You.

Completed the last instructions. Ran Combofix/u, that only took a couple of seconds before it came up and said uninstall complete but computer kept running, guess it was then going through the processes? Ran OTMoveit 2 and cleaned. Rebooted and computer booted faster than it has in a long time.

Is there anyway to tell where I got the viruses or how long they had been there before they caused such grief? I had just at my daughters request put up a Myspace page so we could share photos and such, and that is when everything came crashing down. Would that have been the source?

I have Symantec Corporate Edition both AV and Firewall, and I also run Windows Firewall and Windows Defender? It is beyond me how anything got through both of them, should I be running them both or just Symantec?

I will most definitely read the articles you posted and post my complaint at the Malware Complaint site.

I don't have the words to express how grateful I am to your expertise and your personal time spent getting things right on my computer except to say with all the bad guys in the world Thank God for the good guys like you.

My most sincere regards,
Catherine

[Gary R]

Hi Catherine, OK first of all, you're welcome, glad we could help. As regards how you got infected. There's no one fixed way that your particular infections are contracted, they can be acquired in a number of ways. If you use P2P (peer to peer) programmes then that is the most common method, but any downloads from a source that you can't fully verify are dangerous. Opening any e-mail attachment (even ones apparently from friends) without checking that they actually sent them. Clicking on links on an infected website or clicking on an infected link on a legit website. Lots of Facebook pages get "modified" by Malware peddlers who can change links in the page so that they point to places other than where you expect them to go. Symantec and Windows Defender are a capable combination, but as you've found out they can be got round (as can any programmes). I think a basic explanation of how a Firewall and Anti-Virus protect you, and what the limitations of them are may be educational for you. Your computer has 64,000 ports, all of which give access to your computer, and if they were left unprotected when online, it would make the contraction of an infection pretty much a foregone conclusion. A Firewall blocks these ports, and gives Internet access to just a few (those to whom you've written rules). This does not mean it will repel all boarders. You have to have some ports open, to allow access for your browser, and your e-mail programmes (and any other programmes you've given Internet access to (usually for updating purposes)). Because of this it's possible for you to be infected through these ports. Your Firewall is set to block unsolicited incoming communications on the permitted ports, but if you've been conned into instigating the communication, then the bad guys will have free access onto your computer. At this point your Anti-Virus and Anti-Malware programmes are there to protect you. The real time scanners on your AV and AM programmes monitor the "open" ports looking for anything nasty trying to get on board, and if it is something they have a definition for, then they will flash a warning, or attempt to neutralise the threat, dependant on what it is, and how they're set up. You'll notice I said if, as I said earlier new infections proliferate faster than the AV companies can keep up, so there's always a window of opportunity for a new infection (or a new variation of an old one) to establish itself on your computer. The real security system on your computer is the squidgy grey matter keeping your ears apart. If you don't invite the bad guys onto your computer, then generally your Firewall will do its job, and your AV and AM programmes won't have to work as hard. Hope that clarifies things a little for you. As you appear to be OK now, I'll close this thread now. Keep safe. Gary

[Gary R]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.