SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict revlimiter's Avatar
    Join Date
    Sep 2005
    Location
    British Columbia, Canada
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Windows 7 Security Issues - Malware / Virus Found

    Hi everyone,
    I am working with a client who is using Windows 7 with AVG free edition turned on.
    Microsoft Office 2007 is being run with POP3 for emails to download from a local email hosting service. (nisa.net)
    This has been set up recently (within the past week)

    Recently the computer has received malware and a Trojan virus. We're not sure if it came from Flash or if it's something to do with email?
    Hoping to not have to reformat as a lot of time was put in to getting the new email settings set up. Do you have any pointers for fixing this?

    Thanks,
    "To make an apple pie from scratch,
    you must first create the universe.
    -Carl Sagan

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Hi Rev,

    First, "you get what you pay for." Yes, AVG has a good reputation but ...

    Second, downloading to something which will fire ActiveX is a serious mistake as it will fire (and contaminate a computer) while an anti-virus scanner is looking at the download (okay, at least that's what I think will happen).

    Third, yes, Flash can carry packages to contaminate a computer, too, but what sites has your client been visiting and why didn't AVG pick that up (if it was a Flash payload)?

    "I may be paranoid but that doesn't mean that they're not after me" is my motto.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Addict
    Join Date
    Apr 2009
    Posts
    356
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Second, downloading to something which will fire ActiveX is a serious mistake as it will fire (and contaminate a computer) while an anti-virus scanner is looking at the download (okay, at least that's what I think will happen).
    That's not exactly the sequence of events. If you download an infected activex your antivirus should examine the activex file after it's completely downloaded and before it's installed/activated. But I don't know specifically about AVG.

    Generally avoiding installing an activex is a good idea, but if you do windows update from IE, or are in an intranet environment, there are necessary and useful activex add-ons that you'll want to install.

    An activex is just another executable, and with any downloaded executable you should be cautious.
    Doug G
    =====
    "If you ain't the lead dog, the view is always the same - Anon

  4. #4
    SitePoint Member
    Join Date
    May 2012
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Youl could install Avira and then run a completed scan system(with the reportyou could know the file that was infected and deleted manually using a Live Cd of any version Linux)

  5. #5
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,524
    Mentioned
    52 Post(s)
    Tagged
    1 Thread(s)
    The first thing I usually do with an infection is scan with malwarebytes.

    As for how you got infected, another way is through a rouge ad on a legitimate site.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  6. #6
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,775
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    A critical piece of information that is missing here is that the best antivirus programs are only 70% to 80% effective in detecting malware. They all miss existing viruses and all can produce false positives. Then we have to remember that a newly-created virus may not have a virus definition created yet and no antivirus program will catch it.

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    cd,

    Anti-virus suites commonly undergo testing by outside agencies to determine their ability to detect viruses and not to report false positives. The detections are typically 90-98% and most are on the high side.

    In 2007, Symantec posted the following:

    Quote Originally Posted by http://www.symantec.com/security_response/writeup.jsp?docid=2000-121911-5753-99
    Norton AntiVirus (NAV) has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound. This technology was developed by Symantec Security Response.
    Better to have researched before posting information like yours (IMHO) - unless you're just advertising asmallorange?

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,775
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by dklynn View Post
    cd,

    Anti-virus suites commonly undergo testing by outside agencies to determine their ability to detect viruses and not to report false positives. The detections are typically 90-98% and most are on the high side.

    In 2007, Symantec posted the following:

    Better to have researched before posting information like yours (IMHO) - <snip>

    Regards,

    DK
    dklynn, two or three years ago Consumer Reports did a review of antivirus programs. One of the most important points they made was that no antivirus program is 100% effective. 70% to 80% effectiveness in detecting malware was the figure they stated, if my memory serves. As Consumer Reports is a subscription service, they don't offer that information on their website. My parents have a subscription and I asked them to keep that particular issue with the antivirus ratings on it. I'll contact them and see if they still have it. If they kept it, I'll scan it for you so you can see it for yourself.

    The point I am trying to make is that despite popular misconception, no antivirus program is anywhere near perfect at detecting viruses and other malware. I argue with people about this all the time. People mistakenly think that if they are running antivirus they are completely protected and nothing could be further from the truth.

    And even if your virus detection success rate figure of 90% was true, that's still pretty poor. If there is a 10% chance you are going to get run over if you cross a road, will you attempt to cross it?

    Consumer Reports ranked the following free antivirus programs highly (I think in this order):

    AVG
    Avira
    Microsoft Security Essentials

    I have used all of them. Microsoft Security Essentials is really the only one that works acceptably on an older computer.

    Sure, the detection rate for a 10-year-old virus may near 100%. What about a new virus created yesterday? Last week? Two weeks ago? Last month? Virus writers are always coming out with new ones. Not many people are still trying to infect computers using the 2001 Code Red worm, are they?

    As for newer virus detection rates:

    http://blogs.cisco.com/security/the_...lware_samples/

    The Effectiveness of Antivirus on New Malware Samples

    December 21, 2009 at 12:00 pm PST

    Of the relatively new malware specimens only 40% (62 of 152 samples) were detected by more than half of the antivirus products, while about 60% were detected by less than half of the products. A little over one quarter of the samples (28%) were detected by less than 30% of the antivirus products, which is an alarming statistic.

    The overall detection rate near the day of detection for these samples was 18.6% and that improved to 62.9% one week later.

    end users should be on guard because the likelihood that an antivirus product will save them from poor decision making is less than 50%.
    Bottom line: no antivirus program is going to save you from yourself. Never download and install software from an untrusted source. And avoiding shady neighborhoods like pr0n and warez is always wise.

    And if you want to dredge up stuff from 2007:

    http://www.channelregister.co.uk/200...us_protection/

    You see, I do my research.

    http://www.pcmag.com/article2/0,2817,2372364,00.asp

  9. #9
    SitePoint Member
    Join Date
    Sep 2012
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Windows 7 was the new OS which had came recently. If you found the malware/virus its better to format the system and reinstall the OS and then install the Kaspersky antivirus.

    And another way was uninstall the other antivirus which your system have and install the Kaspersky antivirus and scan the system once by making this you may remove the viruses which you had found. And this is having the facility to remove the virus files automatically which it finds in the system.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •