After on-line scan, then what?

Discussion in 'malware problems & news' started by Rmus, Nov 23, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    So, you did an on-line scan of your computer and the scanner reported a list of infected files. Now what do you do?

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Depending on which scanner it is you have it clean the files. Or run another scanner from another site to confirm the infected files.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I used Trend, Panda, and KAV - all showed a different list of files. I didn't see any option to clean/remove them.
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    In many cases that option is not available in an online scanner. Their basic function to check and only check. In general, they are not positioned to serve as a free web-enabled version of the paid program.

    Blue
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for that info. Since the three scanners didn’t pick up the same files, I doubt if a removal tool would have helped.

    It’s a friend’s computer - she opened an email attachment from her son, "Hey, check this out." Now, she’s pretty alert and knowledgeable about security but, if you can’t trust your son… so you wouldn’t think…

    It turns out the son got a virus, and it sent out to everyone on his AOL buddy list. She has Norton AV and it didn’t alert. In fact, after searching manually, I found several files that none of the on-line scanners picked up; nor registry entries. Not very impressive.

    Having seen in other forums what people have gone through with hijack logs - sometimes it’s several days before the problem is resolved: download this, do that, boot in safe mode, try this, try that - - good grief, what a bunch of nonsense!

    So, I just wiped the system clean and reinstalled everything - she already backs up all of her documents to external media.

    Then we set up her security so that an inadvertant click won’t do any damage like that again.

    Enjoying Thanksgiving Day in sunny California (but not too impressed with AV),

    -rich
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    A removal tool may have successfully treated the active infection. Many times non-functional bits can remain behind. Hard to tell without more detailed examination.

    That is the bane of many of these things, they do come from legitimate sources.

    This can happen. It does depend on engine vintage, to some extent, and settings used. In my own case my son was infected by a bit of stuff KAV had labeled as riskware, which I hadn't selected as an active category. It was malware pure and simple, not potentially benign riskware. The backup on that machine (BOClean & SafenSec) both alarmed, and while many of us talk about and practice layering (because it works), it should be a reasonable expectation that a product purchased to nail junk, nails all the junk.

    Personally, I've never spent more than 45 minutes debugging a machine I walked up to cold, but when I see some of the online debugging going on, information flow is oftentimes marginal, even when explicitly requested by the person aiding the infected user. I tend to view the extended sessions as reflecting both a conservative approach to problem resolution and the infected user learning more about their machine than they ever desired to know.

    Good backup of key documents, that 95% of the solution there. Have that stuff available and your options are quite flexible.

    Well, I'm enjoying it on the windy/rainy/cold east coast - Happy Thankgiving Rich! - wishing the road to salvation from malware was not such a rocky and ill-defined path for Windows users.

    Blue
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for the feedback, Blue.

    Well, I learned two lessons here.

    One, not to trust the on-line scanners. It's the first time I've used them, expecting to push a button and have all the junk removed. Live and learn.

    Second, I've retired from the debugging business (she was my first and only client - gratis at that).

    Old, wise saying from years spent in Florida: "be careful of the alligators when you step into the water."

    Regards,

    -rich
     
Loading...
Thread Status:
Not open for further replies.