Trying to figure out if my parents' computer is infected

Discussion in 'malware problems & news' started by delerious, May 5, 2008.

Thread Status:
Not open for further replies.
  1. delerious

    delerious Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    130
    My parents got a Vista computer a few days ago, and all of the security stuff is running (Windows Firewall, Windows Updates, Windows Defender). I also installed AntiVir and Firefox. I did disable one thing though - the User Account Control.

    Yesterday my dad was browsing, and then he called me over to the computer. Somehow Firefox had gone over to onlinexpscanner.com, and I noticed that a suspicious executable had been downloaded, and there were prompts asking to run some code. I said No, closed all the browser windows, deleted the executable file that had been downloaded, and then let my dad continue surfing.

    Now I am trying to figure out if the computer got infected, because I don't know if my dad may have inadvertently executed any code. Would Windows Defender have stopped anything from executing? I now regret turning off the User Account Control. Although I just noticed that User Account Control is enabled again. Very strange, I don't know how that happened.

    Also, could I save myself the trouble of running a bunch of virus/spyware scans by using the System Restore feature in Vista? I see that there is a restore point from yesterday that is prior to my dad's encounter with the spyware site. If I go back to that restore point, would that guarantee that any spyware on the system would be removed? I'm not sure if that would work, because I read that System Restore does not restore all files.

    If using System Restore is not a good idea, then what should be my first step? Run HijackThis? Or run a bunch of virus/spyware scans?
     
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I don't use Vista, but I would do system restore and then just one or 2 scans.
    For scanning, use SuperAntiSpyware.
    For a second opinion, I would use Dr. Web CureIt.

    I think this could have been avoided with UAC.

    Maybe you could consider a sandbox for the browser and/or NoScript extension on firefox
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Before using the computer, your parents should have taken a backup first and then go on-line.
    They don't have a boot-to-restore, which means a classical security setup. :rolleyes:
    Firewall + AntiVirus + AntiSpyware, plenty of choice. UAC = on, not off.
    Firefox + NoScript + AdBlockPlus and sandboxed + locked data folders.
    Email : ignore and delete all spam-emails, without opening them (= very difficult) and don't believe the million dollar winnings.
     
    Last edited: May 6, 2008
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.