[AT] Way OT Computer Virus question

Steve W. falcon at telenet.net
Sat Apr 14 16:07:14 PDT 2007 

Charlie, Don't forget to shut down "System Restore" when you scan and 
remove viruses. Some viri will hide out in a restore folder and wait 
until you do a restart and come right back. Even in Safe Mode this is 
still a problem, because the scanner may not look in the system restore 
files due to limited access under safe mode.


charlie hill wrote:
> Thanks David and Stuart.  I've done pretty much what both of you suggest 
> except that I have run a scan in Safe Mode as David advises.  I'll do that. 
> I've used Housecall.  That was the first place I went when I realized I was 
> infected.
> 
> I am scanning now with Panda.  It's found a "hacking tool kit".  When the 
> scan is finished I'll figure out what that is and get rid of it.
> 
> Thanks again,
> 
> Charlie
> ----- Original Message ----- 
> From: "David Bruce" <davidbruce at yadtel.net>
> To: "Antique tractor email discussion group" <at at lists.antique-tractor.com>
> Sent: Saturday, April 14, 2007 9:21 AM
> Subject: Re: [AT] Way OT Computer Virus question
> 
> 
>> When you scanned with the online scanner did you do that from safe mode
>> with networking?  Many of the viruses and/or trojans can't be removed
>> while in regular mode as they are "in use".  Safe mode prevents them
>> from running most times.  Safe mode with networking also allows you to
>> use the internet to get access to the on line scanners.  If you think
>> you are compromised I would prefer the on line scanners as the local
>> scanners might be disabled by the bad boys.  I like Trend Micro's on
>> line scanner called Housecall.
>> http://housecall.trendmicro.com/
>> Hope this helps.
>> David
>> NW NC
>>
>> charlie hill wrote:
>>> About a month ago I picked up a virus.  I know when it happened.
>>> I hit a web site with a bunch of pop ups.  In the process of clearing 
>>> them a
>>> warning poped up on my screen warning me not to open a file. 
>>> Unfortunately
>>> I made an errant click (my fingers got ahead of my brain) and I opened 
>>> the
>>> virus file.  IMMEDIATELY I started to work clearing it.  After about 4 
>>> hours
>>> I thought I had it.  Then the next day it was back.  I went to work on it
>>> again and got it cleared.
>>> Since then I've run frequent checks with AVG free edition which was 
>>> running
>>> when I got the virus and with other online virus checkers.  My AVG is on
>>> auto-update.  I also run Zone Alarm Pro firewall.  Somehow Zone Alarm got
>>> corrupted.  I deleted it and downloaded a newer version.  Zone Alarm and 
>>> AVG
>>> say my system is clean.  One online virus checker found the virus again 
>>> but
>>> showed in a quaranteen file.  My system at this point is running fine BUT 
>>> I
>>> keep getting messages like the one below in my e-mail.
>>> Some of them come from a site that claims to be my ISP.  Some of them 
>>> come
>>> from servers all over the world.  I was getting several of these messages 
>>> a
>>> day.  Then they went away.  Now this week I'm getting them again but in
>>> lower numbers.
>>>
>>> See the message below.
>>>
>>> Anyone have any suggestions?
>>>
>>> Thanks
>>>
>>> Charlie
>>>
>>> We have detected that your e-mail account was used to send a huge amount 
>>> of
>>> spam during the recent week.
>>> Probably, your computer had been infected by a recent virus and now runs 
>>> a
>>> trojaned proxy server.
>>>
>>> We recommend you to follow our instruction in order to keep your computer
>>> safe.
>>>
>>> Best wishes,
>>> suddenlink.net technical support team.
>>>
>>>
>>>
>>>
>>> --------------------------------------------------------------------------------
>>>
>>>
>>> --------  Virus Warning Message --------
>>>
>>> document.com is removed from here because it contains a virus
>>> (W32/Mydoom.o at MM).
>>>
>>> ----------------------------------------
>>>
>>>
>>>
>>> --------------------------------------------------------------------------------
>>>
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.446 / Virus Database: 269.4.0/760 - Release Date: 4/13/2007
>>> 8:04 PM
>>>
>>> _______________________________________________
>>> AT mailing list
>>> http://www.antique-tractor.com/mailman/listinfo/at
>>>
>>>
>> _______________________________________________
>> AT mailing list
>> http://www.antique-tractor.com/mailman/listinfo/at
>>
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.446 / Virus Database: 269.4.0/760 - Release Date: 4/13/2007 
>> 8:04 PM
>>
> 
> _______________________________________________
> AT mailing list
> http://www.antique-tractor.com/mailman/listinfo/at
> 
> 

-- 
Steve W.
Near Cooperstown, New York

Pacifism - The theory that if they'd fed
Jeffrey Dahmer enough human flesh,
he'd have become a vegan.

More information about the AT mailing list