PDA

View Full Version : Interesting one ... this!



minster
02-09-2008, 09:26 PM
A week ago I was just doing some work in a graphics program when a virus warning flashed on the screen. XP2008 antivir!

In less than 10 seconds it had gone right through my PC, the PC that I am networked with and 2 external hard drives that hold most but thankfully not all, of my backups which are on dvd's.
I turned off system restore, went into safe mode and ran Trojan Remover and Malawarebytes Anti Malaware. Both programs picked up a lot of nasties but not all unfortunately.
Anyway, after trying many things for more than 24 hours with no full success,I got out my XP disc and formatted both machines installing xp again.
What is unusual is that after installing xp, I installed Malawarebytes again together with Eset Nod 32 and TrojanRemover then ran a scan on both PCs using MalawareBytes only.
It picked up more than a dozen infections calling them "Back door" and "Trojan Downloaders"
This is on a newly formatted pair of computers????
Very upset, I ran full scan with Eset and with TrojanRemover ... they both came up clean!
Has taken me a week and I have bought two new external hard drives and also formatted and installed XP and now all my programs again.
Eset Nod32 is doing the protection now with TrojanRemover and Xoft Spy as my insurance against this happening again.
Still don't know where this nastie came from but the last download I had made before this started was "Malabytes Anti Malaware"

wainuitech
02-09-2008, 10:12 PM
Hopefully thats a typo - no such thing as Malawarebytes - its Malwarebytes - as per the link in my sig - did you download it from the actual Malwarebytes site, or some other third party site ? On their site theres on 3 locations - Download.com, Mayjorgeeks.com or their own site.

That Antivirus xp / 2008 can be a dangerous bug - you can get it just by simply going on the internet without protection , wrong place wrong time - I know of a few people who have somehow managed to contract it while going online to get protection, either AV or Antispyware.

Personally I always have the software on a CD or pen drive I use for installing software - putting a PC on the internet with no protection can be " asking for it"

minster
02-09-2008, 10:32 PM
Never been much good at typing sorry:)
Yep, It was the real Malwarebytes from the proper download site "Cnet"

I never have and never would go online without antivirus software fully working and updated and this is why I am confused as to where it came from.
I was not even working online when it appeared.
Am very confused as at one stage Malwarebytes found a total of 60+ infections in my pc and 320GB external and both Eset and Troan Remover found none at the same time.
Has been good with no problems found by Eset or TR for last couple of days so I am happy but will keep Malwarebytes on my pen drive for now:)

feersumendjinn
02-09-2008, 10:45 PM
Did you turn off System Restore on all your drives, including the networked PC and the external drives, maybe where your reinfection came from; also recheck (with Nod32) your backup dvds and flash drives if you use any.
Were the original external drives defective in some way? Why didn't you just reformat them?

minster
02-09-2008, 10:55 PM
No I disconnected all other drives and tried cleaning everything seperately to start with before ending up formatting.
I had a total of 290GB of progams/data on the two externals that I was trying to save before giving up and formatting. Had been considering getting new externals anyway.
I am more concerned as to why Malwarebytes was the only program that was seeing these infections, even in a newly formatted hard drive?

pctek
03-09-2008, 08:42 AM
It could be that it was just seeing cookies? Or its a flase positive. Did you note what entries it flagged as bad?

Even NOD has done a false positive now and then.

Also you should be aware NOD is for antiVIRUS, you need at least 2 antiSPYWARES in addition. XoftSpy is OK, but I'd pair it with Spybot at least.

minster
03-09-2008, 09:41 AM
Yeah perhaps they may have been false positives but false or not, they're now history.
Eset is always running and as well as that, I have Adaware 8, TrojanRemover, TrojanHunter and XoftSpy.
Have found that Spybot is far too slow and have not bothered with it this install as with MalwareBytes.
Personally believe that XoftSpy is an excellent program:)
Any downloads I do need to face a barrage of checks before they show their faces in my system.

I am actually thinking of downloading MalwareBytes again and doing a trial on my spare PC with it. Will definately NOT be networked when /if I do this:)