Results 1 to 15 of 15
  1. #1
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default Virus removal and Network infection prevention

    Greetings everyone,

    So my desktop has started to act funky and so I did a scan while offline with the avast functionality. It detected several items on my Game / Music drive that contained what it described as a [Troj] one of which it gave me error 42111 which i didn't notice it was doing until the file it couldn't delete was off my screen.

    The symptom that made me do this was windows would say there wasn't enough Memory and programs like Java needed to be closed, though when you pull up Task Manager nothing is there that would be even close to useing the memory.

    So my problem is this, I use the computer to play Video games from steam or origin, and to do school work or browse Facebook. The odds that I downloaded this thing myself are quite slim. So this leads me to belive that its the Apartment network i'm forced to use if i want any internet at all this year.

    So two problems i need help with are:
    1) How do you remove these things completely when Avast Boot Time Scan is still unable to do so outside the operating system.
    2) How do I prevent future infections coming in from the network besides of course the ultimate solution which is no internet / don't use the pc lol.

    PS: All music is legally obtained from Itunes / Amazon.

  2. #2
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    Quote Originally Posted by AOD_Darkn3ss F4lls View Post
    Greetings everyone,

    So my desktop has started to act funky and so I did a scan while offline with the avast functionality. It detected several items on my Game / Music drive that contained what it described as a [Troj] one of which it gave me error 42111 which i didn't notice it was doing until the file it couldn't delete was off my screen.

    The symptom that made me do this was windows would say there wasn't enough Memory and programs like Java needed to be closed, though when you pull up Task Manager nothing is there that would be even close to useing the memory.

    So my problem is this, I use the computer to play Video games from steam or origin, and to do school work or browse Facebook. The odds that I downloaded this thing myself are quite slim. So this leads me to belive that its the Apartment network i'm forced to use if i want any internet at all this year.

    So two problems i need help with are:
    1) How do you remove these things completely when Avast Boot Time Scan is still unable to do so outside the operating system.
    2) How do I prevent future infections coming in from the network besides of course the ultimate solution which is no internet / don't use the pc lol.

    PS: All music is legally obtained from Itunes / Amazon.
    PPS: Network is wireless only

  3. #3
    Keep honking. I'm reloading Mokona512's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jul 2013
    Location
    New York
    Posts
    418

    Default

    To clarify a few things, are you sharing the network with other people that you do not know, e.g., the apartment building providing everyone with "free" internet, which essentially puts everyone on the same LAN, or are you using your own dedicated internet connection while on your own password protected network?

    If you have an infection that is impacting the system at the earliest boot stages, thus preventing an avast boot time scan, then you can do a manual removal using an ubuntu live USB if you know the exact infected file(s). http://www.linuxliveusb.com/

  4. #4
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    It's a provided network by the apartment. You do login to a web GUI and your devices cannot see each other.

  5. #5
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    What's crazy to me is this boot scan is still running it's like the longest I've ever seen it run. Started it roughly at 1/2 pm last night and here we are at 6:44 and it's still only at 90 percent. Went to bed at 90% lol

  6. #6
    Keep honking. I'm reloading Mokona512's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jul 2013
    Location
    New York
    Posts
    418

    Default

    At the early boot stages, drive performance is not very good as none of the more advanced driver features will be active, thus you are stuck with tiny reads for the majority of the files, and very low queue depths, thus you you will be stuck with the worst case performance for the drive.

    and if you are using a hard drive instead of an SSD, then a scan can become significantly slower if the drive has a higher than normal error rate (you can use programs such as spinrite (level 4 scan) to check and correct most error rate issues)


    Also, even if you are not going to any shady websites, it is still possibly to access malicious content, most commonly though infected banner ads. since most website owners do not really vet the ads on the site, instead they just give someone else control over a div element on their site where they can pretty much put anything they want, since attackers have realized this, they find it easier to just take out an ad running a malicious script.

  7. #7
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    Quote Originally Posted by AOD_Mokona512 View Post
    At the early boot stages, drive performance is not very good as none of the more advanced driver features will be active, thus you are stuck with tiny reads for the majority of the files, and very low queue depths, thus you you will be stuck with the worst case performance for the drive.

    and if you are using a hard drive instead of an SSD, then a scan can become significantly slower if the drive has a higher than normal error rate (you can use programs such as spinrite (level 4 scan) to check and correct most error rate issues)


    Also, even if you are not going to any shady websites, it is still possibly to access malicious content, most commonly though infected banner ads. since most website owners do not really vet the ads on the site, instead they just give someone else control over a div element on their site where they can pretty much put anything they want, since attackers have realized this, they find it easier to just take out an ad running a malicious script.
    Aye my current setup is

    120 ssd - Windows
    3 tb - Games 1
    3 tb - Games 2
    2.5 tb - backups and iso's for MSDNA products

    (Though after this i'm thinking of switching to like 1 120, 3 500 ssd's and maybe a hard disk for backups lol)

    That stinks, but it does make sense as the boot time scan is a program and wouldn't have drivers in it for every device. Will check that spinrite application you mentioned and pick it up.

    I have a couple ad blockers so I rarely see any banners etcetera when browsing the web. Though i suppose not seeing them and not executing them in the first place is two different things, i suppose that the ad blockers have to first see the thing and then decide its an ad, then block it. Of course this is all in micro seconds but thats all something needs.

  8. #8
    Keep honking. I'm reloading Mokona512's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jul 2013
    Location
    New York
    Posts
    418

    Default

    adblock pretty much stops the request so the ad never loads in the first place. If you run your browser through a proxy application such as fiddler, you will see that for ad servers being blocked, never transfer any data, so it seems that adblock in intercepting the request.

    One limitation introduced when they did a massive change to the firefox UI, is they changed how addons load, and if it has a saved session and you close and reopen firefox and it attempts to reload a web page at startup, then it will load some ads, as that process starts before all addons are loaded. (hopefully that will be fixed soon)

    Spinrite is pretty much a $80 sector based data recovery application, (it will not recover deleted files, instead it focuses on bad sectors, or sectors where the data has become corrupted. If you need to recover a corrupted drive, be prepared to spend a few days as it takes a long time to calculate what was on the sector (PS do not run anything beyond a level 2 on an SSD. level 4 add a massive number of writes to the SSD and wear it out faster (only do it if the SSD is corrupting data due to bad cells and you want the SSD's own controller to spot the bad cells and reallocate them. If there is the chance of an error rate issue, I recommend checking the SMART data on the hard drive first to see if it is actually reporting it as an issue.

  9. #9
    I took an IQ test and the results were negative rave2n's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Aug 2014
    Age
    40
    Posts
    24

    Default

    Clean up with malwarebytes & Ccleaner

    If you need a pro version of Malwarebytes, I have it. Free of charge, msg. Will provide active protection from nasties.

  10. #10
    Save your breath. You'll need it to blow up your date! AOD Member AOD_Blankwindow's Avatar
    Rank
    Private First Class
    Division
    War Thunder
    Status
    Active
    Join Date
    May 2013
    Location
    Cedar Park, TX
    Posts
    807

    Default

    I would also suggest getting a higher end pay for AV\Firewall\AS software. personalyl I've been using zone alarm for about 1.5 decades and I have gotten only 2 viruses in that time. Both of which were where I told zone alarm to run something it bitched about being infected (;but I trusted the source....).

  11. #11
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    Quote Originally Posted by AOD_Blankwindow View Post
    I would also suggest getting a higher end pay for AV\Firewall\AS software. personalyl I've been using zone alarm for about 1.5 decades and I have gotten only 2 viruses in that time. Both of which were where I told zone alarm to run something it bitched about being infected (;but I trusted the source....).
    This is the first one i've detected at least lol, been using Avast since my first self built pc in 2001.

  12. #12
    Keep honking. I'm reloading Mokona512's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jul 2013
    Location
    New York
    Posts
    418

    Default

    For inbound protection, zone alarm is not really any better than the windows firewall, as it defaults to closed on ports you are not using. Zone alarm's main security feature is the more in depth outbound protection in that it offers more control over which applications have access to the internet, and essentially uses a white list method. If you head to a site that gets you infected, zone alarm will not protect you, but depending on if the infection is aware of zone alarm, it bar stop the infection from connecting too any outside servers (which can be useful if you get infected with something like a key logger). with many benchmarks, the paid virus scanners really do not do better than the free ones, as when ever they do a review, basically you will have avast, avg, and nortons trading spots when scanning a giant pack of the latest samples of malware. (though nortons is consistently in the first or second place trading blows with avast) The issue is that when new malware comes out, it is rarely ever first found by an antivirus company, instead it is found by various online communities and security researchers, which then causes the AV companies to run out an update for their scanners, thus they all end up more or less detecting the same things and the main differences seem to stem from which company has their developers running on extra caffeine that day.

    AVG also has decent detection but they are slower to update (not much of an issue if you never download anything new, but if you do, then they take longer to get their stuff updated (they may have a smaller development team that is also overextended as they keep adding more stuff to AVG, which is more to maintain)

    The main reason for the free scanners that companies like avast offer, is because a large user base allows them to collect suspicious file samples and monitor the spread of said files and also monitor some application behaviors, which in turn goes to improving the zero day protection.

  13. #13
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    Quote Originally Posted by AOD_Mokona512 View Post
    For inbound protection, zone alarm is not really any better than the windows firewall, as it defaults to closed on ports you are not using. Zone alarm's main security feature is the more in depth outbound protection in that it offers more control over which applications have access to the internet, and essentially uses a white list method. If you head to a site that gets you infected, zone alarm will not protect you, but depending on if the infection is aware of zone alarm, it bar stop the infection from connecting too any outside servers (which can be useful if you get infected with something like a key logger). with many benchmarks, the paid virus scanners really do not do better than the free ones, as when ever they do a review, basically you will have avast, avg, and nortons trading spots when scanning a giant pack of the latest samples of malware. (though nortons is consistently in the first or second place trading blows with avast) The issue is that when new malware comes out, it is rarely ever first found by an antivirus company, instead it is found by various online communities and security researchers, which then causes the AV companies to run out an update for their scanners, thus they all end up more or less detecting the same things and the main differences seem to stem from which company has their developers running on extra caffeine that day.

    AVG also has decent detection but they are slower to update (not much of an issue if you never download anything new, but if you do, then they take longer to get their stuff updated (they may have a smaller development team that is also overextended as they keep adding more stuff to AVG, which is more to maintain)

    The main reason for the free scanners that companies like avast offer, is because a large user base allows them to collect suspicious file samples and monitor the spread of said files and also monitor some application behaviors, which in turn goes to improving the zero day protection.
    Never thought of it that way! Dammit man i'm a Networking Student not a Scientist.

    Ended up just formatting my pc fully anyway, had to pick up a copy of Pro Student because the key i got must still have been wrong. If i had to point at something that got me it would be that thing I downloaded to get me my key lol.

  14. #14
    Keep honking. I'm reloading Mokona512's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jul 2013
    Location
    New York
    Posts
    418

    Default

    For some untrusted software, run it in a virtual machine to see if it is safe. Quick to set up and great for those uses.

  15. #15
    AOD4LIFE Darkn3ss F4lls's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Nov 2009
    Location
    The Membrane
    Age
    36
    Posts
    4,429

    Default

    Lost my VMWARE lo science when I moved schools. Could try virtual box.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
vBulletin Skin By: ForumThemes.com
Top