Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
This machine has gone mad!!! 1
- Thread starter htwo
- Start date
-
1
- #2
- Thread starter
- #3
Is this a recent problem?
Have you attempted thorough virus scans/malware detection? See here: faq608-4650
If this just started occuring, you might roll back to a "good" state. See here:
Once restored, you should do a thorough scan as noted above.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
Have you attempted thorough virus scans/malware detection? See here: faq608-4650
If this just started occuring, you might roll back to a "good" state. See here:
Once restored, you should do a thorough scan as noted above.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
- Thread starter
- #5
Well I tried restoring to last week - when every thing seemed fine. while running Ad-Aware the window Ad-Aware was runing in changed to that Pinball game that comes with windows. I restarted in safe mode and am running Ad-Aware again. I thing what ever it is is still there.
I'm wondering if this might not be hardware failure of some sort.
You don't possibly have some stuck keys? Can you switch out another keyboard? You might try this after your scan finishes. If Ad-aware does find some problems, I'd advise applying Microsoft's Antispyware app:
Ad-aware is good at the surface level, but if this is a result of a malware infection, you'll need somehting stronger for good measure.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
You don't possibly have some stuck keys? Can you switch out another keyboard? You might try this after your scan finishes. If Ad-aware does find some problems, I'd advise applying Microsoft's Antispyware app:
Ad-aware is good at the surface level, but if this is a result of a malware infection, you'll need somehting stronger for good measure.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
- Thread starter
- #7
I came in this morning and fired up Ad-Aware. About 3/4 of the way through the Ad-Aware program was terminated. I started up in Smart Mode, looked at my event log and noticed the Remote Access being activated just before my computer turned off the Ad-Aware program. I've turned of all remote accesses and things seem to be stable. But, this will make Netmeetings a little diffilcult.
I've not found any AV or Anti-Spyware app that does well after the infection. Pop the drive out of the box, and hook it up as a secondary drive in another system that's got current sigs for its AV and anti-spyware. Scan the drive completely and remove everything found. Then go back and do it again just to be sure. If you want to be REALLY sure it is 'clean', you'll have to completely re-partition and install from a known good source.
Of course, backup anything important on your PC before you remove the drive. If the system is unusable to the point of no backups being possible, then back it up when you get it in the 2nd system.
In the meantime, test your keyboard and mouse. I'd also check to see if some prankster hasn't made a shortcut key to the pinball program's shortcut. They might have also setup pinball to launch every 15 minutes in scheduler.
I disagree with the assertion that AV/spyware apps perform poorly post-infection. If this were remotely accurate, we'd be in a sad state indeed.
The anti-malware fight is, largely, reactive. In our fairly large organization, 85-90% of our respective "fight" is post-infection. Removal of hardware as a response is not practiced. Application of the more robust removal tools (Webroot SpySweeper, Microsoft Antispyware, Hijack This!) yield optimum results.
I was trying to avoid negativity, but will be to the point. Adaware is no longer a reliable product. It's failure in this instance does not surprise me. Adaware was once a front-runner, but has fallen woefully behind other products. I would recommend running one of the aforementioned options in its place.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
The anti-malware fight is, largely, reactive. In our fairly large organization, 85-90% of our respective "fight" is post-infection. Removal of hardware as a response is not practiced. Application of the more robust removal tools (Webroot SpySweeper, Microsoft Antispyware, Hijack This!) yield optimum results.
I was trying to avoid negativity, but will be to the point. Adaware is no longer a reliable product. It's failure in this instance does not surprise me. Adaware was once a front-runner, but has fallen woefully behind other products. I would recommend running one of the aforementioned options in its place.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
The only times I've gotten infections are when I was running AV that was supposed to be able to stop infections from taking place to begin with. Namely, both Symantec and Computer Associate's solutions have both told me (or people working with me) that they stopped an infection, only to find a few days later that the virus has been running all the while. Given that, I've not trusted them, and don't trust any of them.
The bottom line is that if you're working in an environment where you must truly be 100% positive you are secure, there's no real way to recover except a fresh installation. You won't find a security consultant that will disagree.
Yes, for most people, software will fix it all. But the reason that NO AV or Anti-adware app will make a machine as secure as possible is because they only work on definitions and heuristics, which are at best poor. It is easy to go and juggle the WinVNC source and come up with a backdoor for your machine that no one would ever find, and no software would ever remove.
That's why there's no scanners that will make your machine really secure.
Here's an article that points out that even Microsoft can have trouble telling if a system is infected if the attacker is truly skilled.
:Þ
:Þ
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question