Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Where did I catch that stinking virus?? 4

Status
Not open for further replies.

mscallisto

Technical User
Jun 14, 2001
2,990
US
Today I'm virus free on all 6 PC's but I've had my share of virus/Trojans/malware etc over the years and half the time I know where I got them.

Other times I haven't a clue where they came from like when I caught the FBI/MoneyPak and a web search said it was from unscrupulous browsing; believe me it wasn't. It just appeared and I removed it.

My question: Is there anyway to trace where one gets infected when it's not obvious where it came from?

Thanks in advance

Sam
 
Wow, what a great question. I anxiously await an answer to it.

I have one PC in my house that it constantly getting infected by one thing after another. I know the reason (teenage boy into anime and online games), but I'd love to be able to identify the exact site or email it came from. That would allow me to block it ot at least educate him. That would save me a lot of time cleaning the dang thing.

 
Hi Sam,

I seriously doubt it is possible. You're AV logs might give you a the name of the Trojan, but that is not sufficient.
Virusses/Trojans are not unique to one site. You can get the same virus from a lot of sites.
They can also be contained on CDs from computer magazines, backpacking on freeware tools, multi media files, etc.

On second thought, there might be a way, by playing a little Sherlock Holmes:
a) Install a internet usage tracker, e.g. one of these:

b) Once you detect an infection, note the time of infection from your AV logs.

c) now cross reference that with your internet monitor and you should get an idea where it came from.

Besides that, it is good to have a strong and up-to-date anti virus with web protection. It will block the opening of infected sites - provided the virus there is identifiable.
Another thing I am doing is using "Google Safe Browsing" before opening an unknown site.
=>
Just replace "site=google.com" with "site=" + the site address you want to check for malware.

Cheers,
MakeItSo

“Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.” (Kofi Annan)
Oppose SOPA, PIPA, ACTA; measures to curb freedom of information under whatever name whatsoever.
 
I seriously doubt it is possible. You're AV logs might give you a the name of the Trojan, but that is not sufficient. Virusses/Trojans are not unique to one site. You can get the same virus from a lot of sites.

I'd say that is correct unless you go to a lot of trouble as mentioned, but then you're STILL infected. And teenager + internet + click on whatever they feel like on any web site = virus.
 
On one of the reputable forums I frequent, I have seen a lot of complaints about ads, whether they are clicked on or not, being the source of malware. Unfortunately, it seems like the default is to execute everything (unless you want it to) making it easy to contract them. Couple that with a little cross-site scripting or hijacking and you can catch critters.
 
My favourite way of blocking unwanted ads - other than with adblock+ or whatever - is the MVPS HOSTS file:

It basically associates known ad sources (adserver, doubleclick etc.) with 127.0.0.1. This way, the ad isn't loaded and neither are any connected viruses.
It's a bit cheating on those sites that need advertisements to finance themselves but I say "hey: I don't want no viruses in return, so live with it".
Extend that HOSTS with known porn sites and you are a lot safer.
No 100% safety exists on the web though.

“Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.” (Kofi Annan)
Oppose SOPA, PIPA, ACTA; measures to curb freedom of information under whatever name whatsoever.
 
Nice responses so far, they make sense but I would really like to make a virus creator cry just once.

Presently my defense regiment consists of monthly running the following:
CCleaner, Glary Utilities, RegScrubXP, HiJack This, Malwarebytes, TDSKiller
MSConfig start-up, Smart Defrag, Avira Antivirus, SuperAnti Spyware, Rogue Killer

I mostly get ad-ware from my wife's PC but I'm generally very clean.
Any additions/deletions or suggestions about my defense regiment are welcome.

Tonight I will visit the links supplied by MakeItSo, they look to be promising.

I still believe a virus of any kind must leave some kind of I/P footprint or hexadecimal DNA or something to help trace a source.
As said above there may be many sources for the same virus but I'll be happy to uncover one.

If there really aren't ways to trace sources than I'll pass that info on to the many Crime Series TV shows that seem to think there is.

Thanks
Sam
 
Presently my defense regiment consists of monthly running the following: CCleaner, Glary Utilities, RegScrubXP, HiJack This, Malwarebytes, TDSKiller MSConfig start-up, Smart Defrag, Avira Antivirus, SuperAnti Spyware, Rogue Killer
If this didn't save you, nothing will!!! My honest feeling is that your putting $10 into a $1 problem. Conquer malware, move on, profit.
 
Thanks goombawaho

Yes it's definitely overkill and time consuming but I'm retired and have been working on computers (building and programming)since 1962; it's in my blood LOL.

I am constantly deleting and adding new detection software and I agree I should be doing more deleting than adding.

Do you have your favorites?
 
Thanks again MakeItSo

I've visited your recommended links and will try netspeedmonitor simply to see what my average up/down speeds are.

I'll also try cucusoft to capture web connected programs and trace them to antivirus logs in the event I get infected.

I will also play with Google safe browsing to see how that works.
It somewhat looks like what one does to monitor third party cookies which is cumbersome at first and requires maintenance but pays off tremendously by keeping malware/ADware at bay.
 
I think you mentioned the main things I normally use: CCleaner, TDSSKiller, MBAM, HiJack This, Rogue Killer.

If you're happy chasing the source of the malware that's great since you have the time.

 
Comodo Antivirus, even the free one, has a program called Virtual Comodo included with it, it is their version of a sandbox & works quite well. What it does is you can download and try anything or any site without fear of screwing up your computer, nothing is written to your actual computer so when you exit any malicious files are gone. If you do download a program you want to keep, it goes into a separate shared folder you can access after you exit Virtual Comodo, there you can scan it to be sure it is safe.

Just a suggestion to stay safe
 
@xit

I like the sandbox approach and I'll give Virtual Comodo a try as soon as I have something to test (download).

Thanks
Sam
 
What OS are you running?

There are some great tools out there.

If XP I highly recommend Steady State, but you may struggle to find a legit download as it's been dicontinued.

Also have a ganders at this

It is an interesting tool:

I'll stick up a dedicated link to this actually :)


Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

 
Thanks Symplolgy

XP SP3

Is this the download you suggested, if so I'll give it a try?

I'll also have a gander at the kb link

sam
 
Yes that looks liek it.
The way it works is to create a Virtual XP machine instance and boots to this. If you turn on disk protection, by far the best thing ever, then everything that gets written to the pc is not stored permantly. So a reboot wipes everyting since the last update. However you can set it to override and say "I want to save changes" (admin mode only). It also allows windows updates to run without admin mode.
You can set exceptions, so you can save to say a USB drive or some other folder / device.
We've used it in an Internet cafe for 3 years, never had even the slightest issue with it.
The most annoying thing they don't do a Win7 / 8 version, so we've got to use a 3rd party solution :-(

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top