Computer virus question

Little House on Unaka | December 30, 2009 | don-o

[don-o]

I am getting a neighbor / friend's computer running. It's a Dell (4100 I believe) running XP home. According to her, she has never been on the internet or e-mail. I can verify the latter because I set up her Outlook Express. (I know someone was using it, because of the shortcuts on the desktop.)

Nevertheless, she had the computer hooked to the internet, but powered off. I removed McAfee and am installing Charter's Security Suite. Began a scan last evening and it's finding a ton of virii.

My question is, can a computer be infected w/o active participation of a user?

[don-o]

Can the OS be re-installed? That might be your best option at this point frankly, it seems to me.

That's not really an option for me - at this point. The computer is quite functional.

[PIF]

Of course it can be infected without an active user. Windows is famous for that ‘ability’. Win 98 w/o user was infected on average within 30 seconds, Win 95 within 15 seconds.

XP, like the previous incarnations, has various bits and pieces that send out via the modem that it is active and online. Various apps send out signals that they are present - and if there is some bot listening then down comes the bad stuff.

That box was likely left online for hours - plenty of time for something to get through the notoriously porous Win security, McAfee or not.

The only way to guarantee no bad stuff is to never connect a Win machine to the Internet, never insert disks, CDs or DVDs. Better yet, never turn it on - as MS advises.

The best way to fix this is to do a secure erase which will take some time, reinstall XP from the OEM disk, do not reinstall anything from any backup (all previous data is suspect), and get rid of the modem. All should be well after that. Go online and you may face the same situation again... soon.

Or you might just consider a totally different manufacture, computer, and OS...

[don-o]

It does a good job of alerting you if something is trying to access the internet.

So does the security package I loaded. It caught several attempts as I was scanning.

[don-o]

Yikes!

I appreciate the info and suggestions
What is a “secure erase?

Get rid of the Modem? I don’t understand. How do I connect her then?

[bamagirl1944]

One thing I haven’t seen mentioned, is that she could have infected the computer by transferring files from some other place, such as a flashdrive, a CD, etc.

[don-o]

Good thought; but, no chance. She barely know how to turn the thing on.

And, btw, Go Vols!!!

And Go Bama - (for the one game). See you on 3rd Saturday in October in K’ville.

[PIF]

Secure erase is when you select that option - if aavailable - to write 1s and 0s over the hard drive for hours, but most secure is to just remove and throw the hard drive away, replacing it with a brand new one.

Yep. You don’t. Else she and you will face the same problems sooner or later. Perhaps if it were your box you could keep it clean, but most people don’t bother or don’t know how.

Those anti-bad stuff programs must be constantly updated and always run in the background to work, but then they are only effective against known stuff. The gap between when a new thing appears and when the anti-bad stuff program is updated leaves a gap when the box can (will) become infected.

Other than you keeping her box clean on a daily basis, the only other option you can do is to get a Mac... end of all the bad stuff and their constant background updating and checking slowing the box down, all current email/files on the box can be safely and easily transfered, w/o risk, and you can connect w/o worry. Not shilling here, but is just the case when a person does not have the time, inclination, or knowledge to keep a box clean.

A plus is that if you get a new one from an Apple Store, they will do all the support for one to three years. Which means you don’t have to.

[LonePalm]

I highly recommend the best version of ZoneAlarm you can afford.

The free version is very good. I pay for the top of the line.

I also run Spybot.

With that combination I have never had a problem.

Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LonePalm, le Républicain du verre cassé (The Broken Glass Republican)

[Patrsup]

Couple of thoughts, email might not have been setup but people can use webmail through the browser and if it is the old IE that comes with XP home and has not been patched, there is plenty of reason to fear infection. If she is so illiterate on the computer, I suspect she has not patched anything nor probably has updates and required fixes installed.

If she is not emailing or surfing - why bother with the cable modem? Clean it up, patch it and take it off the wire.

For my two cents I prefer AVG (free) and SpyBot.

Hope it all works out -

[Big Giant Head]

Get rid of the Modem? I don’t understand. How do I connect her then?

Don't get rid of the modem, get her a router that serves as a firewall. Other than that, I use no anti-virus or anti-crap ware at all. But you may still want to run some on her box.

Linux is another option. Mint is a great OS.

[don-o]

She asked to to fix her so she could e-mail. That’s my goal right now. I will be patching enough to get a pdf reader so ahe can open at manual she needs to read.

For me, it’s not rocket science - as I said, the thing IS functioning. I’ve improved it a good deal in a couple of days.

I DO appreciate all the comments!

[TomGuy]

Some older virii were transmitted in files.

It used to be quite common for them to show in, especially in game installs, but also in some program installs. That was when games/programs were shared via disk.

I have an archive of many programs/OS systems from the 80s and early 90s. I have some burned DVD disks (program backups) that will register as viruses. Some alerts are legit, some are false. Since they are on burned DVDs, the virus program can't actually remove them; I have notations of which programs have those. When I updated my archive by moving it to an external hard drive, I allowed the virus program to delete any infected programs.

If frequent/periodic virus scans are not performed or virus software not updated and run, sometimes virus program alerts will be false positives, especially on old installs. Old installs, however, may have old trojans and viruses.

If you get an alert, check the virus program website for further details on the seriousness of the alert-in-question.

[Rifleman]

A lot of over kill suggestions here.

Force all Microsoft updates.
Activate automatic updates and Microsoft Updates.

Install Microsoft Security Essentials. It will scan the
pc unless told not to. Force repeated scans, rebooting
between them, check the history log each time. When
MSSE stops finding new malware, you are done.

A router/firewall appliance is a good but not essential idea.
Make sure that the Windows firewall is on.

[don-o]

Hey Tom. Do you know who keeps the Techie ping list? I have anothe plan/idea I want to add to the discussion later.

[TomGuy]

Do you know who keeps the Techie ping list?

ShadowAce maintains the Tech Ping list.

[johncatl]

Computers become infected by more than just email. Surfing the web can infect a PC in a technique known as "drive by" from just going to an infected website.

The social networking sites, Facebook, twitter, etc. were compromised last year.

One other thing you can do is to set up a user profile with limited authority, not an administrator, and use that for normal web surfing.

Also make sure that the guest account is disabled and that you are running a good antivirus.antimalware program and that it is kept current and that the computer is scanned completely at least once a week.

[johncatl]

Patched - Nope - Next order of business is SP 2.

Don't forget SP3 and updates after that!

[mad_as_he$$]

komando.com

[Bloody Sam Roberts]

According to her, she has never been on the internet or e-mail.

If she's running XP she had to have connected at some point to activate. Did she remove the network cable after activating? Does she have a firewall? If not...she's 'on the internet'. She may not have used a web browser but she's exposed.

[don-o]

I'm thinking of trying to use remote access to work on my friend's computer from mine at home. I have never done any remote access at all. So, questions:

1. Would I be putting MY machine at risk as I try to clean hers? What are all the down sides?
2. Is there a good (free) program for this?

What I think I want to do is use a forum (cybertechhelp.com) to work this after I have done all I can. They do diagnostics using Hijack This! and several cleaning tools; but, it can be a lengthy process. Hence, it would be more convenient to do it from my home if that is safe.