Skip to comments.
Virus Repair Help Needed - Vanity
Ronin-Vanity
| Ronin
Posted on 09/02/2003 3:09:32 PM PDT by Ronin
I have received an email from the owner of my language school informing me that one of our (soon to be unemployed) French teachers attempted to download a computer software program from KaZaa and has infected the school computer with a bad virus.
I have been asked to try to fix it, simply because I know more about computers than anyone else there, even though I don't know much at all.
The question I have, is there any good, FREE virus removal program I can download to a floppy or CD that I can take to work with me this afternoon and use to fix the computer?
TOPICS: Computers/Internet
KEYWORDS: repairsoftware; virus; windowsxp
Any assistance or advice here would be welcome.
Pardons for the vanity.
1
posted on
09/02/2003 3:09:32 PM PDT
by
Ronin
To: Ronin
To: Ronin
The question I have, is there any good, FREE virus removal program I can download to a floppy or CD You can get one or the other, but not both. Personally, I wouldn't trust anything that you can download for free (sounds like how your problem started out in the first place).
To: Ronin
What virus is it? Try
http://www.symantec.com for virus removal tools on some recent viruses, then install anti-virus software.
To: Ronin
Will Norton protect against these viruses? I'm getting lots of "Mailer Daemon" replies telling me my email addy is sending viruses, but I've got Norton running on my computer. The email account in question is Hotmail; I assume M$ has protection against allowing Hotmail accounts to send virus-laden email (becuase they don't want to waste bandwidth doing it). I am only getting these messages on one of my email accounts. I'm wondering, are these emails coming from my machine, or is it possible their headers being spoofed?
5
posted on
09/02/2003 4:32:36 PM PDT
by
xm177e2
(Stalinists, Maoists, Ba'athists, Pacifists: Why are they always on the same side?)
To: Ronin
First off is the matter of determining
which virus(es) are infecting the computer. Several of the major antivirus software companies offer internet-based scanning - that's less effective than an installed scan, but it will give you an idea of what you're dealing with. I would try the web-based scan from
Panda Antivirus, as I've had good results with that one recently.
Note: you have to go to that website from the infected computer. If the infected computer doesn't boot, you are approaching the "pay someone to fix it" realm.
Once you have an idea of what virus(es)/worms you're dealing with, consult the Symantec Security Response website for removal instructions and/or tools. Ease of cleanup varies, depending on what you've got and how long you've had it; sometimes you have to just "nuke and pave" (meaning format the hard drive and reinstall EVERYTHING). I'll tell you up front, last year I made some good freelance money cleaning up people's virus-infected PCs.
Now, on to the issue of ongoing protection... The fact is, the company needs to pay for antivirus software. There is no free antivirus software available for businesses. My personal recommendation would be either Symantec (also known as Norton) or Panda. The issue of antivirus software is a matter of pay now or pay a lot more later.
Finally, you mentioned that this came about because a soon-to-be-unemployed French teacher was trying to download a program over KaZaA. I have a few thoughts to offer on that matter:
- This is a business computer. KaZaA software has no place on a business computer. Not only is it spyware, but it is a tool whose entire purpose is to circumvent copyright and licensing laws. What someone does on their home PC is their business (not that I support piracy in any instance), but if someone installs copied/pirated software on a business PC, the business is liable. The Business Software Alliance is the organization that polices this - check out the penalites. It's really not worth it... if you installed MS Office from one single-license CD set on 2 computers, that's up to $4 million in potential fines, plus potential jailtime.
- I am aware of the cost of purchasing software and licenses, including antivirus software. As a matter of fact, just last month I was pricing antivirus software for my network at work (we ended up spending about $875 for 25 licenses of Symantec Antivirus Small Business Edition, by the way... and we did NOT get hit by Blaster or Sobig or Mimail last month). This is part of the cost of choosing to run Windows - part of the trade-off for going with what the masses use. If the computer contains important data, it's necessary to protect it.
- The business owner needs to set in place a policy addressing the issue of software - what is installed on the PCs, by whom, etc. He should spell out specifically whether or not people are allowed to download software from the internet onto the business PCs... and I'd suggest he make it clearly not allowed. All software installation should be done by the individual(s) responsible for maintaining the systems and/or network, and that person should be responsible for keeping track of the licensing. Sample policies can be found at TechRepublic. You have to join to search for things, I think, but there's a bunch of good info there anyhow and it's free to join.
6
posted on
09/02/2003 4:58:02 PM PDT
by
ManxyGal
(Certified (A+, MCP, MCSE) network geek and keeper of all software licenses for my network!)
To: ManxyGal
Thanks for the tips Manxy. The school I work at here in Tokyo is quite small. Less than 10 teachers and the owner who is a rather nice elderly lady.
Anyhow, he is already in a bit of trouble because there ARE rules against using the computer for personal business but he did it on a day when the owner was not in.
I am going to go there early today and see if I can figure out what virus he caught and try to remove it without using the nuke and pave method. Losing the database will be costly.
The thing is I know that system has Norton Antivirus installed on it because I checked it just last week and did a harddisk scan, so it must be a new bug to get past it.
7
posted on
09/02/2003 5:10:55 PM PDT
by
Ronin
(Qui tacet consentit!)
To: xm177e2
I don't know if Mi¢ro$oft has automatic scanning set up for Hotmail accounts or not - my Hotmail account went inactive about 2 years ago. I can tell you, however, that getting those "you have a virus" messages does
not mean that you in fact do have a virus. Here's why:
- Most of the mass-mailer worms being circulated now practice address harvesting and spoofing. That is, they go through address books and email folders (including inbox, sent items, and any other folders) to collect email addresses, and then when they send themselves out, they fake the data in the "from" field of the email headers. In other words, if your dear friend Rush Limbaugh sent me an email, and copied you and Sean Hannity and Matt Drudge on it, I have all 4 addresses in my inbox in that message. If I then get infected with one of these worms, it will send itself out from my computer... and it will come to you with, say, Sean Hannity as the source... and it will go to Rush Limbaugh with, say, you as the source. So you all start sending each other "you have a virus" emails, and you all start furiously scanning your PCs and not finding anything, while I sit over here with my PC continuing the problem. Neat, huh? That's why I always disable the "auto notification" feature in the antivirus software now, both at home and at work.
- If that isn't enough of a headache, some of the viruses themselves now come masquerading as a "mailer daemon" or system administrator virus notification. That's what the "Mimail" worm does - you get an email with an attachment that claims to be from admin@yourdomain.com indicating that your email account will expire and telling you to click on the attached file (which pretends to be a webpage, but isn't). [That one failed where I work because everyone knows that I am the Administrator and I always use my personal account for all notifications. As a matter of fact, there is no such account as admin@mydomain.com. But it worked at many, many places.]
- If you have decent antivirus software on your PC (Norton, Panda, McAfee, or similar, and if you make sure it's updated very frequently (like every 2 or 3 days), and if you run periodic scans, then you are likely in the clear. If so, just delete those messages like the annoying spam they've become
8
posted on
09/02/2003 5:14:58 PM PDT
by
ManxyGal
(Certified (A+, MCP, MCSE) network geek and keeper of all software licenses for my network!)
To: Ronin
The thing is I know that system has Norton Antivirus installed on it because I checked it just last week and did a harddisk scan, so it must be a new bug to get past it.Norton Antivirus is good - if it's a fairly new version (2002 or 2003 version of the software) and if it's kept up-to-date. Otherwise, it's useless (as any antivirus software would be in that situation). And you have to pay money every year (or two - you can choose that option) to keep getting the virus updates.
When I started at my current job a couple of months ago, I discovered that all of the PCs were running Norton Antivirus... but the newest version of the software was 4 years old, and none of the virus definition subscriptions had been renewed in 3 years. In other words, there was no antivirus protection. That was my #2 thing to fix, as a matter of fact (#1 thing to fix was the lack of firewall).
A 10-user licensing package for Symantec Antivirus Small Business Edition runs about $430 for one year; they also offer a discount if you purchase two years' subcription up-front. It's worth it.
9
posted on
09/02/2003 5:21:10 PM PDT
by
ManxyGal
(Certified (A+, MCP, MCSE) network geek and keeper of all software licenses for my network!)
To: ManxyGal
To make this whole situation even worse, he (the French teacher) apparantly downloaded a "CD-Burner" program and installed it without scanning it.
If I were a nasty-minded programmer in league with the RCAA, this would be just the kind of booby-trap I would leak onto KaZaa as a way of sticking it to the music pirates.
10
posted on
09/02/2003 5:26:41 PM PDT
by
Ronin
(Qui tacet consentit!)
To: Ronin
One problem we are having on my husband's email address is that we get notices that a msg that has been sent from his addy is sending a virus, usually the SoBigF. I have Norton Antivirus 2003 and Internet Security and have this computer set on just every protection you can think of with Norton. And I keep it updated and run the antivirus program daily and sometimes more often during times like these.
The addys that are getting blocked are people we don't know and are not in our addy book. So I sent out word to everyone in my husband's address list asking if we have ever sent an email to them with a virus warning and all have said no. What I think has happened is that someone he emails to has not kept up the with the antivirus updates and got the virus that took all the addresses in that persons address list and is sending out msgs with our email addy but it is not from us. I have done the full scan etc and my machine is clean. So when you addy is grabbed from someone's address list and is now being used this way, how do I get that stopped? Should we just change the email address and notify everyone not to use is and to delete it from their list? Will that do it?
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson