advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
I removed a virus from a PC yesterday and I have a question
Posted by: olnacl
Date: January 31, 2010 06:15AM
This was one of several variants of the "buy my antivirus" scams that pop up warnings saying there is a virus and locks up the computer until the user succumbs to the pitch and buys the product or takes steps to remove the virus. Luckily, there was a fix I found on the web that (relatively) quickly allowed me to remove it.

The question is: Since this "should" be easy to trace since money changes hands (at least from those that fall for the scam) why isn't the distributor of the virus arrested and charged? I'll give my opinion first - that it's run from a foreign country (most likely considering the poor English used in the warning dialogs) and there is no multinational cooperation for arresting these people. Any other reasons?



Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: mrlynn
Date: January 31, 2010 07:43AM
My guess is that they're not really selling anything; they want to collect charge-card numbers and other personal information. But that's just a guess.

Those 'rogue anti-virus' infestations are very hard to get rid of. A free program called Malwarebytes, [www.malwarebytes.org] , can sometimes do it where the big names can't. But even then they can regenerate, like the creature in the Alien movies. They may be 'rootkits' that can insinuate themselves into the OS at a low level and hide from AV software. So you end up wiping the HD and reinstalling everything.

Not long ago I clicked on a line in a page of Google search results, and was hit with a rogue AV ad that I couldn't get out of. But this was Safari, on my MBP, so I just force-quit Safari and it was back to business as usual. With PCs it's a different (and much more frustrating) ballgame.

I keep thinking that at some point the script villains are going to turn their sights on the growing Mac population. Maybe they have and the Mac OS is resistant enough that they haven't succeeded. But I wonder if some anti-malware software might not be prudent. . .

/Mr Lynn



"Hillbilly at Harvard"
Honky-tonk Country and Bluegrass
Founded in 1948 by Pappy Ben Minnich
Saturdays 9am - 1pm Eastern
WHRB-FM, Cambridge, MA
Streaming at [www.WHRB.org]
Be there!

The HAH weblog: [hillbillyatharvard.wordpress.com]

Topical weblog: [walkingcreekworld.wordpress.com]

On the river in Saxonville.
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: olnacl
Date: January 31, 2010 08:51AM
Yes, It was Malwarbytes that cleaned the virus and rkill that stopped the process so I could install and run malwarbytes. The machine had AVG free with current definitions and wasn't used for visiting pron/warz sites. After what appears to be a successful cleaning, I switched it to avast (free) in hopes of keeping these threats at bay, and advised my friend to run Malwarbytes at least weekly.



Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: JoeH
Date: January 31, 2010 09:45AM
One of the type of sites they tend to infest are the ones with on-line games. One woman at the office has managed to infect at least 3 different PC's several times over the last year. A couple times, in spite of the PC having Deep Freeze, the infection managed to bypass the protection and remain after restarting. Those required a reformat of the drive and a reload.
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: H1N1
Date: January 31, 2010 10:18AM
Quote
mrlynn
I keep thinking that at some point the script villains are going to turn their sights on the growing Mac population. Maybe they have and the Mac OS is resistant enough that they haven't succeeded. But I wonder if some anti-malware software might not be prudent. . .

/Mr Lynn
The roots of MacOSX go back over 40 years and it runs the internet, and that "Not enough Macs to make it worth my time" argument is a bit of a straw man exercise, isn't it?
Think about it, what would grab more headlines, the thug mugging a few dozen townfolk in an alley, or the thief that breaks into Fort Knox?
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: JEBB
Date: January 31, 2010 12:05PM
As I understand it:
To install a program (virus) on a Mac, or any Unix-based system, that messes with the system files, the administrator has to give his permission by entering his password. The name 'virus' was adopted for such computer programs because they can propagate without permission (at least in Windows). It's rather like, in your biological world, of having to give your permission to become infected with a cold virus. Not much chance of that happening.

When holes, one-off vulnerabilities, are found in the extremely complicated Mac OS, Apple issues a fix, a security update and the problem is gone.

With Windows the lack of a requirement for the password makes installing programs (viruses) easy and a constant threat.
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: TheCaber
Date: January 31, 2010 12:49PM
Quote
JEBB
...
With Windows the lack of a requirement for the password makes installing programs (viruses) easy and a constant threat.

That is because the default operating mode for Windows is 'single user, administrator', what would be 'root, or superuser' on Unix/MacOSX/Linux.

In Windows, if you can get any system component to open {and by default, execute} any chunk of data that happens to have/be a viral payload, you're home free.

Windows has yet to have a multi-user operating environment.



=TC
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: mrlynn
Date: January 31, 2010 12:53PM
Theoretically a non-administrative user in Windows cannot install programs, but in practice the nasties seem to evade this restriction.

If what H1N1 says is true, and the script writers really are constantly trying to get into the Mac 'Fort Knox', then the Unix core of OS X must in fact be more secure than Windows. A lot (maybe most) of Mac users routinely work with administrative privileges. I have taken the precaution of creating a non-admin user for my daily use, but I doubt if many consumers do.

Is anyone here running antivirus/antimalware software on their Macs?


/Mr Lynn



Edited 1 time(s). Last edit at 01/31/2010 12:56PM by mrlynn.
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: deckeda
Date: January 31, 2010 02:23PM
Quote
TheCaber
Windows has yet to have a multi-user operating environment.

I'd like to know more about this; I'm really just now starting to learn about Windows. Gonna try and skip most of XP—I figure by the time I get to the point where I'm truly comfortable with Windows the world will hopefully be onto 7.

Anyway, are you saying that Windows user accounts generally occupy a level closer to the kernel or other underlying processes, compared to 'nix, which more thoroughly abstracts away the user accounts, thereby protecting both environments?

The reason for my guess there is because I've seen Windows described as nearly functionally unusable if you lock it down with UAC restrictions. But if you open them up to reach a level of personal control, you're vulnerable. Probably an oversimplification.
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: JEBB
Date: January 31, 2010 03:13PM
Quote
mrlynn

Is anyone here running antivirus/antimalware software on their Macs?


/Mr Lynn

Not me. Only needed for Windows where such programs are essentially automatically installed. I have the firewall on but I'm not really sure that it is needed.
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: Dick Moore
Date: January 31, 2010 05:36PM
I use ClamXav once in a while, just to be sure my Mac isn't a conduit/pass-through (as opposed to being infected itself). There's a beta for Snow Leopard that works fine.

I just yesterday finished reinstalling Windows on a firend's box due to a SkyNet infection, apparently picked up from a first-time visit to Craigslist. AVG Free was running but no up to date, Malwarebytes was stopped dead in it's tracks, and Spybot S&D would run, but could not fix the problems. Restore wouldn't work, and going to the Repair function in Windows set-up also didn't result in a working system.

Finally did what I should have in the first place -- nuked and paved. There were no essential data or apps on the machine, so no wails of anguish. But reinstalls are such a humongous waste of time.... Can't figure out why using a restore point couldn't get it back in order -- that's one nasty worm.



What it is, man, a low-down and funky feelin'
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: decay
Date: January 31, 2010 10:16PM
this sounds fake, but it's pretty good, too:

[www.superantispyware.com]
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: mrlynn
Date: January 31, 2010 10:24PM
My IT guy gave me a CD that boots in Linux and runs an open-source program called Bit Defender. The advantage of this is that the nasties hidden in the Windows Registry can't load because you haven't booted Windows.

It found a bunch of malware on a PC I was trying to disinfect, but in the end it still left some nasties. So I'm going to wipe the drive.

/Mr Lynn
Options:  Reply • Quote
Re: I removed a virus from a PC yesterday and I have a question
Posted by: Monster
Date: January 31, 2010 10:39PM
superantispyware is not fake, and is one of the utilities I normally suggest to run after Malwarebytes.





The Taoist Zhuangzi said, "Good order results spontaneously when things are let alone".
The sociologist, and historian, Adam Ferguson described the phenomenon of spontaneous order in society as the "result of human action, but not the execution of any human design".
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 202
Record Number of Users: 52 on November 20, 2014
Record Number of Guests: 847 on February 04, 2015