Virus or just spyware?

[Billy's Little Trip]

Walked into my office today and saw my computer was restarting, then going to that blue screen where it says, "shutting down windows to prevent damage" or something to that effect. It kept doing this. So I did the F8 and the first thing I noticed was that my desktop pic was gone and this was now there.

I haven't had any problems until I downloaded the anti virus program, "winclam" that Fluffy recommended (not blaming you Fluf, of course). I have always felt that anti virus programs purposely fuck shit up and I decided some time ago, no more anti virus programs and I'll just take my chances. Since I got rid of my anti virus stuff over a year ago, no problems. NOW, within a couple weeks of adding one, I have a fucking ........something!

*serenity now, serenity now* OK, so what does this look like to you guys. I run XP Pro. I see nothing in the program add/remove area. I tried going back a day when things were ok.

It keeps going to that blue screen and restarting. I have to hurry up and hit F8 before it shuts down the machine.

OH, also, when I right click and go to properties to put my old pic back on the desktop, That tab is gone! only 3 tabs now. There is usually 5 and one says "desktop". Gone!

[Billy's Little Trip]

Oh, plus when I try to run winclam, it finds a Trojan, quarantines it, it continues for a bit, then the computer freezes and I have to restart it.....the bad way!

Fluffy, if you made winclam just to fuck with me, you're mean. Mean people suck.

[Spud]

I downloaded clamwin as well, and I have not had this symptom. However, now every time there is a little lag in loading a page, a damned dialer pops up to help solve the problem. If course, it could just be a coincidence... I have edited my IE dialer preferences to NEVER DIAL, which is what they were before.

[Märk]

Jesus people, really?

Whoever isn't using AVG Free Edition or Kaspersky (commercial) is an idiot. There, I said it.

[Spud]

Oh sure, and what kind of trojans are in THAT ONE?!?

[Märk]

I've used AVG for 5 years now, and have only caught a virus once. Yeah, it missed one. Not bad for free.
And there's no nagware/trojans/bullshit, it just works, and they happily give you definition updates every couple days, forever.

[Billy's Little Trip]

I finally uninstalled winclam. Didn't fix the problem. This sucks.

[fluffy]

Mark, AVG has started putting all sorts of nasty shit in to try to upsell the paid version. Annoying popup ads and so on. They've also started doing some really sneaky bullshit which has ended up having a major impact on Web traffic. I switched away from AVG when it started giving me daily popup ads for the full version, and it also was very frustrating that it wouldn't even let me decide on which days full scans would happen without paying for it.

ClamWin is GPL-free and completely open source. You can see exactly what's in the code and even compile it for yourself. It's maintained by volunteers who are sick of shitty spyware-ridden "virus" scanners. The code itself is completely audited and secure, and the only problems I've ever seen with it is occasionally someone adding a virus signature which is a bit over-zealous in identifying something as a virus (and those issues are generally fixed the SAME DAY).

If it's finding a trojan and then the system reboots, then it's very likely that the trojan is detecting that ClamWin is trying to disable it, and then rebooting to prevent it from doing its job. ANY virus scanner would run into that problem. When you get into that situation, your best bet is to boot from a boot disk of some sort and manually remove the virus, per manual removal instructions which are generally easy to find on the web.

If you already have a virus on your system then no matter what you're in trouble. The point to a virus protection suite is to PREVENT getting a virus, not to try to clean up after one which you've already gotten.

Uninstalling Clamwin won't solve any problems, it'll only put it off a little bit longer, and in the meantime your computer is probably sending out spam or acting as a kiddie porn webserver or something.

[fluffy]

Also, BLT, FUCK YOU for the implication that I should be watching every single fucking thread on this board at all times and popping up with helpful advice when it's in a new thread that I have no reason to even know exists.

If you're having trouble with something based on something I recommended, and you demand an instant response, at least send me a motherfucking PM (or, better yet, post it as a followup in the thread I was already watching) rather than just bitching about it.

[Billy's Little Trip]

Yikes!
I have my XP Pro disc, so I guess if I can't fix the problem, I'll reload it. I just never know if I'm just reloading windows, or wiping everything away and starting from square one. I hate reloading every damn program I have back on the machine.

[Spud]

I saw no such implication. Did he delete it?

[fluffy]

Just the tone of his whole first post is all.

[Billy's Little Trip]

Also, BLT, FUCK YOU for the implication that I should be watching every single fucking thread on this board at all times and popping up with helpful advice when it's in a new thread that I have no reason to even know exists.

If you're having trouble with something based on something I recommended, and you demand an instant response, at least send me a motherfucking PM (or, better yet, post it as a followup in the thread I was already watching) rather than just bitching about it.

HaHa! That's ok, I wasn't looking for an instant response. I was still going through my crap on my computer to make sure my wife, whom uses my computer sometimes, nor I, downloaded something that fucked things up. I figured I'd try to fix it myself before I started bugging the computer gurus with private messages.

But if it makes you feel any better, you'd be the first guy I'd PM, Fluf.

[fluffy]

Okay.

Anyway. Basically, when you get a virus running on your system, you're pretty much fucked, regardless of virus scanner. The point to a scanner is to prevent the virus from getting run to begin with.

The one place where ClamWin falls short vs. AVG or Norton or whatever is AVG/Norton will scan an app before you run it, while ClamWin doesn't have that capability yet (although I believe they're working on it). But really what you need to do is practice "safe hex" (hurr hurr) to begin with. If you must download software from less-than-legitimate sites, definitely scan it before running it.

Another thing you should do is to create user accounts which aren't set to administrator privileges, and ONLY run your system as such. That will severely limit the sorts of viruses which can run. (Vista tries to do something like this with the incessant security dialogs, but it's a lousy implementation of an okay idea. Mac OSX has always run in this way and does it much better, but it helps that Mac apps have also traditionally been much more well-behaved with respect to what they do to your computer. It's amazing how many Windows apps are written with the assumption that they are the only thing you are ever going to be running on your computer. What the fuck, Windows app writers?)

[Märk]

Fluffy: wow, I had no idea AVG was doing this. I never updated to version 8. Version 7.whatever is fine on the machines I have it installed on.

[edit] Other than that, the only advice I can give here is: Don't run shit from untrustworthy sources, avoid porn/warez sites, get all patches/updates, and DON'T OPEN EMAIL ATTACHMENTS. Not ever ones from people you trust. The world is full of stupid people, don't add to their numbers.

[Billy's Little Trip]

I use firefox for browsing. It seems to keep me safe, for the most part. It notifies me when there's a concern, like pop ups or spyware, etc. I don't think F/F is an anti virus, but I've been running smooth since I started using it.

I have 5 computers in my house all networked together (two wireless, three direct wired). I only have the problem on the one computer, so I hope it doesn't infect the others.

[fluffy]

Contrary to popular assumption, no, viruses don't "spread" like that. Computers don't sneeze on each other and infect each other. Okay, there have been worms in the past which spread based on security holes in various operating systems or services running on them, BUT Microsoft has actually gotten very good at closing those holes.

IN GENERAL the only way for a virus to spread between computers these days is if you share code between them. In the bad old days of DOS it was very easy for this to happen (because people would often boot off of the same boot disk on many different computers, copy program executables directly, etc.) but in Windows you're actually a lot safer from this stuff because you only ever boot from your hard drive, and it's rare that a program will even work if you copy it directly. (Of course, it IS possible for a virus to spread in the old-fashioned way if you get a virus on your computer, it infects an installer, and then you copy that installer to another computer.)

Most "viruses" these days are actually trojans, i.e. applications which purposefully come with a viral payload (often in addition to a legitimate piece of software). And, while spyware and adware have a significant amount of overlap with viruses/trojans, they are technically a different sort of thing (much like how BLT is both a contractor and a musician). Of course, many trojans then act specifically as a vector for further virus or worm infections. (The distinction between 'virus' and 'worm' is pretty blurry, by the way, but the basic difference is that a virus spreads due to user behavior - i.e. copying programs between infected computers - while a worm spreads on its own, e.g. by finding a buggy web server or email program to install itself with.)

By the way, if you're using Outlook, stop that. Aside from downloading apps, Outlook is the last major vector for worm spreading (and not all of those worms even require you to open attachments!). Thunderbird is a good replacement if you prefer a desktop-based mail client, and web-based email is basically as secure as it can get.

[Billy's Little Trip]

I now use Gmail and I really like it.

But I still can't get over the fact that it took over my desktop background and removed two of my tabs (desktop and screen saver) on my display properties.

[fluffy]

Yes, that was definitely an act of malware. Check the ClamWin virus report log, which should tell you exactly what virus/trojan/whatever it was, and then if you google its name with "removal" then you should find procedures which will work. (Unfortunately, often the procedure is just "reinstall Windows," because it's not like virus writers care about leaving your system in a state you can recover from. Like I said, once you have a virus, you're pretty much fucked.)

[ujnhunter]

yes thankfully I've still got AVG 7.0 on all my computers

[Märk]

Something that's worked for me before to clean a nasty virus (and you say you have 5 computers, so this would work for you) is to take the hard drive out of the infected computer, attach it to another (virus free) computer as a secondary, (being sure not to accidentally boot from it, or you might fuck up the good computer as well) and run a full scan on it with whatever antivirus.

[fluffy]

Ah, yes, that's an excellent idea. It won't really help to fix damaged system files, though. Also, don't run any of the programs on that hard drive, since those are also all likely to be infected.