"I don't use anti-virus and i've not had any problems ......."

Soldato
Joined
18 Oct 2002
Posts
7,667
Location
"Sunny" Plymouth
We hear this quite often on the board, i heard it in person this morning. Followed by "...... but i can't get onto some websites and it's running a bit slow."

Hmm.

IE is totally fragged, every page is "unable to display", 20-30 second delay on everything i click. Generally running like a sack of faeces. Reset all the IE details to default, still won't play.

Manage to get Mbam running (IE is now running, but redirects every request for a "useful" page, had to use googles cached version of the page to get a DL link)

Put kettle on, laugh as it pulls up 20 infected files before the kettle is boiled.

and wait.

and wait.

and it's done.

antivirusf.jpg


Fun.

Delete the lot, reboot, no change.

Install MSE, scan, finds 1 more item, delete that. Reboot and it finds it again ....

Combofix digs out a rootkit, restart, it finds 3-4 other bits.

Cleaned out the hosts file, redirection stops (pillock, should have looked there first!)

Restart, STILL running like carp. IE is semi-usable, can't run windows update though (guessing this system has a few holes to plug)

Googling the error code from WU lead me to Hitman Pro which is a new one on me, it found another THREE rootkits, 6 dodgy files and found that IE was routed though a "broken" proxy (which explains the error message from WU) It scrubbed the nasties, sorted the proxy (which is odd because i'd gone in and sorted those settings earlier by hand), reboot.

Runs fine, WU works and pulls down a dozen of so fixes and running the scans again doesn't find anything.

THIS is why we use anti-virus people!

/rant/breathe/collapse in puddle of caffine.
 
Soldato
Joined
16 Dec 2005
Posts
14,443
Location
Manchester
Always makes me laugh when people proclaim they are virus/malware/root-kit/whatever-free when they haven't run an AV scan for years. Then it makes me double check I have everything up to date, as it is these fools that spread the crap around.

Whether or not you run a resident anti-virus/malware, you should always do regular scans. It doesn't matter how careful you are. A lot of rubbish gets onto machines through unpatched software and has nothing to do with what websites you visit.
 
Soldato
Joined
19 Dec 2006
Posts
9,668
Location
UK
Almost as bad are those who think anti virus is the final solution, 'How'd it get infected? I have anti virus installed!'
 
Man of Honour
Joined
13 Oct 2006
Posts
81,853
I don't run resident AV, tho I do a system scan regularly and scan all files in and out before running them/distributing.

It would have to be a decently stealthy rootkit to get past me anyhow.
 
Soldato
Joined
16 Dec 2005
Posts
14,443
Location
Manchester
Almost as bad are those who think anti virus is the final solution, 'How'd it get infected? I have anti virus installed!'

Heard that a few times too! Though to be fair, if you look at most of the advertising for AV products I am not surprised the less tech-savvy PC users think said products gives them carte blanche to browse for their Nigerian Goat Porn while downloading a bunch of virus-ridden novelty screen savers! :p
 
Soldato
Joined
16 Dec 2005
Posts
14,443
Location
Manchester
I don't run resident AV, tho I do a system scan regularly and scan all files in and out before running them/distributing.

It would have to be a decently stealthy rootkit to get past me anyhow.

What do you use to scan with? I am curious as my subscription runs out soon, so may try without resident AV.
 
Man of Honour
Joined
13 Oct 2006
Posts
81,853
Almost as bad are those who think anti virus is the final solution, 'How'd it get infected? I have anti virus installed!'

Like the time I nearly nutted the door post in frustration watching someone manually click ignore on the warnings and run an exe file from an email moments after I'd just cleared their machine of malware and reinstalled their AV :(
 
Man of Honour
Joined
13 Oct 2006
Posts
81,853
What do you use to scan with? I am curious as my subscription runs out soon, so may try without resident AV.

Generally AVG free, housecall (and some other trend micro stuff), sometimes malware bytes and the MS stuff, try and use a bit of variety to be sure... pretty much anything that isn't Norton or mcafee.
 
Soldato
Joined
19 Dec 2006
Posts
9,668
Location
UK
Like the time I nearly nutted the door post in frustration watching someone manually click ignore on the warnings and run an exe file from an email moments after I'd just cleared their machine of malware and reinstalled their AV :(

Some people just don't learn.
 
Soldato
Joined
4 Aug 2004
Posts
2,733
Location
on OCUK
I never quite understood the peeps so proud of themselves not running any AV/Malware products you can get any crap these days just from browsing the interwebs!

I have got a MS Security Essentials and paid for Malware Bytes with the auto protect.

Working fine so far, very impressed with MSE.
 
Man of Honour
Joined
13 Oct 2006
Posts
81,853
Its not so much pride - atleast not for me - its the fact that most AV software seems to have been programmed by muppets with no regard for the sanctity of the end user's PC - often its barely any better than actual malware, slowing down your PC, running tasks whenever it takes its fancy even when you've disabled as much as possible in the options, etc. preventing you doing stuff (that you know is not a security issue i.e. false positives, etc.) with no work around, etc. depending on the package. For me personally in the 15 odd years of using computers AV has caused me more problems than the malware :(

Infact I've only ever been infected once in all the time I've been using PCs and that was a 0-day exploit that no AV would have prevented anyhow - fortunatly caught it in the middle of re-writing the exes listed in my start up - that and the fact I absent mindedly opened the page in IE6 without thinking - I'd been using it coz my bank's online service at the time wouldn't work with any other browser properly and then started browsing a normally safe site on the day when their ad service was compromised - completely unfortunate set of events.
 
Last edited:
Soldato
Joined
19 Dec 2006
Posts
9,668
Location
UK
If you had a proper AV on the incoming server that gets email then this wouldnt have happened :rolleyes: :p

And that just brings us back to my original point about people thinking av is the final solution and infallable :p
 
Soldato
Joined
11 Sep 2007
Posts
5,363
Location
from the internet
I quite like how many users (not aimed specifically at anyone in this thread as far as I can tell) seem to think all malware will proudly proclaim that it is on the user's machine; that websites will be blocked, that toolbars will flash, that porn will be advertised at you, that your MSN contact list will rage at you for having given them a virus :)p) - ignoring the possibility that there may be some software in the background quietly waiting to use your PC as a part of a bot-net or even actively harvesting personal data (e.g. a keylogger - if you're lucky it might just want your password to world of warcraft).
 
Soldato
Joined
7 Apr 2004
Posts
4,212
I still will never bother running a host based AV on my home machines.

It's an impossible argument to win with anyone though and obviously not everyone has the same requirements :p
 
Soldato
Joined
13 Nov 2002
Posts
3,584
Thank ( insert your deity here ) for Software Restriction Policies.

If it's not already in \Program Files or \Windows, it will be scratching its head wondering why it can't execute.
 
Soldato
Joined
16 Jan 2003
Posts
9,932
Location
Nottingham
Runs fine, WU works and pulls down a dozen of so fixes and running the scans again doesn't find anything.

THIS is why we use anti-virus people!

/rant/breathe/collapse in puddle of caffine.

How many of those virus's/malware would have gotten installed if the guy had been up to date with Windows update in the first place though?
 
Soldato
Joined
21 Oct 2002
Posts
18,022
Location
London & Singapore
A few problems with this thread:

- Screenshot provided in the OP is an XP machine, major fail right there
- XP doesn't have UAC
- ... and is no doubt running on an Administrator account
- The "viruses" shown could simply be cookies, i.e. text files, that AV products use to increase their sense of self importance
- Nobody, not even on this forum, suggests that clueless users should run with no AV. It is strictly something that certain power users can consider doing. Those that have intimate understanding of the way Windows works. The sort of geeks that have a subscription to the CERT mailing list.
 
Soldato
Joined
18 Oct 2002
Posts
7,667
Location
"Sunny" Plymouth
- The "viruses" shown could simply be cookies, i.e. text files, that AV products use to increase their sense of self importance

It was a couple of dozen entries from adware (the usual shopper "help" stuff) and almost everything else was tagged as a trojan or BHO.

Machine starts and loads into windows with 5 minutes now!
 
Top