I learned a good lesson the other day, always back your shit up, use anti-virus, keep it updated, and use anti-spyware. The other day we were at my friends house, and he was playing counter strike, and I was downloading music. For some reason, my connection was limited at 45 Kbps (Its usually around 90 Kbps), and his ping times on his game were absolutly shitty. After taking a look around at what was going on, we figured out that I had a trojan horse dumping a ton of shit in to my computer. So, we ran AVG and it wasn't on my computer for more than 20 seconds, and it started detecting viruses like crazy. So, my computer is totally fucked, I lost about 300 MB of my MP3's (Which is alot, considering I use dial-up at my house) and all of my old stuff from my last semester of school. I haven't used virus protection ever on it, because it slows it down a bit (Its a Pentium 2) I haven't used it for half a year, and it hasn't ever had an effect until now. I saved about 300 MB of Mp3's on my other computer, and some important school stuff I had backed up via FTP, but thats about it. So, now my computer is fucked, but I learned a good lesson, if you are reading this and you dont have protection, well, look what happened to my computer.

Just my two cents.

I found a 3 gig file while trying to free up space a few days ago, I can only assume was the result of a Trojan...and hope that I killed it somehow.

While I fully agree that backups are very important, I don't see how a virus/trojan infection would have caused you to loose any data. It has been a long time since any widespread malware did any permanent damage to data. Worst case you would have had to re-install your OS (and that is rare), but your data would have been salvageable.

You already said you had a second PC which is the best tool you can have when trying to remove viruses/trojans/spyware. Simply put the infected HD in the other machine as a slave and you will be able to scan and delete the bad files on it without the malware interference. Once you get rid of all the bad files put the drive back and then run another scan to get rid of any registry keys that got left behind. Even if you can't clean it this way you could have copied your files onto your second PC.

I don't mean to sound arrogant here, but I have been using computers for many years without any form of active virus or spyware scanning and I have never been infected. Even on a fast PC the resource use of real time scanners just isn't worth it.

Today's malware is easy to identify and avoid. Old school file/bootsector infection viruses were fun, but all current stuff does is drop a few files and registry keys which are easily found and killed. I have cleaned hundreds (probably over a thousand now) of PCs and I have never once had to "nuke and pave" and resort to formatting the drive. Even if your AV/Spyware scanner doesn't clean everything a bit of logic and common sense will tell you what files are malware and should be killed.

SnArF, if you haven't already formatted your PC I would be glad to help you out.

Posted by SnArF I learned a good lesson the other day, always back your shit up, use anti-virus, keep it updated, and use anti-spyware. The other day we were at my friends house, and he was playing counter strike, and I was downloading music. For some reason, my connection was limited at 45 Kbps (Its usually around 90 Kbps), and his ping times on his game were absolutly shitty. After taking a look around at what was going on, we figured out that I had a trojan horse dumping a ton of shit in to my computer. So, we ran AVG and it wasn't on my computer for more than 20 seconds, and it started detecting viruses like crazy. So, my computer is totally fucked, I lost about 300 MB of my MP3's (Which is alot, considering I use dial-up at my house) and all of my old stuff from my last semester of school. I haven't used virus protection ever on it, because it slows it down a bit (Its a Pentium 2) I haven't used it for half a year, and it hasn't ever had an effect until now. I saved about 300 MB of Mp3's on my other computer, and some important school stuff I had backed up via FTP, but thats about it. So, now my computer is fucked, but I learned a good lesson, if you are reading this and you dont have protection, well, look what happened to my computer. Just my two cents.

You forgot a step--test your backups! Nothing worse than having to do a restore from a corrupted backup....

EGV

Posted by Washu While I fully agree that backups are very important, I don't see how a virus/trojan infection would have caused you to loose any data. It has been a long time since any widespread malware did any permanent damage to data. Worst case you would have had to re-install your OS (and that is rare), but your data would have been salvageable.

I would have to disagree with you here. You're right, it is a long time since there has been any _widespread_ malware that destroys data, but I wouldn't go so far as to consider this stuff extinct. Case in point: I've got a friend who lost *years* worth of data to a Word macro-virus. I booted the machine using a Linux live cd; the files still appeared to be on his hard drive, but when examined with a hex editor, all the bytes were nulled out. We ended up sending the drive to a data recovery service; even they couldn't recover his data--he's completely SOL. (Needless to say he didn't have any backups...)

I think it's only a matter of time before someone decides to attach a really nasty payload to a virus/trojan; come to think of it, the latest thing seems to be using a trojan to get into a victim's computer, encrypting the victim's data and offering to provide the decryption keys for a several-hundred dollar fee.

[snip]

Posted by Washu I don't mean to sound arrogant here, but I have been using computers for many years without any form of active virus or spyware scanning and I have never been infected. Even on a fast PC the resource use of real time scanners just isn't worth it.

I've never been infected either, and certainly won't be since I use Linux fulltime The difference with you and I is that we have an idea of what we're doing, and know what to avoid... the average user doesn't. In fact, I would go so far as to say that many users border on ineducable with respect to this subject--the advice just goes in one ear and out the other.

Posted by Washu Today's malware is easy to identify and avoid. Old school file/bootsector infection viruses were fun, but all current stuff does is drop a few files and registry keys which are easily found and killed. I have cleaned hundreds (probably over a thousand now) of PCs and I have never once had to "nuke and pave" and resort to formatting the drive. Even if your AV/Spyware scanner doesn't clean everything a bit of logic and common sense will tell you what files are malware and should be killed.

Re-formatting one's drive is truly a last resort; I suspect some people do it because they either don't know how to deal with it otherwise, or just feel that it would be easiest and quickest to start from scratch.

EGV

Posted by ex-goose-villager I would have to disagree with you here. You're right, it is a long time since there has been any _widespread_ malware that destroys data, but I wouldn't go so far as to consider this stuff extinct.

I'm not saying data destroying malware doesn't exist, just that it's exceedingly rare today. It's been a long time since Norton (at work, 500 PCs) has seen any "real" viruses and even macro viruses seem to have died off. All it is is stupid mass mailer trojans. And even if we didn't have Norton, no one runs as admin at work so the trojans could not install themselves.

I think it's only a matter of time before someone decides to attach a really nasty payload to a virus/trojan; come to think of it, the latest thing seems to be using a trojan to get into a victim's computer, encrypting the victim's data and offering to provide the decryption keys for a several-hundred dollar fee.

I heard about that one, but as far as I was aware it didn't get very far plus the "encryption" was broken so no one has to pay up.

I've never been infected either, and certainly won't be since I use Linux fulltime

I'm a FreeBSD man myself. While Linux/BSD do have better security overall, in most cases it's not a security failing of windows that allows these programs to install, it's stupid users running as admin. Run as a regular user and 99% of this crap goes away no matter how stupid the person at the keyboard is. I setup all my friends and PCs I clean with a user and an "install" account. Once I explain why I did this and how to use it everyone has been happy and malware free. Hopefully Microsoft will force this to be the default in the next version of windows.

Posted by Washu I'm a FreeBSD man myself. While Linux/BSD do have better security overall, in most cases it's not a security failing of windows that allows these programs to install, it's stupid users running as admin. Run as a regular user and 99% of this crap goes away no matter how stupid the person at the keyboard is. I setup all my friends and PCs I clean with a user and an "install" account. Once I explain why I did this and how to use it everyone has been happy and malware free. Hopefully Microsoft will force this to be the default in the next version of windows.

Correct me if I'm wrong, but my understanding is that a lot of software doesn't want to play nicely if the user doesn't have admin rights. (Now maybe I'm getting confused in that the software requires admin rights to install, as opposed to run.) Could you clarify this point for me from your experience?

The reason I'm asking is that you mention looking after a 500 PC network; from my (albeit limited) experience with corporate networks, users don't generally have the option of installing software--the IT department rides shotgun over what is installed and used.


Thanks.

EGV

Posted by ex-goose-villager Correct me if I'm wrong, but my understanding is that a lot of software doesn't want to play nicely if the user doesn't have admin rights. (Now maybe I'm getting confused in that the software requires admin rights to install, as opposed to run.) Could you clarify this point for me from your experience?

There are some programs that don't play nice as a normal user, but they are thankfully becomming less common. Usually it is enough to just install the program as admin and then it should run ok as a normal user. Sometimes you have to run the program as admin once before it will start working.

In a home use situaion one can make shortcuts with the runas command to run stubborn programs as admin. Usualy only crappy games need this.

The reason I'm asking is that you mention looking after a 500 PC network; from my (albeit limited) experience with corporate networks, users don't generally have the option of installing software--the IT department rides shotgun over what is installed and used.

Yep, that's the way it works here. No one except some bigwig road warriors (IE, those who pull rank simply because they can) have admin. We control what gets installed on the PCs. Once we are totaly Win2K/XP (still some NT4 around) then spyware and trojans will no longer be an issue.