Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
in [Anti-Virus]
|
Prev: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
Next: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
From: FromTheRafters on 24 Mar 2010 21:51 "Peter" <pete.ivesAll_stRESS(a)blueyonder.co.uk> wrote in message news:MPG.26140e0554097fa59899a4(a)news.virginmedia.com... > In article <0e0f17c7-572c-4f3f-a85c- > 7a42a361cf89(a)d27g2000yqf.googlegroups.com>, rex.ballard(a)gmail.com > says... >> On Mar 23, 3:51 am, RayLopez99 <raylope...(a)gmail.com> wrote: >> > Seriously, has anybody seen--or even heard--of a serious virus >> > (including rootkit or malware) problem in Windows when using >> > commercial antivirus protection? >> >> Bagel, Sky, and several others have variants that can disable actual >> virus checking and/or quarantine measures without letting the user >> know they have been disabled. Fixing things that have been corrupted >> this way can be very ugly. >> >> I've had at least a dozen viruses over the last 10 years that have >> been so difficult to remove or did such damage that I eventually had >> to re-image the hard drive. >> > > In my experience with Windows, the only reason I would have to re- > install because of a virus infection would be if I couldn't get into > the > O/S at all. Either normally or in safe mode. You don't need "the OS" to affect the files on the suspect disk. You need "an OS" of sorts. Boot to an alternate OS that supports the file system structure (CD, USB, many modern BIOSs support USB booting). Scan infectable files for virus signatures. > Even then you can remove > the HD and scan it from another machine to see if it is actually a > virus > prevent startup or some other problem. If you can get into the O/S > you > can get rid of any virus. Period. Unless the suspect computer's hardware (firmware) is suspect, there is no need (and complications can arise from hosting two versions of NTFS on a system). > Virii have a source. A point of origin when the computer starts. Virii is the wrong term, and viruses can start when one of their hosts is invoked. > Eliminate the start point or points from running and the virus becomes > dormant and you can then remove it without it putting itself back on > your system. Yes, it can be a waste of time trying to fight an active malware infestation. Stop the process(es) - then remove the files and reverse the data changes. In a sense, the difference between a worm and a virus is that the worm instantiates its replicant. The virus *might* execute, but the worm *will* execute. My point being that the virus need not make any provision for its replicant to be executed in turn (no startup mechanism other than the chance a host will be invoked).
From: Char Jackson on 24 Mar 2010 23:08 On Thu, 25 Mar 2010 00:25:29 GMT, Dustin Cook <bughunter.dustin(a)gmail.com> wrote: >I did a service call this afternoon, modern cable modem >install. The customer declined (yep!) the free router included and opted >to plug directly into the cable modem via USB instead of the NIC card. >The customer contacted me due to a "virus" issue they sustained about 3 >hours after going online. > >It was a bootlegged windows XP pro system with no service pack; and this >is the funniest part, actually using the original blacklisted key; which >is why it had no service packs....Plugged directly into the cable modem, >bypassing any benefits the router would have offered them (they're >rebranded linksys routers), slower speed, and a nice antivirus2010XP >infection. > >I removed the problem, fixed the system up as best as I could; and >explained how to keep himself a little safer. As the customer is >unwilling to obtain a legitimate copy of windows, I explained that either >myself would be back or you'd be calling another person, but either way, >your going to pay for the problems of a non updatable copy of windows. I've seen more than my share of non-legitimate XP installations, but I've never seen one that wasn't updatable via Service Packs and security patches. If the system wasn't able to be updated, I doubt it was because of the license status.
From: Dustin Cook on 24 Mar 2010 23:16 Char Jackson <none(a)none.invalid> wrote in news:rmklq5hc84mnse45kt93j97etjgk4u8ee6(a)4ax.com: > On Thu, 25 Mar 2010 00:25:29 GMT, Dustin Cook > <bughunter.dustin(a)gmail.com> wrote: > >>I did a service call this afternoon, modern cable modem >>install. The customer declined (yep!) the free router included and >>opted to plug directly into the cable modem via USB instead of the NIC >>card. The customer contacted me due to a "virus" issue they sustained >>about 3 hours after going online. >> >>It was a bootlegged windows XP pro system with no service pack; and >>this is the funniest part, actually using the original blacklisted >>key; which is why it had no service packs....Plugged directly into the >>cable modem, bypassing any benefits the router would have offered them >>(they're rebranded linksys routers), slower speed, and a nice >>antivirus2010XP infection. >> >>I removed the problem, fixed the system up as best as I could; and >>explained how to keep himself a little safer. As the customer is >>unwilling to obtain a legitimate copy of windows, I explained that >>either myself would be back or you'd be calling another person, but >>either way, your going to pay for the problems of a non updatable copy >>of windows. > > I've seen more than my share of non-legitimate XP installations, but > I've never seen one that wasn't updatable via Service Packs and > security patches. If the system wasn't able to be updated, I doubt it > was because of the license status. > > Sigh, sorry jack.. No cigar for you. It's a known fact (look it up!) that certain VLK keys (which is what it actually is) are infact, blacklisted and you cannot apply a later service pack which is aware of the key if your using one. Any, servicepacks that is which are aware of the blacklisted key. As the original SP1 is no longer available (it's 1a now) that includes.. well, all of them. Essentially, any system that informs you it's counterfeit may or may not allow you to reinstall; say.. SP3. Sadly tho, this guy as I said used the original bad boy VLK key which started it all. Service packs since v1a know this key and will not allow you to install them. In fact, your shown a nice screen about the disadvantages of pirating software and offered ways to contact microsoft to resolve this issue. Resolving means, reinstalling Windows; as you have a VLK edition and short of having done the VLK licensing, you aren't supposed to have this version. The VLK windows are not OEM nor are they retail... They are a modified OEM, with a specialized key which does not ever require activation. It's to make life easier for some... -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: Dustin Cook on 25 Mar 2010 01:53 Char Jackson <none(a)none.invalid> wrote in news:blplq5ts2lqpj3mvsr0vbem5eqhed51uc8(a)4ax.com: > I'll take your word for it since I don't know where you'd like me to > "look it up!". All I can say is that I have *never* seen an XP system http://en.wikipedia.org/wiki/Windows_XP And I quote: " Product key testing In addition to activation, Windows XP service packs will refuse to install on Windows XP systems with product keys known to be widely used in unauthorized installations. Like I said in my previous response to you, I've been in the PC field for a very long time. I was A+ certified when it was still a "cool" thing to waste money on. I used wikipedia for the first link convenience only. You can find the same information on the laborinth of MS website. They're proud of that .. ehh, feature actually. > Are you sure you aren't confusing Service Packs and security updates > with being able to visit Windows Update and browsing through the > available updates that way? Are you sure you should be repairing peoples PCs and charging them for your clear lack of knowledge on the subject? Seriously, how long have you been fixing computers professionally? I know halfwits who are aware of the blacklisted key issue with VLK (sometimes wrongly referred to as "corporate" copies of windows) and you don't? You critize me claiming I must have done something incorrectly; yet... the machine was using the original FCKGW key; short of changing that key for the client (which I cannot do for ethical reasons) they are indeed, fucked. No two ways about it. No service packs, nada.. Not going to happen for them. Without atleast SP2 I think it is now, you can't even get critical updates. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: Peter on 25 Mar 2010 06:57
In article <7e8e38d3-ebf3-439a-96ad- d60f4b46bde8(a)g28g2000yqh.googlegroups.com>, rex.ballard(a)gmail.com says... > On Mar 24, 7:55�am, Peter <pete.ivesAll_stR...(a)blueyonder.co.uk> > wrote: > > In article <0e0f17c7-572c-4f3f-a85c- > > 7a42a361c...(a)d27g2000yqf.googlegroups.com>, rex.ball...(a)gmail.com > > says... > > > On Mar 23, 3:51�am, RayLopez99 <raylope...(a)gmail.com> wrote: > > > Virii have a source. A point of origin when the computer starts. � > > Eliminate the start point or points from running and the virus becomes > > dormant and you can then remove it without it putting itself back on > > your system. > > That isn't always the case. Sky, Bagel, and BugBear not only keep > reinstalling theselves, they also disable the antivirus AND keep it > from letting you know that it's not working. > > Why would you resort to trusting your virus software when checking for if the O/S is infected with a virus? That's only used to catch a virus and prevent infection in the first place. Chances are, if your machine is already infected your AV ain't going to put it right. You're going to have to use other methods to get it removed and only get the AV running once the machine is not running infected. If I suspect a machine to be infected I'm not going to rely on my AV to root it out. I'm going to check manually for it in the known startup areas of windows. I'm going to look and see what's currently running to determine if there's anything that shouldn't be there and stop it. Once I've tracked down the suspected startup processes I'm going to stop them from running when the computer starts. Ok, sometimes this can take time, but eventually it CAN be done. How can Sky, Bagle and Bugbear keep reinstalling themselves if they're not running. Admittedly, I was a little quick with my previous post. If windows system files have become infected you may have no other course of action but to replace them with known good files. Dependent on how many files this is, it may require the system files to be overwritten by some kind of repair install. -- Pete Ives Remove All_stRESS before sending me an email |