Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
in [Anti-Virus]
|
Prev: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
Next: Seriously, has anybody ever seen a serious virus problem in Windows when using AV protection?
From: Dustin Cook on 25 Mar 2010 13:29 RayLopez99 <raylopez88(a)gmail.com> wrote in news:deb45e3d-f9d3-47cd-8811- a4fd2db2ba0d(a)t23g2000yqt.googlegroups.com: > On Mar 25, 2:25�am, Dustin Cook <bughunter.dus...(a)gmail.com> wrote: >> >> Believe it. I did a service call this afternoon, modern cable modem >> install. The customer declined (yep!) the free router included and opted >> to plug directly into the cable modem via USB instead of the NIC card. >> The customer contacted me due to a "virus" issue they sustained about 3 >> hours after going online. >> >> It was a bootlegged windows XP pro system with no service pack; and this >> is the funniest part, actually using the original blacklisted key; which >> is why it had no service packs....Plugged directly into the cable modem, >> bypassing any benefits the router would have offered them (they're >> rebranded linksys routers), slower speed, and a nice antivirus2010XP >> infection. > > Slower speed when you don't use a NIC card but use a USB makes sense. USB for network traffic when a NIC card is present doesn't make *any* sense to me. You only have so much bandwidth on the USB interface and that's shared between everything plugged in. > Router would I think have a hardware firewall, but in theory a > software firewall should also do the trick, though I have both running > on my machines. A software firewall is easier to compromise or just turn off. A hardware state inspection firewall is much better. > Good war story, and it shows it's not Windows at fault, but the user. Not a war story, pretty typical actually.. > And the user is pretty dumb, though people like him keep you employed. People like him and perhaps yourself as well. :) -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: chrisv on 25 Mar 2010 13:58 Dustin Cook wrote: > RayLopez99 <raylopez88(a)gmail.com> wrote Stupid troll feeder. *plonk*
From: Dustin Cook on 25 Mar 2010 16:15 chrisv <chrisv(a)nospam.invalid> wrote in news:pan.2010.03.25.17.58.57.422081 @nospam.invalid: > Dustin Cook wrote: > >> RayLopez99 <raylopez88(a)gmail.com> wrote > > Stupid troll feeder. > > *plonk* Damn, I've been plonked by a dimwit usenetter. I'm so.. ashamed or something. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: Peter on 26 Mar 2010 06:47 In article <Xns9D468A0A43FF2HHI2948AJD832(a)69.16.185.250>, bughunter.dustin(a)gmail.com says... > Peter <pete.ivesAll_stRESS(a)blueyonder.co.uk> wrote in > news:MPG.26155e43d8d9c8ab9899a7(a)news.virginmedia.com: > > > In article <Xns9D4614511B840HHI2948AJD832(a)69.16.185.250>, > > bughunter.dustin(a)gmail.com says... > >> Char Jackson <none(a)none.invalid> wrote in > >> news:blplq5ts2lqpj3mvsr0vbem5eqhed51uc8(a)4ax.com: > >> > >> > I'll take your word for it since I don't know where you'd like me > >> > to "look it up!". All I can say is that I have *never* seen an XP > >> > system > >> > >> http://en.wikipedia.org/wiki/Windows_XP > >> > >> And I quote: " > >> Product key testing > >> > >> In addition to activation, Windows XP service packs will refuse to > >> install on Windows XP systems with product keys known to be widely > >> used in unauthorized installations. > >> > >> Like I said in my previous response to you, I've been in the PC field > >> for a very long time. I was A+ certified when it was still a "cool" > >> thing to waste money on. > >> > >> I used wikipedia for the first link convenience only. You can find > >> the same information on the laborinth of MS website. They're proud of > >> that .. ehh, feature actually. > >> > > > > Please provide a link other than Wikipedia. I've searched for this > > activation issue with sp3 and can only find the Wikipedia link. Can't > > find any mention of it on Microsoft Support or anywhere else. As Char > > Jackson stated, updates are still allowed even if WGA fails and this > > is the first I've heard of service packs not being allowed. > > *sigh*. This is really easy, I've provided a primary google link; and > then I followed it up with the wikipedia link. I went so far as to > provide the first 5 characters of the infamous blacklisted key. I can do > no more homework for you or anyone else. > > If you or anyone else here honestly didn't know about this problem, you > do now. If you still think it's untrue, go fetch the key FCKGW change one > of the VLK machines to this key and try loading a service pack... :) > > > Ok, I'm curious enough to want to give this a try, though all my machines are up to date so in order to test this I'm going to have to do a fresh install on a new HD. Just need to clear some things up though. Once XP is installed, using the key you mentioned (ends in 2B7Q8, yes?), will sp2 or sp3 fail to install immediately after fresh install, or will I have to update this machine with the various updates first, including the WGA update? Don't want to spend over an hour on this only to find I need to do it again correctly. -- Pete Ives Remove All_stRESS before sending me an email
From: Peter on 26 Mar 2010 07:07
In article <hofnv7$90s$1(a)news.eternal-september.org>, erratic(a)nomail.afraid.org says... > "Peter" <pete.ivesAll_stRESS(a)blueyonder.co.uk> wrote in message > news:MPG.261563dffec546a19899a8(a)news.virginmedia.com... > > >> Unless the suspect computer's hardware (firmware) is suspect, there > >> is > >> no need (and complications can arise from hosting two versions of > >> NTFS > >> on a system). > >> > > > > Of course I wouldn't be trying to boot the virus infected O/S in > > another > > machine. I would just be wanting to get access to the HD. > > When the host machine sees the NTFS volume, it may revise it. Bringing > it back to its home system may create version soup problems where the > file system is a "newer" revision than the current OS supports. > That's a big 'May'. I've attached secondary NTFS volumes on many occasions without any issues. As far as the original boot O/S is concerned it's just another HD with files on. You're suggesting it's going to give it a different volume ID I presume. Never seen it happen here. > [...] > > >> Yes, it can be a waste of time trying to fight an active malware > >> infestation. Stop the process(es) - then remove the files and reverse > >> the data changes. In a sense, the difference between a worm and a > >> virus > >> is that the worm instantiates its replicant. The virus *might* > >> execute, > >> but the worm *will* execute. My point being that the virus need not > >> make > >> any provision for its replicant to be executed in turn (no startup > >> mechanism other than the chance a host will be invoked). > >> > >> > > That last line doesn't seem clear. You seem to be saying that a virus > > can run without requiring any means to get it started other than the > > host machine starting up. > > No, viruses (in this vein) are hosted by "programs" not "machines". You > can start the machine, look at all known start methods (run keys, BHOs, > etc...), find no suspicious processes running. No active malware at all > (full scan by antimalware also finds no inactive malware). Yet, when > (for instance) an "infected" text editor is invoked, the virus becomes > resident. > , > > How can that be? Of course I'm aware of new > > XP machines with no updates or service packs and open connections to > > the > > internet getting infected within minutes/hours, but how does a machine > > become infected if it's completely cut off and there is no obvious > > connection to the virus to get it started? Despite the fact the virus > > file(s) may well still be on the machine, but not yet located. > > If self-replicating malware doesn't use a host "program", it will > probably have another way to start. These types are commonly termed > "worms". > > A virus can hide in a program that you use every time you fire up the > computer, or in a program that you only use once in a blue moon. Viruses > don't "care" whether they run or not - they might not be interested in > anything (data, computing power, serving you advertisements) they may > just sit there until you fire up your tax program for the 2013 tax > season and activate a payload if the date is after dec 21st 2012. > > (I do expect a rash of malware to have trigger dates in line with the > ending of the Mayan calendar) > > People are so used to having malware that wants to *use* their computing > power that they forget that malware can also just be interested in > spoiling your day by ending their computing power - like the old days. > > > Then maybe it's time some o/s does CRC checking on all programs and pops up a warning if the CRC check fails when trying to run it. Obviously the CRC checker software would have to have to be locked down tight to prevent it from becoming the target of attacks. -- Pete Ives Remove All_stRESS before sending me an email |