cancel
Showing results for 
Search instead for 
Did you mean: 

Viruses

amasike
Dabbler
Posts: 15
Registered: ‎24-10-2009

Viruses

Hi,
Please can anyone out there help me.  My computer was attacked last week byTrojans, svchost.exp.mdmp and appcompat.txt and many more, even though I had AVG and Spybot.  I installed other software and was able to get rid of some of the viruses but not all.  I phoned the Computer Engineer and he has worked on the computer three times now, the last time taking it away and stripping it down.  He brought it back today but someone is still using me as a host and eating up my internet allowance.  Avast anti virus is blocking threats but Generic Host Win 32 tells me svchost and appcompat viruses are still there.
I contacted Plusnet to ask for a new IP address as suggested by the Computer Engineer but they asked me to change the wireless encryption to make sure that I had a secure connection.  I have done all that but it is making no difference.  I found out last week that Plusnet had a firewall, so I have set that to low.  Still someone is able to turn off my firewall and access my computer.
I have a small netbook which I have been using since my computer has been down.  It is wireless just the same as my desktop and it uses the same Plusnet internet connection as my desktop but I don't have any problems with viruses on it.  I don't understand how that can be.
As a warning to everyone out there, if you receive any emails with the subject bill, service support or support, do not click on them because they probably contain virsuses, as that was how I got mine via Orange, in an email from Russia.
Doreen Cry
29 REPLIES 29
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Viruses

The first thing to try is to run Malwarebytes (free version) as that is the best at removing real nasties http://www.malwarebytes.org/
Do you know what the computer engineer did as from your description he didn't seem to have much idea about removing viruses
Did he suggest a proper firewall
What other software have you tried
I have moved this thread to the Windows Section as it isn't a broadband problem
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: Viruses

I think your computer engineer has failed you.
I can't imagine why a change of IP address would make any difference, but hey, rebooting your router will achieve that most of the time anyway, no need to contact Plusnet.
Unless your router has been compromised as well, which is possible, but very rare, the engineer asking for a new IP address seems to demonstrate a lack of understanding how networks work.
Someone from outside your home on the internet is extremely unlikely to be able to contact your PC unless your PC contacts them first.
I think the suggestion by Plusnet to ensure your wireless is secure was a good move, as it could be a neighbour that is using your bandwidth, or who has a compromised PC that is infecting yours.
Merely opening an email btw should not get you any kind of virus, it is possible, but would be a sophisticated attack, if you got a virus from an email it is almost certain that you opened an attachment or allowed your email client to download content, both of these things should not be done unless you are already certain of the veracity of the source.
As for your infected PC, either reinstall from the install/recovery disks yourself, or find another (and hopefully competent) engineer to do this for you.  The downside you will loose any information stored on the computer but not backed up.
Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Re: Viruses

Quote from: fourfourdevon
Merely opening an email btw should not get you any kind of virus, it is possible, but would be a sophisticated attack, if you got a virus from an email it is almost certain that you opened an attachment or allowed your email client to download content,
I got an E-Mail from Argos a couple year ago on windows XP, I merely opened the E-Mail to read It and got Infected by a trojan.
If life gives you lemons, make lemonade.
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Viruses

ignorance is bliss Cool Cool
when you open any e-mail, if it has attachments they also auto open, try one with pictures on it
If I am not sure, I look at the source listing,  I have stopped a few like that
gswindale
Grafter
Posts: 942
Registered: ‎05-04-2007

Re: Viruses

Quote from: pierre_pierre
when you open any e-mail, if it has attachments they also auto open, try one with pictures on it

Thankfully they don't.  I'd be in serious trouble if everytime I opened an email all the attachments auto-opened - I'd have PDF files & Excel spreadsheets popping up like no tomorrow.
Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Re: Viruses

Well ever since then I have blocked Images when opening any e-mail.
If life gives you lemons, make lemonade.
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Viruses

I am a Computer Engineer.  Any decent Computer Engineer should be able to remove your computer virus, or if all else fails as a last resort they can back-up your data then restore your computer to its factory state.  It does not sound as if your Computer Engineer knows what he is doing.  Some viruses operate a "buddy" system; they have two independent components and if one is removed the other resurrects it.  Some viruses are very well concealed.  But a decent Computer Engineer should cope with either scenario and remove the virus using specialist software (like 'Malwarebytes') coupled with manual intervention
Although some viruses are capable of transmission across a network, the vast majority do not do this so there is no reason to suppose your netbook would be or will be infected.
I don't see that changing your IP address will give you any protection.  Most people get a new IP address every time their router re-establishes a connection and any decent virus can cope with that.  Don't worry about a new IP address until you have got rid of the virus; even then I'm not sure if it is necessary.  If you have paid Plusnet for a fixed IP address and your computer has been spreading malware then your IP address may be acquiring a bad reputation.  That's the only reason I can think of for advocating a change.
Although there was a time when merely opening an email could give you a virus, this should not happen now.  What you should not do is open an attachment to an email or click on a link in an email, unless you are very sure of the source.
amasike
Dabbler
Posts: 15
Registered: ‎24-10-2009

Re: Viruses

Hi fourfourdevon,
I have used the same engineer for many years.   He is qualified and he has never let me down up until now.
The email had no attachments, I merely opened it and saw that it had smut on it.
If my router had been compromised then that would have affected my netbook as well.
Even though I changed my wireless encryption key someone still managed to break through Plusnet firewall, remove my firewall and access my computer.
There is nothing left on my computer for anybody to access or steal, as I removed my documents and music after I got the message that someone was trying to hack into my computer and steal my identity and bank details, so apart from the files that run the system etc. there is nothing.
There are only 4 houses in my street.   Two of the neighbours are pensioners and do not have internet.   The other neighbour is disabled and though he has internet access, he doesn't use the internet.   He only has it for the kids to use when they come at the weekend.
amasike
Dabbler
Posts: 15
Registered: ‎24-10-2009

Re: Viruses

Hello ReedRichards,
Thanks for the information.
I phoned the Engineer earlier and he is coming out on Wednesday to restore the computer to it's factory state.  Let's hope that will be the end of the problem.
As far as I know I do not pay Plusnet for a fixed IP address.
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: Viruses

Quote from: pierre_pierre
ignorance is bliss Cool Cool
when you open any e-mail, if it has attachments they also auto open, try one with pictures on it
My email systems stop autodownloading images many years ago, and ask me if I want to download them, but PDF's, EXE's, XLS's etc never automatically download and open, well not unless you are still using a version of Outlook Express from circa 1997.
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: Viruses

Quote from: amasike
The email had no attachments, I merely opened it and saw that it had smut on it.

Then it is unlikely to be the source of your infection, other than the "smut" and it being from Russia, do you have any other reasons to believe it was the source?
Quote from: amasike
If my router had been compromised then that would have affected my netbook as well.

Maybe, maybe not, netbooks tend to have different Operating Systems to desktop computers and it may well be that its not susceptible to this infection, but I would need more details to say for sure.
Quote from: amasike
Even though I changed my wireless encryption key someone still managed to break through Plusnet firewall, remove my firewall and access my computer.

Your wireless encryption key has no impact what so ever on the Plusnet firewall, none, zero, nada, not a thing.  But if you have your system set to use WAP security then your wireless security is as good as it gets.
And you are confused, if your PC is infected then the Plusnet firewall will not help you at all, when you have an infection the infected PC contacts other computers on the internet asking what to do, Plusnets firewall will never be able to prevent that, otherwise it would prevent you from using the internet.
Quote from: amasike
There is nothing left on my computer for anybody to access or steal, as I removed my documents and music after I got the message that someone was trying to hack into my computer and steal my identity and bank details, so apart from the files that run the system etc. there is nothing.

Oho!  I am afraid that message was almost certainly false, a lie, a scare tatic, an attempt to get you to download and install infected software.  What did you do after receiving the message?
Quote from: amasike
I have used the same engineer for many years.   He is qualified and he has never let me down up until now.

Well, from what you say here, he doesn't seem to be doing a good job, I would urge you to find a new one, any computer engineer worth their salt would have been able to remove an infection by now.  You will see it's not just me saying this.
Quote from: Oldjim
Do you know what the computer engineer did as from your description he didn't seem to have much idea about removing viruses

Quote from: ReedRichards
I am a Computer Engineer.  Any decent Computer Engineer should be able to remove your computer virus, or if all else fails as a last resort they can back-up your data then restore your computer to its factory state.  It does not sound as if your Computer Engineer knows what he is doing.
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Viruses

Quote from: amasike
.... I removed my documents and music after I got the message that someone was trying to hack into my computer and steal my identity and bank details ....,

Wait a minute, amasike, you did not mention that originally.  No genuine software (or individual) gives you messages like that.  But at the moment there is a huge amount of fraudulent "security software" around that is very prone to such alarmist tactics.  So it's likely that some or all of the messages you have been seeing about computer viruses are not genuine, just designed to scare you into paying money for a fake product.  There are also criminals who will call you on the phone with the same sort of alarmist message. 
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Viruses

Quote from: amasike
As far as I know I do not pay Plusnet for a fixed IP address.

Then restarting your router will change your IP address.  Your Computer Engineer should know this so if he advised you to change your IP address he was talking through his hat.
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Viruses

Quote from: fourfourdevon
... But if you have your system set to use WAP security then your wireless security is as good as it gets.

That's WPA (not WAP), "Wireless (or Wi-Fi) Protected Access" http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access .