Guest David Posted December 21, 2008 Posted December 21, 2008 Winxp sp3, hp windows media edition; ie7; windows defender, avast, spywareblaster. After using her computer for several years with no apparent problem, my daughter's computer started having popups even though she had an av installed. I ran several online scans and nothing was detected. I ran HJT and it found two trojans. One it could delete and that fixed the popups. The other, msziptools.dll, it did not fix. I did a google search and found that it is very hard to remove. I did run an online trojan scan but it did not detect any problem. So I took the computer to a shop to get it fixed. My daughter does not know what she did that allowed malware on her computer. My question is how to detect if malware is on your computer since various malware detection av programs did not detect the trogans. If her computer did not have popups, I would never have started looking. HJT did show them in the 018 category but will it always detect them? David Quote
Guest Shenan Stanley Posted December 21, 2008 Posted December 21, 2008 David wrote:<span style="color:blue"> > Winxp sp3, hp windows media edition; ie7; windows defender, avast, > spywareblaster. > > After using her computer for several years with no apparent > problem, my daughter's computer started having popups even though > she had an av installed. I ran several online scans and nothing > was detected. I ran HJT and it found two trojans. One it could > delete and that fixed the popups. The other, msziptools.dll, it did > not fix. I did a google search and found that it is very hard to > remove. I did run an online trojan scan but it did not detect any > problem. So I took the computer to a shop to get it fixed. My > daughter does not know what she did that allowed malware on her > computer. > My question is how to detect if malware is on your computer since > various malware detection av programs did not detect the trogans. If her > computer did not have popups, I would never have started > looking. HJT did show them in the 018 category but will it always > detect them?</span> There is no guarantee. Notice I did not qualify that in any way - because it applies to everything. No matter what you do to protect yourself (technology-wise for sure) - something can probably get through your defenses. The best defense still is (and likely will remain so for a long time) common computing sense. Knowing what to do and what not to do and actually doing/not doing things accordingly. Whomever (at this moment in time) creates the best AntiVirus software - they know they will be unlikely at the top forever. Something will make it past their defenses and cause an issue that affects many computers and suddenly - you have a new front-runner because some other AV software happened to catch that one particular instance. Happens a lot more than not. Spyware/Malware protections/cleanup is even more dynamic than virus/trojan/worm protection/cleanup. At this point - MalwareBytes and SuperAntiSpyware (in my opinion, mind you) are the top two antispyware applications out there (for cleanup anyway - I will not venture to say what is the best preventative measure.) Other than your own brain and common sense, not much else is actually necessary. A good firewall - okay. Definitely - it's like a good fence. However - if you are careful about how you do things (never log in as an administrative level user, etc) and what you do (don't visit questionable sites (at least not outside of a controlled environment - like a virtual machine) and don't open attachments to emails/instant messages unless you were expecting them and even then - a scan with some AV software would likely be advised first, etc) - the rest is 'jut-in-case' measures. Don't get me wrong - for most people, having a decent and frequently updated AV software is a great idea. I'm not so much into resident AS (AntiSpyware) applications - as (at least at this time) you have to visit specific sites (albeit in the millions) and usually agree to run something to truly have some sort of infection. In other words - there is no protection that is 100% effective. Your experience and use of said experience is the best defense - with the backup of a good firewall and AV software. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html Quote
Guest FromTheRafters Posted December 21, 2008 Posted December 21, 2008 inline "David" <aaa@yahoo.com> wrote in message news:OmG$d47YJHA.1328@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Winxp sp3, hp windows media edition; ie7; windows defender, avast, > spywareblaster. > > After using her computer for several years with no apparent problem, my > daughter's computer started having popups even though she had an av > installed.</span> Viruses are a very specific sort of malware, and AV was designed to deal with them specifically. Other sorts of malware are addressed by other detectors - spyware/adware/foistware/badware whatever. AV has expanded to cover some of the other types of malware, but reliability is a 'hit or miss' proposition. It is best to have 1 good AV plus spyware and general malware detectors - two or so of each so coverage is better. Stealth programs (rootkits) are getting more popular so you have to get rootkit detection also. These programs can hide malware from the other detectors - if fact from the OS itself. <span style="color:blue"> > I ran several online scans and nothing was detected.</span> I wish I could tell you that that really means something, but I can't. Sometimes they're over sensitive about some cookie - and other times oblivious to real malware because the malware is active when the scanning is done. <span style="color:blue"> > I ran HJT and it found two trojans. One it could delete and that fixed > the popups. The other, msziptools.dll, it did not fix. I did a google > search and found that it is very hard to remove. I did run an online > trojan scan but it did not detect any problem. So I took the computer to > a shop to get it fixed. My daughter does not know what she did that > allowed malware on her computer.</span> Probably not her fault, there have been software exploits about. More likely is the exploitation of users' fear of malware. <<<>>>MALWARE DETECTED<<<>>> Your antivirus program detected a virus, click this link and run this program to fix it all up. ftp://driveby_download.com/perfectly_safe_to_clickme.exe Well. they're much more sophisticated than that, but you get the idea. <span style="color:blue"> > My question is how to detect if malware is on your computer since various > malware detection av programs did not detect the trogans.</span> Use one good AV program and supplement it with various other general malware detectors. ....and remember, even these will miss some things. <span style="color:blue"> > If her computer did not have popups, I would never have started looking. > HJT did show them in the 018 category but will it always detect them?</span> The best you can do is to keep everything as updated as you can. Still not a perfect solution. I'm sure a rootkit could hide things from HJT. I'm sure some of the regulars in this group will be happy to recommend their favorite programs. Some will bash Norton and McAfee, but they are good programs that became overgrown is all. Quote
Guest David Posted December 21, 2008 Posted December 21, 2008 Thank you for the answer; however, I still do not know how to detect if some malware is on the computer. In this case, HJT did detect it. Will it always work? I did run MalwareBytes and it did not detect the last trojan. Do I assume that I have a problem and keep running every anti-malware program that I can access and hope for the best? I do follow what I think are safe web practices. They are based on what I read here, on other forums, and magazines. However, the malware programmers seem clever so I doubt that will work forever. David "Shenan Stanley" <newshelper@gmail.com> wrote in message news:OvcbNP8YJHA.728@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > David wrote:<span style="color:green"> >> Winxp sp3, hp windows media edition; ie7; windows defender, avast, >> spywareblaster. >> >> After using her computer for several years with no apparent >> problem, my daughter's computer started having popups even though >> she had an av installed. I ran several online scans and nothing >> was detected. I ran HJT and it found two trojans. One it could >> delete and that fixed the popups. The other, msziptools.dll, it did >> not fix. I did a google search and found that it is very hard to >> remove. I did run an online trojan scan but it did not detect any >> problem. So I took the computer to a shop to get it fixed. My >> daughter does not know what she did that allowed malware on her >> computer. >> My question is how to detect if malware is on your computer since >> various malware detection av programs did not detect the trogans. If her >> computer did not have popups, I would never have started >> looking. HJT did show them in the 018 category but will it always >> detect them?</span> > > There is no guarantee. > > Notice I did not qualify that in any way - because it applies to > everything. > > No matter what you do to protect yourself (technology-wise for sure) - > something can probably get through your defenses. The best defense still > is (and likely will remain so for a long time) common computing sense. > Knowing what to do and what not to do and actually doing/not doing things > accordingly. > > Whomever (at this moment in time) creates the best AntiVirus software - > they know they will be unlikely at the top forever. Something will make > it past their defenses and cause an issue that affects many computers and > suddenly - you have a new front-runner because some other AV software > happened to catch that one particular instance. Happens a lot more than > not. > > Spyware/Malware protections/cleanup is even more dynamic than > virus/trojan/worm protection/cleanup. > > At this point - MalwareBytes and SuperAntiSpyware (in my opinion, mind > you) are the top two antispyware applications out there (for cleanup > anyway - I will not venture to say what is the best preventative measure.) > > Other than your own brain and common sense, not much else is actually > necessary. A good firewall - okay. Definitely - it's like a good fence. > However - if you are careful about how you do things (never log in as an > administrative level user, etc) and what you do (don't visit questionable > sites (at least not outside of a controlled environment - like a virtual > machine) and don't open attachments to emails/instant messages unless you > were expecting them and even then - a scan with some AV software would > likely be advised first, etc) - the rest is 'jut-in-case' measures. Don't > get me wrong - for most people, having a decent and frequently updated AV > software is a great idea. I'm not so much into resident AS > (AntiSpyware) applications - as (at least at this time) you have to visit > specific sites (albeit in the millions) and usually agree to run something > to truly have some sort of infection. > > In other words - there is no protection that is 100% effective. Your > experience and use of said experience is the best defense - with the > backup of a good firewall and AV software. > > -- > Shenan Stanley > MS-MVP > -- > How To Ask Questions The Smart Way > http://www.catb.org/~esr/faqs/smart-questions.html > </span> Quote
Guest Shenan Stanley Posted December 22, 2008 Posted December 22, 2008 <snipped> <entire conversation> http://groups.google.com/group/microsoft.p...1f894fe9cbe35cd <end entire conversation> David wrote:<span style="color:blue"> > Thank you for the answer; however, I still do not know how to > detect if some malware is on the computer. In this case, HJT did > detect it. Will it always work? I did run MalwareBytes and it did > not detect the last trojan. Do I assume that I have a problem and > keep running every anti-malware program that I can access and hope > for the best? I do follow what I think are safe web practices. They are > based on what I read here, on other forums, and magazines. > However, the malware programmers seem clever so I doubt that will > work forever.</span> I think that was all covered. ;-) Q: "In this case, HJT did detect it. Will it always work?" A: No guarantees. Q: "Do I assume that I have a problem and keep running every anti-malware program that I can access and hope for the best?" A: Depends on the situation and your level of paranoia and reason for the paranoia. If you want to keep what you have, have not made good backups, refuse to pay anyone to clean it up for you and keep things installed/the way they are - then yes - that is what you do; find the best current applications and instructions and run said applications following said instructions and hope you get everything. Or you format and install the system over. Or you apply an image from the last time you cleanly installed everything and then restore your personal files and such back onto the machine from your frequent file/folder backups. Nothing works forever. Computers - in general - just move faster than traditional changes. What might take years, decades, centuries to evolve in some other mediums might take hours, days, weeks, months on a computer. What was 'new/great' last night might fail on thousands of computers tomorrow. ;-) Nothing I could tell you now (how to detect and clean up malware) could I guarantee to work at all - much less guaranteeing it beyond that. Constant learning curve - uphill - all the time. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.