Re: anti-malware progs ineffective

From: keith (krw_at_att.bizzzz)
Date: 01/29/05 

Date: Sat, 29 Jan 2005 13:43:28 -0500

On Sat, 29 Jan 2005 17:04:49 +0000, Ken Smith wrote:

> In article <pan.2005.01.29.04.19.21.358059@att.bizzzz>,
> keith <krw@att.bizzzz> wrote:
> [...me...]
>>> That is sort of what I suggested, but I don't think you can trust the
>>> downloaded version of a program for very long. The next time your
>>> computer gets hit, the virus may modify the downloaded files too.
>>
>>They normally infect the installed files, not the raw downloaded files.
>
> If the download file is a selfextracting file you run, it can be infected.
> Many viruses watch what you run and infect the files you exec. If you
> save the file and don't exec the saved on the virus may not see it to
> infect it.
>
>
>>
>>>>> Every time you create something you don't want to lose, write it onto a
>>>>> CD.
>>>>
>>>>...along with all the malware already installed.
>>>
>>> The "it" I mean is specifically what you created ei: the file you
>>> produced. If it gets infected before you save it to CD you lose it but
>>> assuming that you detect the virus, all the stuff before that point is
>>> safe.
>>
>>But that backup will re-infect all else after you reinstall.
>
> I still don't see your point or perhaps you don't see mine. I'll try an
> example:

Ok...

> (1)
> I make a documentment called Physics.html
>
> (2)
> I save Physics.html to the CD.
>
> (3)
> Months pass and lots of things happen

I edit Physics.html to add the proof of the existance of God.

> (4)
> My computer gets infected

I find more proof and in my research I've found the secret of cold
fusion.
> (5)
> I clean off my system and re-install from safe media
>
> (6)
> I copy Physics.htlm from the CD

> At this point my computer is not infected and I have Physics.html back.

...and lost the proof of God *and* the secrets of cold fusion. If you
saved the proof of God to CD *after* editing Physics.html, at least you
have that. If you saved after you added the secrets of cold fusion, that
copy is infected and your system is now reinfected.

>>> My wifes computer is less than 4 months from its last re-install and
>>> already stuff doesn't work. Re-installing is a majop pain because it
>>> uis an upgrade version so it wants to keep all the malware or refuses
>>> to install. When it is installed, it is complete virus bait and has
>>> to be patched, patched and patched again before the network is used.
>>
>>It sounds like you have some bit-rot going on there. Have you totally
>>eliminated the possibility of a hardware fault? I haven't had much
>>problem, well, at least until I tried installing PDF Reader 7.0, whcih
>>pretty much trashed all other versions, and itself. Since, downloads
>>have been iffy.
>
> It is hard to completely prove that there is not a hardware fault but I
> don't think there is one. The computer always seems to work fine until
> it is connected to the network. If I install Win98 on it, it works fine
> even when connected to the Network. Neither of these tests have been
> long enough to be sure.
>
> The failures seem to follow a pattern. The first one observed is
> usually that the machine will not shut down or that it runs very slow.
> When I check it after that there is usually an extra *.VXD file.

Could be infected. Slow usually means it is.

You say you installed Win98. On a clean partition? Is the MBR intact? 

-- 
  Keith
> 
> --

Relevant Pages

  • Re: anti-malware progs ineffective
    ... >>They normally infect the installed files, not the raw downloaded files. ... ...and lost the proof of God *and* the secrets of cold fusion. ... >>problem, well, at least until I tried installing PDF Reader 7.0, whcih ...
    (sci.electronics.design)
  • Re: Would a firewall prevent Sasser worm?
    ... >are stealthed then presumably Sasser could not infect me? ... I was installing Windows 2000 for the first time over the weekend on a ... Within minutes of connecting to the internet I got two worms not just ... connect to the internet for the first time. ...
    (alt.computer.security)
  • Re: Virus Persists After Clean-Install
    ... wireless settings in order to make my wireless work, ... action was with a client who managed to infect her clean computer three ... you are installing something and infecting yourself. ...
    (microsoft.public.security.virus)
  • Re: SP 2 and Ad-Aware SE (lavasc)
    ... For anyone else who is planning on installing it, ... listen to Will's suggestion if you are installing via Windows Update and do ... NOT disable your firewall as I had done. ... > waiting for Firewalls to be dropped so that they can infect a system. ...
    (microsoft.public.windowsxp.general)