I am getting hammered by something

[RightHand]

Macro viruses can be in innoucous word or excel documents. Once the macro is enabled, the virus executes

[nope]

OK I'm going to precede this with, don't get to worried, because it's probably not someone actively targeting your computer. AND DON'T DO ANYTHING I SAY without consulting a professional computer repair person, I am not liable for you ruining your information or computer hardware!

I've worked in the computer field since I was 16 now I'm 30, and have cleaned many a virus off machines. Sadly within the last two years the level of maliciousness these viruses have been capable of is unbelievable. In some cases it has been cheaper for us to tell clients to simply purchase a brand new computer and simply pay us to harden it against attack, and purchase a backup solution, than to try and fight the virus.

This is a long response, but it is a complicated field, and you are getting professional level advice which companies I've worked for charge $150/hr for. I'm covering the basics here, some theory, and the ultimate solution as well. Read the whole thing first, and then make a decision, this isn't a step by step guide, some or all of this may fix your problem. If you get confused just look up the terms on http://www.wikipedia.org or http://www.webopedia.com/.

In response to the question "is it possible for someone to deliberately send a virus to another system?" yes, but if they can do that then they could do worse, so all bets are off. When you don't understand the technology that this is all built on then it can get confusing. Let me clear that up first with a horrible generalization. Computer security is the same as physical security of a building, there are a whole lot of ways to enter a building and a whole lot of ways to try and protect that building. One big difference with a computer is that once the invader is inside, it can be a real bitch to get them out. However it is highly unlikely that someone is inside your computer. IF someone has hacked into your computer a clean install is the only hope for an average joe.

It's more likely that as has already been stated that you "picked something up" from any one of the various routes of infection. This could have been an email attachment, word macro (or other application macro), image (I know, crazy, and it is a patched hole), activex plugin through IE, or one of the other common holes in Windows/Internet Explorer, or even Firefox/Mozilla (take a look at http://www.sans.org/top20/, or http://en.wikipedia.org/wiki/Computer_security if you like diving down rabbit holes). Basically Microsoft Windows is just that, a house made out of windows. Everyone tries to shutter their system behind a firewall, but it's still just a glass house behind a wall. Each hole in an application is a possible hole for an intruder, especially applications that access the internet or actively listen on a port. Now MS has made some good improvements in the last few years, and if you keep updated, run a virus scanner, firewall, etc you are less likely to run into any issues. So what can you do about it already?

I don't use MS Windows anymore, and haven't been actively repairing systems in the last six months so I don't remember all the details. DISABLE MS Windows restore, the virus may be reinfecting the machine through this feature. When you restore you may just be reinserting the virus in it's "startup" state before it tries to mess with your system settings, which is what you end up perceiving as it acting funny. After cleaning the virus off the system, and backing up the information feel free to re-enable Windows restore.

Make sure you have the latest virus definitions installed, if you don't have a virus scanner I would suggest http://free.grisoft.com, and on top of that get a second opinion by running a web based scan of your computer http://housecall.trendmicro.com/, or if you are technically orientated remove the hard disk from the computer (the information is backed up right?), and use another known clean computer to scan the hard disk you are concerned about (don't open anything, or browse the files on the possibly infected drive). Viruses have been known to target Anti-virus software successfully, and this scenario often can really bork a system.

For this next part you may need some help, or patience, and the manual that came with your computer, specifically information on the motherboard. Now after you have run the scan, and followed any operations that the virus scanner suggests (there may be some manual patches that must be applied in the scenario of really nasty buggers). Turn the computer all the way off, unplug the power cord from the back, turn off the power switch located on the power supply. What you want to do is reset the BIOS. There is a small battery on your motherboard which keeps the time, and makes sure that the settings that are required to help your operating system startup are remembered. The BIOS, CMOS, and CMOS battery are all related and older and newer hardware differ in the specifics.

Now no one in the computer industry talks about this in relation to viruses, why? because most of them don't believe that a virus can write to the cache area on the BIOS, and this is what I was always led to believe until last year. I was explaining to some members of my LUG (Linux Users Group) about how I'd been up against this virus for two days straight, and just couldn't wipe the thing off the client's machine. Every time I would clean it, run the tools from the Antivirus companies and follow all the advice I'm giving you now, and every time the virus would reinfect. One of the Computer Science majors from the LUG explained about how it was possible and that he had run a virus infecting the BIOS cache. Low and behold I pulled out the CMOS battery (for five minutes or more). After putting it back in the compter; and powering up the machine after I'd done the ALL the steps above, the virus didn't come back.

Virus makers are using some really advanced techniques now, hiding in the windows restore area, using grabber programs that go out and pull the full virus back off the net after you have scanned, cutting themselves into pieces and hiding in other file types. What can you do about it? If all of that was to much, then I suggest backing up your information to a Read Only medium like CDROM or DVDROM and then reinstall windows, and transfer files as you need them, running scans on them as you do. Invest in a backup solution! Hard disk space is cheap, and there are some great "one button backup" external drives out there. EVERYONE should run a backup solution!

Here is the best advice concerning computer security anyone is going to give you this year. Keep your Windows computer, but DONT use it for surfing the net or checking email, or posting or any of that. Put it behind a firewall/router and only use it for all the really easy to use applications, if you must game ok use it for that, but minimize the use of it on the web as much as you possibly can, file trading software is a well known infection vector.

Go and get an old beater computer, go to http://www.ubuntulinux.org or http://www.distrowatch.com and download an ISO or order a FREE cd from Ubuntu. Linux comes in different flavors, which we call distros, Ubuntu is a flavor of Linux. Pop the Linux CD into the machine and follow the directions, if you aren't sure just hit ok or it's equivalent (and who cares if you mess up, it's and old crappy machine). You'll have to learn a few things along the way but Linux has come a long way, out of the box it will surf the web, let you edit word docs, edit photos, play basic games, Instant Message, and IRC. Best of all, Linux DOES NOT get viruses, (although it can pass them through via emails, or infected files if transferred to Windows), but it's virtually immune. If you get stuck, there are friendly communities of people willing to help (because they want control of their computer that much) such as http://www.ubuntuforums.org or http://wiki.ubuntu.org. If you want to be extra safe use webmail, gmail is good, or yahoo mail, if you don't trust them get a cheap webhosting account that includes webmail http://www.1and1.com comes to mind as affordable. Optionally simply refuse email attachments, and tell people not to send you chainmails. Chainmails are the #1 way how spammers get your address.



Software is the only thing in the world that can both be patented and copyrighted simultaneously. Whenever you click OK to those license agreements as you install software you are giving up many rights. You are only permitted to lease the software. Would you buy a gun you couldn't take apart? If the software doesn't work, if it destroys your data, or in the case of MS Windows is complicit in destroying your data because it's basic theory on how to defend itself is weak. If the software accidentally leads to bodily harm (highly unlikely I know) that legal agreement you click on every time you use proprietary software indemnfies the maker. See http://www.fsf.org/ and http://creativecommons.org/ for alternatives to proprietary software models.

I quit working in the mainstream computer industry because of these concerns. It took myself; a computer expert, a year to become moderately proficient with Linux in the way that I was with windows so I'm not going to lie and say it isn't painful, but sooner or later Microsoft will either have to change how they build their software or eat it because they have helped to screw one to many customers. Virus makers are the same, why try to identify every bad thing that could happen? Why not just identify only the things you trust, and then ignore everything else? Because there is no money in it. My apologies for the super long post, and congratulations on making it to the end. I hope that this information will serve you well, if not, well at least it was freely offered.

[RightHand]

Excellent, Excellent, Excellent. Thanks for the input. The open platform community is growing by the day and open platform is the true future in computing - not Microsoft

[E.L.]

Thank you OliverSavage. I hope you join our board, I know that many of our members including myself will benefit greatly from your experience. Thanks again and good post!

[TLynn]

Extremely well thought out and written answer. My friend who studied computer technology pretty much tells me the same thing - especially about Windows. And you are so spot on with what you've said.

I too hope you consider joining the board. But either way thank you for participating even as a guest.

[melbo]

Wow, Thanks!

I keep playing with Puppy and a few other Distros myself.

I liked that I could fit puppy on a USB drive and boot from there. The problems came when I then tried to configure the rest of my Hardware and other Accessories. But, Each time I go give it another try, (6 months or so), The newer version sees more and more of my system.

Thanks again for the lesson and I do hope you come back and maybe give us a Linux primer!!



I may copy this post of yours and stick it somewhere visable to all.

melbo

[Tango3]

Quote:

Originally Posted by Brokor

I trust nobody. Except this one exotic dancer I know.


Melbo, could you just send spam back to the spammer? Is that illegal?

I know the same one she"love me long time!"(Wednesdays 8-12; Thursdays 11-3) you too?

[Brokor]

I am quite open and honest with myself on this subject, as well as being open to any "government" agency or outlet which may or may not even care. Honestly, if I were ever asked or investigated, I would certainly be honest and just ask the usual questions like: "Is the Federal Reserve REALLY federal, or is it privately owned?", "Is the IRS a privately owned corporation as well, and are income taxes really voluntary?", and "Is it true that secrecy automatically asserts a level of corruption at the top, or are the People just supposed to 'trust' their government?" perhaps, "Isn't Al-Quada just the remnants of the Mujahadeen, who were and still are trained and funded by our very own CIA, members of which have attended many of our Universities?" Maybe I would ask "Why is the fight against 'terror' only a thinly disguised war on dissent?" or "Who profits from the global war on terror, and why?"

These are all questions many of us have, and I am not afraid to ask them. I do not care what lists I am on, hell I am just curious -in fact, I am just being responsible and would like to know if there is anything I can do to 'help'.

As a government employee, I know that I should not rock the boat, I know how to follow orders and simply do as I am told...but I am an American first, and a soldier second. There is no doubt that the surveillance and cyber-task forces are working overtime. The reality of it all is simple: I do not know the FULL story -at best I get convoluted thoughts and piecemeal news articles to dissemanate and attempt to comprehend. Corporate mindshare propaganda is harmful, the FDA is corruptable and at best, incompetent. The media is biased and completely against outsourcing their news coverage -this alone reeks of conspiracy, and who better to report the news than locals and eyewitnesses? No, only their polls and phony statistics will ever cross your screen. I know that I am standing completely 'naked', open and honest -willing to look them right in the eyes and tell them how it is. I am not afraid, and I am not going to back down until I get some answers.

[Byte]

Well...there are viral/malware threats to linux. Much much more rare than the windows flavor but they are out there. The old adage that linux is less desirable as a target is still true today due to its very small market share but that is slowly changing. The primary concern with the *nix environments are vulnerabilites in each of the individual apps. Be vigilant with updates and keep up with chatter on your distro's primary forum.

When you say 'everything else runs off it' do you mean it's role is as an application server? gateway? router? DNS? ActiveDir Domain Controller? web/ftp server? OS? Different levels of snafu to deal with. Sucks but do what you can to isolate it. If it's major hardware you might be looking at a major overhaul of the install. How's your backup plan? My newest install of server 2008 enterprise is just a test bed and is running on crap hardware and only serves as DNS & AD DC. Easily segregated and rebuilt. Of course, I have no data to recover!

Byte

[puck]

Just getting into the AR/AK world, my buddy said this was one of places to start. If you don't wish to start over with a new OS, I would definitely not use IE at the very least. Chrome and Firefox are newer and less prevalant, so harder to hack through typical means. Firefox has various add ons such as no script and adblock plus which can prevent code from running without your explicit permission. Don't rely on antivirus alone! Get some added software such as spybot search and destroy and add a firewall (Avast is freeware and decent). I love ubuntu, great idea and follows along the same idea as not using IE. Windows 7 is also more secure than Vista and XP, but will eventually develop the most virus, worm and trojan horse issues. If you can support a 64 bit system too, use it! 64 bit is harder to crack with an entirely different structure and can support more ram too 32 bit is limited to something like 3.(something) Most any newer system will have a 64 bit cpu. Hope this helps guys, I'll be asking questions as I build up my first AR15, so be gentle.