Well, I have turned into a huge Garfield fan off late. So if you too are one, here is one for the day :)
cheers!
MoA
Monday, March 16, 2009
Garfield!
Well, I have turned into a huge Garfield fan off late. So if you too are one, here is one for the day :)
cheers!
MoA
Friday, March 13, 2009
Finally...
Finally I have gotten rid of the viruses and malwares affecting my PC. Now I m just hoping it doesn't strike back. And perhaps I know now the reason behind those haunted attacks even after a format.
I read in certain forums of some users facing similar problems. i.e. of a possibility that those malwares/viruses/trojans might have survived a disk format. Well as far as I know, the MBR viruses survive formats. But in my case, the moment attacks begin, I could see those malicious exe files, sitting pretty on my OS drive, anywhere and everywhere. Also after each format, the system would behave in decent manner and would definitely be free of any viruses atleast till some time.
So I carefully chose the softwares that I was installing after each format. And yes, those exe files of various softwares were the culprits. I generally keep the setups for various softwares on my PC (just like many others would do) and would reinstall those same set of softwares after every format. And while installing just one of these, the virus would strike back, for those .exe files were already corrupted.
Even any anti-virus would clear them of being any suspicious malware. But the fact was they were indeed corrupted. So finally I chose all my softwares to be installed very carefully and deleting the ones which were causing the attacks. [Of course, I would know of its corrupted nature only after I had tried installing it which effectively would mean another format :) ]
Another thing that I would swear by in future is keeping a disk image. Once the OS drive is clean, I keep an image of the OS drive only. In case the attack appears again, I boot my machine with Windows Boot Drive, start the Image restore wizard and get my OS(with some basic softwares installed) back. And this would be as good as formatting and reinstalling the OS and softwares, but would take only 10-12 minutes (depending on the size of OS image) as against a few hours of traditional formatting, OS and softwares installation . :)
So to keep things simple, I do the following steps:
1. Format the machine(generally the OS partition only) and install Windows XP.
2. Install Anti Virus (I have started to rest my faith on AVG's free edition for this)
3. Install network drivers to go online for Windows Updates in next step. Prefer keeping a CD of drivers which come with the motherboard, rather than keeping somewhere on local drive as they have equal chance of getting corrupted.
4. Connect to the internet and Start > Windows Update. Install Critical Updates first.
5. Now is the time to save your first "clean" image. This one would be without any softwares. You may keep another one after you have installed some softwares which are always required like Office, Reader etc. To keep disk image, Macrium has recently come up with a Free edition of Macrium Reflect Free Edition 4.2 which lets you create disk image and allows you to create it on local disk or even network. The free edition is not a trial version (unlike other utilities available) and also provides feature of scheduling your image creation.
6. Once the image is created, you have to have a way to restore the image when required. Macrium suggests the use of PE builder. PE builder provides a Windows Pre-Installed Environment to boot your machine. It also has a provision to add custom files to the PE. The custom files in this case would be a small Macrium Application which will act as a wizard to restore your image. The PE thus created would also enable network drivers so that you can restore the image lying on some network location.
Read more about Macrium Reflect and PE Builder on their respective websites.
7. Once you have the PE image with you, keep that on some CD. Next time, your system goes bust (due to virus or some other reason), insert the CD in CD Drive and restart the system to boot it from this CD. Of course you have to ensure that the first boot device is set to CD/DVD drive. Once booted, just start the Macrium Wizard and restore your image absolutely painlessly :)
So far it has worked for me and I hope the same for you :)
Cheers!
MoA
I read in certain forums of some users facing similar problems. i.e. of a possibility that those malwares/viruses/trojans might have survived a disk format. Well as far as I know, the MBR viruses survive formats. But in my case, the moment attacks begin, I could see those malicious exe files, sitting pretty on my OS drive, anywhere and everywhere. Also after each format, the system would behave in decent manner and would definitely be free of any viruses atleast till some time.
So I carefully chose the softwares that I was installing after each format. And yes, those exe files of various softwares were the culprits. I generally keep the setups for various softwares on my PC (just like many others would do) and would reinstall those same set of softwares after every format. And while installing just one of these, the virus would strike back, for those .exe files were already corrupted.
Even any anti-virus would clear them of being any suspicious malware. But the fact was they were indeed corrupted. So finally I chose all my softwares to be installed very carefully and deleting the ones which were causing the attacks. [Of course, I would know of its corrupted nature only after I had tried installing it which effectively would mean another format :) ]
Another thing that I would swear by in future is keeping a disk image. Once the OS drive is clean, I keep an image of the OS drive only. In case the attack appears again, I boot my machine with Windows Boot Drive, start the Image restore wizard and get my OS(with some basic softwares installed) back. And this would be as good as formatting and reinstalling the OS and softwares, but would take only 10-12 minutes (depending on the size of OS image) as against a few hours of traditional formatting, OS and softwares installation . :)
So to keep things simple, I do the following steps:
1. Format the machine(generally the OS partition only) and install Windows XP.
2. Install Anti Virus (I have started to rest my faith on AVG's free edition for this)
3. Install network drivers to go online for Windows Updates in next step. Prefer keeping a CD of drivers which come with the motherboard, rather than keeping somewhere on local drive as they have equal chance of getting corrupted.
4. Connect to the internet and Start > Windows Update. Install Critical Updates first.
5. Now is the time to save your first "clean" image. This one would be without any softwares. You may keep another one after you have installed some softwares which are always required like Office, Reader etc. To keep disk image, Macrium has recently come up with a Free edition of Macrium Reflect Free Edition 4.2 which lets you create disk image and allows you to create it on local disk or even network. The free edition is not a trial version (unlike other utilities available) and also provides feature of scheduling your image creation.
6. Once the image is created, you have to have a way to restore the image when required. Macrium suggests the use of PE builder. PE builder provides a Windows Pre-Installed Environment to boot your machine. It also has a provision to add custom files to the PE. The custom files in this case would be a small Macrium Application which will act as a wizard to restore your image. The PE thus created would also enable network drivers so that you can restore the image lying on some network location.
Read more about Macrium Reflect and PE Builder on their respective websites.
7. Once you have the PE image with you, keep that on some CD. Next time, your system goes bust (due to virus or some other reason), insert the CD in CD Drive and restart the system to boot it from this CD. Of course you have to ensure that the first boot device is set to CD/DVD drive. Once booted, just start the Macrium Wizard and restore your image absolutely painlessly :)
So far it has worked for me and I hope the same for you :)
Cheers!
MoA
Friday, February 27, 2009
Malware Problems and Solutions.. continued
Well, I mentioned about some activity in my previous post that was mainly because of M.exe getting into my USB drive and infecting some other files. The link which I posted in that post was of some help but not complete. I did whatever was mentioned in the post , only to realise later though it was not "recommended" to run such anti-malware products without any help from the forum moderators.
Though it dint really led to any more problems, but I would also now recommend to take help from forum moderators before you proceed. How it works is : You contact the forum moderator stating your problem, s/he will ask you to install some utility , run it and post the log online, s/he will come up with some scripts and ask you to run them again and then post the log again. A brief about this in this Wiki link
Its very generous of these moderators to provide us support, but its generally a time taking process esp if you two are in different time zones. And quite a lot of times, the problem just refuses to go away. Somewhat similar things happened with me and now after M.exe attack, my PC has "reader_s.exe" malware files.
Similar problems have encountered by some other users:
i) http://www.bleepingcomputer.com/forums/lofiversion/index.php/t204663.html
ii) http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
The second link is blog from Miekiemoes Brugge actually and she percieves formatting a better option sometimes, to which I agree too. Sometimes you have to just let it go :)
And once you have decided to format and re-install your Windows, just dont forget to follow these simple steps before going online.
http://web.mit.edu/ist/products/winxp/advanced/security-newmachine.html
Cheers!
MoA
Though it dint really led to any more problems, but I would also now recommend to take help from forum moderators before you proceed. How it works is : You contact the forum moderator stating your problem, s/he will ask you to install some utility , run it and post the log online, s/he will come up with some scripts and ask you to run them again and then post the log again. A brief about this in this Wiki link
Its very generous of these moderators to provide us support, but its generally a time taking process esp if you two are in different time zones. And quite a lot of times, the problem just refuses to go away. Somewhat similar things happened with me and now after M.exe attack, my PC has "reader_s.exe" malware files.
Similar problems have encountered by some other users:
i) http://www.bleepingcomputer.com/forums/lofiversion/index.php/t204663.html
ii) http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
The second link is blog from Miekiemoes Brugge actually and she percieves formatting a better option sometimes, to which I agree too. Sometimes you have to just let it go :)
And once you have decided to format and re-install your Windows, just dont forget to follow these simple steps before going online.
http://web.mit.edu/ist/products/winxp/advanced/security-newmachine.html
Cheers!
MoA
Thursday, February 26, 2009
Malware Problems & Solution
For the past few days, my PC back at home is behaving strangely. Well the first reason which comes to anyone's mind is of course virus. Well, yes it 's true it was infected by some malicious things . Blame should be put on me and only me for introducing my PC to this malicious thing. I am already done with the formatting and re-installation of Windows XP and was also done with installing the Norton Anti virus 2005 and then I observed the same strange things happening again. Let me write those things down here which led me to format my PC:
1. Every time I inserted my USB drive, virus alert would be generated that a file named M.exe has been removed from the drive. After this alert I would see an autorun.inf file which instructs to run M.exe from USB drive. Despite repeated formats of USB drive, the same problem surfaced again and again proving that it was the PC which was doing this to my USB drive.
2. The moment I would be connected to internet, I would get some hundreds of alerts from Norton AV's mail scan application that "your message to (somevague_emailid) has been scanned successfully. All these alerts would eventually slow down my system and I would have to kill ccApp.exe from Task Manager. I read few things about this ccApp.exe on some forums and thought this could be the culprit ( I am still not sure about it though)
All this led me to format my OS drive and reinstall the OS. After doing some more research on removal of this malicious things on PC, I came across D-A-L Free Computer Help link. Its tells about quite a long process of removing malwares from your PC, but looks quite good. I have not completed this process, but I am almost in the middle of it.
In case someone is facing similar problems, s/he may try this out and may be its of some help.
Cheers!
MoA
1. Every time I inserted my USB drive, virus alert would be generated that a file named M.exe has been removed from the drive. After this alert I would see an autorun.inf file which instructs to run M.exe from USB drive. Despite repeated formats of USB drive, the same problem surfaced again and again proving that it was the PC which was doing this to my USB drive.
2. The moment I would be connected to internet, I would get some hundreds of alerts from Norton AV's mail scan application that "your message to (somevague_emailid)
All this led me to format my OS drive and reinstall the OS. After doing some more research on removal of this malicious things on PC, I came across D-A-L Free Computer Help link. Its tells about quite a long process of removing malwares from your PC, but looks quite good. I have not completed this process, but I am almost in the middle of it.
In case someone is facing similar problems, s/he may try this out and may be its of some help.
Cheers!
MoA
Subscribe to:
Posts (Atom)
