Children do not do computer security!

Started by Captain K, Feb 02, 2009, 23:58:01

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Captain K

As ably demonstrated by my 12 year old son, who despite the stringent lectures he got last time he downloaded "a really useful toolbar" for IE, tonight decided to download a very natty wallpaper for his PC, and surprise surprise, it appears that some baggage came with it!

Now spyware/adware I can deal with, and with the application of a little thought and effort they can be disposed of.  However, there also appears to be a virus of some description in there, and you know what - its a nasty little blighter.  The network connection for that machine only activates in bursts after use of the mouse or keyboard, so I suspect its keylogging.  Any attempt to get IE to find a website results in a redirect to some 150-character-long URL.  It has buried itself very, very deep, and its pretty smart too.  The PC had Norton 360 running on it (don't shoot me - I'd used up all 3 of my Kaspersky licenses and the shop put it on there), but the little critter has disabled the update and the scan facility.  I therefore don't know what it is yet!  I have tracked down a couple of suspicious registry changes and reversed them, but whaddya know - on restart they're back again.

Finally got the thing running in safe mode, from where I tried to run Norton only to find that the ruddy thing had actually deleted the Norton item from the start menu!  After hunting through the windows folder I found the scan app and fired it up directly, and its working!!  This is now a personal battle - I will not be beaten by a few miserable lines of code!  Once I know what it is, I can get it out, and I think Norton has just finished its scan, so I'm going to look now.

Wish me luck ....I'm going in!  :fingers:
Bruce.

I don't trust Camels.  Or any other creature that can go a week without a drink.

drummer

Lesson 1: Only allow your kids limited logon accounts within Windows.

Lesson 2:  Never, ever rely on Norton to protect your computer because it will fail.

Now download, install, update definitions and run SaS and do the same with MalwareBytes.  Do both in Safe mode.

Sorry if that sounds aggressive but I'm really getting fed up dealing with friends' infected computers that rely on Norton for protection.
To stay is death but to flee is life.

Captain K

Cheers drummer.  This is of course the reason he's never allowed near my PC.  It was only a few months ago I lifted the limited status of his user account (got to loosen the apron strings at some point!).  He's under threat of having that reimposed.

I've already run SaS, with no luck.  Hadn't tried MwB, so ta for the link.  Will give it a go tomorrow.  Won't surprise you to learn that the Symantec product didn't find it either!
Bruce.

I don't trust Camels.  Or any other creature that can go a week without a drink.

kinmel

remember to disable system restore, else it will re-appear.

If in the end you can't solve the problem yourself, use the free Microtrend  HijackThis tool and get the scan result analysed HERE by experts for free too.
Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Captain K

Thanks Alan.  Malware Bytes running at the moment - we'll see.  :fingers:
Bruce.

I don't trust Camels.  Or any other creature that can go a week without a drink.

JB

Quote from: Captain K on Feb 03, 2009, 00:55:06
This is of course the reason he's never allowed near my PC.

Worth bearing in mind that although he can't use your PC they are probably on the same internal network on your side of the router? It would be worth while doing a full check on your machine as well. I have certainly come across infections that spread over a home network.
JB

'Keyboard not detected ~ Press F1 to continue'

Captain K

Precisely the reason I disconnected him from the network as soon as I knew about the infection, which was just a few minutes after he downloaded the dodgy wallpaper.  Fortunately Kaspersky has declared my machine clean this morning.

Also, Malware Bytes seems to have killed the bug, whatever it was.  It certainly made a mess before it went though - completely corrupted Norton, and various save files have disappeared.  I have now removed whats left of Norton and loaded up Avast as a temporary measure.  My Kaspersky subscription renews next week so I think I'll invest in a 5-user license this time.
Bruce.

I don't trust Camels.  Or any other creature that can go a week without a drink.

Rik

Surely Norton is always completely corrupt, Bruce? ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

esh

One of the simpler routes is delete the link to Internet Explorer and use another browser. It's not 100% safe, but it's probably 90% safer than IE. ActiveX is such a shortsighted disaster.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

Rik

I agree. If I could take IE off my machines I would.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby

Same here, Rik. It's amazing how much I've grown to hate it since moving to Firefox. The first thing I do after a format is put Firefox on.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby

I don't even want to browse to the Kaspersky site in IE. >:D

Glenn

AV & FF together, the beauty of WHS ;D
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby


Colin Burns

Quote from: drummer on Feb 03, 2009, 00:36:20
Lesson 1: Only allow your kids limited logon accounts within Windows.

Lesson 2:  Never, ever rely on Norton to protect your computer because it will fail.

Now download, install, update definitions and run SaS and do the same with MalwareBytes.  Do both in Safe mode.

Sorry if that sounds aggressive but I'm really getting fed up dealing with friends' infected computers that rely on Norton for protection.

i got sick of viruses and just go straight for the XP disk and remove norton on the reinstall

Ann

I agree with Captain K.. you gotta let the kids do stuff on computer or they will never learn.  And haven't we all downloaded rubbish applications occasionally?  It's a dull person who hasn't.  I've never had a really bad virus infection but I'm sure that's just down to luck (and eTrust).

Simon

Quote from: Ann on Feb 04, 2009, 16:29:36
I've never had a really bad virus infection but I'm sure that's just down to luck (and eTrust).

And common sense, Ann.  :)
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.