{"id":941,"date":"2009-02-12T00:56:26","date_gmt":"2009-02-12T05:56:26","guid":{"rendered":"http:\/\/alsplace.aldenbaker.com\/alsplace\/tech-hints\/941\/the-warning-signs-of-a-pc-infected-with-malware\/"},"modified":"2009-02-12T00:58:39","modified_gmt":"2009-02-12T05:58:39","slug":"the-warning-signs-of-a-pc-infected-with-malware","status":"publish","type":"post","link":"http:\/\/alsplace.info\/?p=941","title":{"rendered":"The warning signs of a PC infected with malware"},"content":{"rendered":"\n<!-- ALL ADSENSE ADS DISABLED -->\n<p><strong><font><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/windowssecrets.com\/images\/wsn\/Dennis-OReilly-1.jpg\" border=\"0\" alt=\"Dennis O&#39;Reilly\" title=\"Dennis O&#39;Reilly\" width=\"110\" height=\"100\" align=\"left\" \/><\/font><\/strong> <font color=\"#000000\">By Dennis O&#39;Reilly<\/p>\n<p> <strong>Last week&#39;s <a href=\"http:\/\/windowssecrets.com\/links\/casamqr63t9zd\/a70a82h\/?url=www.windowssecrets.com%2F2008%2F11%2F26%2F03-Antivirus-tools-try-to-remove-Sinowal-Mebroot\" title=\"http:\/\/windowssecrets.com\/links\/casamqr63t9zd\/a70a82h\/?url=www.windowssecrets.com%2F2008%2F11%2F26%2F03-Antivirus-tools-try-to-remove-Sinowal-Mebroot\"><font color=\"#000099\">news alert<\/font><\/a> by Woody Leonhard described the high level of sophistication behind the Sinowal\/Mebroot Trojan and described tools that attempt to remove the malware.<\/strong><\/p>\n<p> Many readers asked for more information on symptoms they should look for if they fear for their machines&#39; security.<\/p>\n<p> Subscriber Leslie Kight asks the following question:<br \/> <\/font> <\/p>\n<ul style=\"padding-right: 0px; padding-left: 0px; padding-bottom: 0px; margin-left: 17px; padding-top: 0px\">\n<li>\n<div align=\"justify\"><font color=\"#000000\">&quot;Great article. I&#39;m curious, though: what makes Woody suspect his XP machine is infected by Mebroot? What symptoms did he see to raise that question?&quot;<br \/> <\/font><\/div>\n<\/li>\n<\/ul>\n<p align=\"justify\"><font color=\"#000000\">Here&#39;s Woody&#39;s reply:<br \/> <\/font><\/p>\n<ul style=\"padding-right: 0px; padding-left: 0px; padding-bottom: 0px; margin-left: 17px; padding-top: 0px\">\n<li>\n<div align=\"justify\"><font color=\"#000000\">&quot;I kept getting weird virus warnings from AVG &mdash; viruses would appear, I would remove them, then they would reappear in different locations, or entirely different viruses would show up. AVG reported that the MBR [Master Boot Record] was being changed every time I rebooted, even when I did nothing.<\/p>\n<p> &quot;I did a deep scan &mdash; first with AVG, then with NOD32 &mdash; to remove all the reported malware, but the viruses kept reappearing. Antirootkit scans turned up nothing. Then I couldn&#39;t connect to F-Secure&#39;s Web site, so I pulled the plug.<\/p>\n<p> &quot;As I said in the article, I have no idea at all if it was Mebroot. But I couldn&#39;t find any reports of similar collections of problems and decided to err on the safe side.<\/p>\n<p> &quot;Periodically reinstalling Windows is something I recommend anyway: once a year is ideal, in my experience. I&#39;m happy to report that I&#39;ve reinstalled XP Pro (SP3, of course), reactivated [Windows], and brought back the data files; everything appears to be working just fine. The machine&#39;s snappier than ever.&quot;<br \/> <\/font><\/div>\n<\/li>\n<\/ul>\n<p align=\"justify\"><font color=\"#000000\"><a name=\"known2\" title=\"known2\"><\/a><strong>Double up to remove a virus from a hard drive <\/strong><\/p>\n<p> In deference to animal lovers, I will avoid the cat-skinning analogy, but as reader Bob Biegon points out, there&#39;s more than one way to return an infected hard drive to a healthy state:<br \/> <\/font><\/p>\n<ul style=\"padding-right: 0px; padding-left: 0px; padding-bottom: 0px; margin-left: 17px; padding-top: 0px\">\n<li>\n<div align=\"justify\"><font color=\"#000000\">&quot;One of the easiest and, by my experience, most effective ways to remove many serious virus-spyware-rootkit infections is to remove the PC&#39;s hard drive, put it in another PC (or connect to another PC via a USB-to-IDE\/SATA adaptor), and scan the drive with the second PC&#39;s anti-malware software.<\/p>\n<p> &quot;This method ought to work well for the Mebroot virus without compromising the host PC&#39;s drive. My favorite products to use in this endeavor are AVG 8 and Sunbelt Software&#39;s Vipre.&quot;<br \/> <\/font><\/div>\n<\/li>\n<\/ul>\n<p align=\"justify\"><font color=\"#000000\"><a name=\"known3\" title=\"known3\"><\/a><strong>Since when did mice start hunting cats? <\/strong><\/p>\n<p> The best analogies have a basis in reality (not the one I mentioned above relating to feline pelts, thank goodness). But another kind of cat reference in Woody&#39;s column from last week gave reader John Walsh pause:<br \/> <\/font><\/p>\n<ul style=\"padding-right: 0px; padding-left: 0px; padding-bottom: 0px; margin-left: 17px; padding-top: 0px\">\n<li>\n<div align=\"justify\"><font color=\"#000000\">&quot;I do enjoy Woody Leonard&#39;s <a href=\"http:\/\/www.coastalrock.com\/\">cialis generic vs brand<\/a>  articles and have been a fan of his for many years. However, in his latest article, Woody notes &#39;Detecting and preventing Mebroot is a cat-and-mouse game, and the black cats are winning.&#39;<\/p>\n<p> &quot;In my mind, the cats are actually the good guys trying to help eradicate the vermin (malware) represented by the mice. Therefore, I would suggest it is actually the black mice who are winning and proliferating, much to the consternation of the white cats.&quot;<br \/> <\/font><\/div>\n<\/li>\n<\/ul>\n<p align=\"justify\"><font color=\"#000000\">Indeed, the bad guys are scavenging for your data and your money while the good guys hunt them down. However, Woody&#39;s use of &quot;black cats&quot; in this sense plays off the term &quot;black hat&quot; to describe a hacker with evil intent.<\/p>\n<p> Mixing puns and analogies is dangerous business, but that&#39;s the kind of adventurous, risk-taking writer Woody is. That&#39;s only one reason why his readers love him so.<\/font><\/p>\n<!-- Social Bookmarks BEGIN -->\n<div class=\"social_bookmark\">\n<a title=\"Click me to see the sites.\" href=\"#\" onclick=\"$$('div.d941').each( function(e) { e.visualEffect('slide_down',{duration:2.5}) }); return false;\"><strong><em>Bookmark to:<\/em><\/strong><\/a>\n<br \/>\n<div class=\"d941\" style=\"overflow:hidden\">\n<br \/>\n<br \/>\n<a style=\"font-size:90%;text-align: right; \" title=\"Click me to hide the sites.\" href=\"#\" onclick=\"$$('div.d941').each( function(e) { e.visualEffect('slide_up',{duration:0.5}) }); return false;\">Hide Sites<\/a>\n<\/div>\n<\/div>\n<!-- Social Bookmarks END -->\n<script type=\"text\/javascript\">$$('div.d941').each( function(e) { e.visualEffect('slide_up',{duration:0.5}) }); <\/script>","protected":false},"excerpt":{"rendered":"<p>By Dennis O&#39;Reilly Last week&#39;s news alert by Woody Leonhard described the high level of sophistication behind the Sinowal\/Mebroot Trojan and described tools that attempt to remove the malware. Many readers asked for more information on symptoms they should look for if they fear for their machines&#39; security. Subscriber Leslie Kight asks the following question: [&hellip;]<\/p>\n<!-- Social Bookmarks BEGIN -->\n<div class=\"social_bookmark\">\n<a title=\"Click me to see the sites.\" href=\"#\" onclick=\"$$('div.d941').each( function(e) { e.visualEffect('slide_down',{duration:2.5}) }); return false;\"><strong><em>Bookmark to:<\/em><\/strong><\/a>\n<br \/>\n<div class=\"d941\" style=\"overflow:hidden\">\n<br \/>\n<br \/>\n<a style=\"font-size:90%;text-align: right; \" title=\"Click me to hide the sites.\" href=\"#\" onclick=\"$$('div.d941').each( function(e) { e.visualEffect('slide_up',{duration:0.5}) }); return false;\">Hide Sites<\/a>\n<\/div>\n<\/div>\n<!-- Social Bookmarks END -->\n<script type=\"text\/javascript\">$$('div.d941').each( function(e) { e.visualEffect('slide_up',{duration:0.5}) }); <\/script>","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[26,5],"tags":[],"_links":{"self":[{"href":"http:\/\/alsplace.info\/index.php?rest_route=\/wp\/v2\/posts\/941"}],"collection":[{"href":"http:\/\/alsplace.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/alsplace.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/alsplace.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/alsplace.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=941"}],"version-history":[{"count":0,"href":"http:\/\/alsplace.info\/index.php?rest_route=\/wp\/v2\/posts\/941\/revisions"}],"wp:attachment":[{"href":"http:\/\/alsplace.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/alsplace.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=941"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/alsplace.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}