[TribeLeader]

I'm at my mother-in-law's for the weekend and I'm doing some troubleshooting on her computer, getting rid of viruses.

It looks like she has Symantec Anti-Virus running once a week (with the daily updates) but I ran Avast last night and found 1936 infected files (not sure I'm getting rid of them, though).

I'm also trying to figure out where she's getting them from. It's been a long time since I've been a Windows user. I know they come from email attachments. Where else?

She's NOT a heavy internet user -- mainly email (Yahoo!) and Facebook, and occasional searching. She's using Internet Explorer 7 on Vista.

Suggestions for reducing her risks (other than buying a Mac)?

Thanks!

[TribeLeader]

I just checked Symantec's logs and see that it's been finding hundreds of viruses each week (and 6,000+) 5 or 6 weeks ago. I'm not sure what it's doing with them, though.

[seanc]

What are these "viruses"?

[Cold Warrior]

She could have gotten a malicious executable that asked for admin credentials, or any manner of exploits that don't need it. Once active, they can suppress many AV clients. But that many 'viruses' seems excessive, unless there's something that's infected a bunch of very common/numerous files.

[ghporter]

There could be a problem with having both Symantec and Avast running at the same time. And doesn't Avast also identify suspicious cookies as malware?

Run Symantec's update feature to have the latest engine and then update virus signatures. Then have Symantec scan the machine. It will offer to fix files that may be infected, but will likely fail at that with truly infected files-those it will "quarantine." You can safely delete anything Symantec quarantines. After it says you've gotten everything, run it again. Repeat until at least two scans report nothing bad found. Then set Symantec to scan daily AND to watch traffic in real time (I forget the term for that in their menus). Finally, tell Mom she needs to surf as if she's out in the mall, unless she trusts everybody there, too.

[TribeLeader]

I should have called them "infected files" instead of viruses, I guess. I don't know much about them (yet). Symantec seems to be calling them Trojan Horses.

I don't know that they've caused horrible problems, at least not for me ... other than clicking on search engine results takes me to pages of ads instead of the result I intend to go to (sometimes).

[seanc]

Originally Posted by TribeLeader 

I don't know that they've caused horrible problems, at least not for me ... other than clicking on search engine results takes me to pages of ads instead of the result I intend to go to (sometimes).

You need to check the hosts file in Cwindows\system32\drivers\etc
It should contain something like:

localhost 127.0.0.1
localhost ::1

If it's clean, you need to download and run TDSSKiller, be careful, if TDSS has attached itself to your keyboard driver and you say *delete* you may have no functioning keyboard until you replace the file.

[besson3c]

Is the best strategy for dealing with an infected Windows machine these days still to wipe/reinstall?

[seanc]

It depends on the infection and your determination + knowledge to remove it.

[Cold Warrior]

Also, if she's running in an admin account like most windows and os x users, make her use a regular user account. It's not a silver bullet, but it'll help. If you're very serious, get her on Windows 7 x64: it has the lowest rate of infection of any windows desktop OS.

[seanc]

Originally Posted by Cold Warrior 

Also, if she's running in an admin account like most windows and os x users, make her use a regular user account. It's not a silver bullet, but it'll help. If you're very serious, get her on Windows 7 x64: it has the lowest rate of infection of any windows desktop OS.

While this is a good suggestion, depending on what you're using the PC for, this can be an impossible solution.

[TribeLeader]

Thanks for all the help!

The last quick scan resulted in zero infected files. But whenever I try to delete the (previously) quarantined files in Symantec, the app freezes.

Will do another scan before heading home tomorrow afternoon.

[TribeLeader]

I just realized something -- whenever I've been doing any kind of maintenance/clean-up on the PC, Symantec's Auto-Protect has been going berserk!

For example, I was just playing around with CCleaner and Auto-Protect quarantined tons of Trojan Horses (at least 2-4/minute over a 15-minute stretch). Then I remembered that that's happened in other maintenance-related apps I've been using.

Don't know what it means; just something I noticed.

[angelmb]

You could try another AV software if issues with Symantec persist. I use Comodo Internet Security, it is free and good.

[ghporter]

Symantec inWindows is very good, but it's kind of jealous-it doesn't like anything else messing around at the level it does, assuming that the other stuff is malware. Stop/suspend Symantec before using CCleaner. Otherwise you will probably not find a better Windows antivirus package.

[seanc]

Microsoft Security Essentials is free and you can install it as long as you have a genuine install of Windows. It works very well.

If you're going to remove Norton, you should use the Norton removal tool.
If you want to scan for malware, try Malware Bytes. You may not be able to find anything until you scan in Safe Mode.

[Wiskedjak]

I've found that the mainstream anti-virus softwares tend to be a little overzealous in identifying files as "infected" ... to the degree where every cookie is "suspected". They *are* in the business of selling their software, and the more they can get people to buy into the idea that Windows is a viral cesspool, the better it is for sales.

[TribeLeader]

When I was a Windows user (8 yrs ago), I used Ad-Aware -- is that (still) necessary/helpful?

[seanc]

Originally Posted by TribeLeader 

When I was a Windows user (8 yrs ago), I used Ad-Aware -- is that (still) necessary/helpful?

No, i've not seen it do anything useful since 2003.

I use:
Microsoft Security Essentials, MalwareBytes, SuperAntiSpyware, TDSSKiller, Kaspersky Rescue CD, Combofix.

Please can you tell me the names/variants of these 'viruses'.

[TribeLeader]

Originally Posted by seanc 

No, i've not seen it do anything useful since 2003.

Please can you tell me the names/variants of these 'viruses'.

Not sure how. Symantec calls them Trojan Horses, but haven't looked in any greater detail. Might not get to it today, though; heading home shortly. :-)

[olePigeon]

I just use WIndows Security Essentials. It seems to do a well enough job. But then again, I don't install everything that pops up a dialog box.

[seanc]

Originally Posted by olePigeon 

But then again, I don't install everything that pops up a dialog box.

I get the feeling it's a little less involved than that. I've only ever see them try to propagate while using Firefox, so I don't get the full force as if I was using IE.

[ibook_steve]

I just use AVG Free in my Parallels VM. No problems, no infections. And free.

Steve