AboutCarolyn Meinel Expertise I cover Windows, Unix, TCP/IP and Ethernet security questions. I do not cover Mac, Palm Pilot, or other networking issues.
Experience Books by Carolyn Meinel: wrote a chapter for The Hacking of America book (see http://www.amazon.com/exec/obidos/ASIN/1567204600/happyhacker)
My article Code Red for the Web for Scientific American was reprinted in the book Best American Science Writing 2002 (see http://www.amazon.com/exec/obidos/ASIN/0060936509/happyhacker). My book The Happy Hacker: A Guide to Mostly Harmless Hacking is now in 4th edition with a Japanese edition (see http://happyhacker.org/hhbook/).
Question QUESTION: Am requesting help as have failed to remove viruses despite extensive use of anti-spyware programmes (followed as far as i could off a techspot open board but not overly computer literate; and combofix wouldn't work, something about ''update out of date'', and one of the tools wouldn't open). Foolishly downloaded a keygen and now been loaded with ultimate defender/cleaner ("spyware threats detected), as well as some virus playing havoc with internet explorer (sending to random sites, either directly or pop-ups).
any help would be greatly appreciated
ANSWER: Anti-spyware programs are not designed to remove viruses or just about any other form of dangerous programs except spyware or adware. And spyware and adware are generally just about harmless. To get rid of the really, seriously dangerous infections you need a product that advertizes itself as -- at the very least -- an antivirus program. Even better are programs that are called Internet Security Suites (or something similar.
If you aren't running one of these heavy duty programs, you need to install one immediately and run a complete scan of your computer. If you worry about paying money to get a really good one, here's one you can try for a month for free: https://store.f-secure.com/cgi-bin/dlreg/ml=EN?ID=FSISTB&desid=TRIAL
---------- FOLLOW-UP ----------
QUESTION: thanks for that. haven't made myself particularly clear as was in the middle of the night! I have Internet security suite which automatically updates itself so thought i would be protected. However i allowed in a few files from a non verified source and opened them, which is when the trouble began, with fake security centre appearing, talking re ultmiate fixer, defender and cleaner. i did a full system scan and norton did not pick up anything adverse, despite there being a clear abnormatilty with this non-norton icon on the system try popping up repeatedly. I also could not navigate ie without it sending me to abnormal pages or bringing up pop-ups. I therefore downloaded a few spyware programmes, and seek and destroy programe which revealed trojan viruses including virtumonde, Obfus.gen) and a few others. I followed these intructions to try and rid myself of it (using spybot, ccleaner, Hijack this, panda antirootkit, ad-aware) which apparently at first worked, but upon rebooting reappeared to cause more annoyance and havoc.
I have bought a fuly functioning spyware doctor as i read a good review (and have since read a not so good one!) which identified 5 viruses, and cleared all but on (this virtumonde) which it coultn'Ct but gave no reason. i rentered in safe mode to run it, and it brought up 2 other viruses that weren't there before, but didn't list virtumonde which had certainly been there. It did inform me of its location (C: windows system 32 pmnnm.dll) but i thought deleting this would not sort it finally as there was no info re registry.
thanks for any further advice
Answer Sorry for the delay in answering you -- I was enjoying family time over the holiday.
Thank you for giving these helpful details. Yes, virtumonde is extremely difficult to remove without damaging your computer. However, there are two safe ways to solve this problem.
The easiest safe solution is to quit using Internet Explorer and use a safe browser instead. Virtumonde and almost all of the major spyware programs only work if you run Internet Explorer. Instead, you can run one of the safe browsers such as Firefox, free from mozilla.org, or Opera, free from Opera.com.
You also can avoid many infections by only using a safe email program. If you use web-based email, using a safe browser will protect you from most adware and spyware. If you have been using Outlook for email, you will be far safer if you use Eudora, free from Eudora.com, or Thunderbird, free from Mozilla.org.
If you do all this, your computer will still be infected with spyware and adware, but these programs won't be able to do anything.
The most powerful and safe -- but painful -- solution to your problem is what any computer shop would do -- they call it "nuking". A repair shop will simply reformat your hard drive, reinstall your operating system and reinstall all the Windows security updates. This deletes everything you used to have on your computer, including your data. Then you would have to reinstall all your applications and reload all your backed up data.
If you decide to nuke your computer yourself, let me know and I'll give instructions on the best way to do it without getting reinfected by something the first time you go online.
