okay, anyone on my buddy list probably got an IM from me that HAD A VIRUS. Most of you are probably smart enough to know that it was in fact a virus, but in case you don't DO NOT OPEN IT! and I'm really really really really (etc...) sorry!

lollerskates

That's a bummer. I had a virus wreak havoc on my computer a few months ago and I'm still feeling the effects.

/me doesn't get viruses

Ah, don't worry about it. I'm slightly too computer literate to open files that claim to be images but are marked as .com files. :p

This post is ironic to a small degree :p

Really? How so? .com files are old MS-DOS based programs... I'm not going to open a file marked with a .com extension that is referred to as an image.

Note that I am not referring to the .com commercial domain extension. It was a direct IP address. I am referring to the fact that the message said "how do i look in this picture?" and was followed by a link that lead to a program with the extension of .com.

Computer illiterate, I am not.

It is ironic in that your name is LordVirus, LordVirus

Remember kids, a firewall is like a condom for the internets.

Only it works better :p

Oh. Blah. I was tired. :p

So be sure to put one and avoid transferring virus'

condoms improve performance!!!! :em321:

Naughty sugaless, surely she is trying to bring down all of massassi!

if(getThingFlags(source) & 0x8){
  do her}
elseif(getThingFlags(source) & 0x4){
  do other babe}
else{
  do a dude}

Don't be too hard on yourself. I did the same thing in residence last year. After the virus sent itself, I heard a collective cry of "AARON!" from my floormates. I was none too popular that night.

Firewalls will not protect you from viruses.

But viruses will protect you from firewalls

oh-you're infected....

*shuns*

:banned:

( )

So, that IM wasn't without extra sugar... Though not of the sweetest kind.

...my computer seems to be happy now...

I hope

And thanks for making me laugh guys

Seriously. Where do people get this whacky notion?

ok.. expain this, i mean, i know thay dont protect aginst viruses, but, what do thay protect aginst? (if it's sypware, how come it doesent catch it?) what? explaing needed.

"Firewalls" or port-filters are used to close or open specific ports.
Ports are numbers that refer to a specific program listening on that port. So when the operating system gets a message on a port it looks if there is a program listening on this port. If there is one, it forwards the message to the program. If not, it answers that the port is closed.
Port-filters can be told to answer that the port is closed (or don't answer at all) although a program is listening on it.
Why some people still prefer buggy personal firewalls, which can bring even more security holes to a system, rather than just closing the listening programs is beyond me.

okay so I lied - it's incleanable and undeletable so far

Wipe and reload.

I always wear a condom.

Always.

i didn't get an IM from sugarless...

that must mean she doesn't like me

http://www.majorgeeks.com/download4348.html This might help (asuming this is an AIM virus). A friend of mine down the hall has 64-bit windows that the viruses don't even know how to execute in, he claims his computer eats 32-bit viruses for breakfast.

First off, you probably don't have a real virus, meaning, executable code that attaches itself onto executable files so it executes when you run that program, and the code itself copies itself onto other executables, some virii even spreading to every executable file on your computer. This type of virus practically doesn't exist anymore. In like 1996 or so I got the Natas virus from a floppy disk my father brought home from work. That was annoying.

Because that type of virus is nearly extinct, the general populous has expanded the term to include most self-replicating malicious software. You more than likely have a small program that has possibly copied itself to several different folders and is using one of a handful of different methods to execute each time your computer is started up. When you try and terminate the program, another copy of itself that's running just restarts that instance, and if you try and delete the file it's either already in use or just gets recopied to there an instant later. Trying to remove the registry entry just results in it getting put back moments later. Stop me if I'm wrong here, but this is what most people get.

Another common type is a program that installs itself as a BHO for Internet Explorer, though I don't think I've heard of one that hijacks AIM before.

There is basically no modern malware that can't be gotten rid of. They don't try and destroy your computer, because then they wouldn't reproduce, and they'd be self defeating. Some simply collect information, others spam you with advertisements, and yet others set you up as a proxy or drone to be used in a DOS attack.

First, try Ad-aware or Microsoft AntiSpyware. If you're not totally computer illiterate, HijackThis is a great utility for removing most malware.

Formatting is the fools way out.

QM

P.S. - Firewalls also monitor when a local program starts using or listening on a certain port. This is useful for when randomname.exe starts listening on port 6969 for commands from some remote user.

[QUOTE=Quib Mask]This type of virus practically doesn't exist anymore.[/QUOTE]

This is not strictly correct. Many modern trojans seem to target Windows Media Player exe as a host. The only trojan infection my system has ever suffered also had this type of behavior as a part of it. And thus a part of the removal procedure was to delete the WMP exe and reinstall the program.

Yeah. I have nothing more to add. And HijackThis is truly a great program, just to emphasize the fact.

[QUOTE=Quib Mask]computer stuff[/QUOTE]
He speaks truth.

Enable hidden and system files/folders viewing. There are usual place where these programs hide. They are c:\temp, c:\windows\temp, c:\documents and settings\<name>\something\temp. I forget exactly and I'm on a Mac right now so I cannot look it up. They sometimes lurk in c:\windows\system32. DO NOT MEDDLE IN THAT FOLDER UNLESS YOU KNOW WHAT YOU'RE DOING. Clean out the aformentioned temp folders.

And yeah, get the programs QM mentioned.

Hey, if you need a hand, give me a call. I'll see what I can do, and walk you through things over the phone. You have my number. I'm out 6:30-7:30 tonight for counselling, other than that, I'm open.

My friend clicked one of these just the other day.

Said Norton would identify a virus but wouldn't delete it.

I told him he was a baka.

:p

The common places are indeed windows, windows/system, windows/system32. But don't let the Jedi With Bearded Wizardly Ways frighten you. Just keep in mind one thing: In those folders mentioned, there should be few new files (relative to the date of infection). Exceptions are some logs, and possibly some files thrown in by updates, but I doubt you have updated much after the infection. Or at least I hope you haven't been happily running the virus ridden system for a long time.

So, any files with very recent dates are to be suspected. The trojan files have, though, names that won't give them away. They want to look like normal system files.

Well, one of the obvious ways to proceed is to just launch task manager and pick the names of some of the virus executables, and google them. You will easily find quite detailed instructions on how to remove them completely.

I have a new signature!

[QUOTE=Quib Mask]There is basically no modern malware that can't be gotten rid of. They don't try and destroy your computer, because then they wouldn't reproduce, and they'd be self defeating. Some simply collect information, others spam you with advertisements, and yet others set you up as a proxy or drone to be used in a DOS attack.
[...]
Formatting is the fools way out.[/QUOTE]

How can you be so shortsighted?
As you said they don't try and destroy your computer, because then they wouldn't reproduce. Don't you think they also wouldn't want to be destroyed by other means?
If I wanted to program a virus I'd make sure that it comes in two parts. A part everyone knows about and can easily detect and delete. And another part that just opens a nice little silent backdoor through which I can load my code.
Formatting is the only sure way out.

[QUOTE=Quib Mask]P.S. - Firewalls also monitor when a local program starts using or listening on a certain port. This is useful for when randomname.exe starts listening on port 6969 for commands from some remote user.[/QUOTE]

Again, how can you be so shortsighted? It has been shown numerous times that firewalls can be tunneled.
One of the easier ways is to simulate the users mouse-clicks to allow the desired connection.

I repair computers as a hobby/part time job for friends, family, friends of friends and friends of family. I haven't yet encountered modern malware that I couldn't completely get rid of within 3 or 4 rebootings. There just simply aren't that many ways they can keep themselves alive.

Restart in safe mode, clean up the registry (deleting the files isn't even always necessary, what average user is gonna navigate to windows\system and double click some oddly named executable?), unregister BHOs,. On rare occasions I have to rebuild the winsock path or mess with virtual device drivers, if the malware was particularly well crafted and deeply rooted.

There are software firewalls that can catch tunneled ports as well, like if malware tries to hijack some common process to send/receive, or if it tries to use a DLL or some windows component to do its dirty work. It's not perfect, I didn't say it was. You seem to have implied that I thought it was.

You give malware too much credit.

QM

P.S. - Yesterday I was called up by a friend to go take a look at their mother's laptop which had stopped connecting to their wireless network. She had accidently bumped a tiny physical switch from ON to OFF; it was the power switch for the built in wireless LAN card.

Formatting is the quick way out.

I work at my school's tech help desk. I have seen just about every piece of malware out there. It can be removed w/o formatting. Granted some are a pain in the *** to remove. Some machines are so innodated with malware that formatting is probably the better way than spending hours/days carefully removing malware. That's what I've told students to do with their laptop sometimes. They clicked "yes" to every single popup and thus installed a lot of crap on their machines.

How do you go to the bathroom?

I always wear a condom

Always.

That can lead to infections.