Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How can I be certain I don't have a virus?

    Hello, yesterday and today two different people told me they had received emails supposedly from me with attachments containing a virus. One had received multiple emails (I have several different email accounts). I can I know if my computer has been compromised?

    I'm using the paid-for version of AVG 7.0 I check for updates every day. I also have BOclean running. I use Sygate Personal Firewall Pro. Apart from the AVG updates nothing is allowed to connect to the web automatically. I also use Spybot Search and Destroy and Ad-aware. Every test I've done suggests my computer is clean. I've also checked the running processes t make sure nothing hidden is running in the background.

    What else can I do? Should I buy a second anti-virus program and if so which one and how do I run it with AVG installed? Is there anything else I can check.? It's possible that another person in the same organisation has a virus but everything points at my machine..

    I hope someone can help me.

    Thanks,

    Chris (Hunt)

  2. #2
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: How can I be certain I don't have a virus?

    In all probability, some scumbag has harvested your e-mail address(es) and is simply spoofing your address in their <img src=/w3timages/censored.gif alt=censored border=0> mailouts. Based on what you say regarding your computer's cleanliness, these are NOT coming from you. This type of thing is very common.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  3. #3
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: How can I be certain I don't have a virus?

    I agree with Rebel - it sounds like your email addy has been spoofed. Unfortunately, there is not a lot you can do. This is exactly why folks should not open ANY attachments without scanning first as the sender may not be who you think it is. The good news is, most spoofers use their stolen addresses for only a short time, a day or two is typical. The bad news is that your addy may end up on blacklists - you may find your legitimate outgoing mail is getting bounced.

    I don't think buying a second AV program is necessary - and certainly you should NEVER have more than one "active" at any one time anyway.

    Use one or both of these free on-line virus scanners as a double or even triple check. Some very malicious malware have been known to disable PC based AV scanners; these on-line scanners compensate for that and I recommend you scan with these periodically.

    Trend Micro HouseCall
    or
    PandaSoft ActiveScan

    If you have been using SpyBot S&D for some time, make sure you are using the latest version, V1.3. For some unknown reason, 1.2
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  4. #4
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    This kind of thing is not uncommon with the "clever" nasties that abound nowadays. My guess is that one of your friends has an infected computer, not you. What's happening is that the virus on their computer is going through their Address Book and combining names at random for the To: and From: e-mail fields, then sending off its nasty little payload. Since your name is in the Address Book, it will end up appearing that you have sent some of these virus-generated e-mails to others.

    If this is the case, there's nuttin you can really do about someone (unknown) else's infected computer. You can reply to any "complaint" e-mails with an explanation, something like the above.

    Alan

  5. #5
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    Thank you for the replies. It's reassuring to know that I probably don't have a virus but annoying that this is happening.. Why is it so easy to spoof email addresses? How are the nasties emails sent without the user noticing. Wouldn't a firewall catch it?

    Regarding the online scans - Trend Micro wanted a plugin and Panda will only run with Internet Explorer (I use Firefox). Presumably to run an online test with Panda I'm going to have to change the activex controls for I.E. - (I have it set to high security).. I've never thought of doing an online scan of my computer - that seems kind of scary.

    Thanks again,

    Chris

  6. #6
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    From Spoofed/Forged Email
    "It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be a valid email address or a fictitious address that is correctly formatted.
    In addition to connecting to the SMTP port of a site, a user can send spoofed email via other protocols (for instance, by modifying their web browser interface). "

    From the clientside point-of-view, a virus can do the same thing, silently in the background, using its own running code, a legitimate mail application or even the internet browser. In fact, spoofing the mail headers is probably the easiest aspect of writing code for such a virus.

    A firewall can miss this activity, usually because it is being done through an already trusted program. This is why programs like BOClean (which actually gets a bit of a bum rap here) exist - to detect things that are trying to piggyback off a legitimate, trusted application. Some viruses also have the ability to take control of the firewall when Windows starts, rendering it ineffective.

    Alan

  7. #7
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    Thanks Alan,

    Has there ever been any thought to changing SMTP or introducing a new protocol that requires authentication? Or are such changes too easy to circumvent?

    Regarding BOclean the review was certainly mixed. I just downloaded the latest version 4.12 so perhaps BOclean would perform better in some tests now - but if it can be shut down by an executing virus that is cause for concern. What other product do you (or anyone else) think might be better..

    Chris

  8. #8
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    I believe that SMTP AUTH protocol in "somewhere" in the pipeline, but as with all "standards", it is slooooow to materialize, as discussed in this article. I think that many servers already implement some form of authentication, but it seems that faked headers can still find their way across the net. I'm afraid I don't know the technical details.

    From what you've said, your current protection is good, remembering that if a virus can't "run" on your system in the first place (resident AVG scanner) then it can't "take over" and disable or shut down things. What O/S are you using? I use 98SE and AVG Free, but also keep an updated/ updatable copy of F-Prot for DOS on a set of bootable floppies. If my system does end up being hit, I can boot from floppy and clean it up from there (hopefully). What is your mail client? If it's Outlook Express, you can secure it a bit more by disabling the Preview Pane, along with various other measures; although the e-mail scan component of AVG should pick up on any suspect attachments.

    Alan

  9. #9
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    Thanks Alan, I'm using Windows XP Pro SP2. The preview pane is one of the features I like about Outlook Express. I know it is a security risk but opening and closing emails seems very cumbersome. I have a toggle switch on the toolbar to switch it off while downloading. Having said this newsgroups and ordinary messages use a different preview pane and that is a problem. I have made the error of hiding the preview pane in a newsgroup and going straight to download with the result that the preview pane is still open in the inbox. I feel this is a real design weakness.

    Having a separate anti-virus program to boot from if anything does go wrong is a good idea. Is Have you tried using this reserve defence to scan your system from time to time?

    Chris

    PS With all the trouble from spam and the like you would have thought that more priority would be put on getting the standard created.

  10. #10
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: How can I be certain I don't have a virus?

    Your address can be harvested from any number of places on the internet, including someone else's addressbook. I've even received spam from my own spoofed address, and I run both a software and hardware firewall, so I would know if I were sending out those emails.
    Charlotte

  11. #11
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    I can't really offer advice on securing OE, since I use a more secure system to preview mail headers first, then download only the mails I want into OE. There are many references on the web for further tightening up OE/ IE.

    I've certainly tried my "reserve" defences, using real virus code on my HD. I'm quite confident in its efficacy. If you're interested, F-PROT for DOS is <img src=/S/free.gif border=0 alt=free width=30 height=15>ware and will work for XP, but not with NTFS partitions. The best way to set it up and use it IMO is using Art Kopp's F-Prot for DOS free download and update utility, detailed on the same site.

    Alan

  12. #12
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Newbury, Berkshire, England
    Posts
    712
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    I was using Skype to talk to a chap in India. For some reason or other I gave him my company email address, and the next day we were inundated with emails from people complaining that we had sent them spam. However it was not from us, it was a spoof e-mail. I am reasonably certain that the chap in India was the person who did the spoof or sold the e-mail address on to someone else. I had further conversations with him, he was mainly interested in setting up business contacts in the UK and the cheeky sod asked me if I would introduce him to business colleagues as a friend, in effect giving the reference. I said I can't do that because I don't know you! He was most upset.

  13. #13
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    Thanks Alan. Unfortunately I'm using NTFS so F-Prot is a no go. I wonder if there is anything similar for NTFS or whether it is possible to use another anti-virus program and keep it up to date without installing it - then if a virus does get in and knocks down the defences I could boot from CD and use the reserve anti-virus software to knock out the nasty.

    Chris

  14. #14
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    'Fraid I can't help on that one either. I have heard of using Linux boot CDs for that purpose (since Linux can read an NTFS partition), but I don't know details. Maybe BitDefender AntiVirus - Data Security, AntiVirus Software, Free Protection might offer something.

    Alan

  15. #15
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How can I be certain I don't have a virus?

    Thanks for the link.. I've just discoverd I have a problem. I can't remember the hidden administrator account password! A sure sign of aging - I haven't used it for ages and now I'm stuck. Ouch! <img src=/S/frown.gif border=0 alt=frown width=15 height=15>

    Chris

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •