Comptuer Virus Help

Discussion in 'Computer Security' started by herbdove, Nov 13, 2006.

  1. herbdove

    herbdove Guest

    Hello all,

    I'm wondering if someone would kindly me with what appears to be a
    virus on my computer.

    I turned on my computer yesterday, and all my bookmarks in Firefox
    disappeared. Other oddities: I am receiving the error message:
    "Error: LiveCode is not defined line:19", certain (but not all)
    graphics on a webpage will not load and sometimes when they do the
    resolution will be bad, spacing on the page will be off, font size will
    be strange, etc. Another oddity--when I will click on a link of any
    sort, or click on an e-mail message, etc., the page that comes up will
    simply be blank. Things are running very slow overall.

    I run Symantec Anti-Virus at all times, and have a firewall through
    ZoneAlarm. I ran Ad-Aware and Spybot, and updated all. When no
    viruses were detected, I downloaded AVG Anti-Virus, and Microsoft
    Baseline Security Analyzer. So luck with these either. I've
    uninstalled Firefox, and re-downloaded it again. Nada.

    Any suggestions on how I should proceed?

    Thanks a million...
    matt
     
    herbdove, Nov 13, 2006
    #1
    1. Advertisements

  2. It doesn't. It appears like a generic software bug.
    1. Rebuild your Firefox profile. This should fix the issue.
    2. Uninstall Symantec AV and ZoneAlarm, this will protect your computer.
    3. Stop wasting your time with all kinds of scanners for a problem that
    could hardly be related to malware.
     
    Sebastian Gottschalk, Nov 13, 2006
    #2
    1. Advertisements

  3. From: "herbdove" <>

    | Hello all,
    |
    | I'm wondering if someone would kindly me with what appears to be a
    | virus on my computer.
    |

    You presume wrongly !

    Please don't Multi-Post.
    Please Cross-Post to pertinent, On Topic, news Groups instead.
     
    David H. Lipman, Nov 13, 2006
    #3
  4. herbdove

    erewhon Guest

    Less AV and less firewall = More protected?

    I'm aware they create a false sense of securty for 0days and bespoke code,
    but I think you are full of shit if you think that their removal improve
    security.

    All code has flaws. However, a software firewall (even with possible
    vulnerabilities) is certainly better than a core o.s with NO firewall and
    AV.

    Don't believe this fool - get multiple AV's installed, then be careful what
    you browse and open.
    I may be related to malware. It may not. Searching for it, and not finding
    any (since it may slip under the radar) is certainly not a futile excercise.
    Malware is detected more times than not. That's not to say you have no
    malware, just that you have a higher probabilty of finding it if you look
    for it.

    Not looking for it, is akin to sticking your head in the sand.

    Search, but always remain a liittle sceptical that nothing found does not
    always equal nothing present.

    Do not take this fools advice of no protection and no looking to keep
    protected.

    erewhon
    alt.hacker
     
    erewhon, Nov 13, 2006
    #4
  5. Generally yes. More code = more complexity = insecurity. Beside that
    ZoneAlarm is no firewall.

    Even further, Symantec AV and ZoneAlarm have known unpatched security
    vulnerabilities that make the computer vulnerable in first place, and
    they're totally broken.
    Wrong. Take a secure computer, install such a software, and now you made it
    insecure.
    Believe whatever you want. Reality doesn't care for you unjustified believe
    in virus scanners.

    Real protection against viruses is provided by ACLs, implementing a global
    no-exec policy and by not allowing automatic code execution.
    Default assumption: It is not related.
    Installing pseudo security stuff has nothing to do with protection.
     
    Sebastian Gottschalk, Nov 14, 2006
    #5
  6. herbdove

    Jim Guest

    herbdove came up with this when s/he headbutted the keyboard a moment ago in
    alt.computer.security:
    That's a bug I've seen before. And reported it.
    Not sure what this is: possibly something you're missing in your system
    configuration (.NET?)
    Misconfigured browser. I have mine set with small fonts (large fonts have a
    tendency to mung the spacing not only between characters but between rows
    as well - depends on how the page is coded), and images from the
    originating site only. Stops a lot of the ads.
    Very possibly a busted Firefox. Try another browser to see if the behaviour
    is repeatable on that.
    My experience and observation: Symantec AV is most often at the top of the
    list for malware to disable in any way it can before it delivers its
    payload. A nineteen month old buffer overflow exploit (which still hasn't
    been patched by Symantec) is a favourite vector. Once the exploit is
    triggered, NIS/NAV simply stops working. Apart from that, NAV/NIS is a hog
    anyway; you would be much better off using AVG and something like Panda AV,
    along with Spybot S&D and Ad-Aware.Even those four programs have less of a
    footprint than Symantec's offering, and you will notice a /dramatic/
    difference in the responsiveness of your system. As for a softwall, use the
    one provided with XP. It (surprisingly) does what it says on the tin. You
    don't need Zonealarm or anything like that (which will most likely clash
    horribly with XP's own firewall anyway). Remember, this is experience. Not
    BS.
     
    Jim, Nov 14, 2006
    #6
  7. herbdove

    kurt wismer Guest

    Sebastian Gottschalk wrote:
    [snip]
    by acls i imagine you're making a reference to least privilege... fred
    cohen's early experiments with viruses demonstrate fairly unequivocally
    that least privilege does not stop viruses... it is a speed bump, not a
    road block - it will interfere with those viruses that were made with
    the assumption of having admin access and that's about all...

    as for trying to control execution, determining executable data from
    non-executable data is undecidable in the general case...

    they can be valuable additions to a defense in depth approach, but they
    are not, by themselves, a solution to the virus problem...
     
    kurt wismer, Nov 15, 2006
    #7
  8. ACLs that are set such all write access to binaries is denied will stop
    viruses totally: they can't spread.
    That's why such policies also have to be enforced by programs. If you allow
    the users to execute perl.exe, well, then you have a problem.
    They are. Trivially.
     
    Sebastian Gottschalk, Nov 15, 2006
    #8
  9. herbdove

    kurt wismer Guest

    you must have an interesting definition of 'binaries'...
    i'm sorry, i obviously wasn't clear... i meant undecidable in the
    computational complexity sense of the word... the computer can't figure
    such things out (which, by the way, is part of the reason why we 'tend'
    to mark executable content with special file extensions in dos/windows
    or execute flags under *nix)...

    perl is not the only complicating factor, many tools are scriptable in
    some sense these days... ms word or alternatively open office are
    susceptible to viruses - are you going to disallow opening documents too?
    it's interesting that you think a problem widely known to be unsolvable
    has such a strait-forward solution...
     
    kurt wismer, Nov 15, 2006
    #9
  10. Let's see. Not just that you can disable macros based on certain
    conditions, these macro languages are not powerful enough to load arbitrary
    code. VBA for example uses Shell32::LoadLibraryEx() to load additional
    modules, which is already covered by Software Restriction Policies.
    Huh? It's a problem that is known to be trivially solvable.
    Indeed, it has. That's why you should wonder why so many people suggest
    totally incompetent, slow and dangerous solutions.
     
    Sebastian Gottschalk, Nov 16, 2006
    #10
  11. herbdove

    Admins Guest

    ZoneAlarm isn't the best choice in firewall, everyone has an opinion about
    which one's the best but I've always preferred Kerio. It's never leaked
    and doesn't slow down your computer. They charge for it now, but I have
    the free one still available in our software section. You can set up rules
    for it at shields up www.grc.com just say no when you establish rules for
    the probes it will do towards your computer after you start the test.

    Your problem may be malware and it may not. Try another scanner, there are
    3 free ones up in our software section that have been given a high rating
    by PC magazine. If you have the time, download and install a trial version
    of a product called "the cleaner". It's from Moosoft and is specific to
    trojans and worms, it's the best one on the market, but it's not free

    Regards,
    --
    Admin


    * www.privacyoffshore.net (No Logs Internet Surfing)
    * Anonymous Secure Offshore SSH-2 Surfing Tunnels
     
    Admins, Nov 16, 2006
    #11
  12. D'oh! Choosing the lesser evil...
    Oh please!
     
    Sebastian Gottschalk, Nov 16, 2006
    #12
  13. herbdove

    erewhon Guest

    Ok - genius.

    Take XP out of the box.

    Detail the steps YOU claim you need to follow to secure this OS (and default
    installed apps) from all vulnerabilities (known, and unknown), without using
    a third party products....

    I'm genuinely interested.

    I suspect if you can script the steps or drop them all into single .msi then
    the whole AV, firewall and malware industry will be instantly obsolete.

    I await your response....
     
    erewhon, Nov 16, 2006
    #13
  14. Kerio works the same now as it did before Kerio sold it to Sunbelt.
    http://www.sunbelt-software.com/Kerio-Download.cfm

    "Sunbelt Kerio Personal Firewall 4 can run in a free mode vs. a full
    (paid) mode. Install it now, and for the first 30 days it will run in
    'full' mode. After that, it shuts down selected features[1], but will
    continue to run in 'free' mode"."

    [1. ad blocking, web page filtering, cookie filtering; minor things that
    modern browsers already do. <g>]
     
    Beauregard T. Shagnasty, Nov 16, 2006
    #14
  15. herbdove

    Admins Guest

    Thanks for the information, at one point they had gone to a paid version
    with a free trial that expired out, it's good to see the free product
    version available again. They only charged $15 for the paid version when
    they originally went that direction, but not everyone needs the extra
    features
    --
    Admin


    * www.privacyoffshore.net (No Logs Internet Surfing)
    * Anonymous Secure Offshore SSH-2 Surfing Tunnels
     
    Admins, Nov 16, 2006
    #15
  16. herbdove

    kurt wismer Guest

    a) vba only applies to ms word, not to open office...
    b) those were just the most mainstream examples of apps that can be
    turned into operating environments for viruses - some more obscure
    examples include amipro, matlab, and ida pro... again, those are just a
    few more examples - i'll not post an exhaustive list because the apps
    that fall into this category are legion...
    c) even if it were actually possible to block execution of all
    executable content in user writable areas (which i specify because you
    would obviously need to still allow execution from system areas which
    the user would presumably not have write access to) that would
    necessarily impede with any ability the user might have otherwise had to
    automate his/her tasks....
    according to which recognized expert in the field?

    fred cohen's seminal work in the field revealed that the ability to
    support viral programs is inherent to the general purpose computing
    platform - meaning that there is no way to manipulate a general purpose
    computer (or the os or policies enforced by it), short of making it not
    a general purpose computer anymore, that will stop all possible viruses
    from operating - ergo the problem is not solvable...
    the only thing i'm wondering is where you come up with some of the stuff
    you post... i'm getting a strong sense that false authority syndrome is
    at play here...
     
    kurt wismer, Nov 17, 2006
    #16
  17. herbdove

    erewhon Guest

    I'm smelling the same thing....
     
    erewhon, Nov 17, 2006
    #17
  18. herbdove

    erewhon Guest

    Indeed, it has. That's why you should wonder why so many people suggest
    ....still waiting....
     
    erewhon, Nov 18, 2006
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.