[Waverley ARS] I suspect a computer virus

Thu Sep 10 01:37:16 UTC 2009

Hi Henrik,

Congratulations on finding the Trojan!

I only reinstall when all else has failed.

If it works ok now, I recommend you leave it alone.

However, I recommend a regular backup of things that are important to you.
I bought a NAS (Network accessible storage device) and put it on my network.
A terabyte hard disk in a usb enclosure might only be something under $200.

I then downloaded (& paid for) a simple backup software called Second copy
from http://www.centered.com/
It simplifies the task of proper backup, and because it doesn't have a
proprietary storage format, you can the backup into any other computer and
just copy back what you need. It can also keep several copies of files you
erase so that if you accidentally delete something, it's still backed up.

Downside is that it doesnt do a disk image. So if your PC hard drive
crashes, you need the orginal CD's and drivers to reinstall.

But it gives me peace of mind and I have used it on several occassions to
transform a disaster into a mere annoyance.

Do definately uninstall semantec, it's useless, costly and dangerous.

Regarding leaving IE, it's her choice. I find FireFox MUCH easier to use.
I've also tried chrome and opera. Firefox can log you on to any homepage you
like and it has these "addons" which I make heavy use of. For example
Propfox (propagation report) colorful tabs, image zoom, noscript and
adblock.
For a homepage I use igoogle where I have many useful things that I want to
keep track of, in addition to the google search engine.

The internet is both a scary and wonderful place!
I keep learning all the time.

73
Raffy VK2RF

On Thu, Sep 10, 2009 at 10:43 AM, Henrik Stenstrom <
hstenstrom at komatsu.com.au> wrote:

> All,
>
> Many thanks for all your suggestions yesterday.  Based on collective
> expertise, this is what has been undertaken.
>
> 1. I looked at the msconfig settings last night and disabled the autorun
> of several rarely used programs.  This immediately improved system
> speed.  Found a suspect .exe file which runs at startup and disabled
> that too.
>
> 2. With improved connectivity, was able to download and install Lavasoft
> Ad-aware.  This found a host of tracking cookies but nothing
> particularly malignant.
>
> 3. Downloaded and installed Avast! which found and removed the
> particular nasty causing the problems, including the above .exe file.
> (Lowzone CR Trojan plus rock.exe)
>
> Considering that this PC has had Symantec Norton antivirus software
> loaded, updated and regularly used for full system scans since new, I
> find it highly surprising this was never previously detected! Seems the
> infection is not a new one either.
>
> Result is that the PC now runs again at an acceptable speed and web
> connectivity is also once again OK.  A positive side effect is that the
> XYL is now happy again; we all like that!
>
> Based on the above, I am considering the following;
>
> 1. Uninstall Symantec crapware.
>
> 2. Install Mozilla Firefox as recommended by many.  I'd also like to
> uninstall IE although wife likes it and has Gmail/Google Chrome/iGoogle
> or some such thing set up as homepage.  All under separate user profiles
> though.
>
> 3. Rebuild or o/s reinstall - is this desirable/necessary?
>
> Comments requested.
>
> So begins the education and upgrade of Henrik from "user only" status!
>
>
> Again, many thanks to all.
> HS
>
>
>
>
> -----Original Message-----
> From: Henrik Stenstrom
> Sent: Wednesday, 9 September 2009 9:30 AM
> To: VK2BV
> Subject: I suspect a computer virus
>
> Gents,
>
> I'm beginning to suspect that a computer virus is doing its dastardly
> thing on our home PC. The unit in question is a Dell about 5 years old
> running Windows XP and is used almost exclusively for internet/email and
> other light duties.  Other details such as processor, RAM etc I can only
> give after checking this evening.
>
> Symptoms
>
> The PC is seems to be running very slowly as if there are other programs
> running in the background with higher priority.
>
> Internet Explorer fails from time to time due to "runtime" errors
>
> System requests from time to time to increase virtual memory levels
>
>
> Attempts to Resolve
>
> We have up to date Symantec Antivirus software installed.  Full system
> scans do not show up any problem.
>
> A recent Windows online update showed some initial improvement.
>
> Increasing virtual memory levels is inconclusive.
>
> Our ADSL connection might not be the fastest in Sydney but I don't
> believe this is the underlying problem.
>
>
> So, where to start?  Can anyone recommend if further anti
> spyware/malware detection is required?  If so, any recommendations as to
> what?  What else to check?  IS the windows task manager any use in
> checking for other programs that are running?
>
> Many thanks in advance for all or any help in resolving this aggravating
> situation,
>
> Henrik - VK2HHS
>
>
>
> ___________________________________________________________________________________________________
> DISCLAIMER: The information in this document and attachment/s may contain
> confidential, copyright
> and/or legally privileged information and is intended for the addressee(s)
> only. Access to this
> message by anyone else is unauthorized. If you are not the intended
> recipient and have received
> this correspondence in error, please notify the sender by return email and
> delete the email from
> your system.   Any review, disclosure, copying, distribution or use of this
> message or attachment
> is unlawful.
> The sender does not accept any responsibility for viruses that might be
> attached to this e-mail.
> ___________________________________________________________________________________________________
> _______________________________________________
> Members mailing list
> Members at us.cactii.net
> http://us.cactii.net/cgi-bin/mailman/listinfo/members
>

-- 
Raffy Shammay
VK2RF