[khortoom]

Hi all, my other pc is infected with a win32/virut.NBP virus, after a week of trying with ESET smart security+malwarebytes+unhackme+trojan remover, I am thinking about a clean reformat.

Questions:

This virut doesn't spread to a closed, not rewritable CD ROM if inserted, does it?
What are the best antispywares and other protection methods in the future to prevent a virut infection? because this thing is the "no coming back door to hell" I'm thinking about a strong set of actions to ensure it doesn't infect me again ? if it doesn't survive the reformat at all.

Thank you.

[Maurice Naggar]

Hello khortoom,

Sorry to read that the pc has Virut. It seems you are well aware of the consequences.
Do read this blog post of Miekienoes about Virut:
http://miekiemoes.bl...s-throwing.html

I highly commend you about deciding to wipe, and then do a clean install of Windows.
Have your Windows o.s. CD/DVD handy, as well as the setup program for your antivirus program.

The windows setup will allow you to delete existing partitions on your HD, repartition and format the drive prior to install. You need to set your pc BIOS to boot from CD/DVD drive, place the Windows setup CD in, and reboot the system to get started.

References for you on clean (new) install of Windows (do NOT even try repair install as that will not clear the infections)
Clean Install Windows by Michael Stevens, MS-MVP
http://www.michaelst...nxpinstall.html

5 steps to help protect your new computer before you go online
http://www.microsoft...anced/xppc.mspx

An antivirus program is a must. And always keep it up-to-date.

Insuring either Windows built-in firewall is on (if you don't use a 3rd-party one, like Online Armor by Tallemu) or a 3rd party firewall is also a must.

Other suggestions (after you have new Windows in place):
Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.

Most important though:
On a regular basis, Make regular backups of your system to removable media: DVD, USB external hard drive, etc.

Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp

And needless to say, always stay current with Windows Update.
HTH

This post has been edited by Maurice Naggar: 13 August 2009 - 10:12 PM

[khortoom]

Thank you for the thorough explanation Maurice
Considering wiping the hard drive, would Darik's Boot and Nuke (DBAN) be ok? Dunno if I could use that one too
Thank you.

[jedi]

DBAN is an excellent program, it will securely wipe your HD.

[PinguuU]

What are these like?
http://download.cnet...l?tag=pdl-redir
Can't tell if they are shifty or not...

[Budfred]

Most files on Download.com are okay, but that is not always the case... I do not recommend Ad-Aware any more, but it is safe... Spybot is one of the oldest and most respected, along with SpywareGuard... Hijackthis is our basic tool in the forum, but not recommended for untrained use because you can disable your system if you don't know what you are doing... I am not familiar with SpyCatcherExpress, so I don't know if it is any good... However, if it were an excellent program, it would be used/recommended by many of our helpers and that is not the case... None of them will likely prevent Virut -- good Internet habits and a generally armored computer are the main ways to prevent Virut...

[Brent0987]

Quote

Budfred said:
"good Internet habits and a generally armored computer are the main ways to prevent Virut..."

Hello,

"generally armored computer" Can you be more specific? What are some ways I can achieve this? How can I specifically prevent a Virut infection or any malware infection in Windows?

Regards,
Brent

[TheJoker]

There is no practical way to absolutely guarantee saftey from infection. What you can do though is to minimize risks and lower your chance of infection. Viruses have shipped with vendor supplied media, and there are even cases of infected picture frames shipping.

Infections have many sources, ranging from legitimate sites that have been unknowingly hacked, to infected ads, to sites that shouldn't have been visited in the first place such as pirated software sites and porn sites (if you wonder if you should go to a particular site, you probably shouldn't). Many questionable sites can infect you simply from visiting the site; you don't need to download anything to become infected.

There are many ways to increase your protection.

- Install a HOSTS file like MVPS HOSTS file, and keep it updated.
- Run an antispyware protection program like Windows Defender (it's free).
- Always run an antivirus program and a firewall.
- Keep Windows updated.
- Be careful with flash drives, see this post on USB/flash drive safety.
- Don't click on links or open attachments in e-mail that you weren't expecting, and read your e-mail in text only mode.
- Stay away from P2P software, even with a clean P2P program, their networks are often riddled with malware.
- Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
- Run a program like Secunia Software Inspector Scan to see what programs do need to be updated.
- To make your browsing more secure, use Firefox with the NoScript and Adblock Plus add-ons.
- And most of all, if something looks questionable, stay away from it.

[Brent0987]

Hello TheJoker and thank you for replying.

My neighbor had the Virut infection and he finally chose to backup his documents, delete and recreate the partition, format the partition with NTFS and reinstall Windows. At least now he knows he is really clean. He is not sure how he got it as he is always careful in the Internet. I suspect he got it through his Outlook email by accidentally opening an unknown attachment. But the fact is his PC was meticulously maintained. He had all the Windows critical updates, an updated antivirus program, specialty antispyware programs and and an active software firewall and still he was severely infected by malware that was able to penetrate the O/S, write, hook, alter, manipulate and have complete access to the Internet. Are there any other ways to prevent infection other than your advice above? Thank you.

Regards,
Brent

[TheJoker]

Keeping the system up-to-date and being careful online is the best advice. There is no one thing that ill keep you from being infected. It's a combination of good security, and good security practices, to include avoiding of risky sites. Using Firefox and the add-ons I mentioned is a good addition to security. However, security is sometimes a compromise. The best security practices can impede ease of use/user functionality. For instance, you would be more secure without Flash, and no scripting, but that breaks many sites, and needs to be allowed for some essential sites to function.

If I search for updated software at some sites, I need to temporarily allow scripting. There was a recent incident where people were infected from an ad on the New York Times website, an otherwise normally safe site. We can make a system even more secure by prohibiting many functions, or not installing some software, but that decreases what we can do. I ordered a program online last night, so I had to temporarily allow scripting of several sites to allow the purchase to go through. I would have been more secure to not allow scripting, as even sites we normally consider safe can be compromised, but I would have been unable to order my software. So some risk needs to be accepted, or we can't do much of what we would otherwise need to do online.

[Brent0987]

Hello,

Thank you for your response. Your examples of browser configuration sounds promising. In terms of prevention, I am wondering if creating a separate Windows limited user account and using it exclusively for the Internet would help. I've also heard of Windows Software Restriction Policies (SRP), Data Execution Prevention (DEP) and special virtualization software (or sandbox). Today's malicious code seems pretty sophisticated. Besides following your advice above would any of these other methods work in preventing malware programs from writing to and manipulating the operating system? Thank you.

Regards,
Brent

[TheJoker]

For normal everyday use, a limited rights (standard user) account is always recommended rather than using an administrator account. You could run your browser with virtulization software, like sandboxie, but I'm not familiar with doing that. Maybe someone else can comment on that.