noobie here with question-found virus on computer with multiple users.
- i found trojan:win32/fakesmoke on a computer at work that a bunch of people use, was able to get rid of it after some work. but heres my question all the pop ups and fake warnings only showed up on a guest account?? would the other accounts be affected as well, would the virus be able to makes its way through or into the adminastrator type accounts.
- Moved byStephen BootsMVP, ModeratorSaturday, November 07, 2009 3:07 AMos not specified, not mse (From:Scanning, Detecting, and Removing Threats)
1 person got this answerI do too
Answers
- Hi,
If you use what I do then your users should be warned about almost all actions. Too many programs that
can be installed to check for malware have resident programs and services that can slow down your
computer and interact with other similar programs which actually lowers your security.
Keep those other programs and remember to updated them when you want to scan.
------------------------------------------
Here is what I use and recommend :Avast and Prevx have proven extremely reliable and compatible with everything I have thrown at them.
Microsoft Security Essentials and Prevx have also proven to be very reliable and compatible.
Avast Home Free - stop any shields you do not need except leave Standard, Web, and Network running.Prevx - Home - Free
Windows Firewall
Windows Defender (not needed if using MSE)
IE - Protected Mode
IE 8 - SmartScreen Filter ON (IE 7 Phishing Filter)
I also have IE to always start with InPrivate Filter active if IE 8.
(You occasionally have to turn it temporarily off with the little Icon on LEFT of the + bottom right of IE)Avast - Home - Free - stop any shields you do not need except leave Standard, Web, and Network running.
(Double Click Blue icon - details next to OK. - upper left Shields - Terminate those you do not use.)
http://www.avast.com/eng/avast_4_home.html
Or use Microsoft Security Essentials - Free
http://www.microsoft.com/Security_Essentials/
Prevx works well along side Avast or MSE
Prevx - Home - Free small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- downloadPCmag - Prevx - Editor'a Choice
http://www.pcmag.com/article2/0,2817,2346862,00.aspAlso get Malwarebytes - free - use as scanner only. If you ever suspect malware, and that would be unsual with
Avast and Prevx running except for an occasional low level cookie (no big deal), UPDATE it and then run it as
a scanner. I have many scanners and they never find anything of note since I started using this setup.http://www.malwarebytes.org/
Hope this helps.
Rob - Bicycle - Mark Twain said it right.- Marked As Answer byKeith-Support EngineerMSFT, ModeratorFriday, November 20, 2009 9:58 PM
All Replies
- Hi,
Its possible, best is to use an Admin account and make sure its 100% gone.
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can download it here.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
also install Prevx to be sure it is all gone.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- download
PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
--------------------------------------------------------
If needed here are some online free scanners to help
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------------------
Also do these to cleanup general corruption and repair/replace damaged/missing system files.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
-----------------------------------------------------------------------
If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/
Hope this helps.
Rob - Bicycle - Mark Twain said it right.- Proposed As Answer bySpiritX Saturday, November 07, 2009 3:13 AM
- Hello jayhawk1953m,
I agree with SpiritX's excellent advice, but scanning in safe mode is one the best ways to see if your infected and removing it:
Try to boot your system into Safe mode:
- Restart your computer if it is powered on.
- Press and hold F8 key for 3 seconds after your computer initially powers on.
- Once you see the Advanced Boot Options menu you can stop tapping.
- Use the up/down arrow keys to highlight your selection.
- Select Safe Mode with Networking and press Enter.
- You should see drivers loading, this may take a few moments.
- You should then be at the Welcome Screen.
- Logon to your computer using an account with Administrator privileges.
- Now you should download (free) MalwareBytes from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol install, update then do a scan of your system in safe mode, to make sure it is indeed clean! Once the scan is done delete anything it finds. Then simply reboot your PC to see if your issue has been resolved!
Hope this helps you. Let us know either way. Make it a great day!
"And In The End The Love You Take, Is Equal To The Love You Make" (The Beatles last song from thier last album, Abbey Road.)- Proposed As Answer byMichael Murphy Monday, November 09, 2009 1:31 AM
- spiritx thxs for the info it was very helpful, i've found out that learning about virus's is totally intresting but complicated hope that dosen't sound wierd.
once again thank you for the help. - the c. a thank you to you as well. very helpful advice.
- Hi,
I hope you followed out advice and made very sure you are clean. So often I see those that think since
one program says they are clean that all is ok only to find later they were not and the infections have
destroyed their operating system and data as well as opened them up to security issues.
A little extra work now means many saved hours and hassles later.
Rob - Bicycle - Mark Twain said it right. - yep followed your advice, one problem though the computer is in use by many people some not so carefull with what they do.
i would like to ask some advice on somewhere to start about learn more about malicious software written for noobies like me.
really just want to learn what i'm up aganist out there in the wild world web. - Hi,
If you use what I do then your users should be warned about almost all actions. Too many programs that
can be installed to check for malware have resident programs and services that can slow down your
computer and interact with other similar programs which actually lowers your security.
Keep those other programs and remember to updated them when you want to scan.
------------------------------------------
Here is what I use and recommend :Avast and Prevx have proven extremely reliable and compatible with everything I have thrown at them.
Microsoft Security Essentials and Prevx have also proven to be very reliable and compatible.
Avast Home Free - stop any shields you do not need except leave Standard, Web, and Network running.Prevx - Home - Free
Windows Firewall
Windows Defender (not needed if using MSE)
IE - Protected Mode
IE 8 - SmartScreen Filter ON (IE 7 Phishing Filter)
I also have IE to always start with InPrivate Filter active if IE 8.
(You occasionally have to turn it temporarily off with the little Icon on LEFT of the + bottom right of IE)Avast - Home - Free - stop any shields you do not need except leave Standard, Web, and Network running.
(Double Click Blue icon - details next to OK. - upper left Shields - Terminate those you do not use.)
http://www.avast.com/eng/avast_4_home.html
Or use Microsoft Security Essentials - Free
http://www.microsoft.com/Security_Essentials/
Prevx works well along side Avast or MSE
Prevx - Home - Free small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- downloadPCmag - Prevx - Editor'a Choice
http://www.pcmag.com/article2/0,2817,2346862,00.aspAlso get Malwarebytes - free - use as scanner only. If you ever suspect malware, and that would be unsual with
Avast and Prevx running except for an occasional low level cookie (no big deal), UPDATE it and then run it as
a scanner. I have many scanners and they never find anything of note since I started using this setup.http://www.malwarebytes.org/
Hope this helps.
Rob - Bicycle - Mark Twain said it right.- Marked As Answer byKeith-Support EngineerMSFT, ModeratorFriday, November 20, 2009 9:58 PM
