Advice requested concerning Trojan incursion

  UncleP 22:25 13 Apr 08
Locked

After 50 years of computing, I've just suffered my first significant malware attack. While I think it has largely been dealt with, I would appreciate advice and comments on (a) how the little b-----s got in, and (b) whether there is anything more I should do to detect problems and reduce the chance of a repeat. I'm running XP2, with BT Yahoo broadband Option 3 (Home Hub).

The sequence of events, some of which might not be relevant, was:

1) about a week ago, the level of spam received jumped from an occasional false positive to around 2-3 a day.

2) on Friday, when sending out a couple of e-mails with pdf attachments, I was told 'virus checking is not currently available'; this did not appear to be a warning or an error message and, as it was late, I decided to check it out the next day.

3) when booting up on Saturday, I obtained 'the Windows Media folder is corrupt' with a recommendation to run CHKDSK. To cut a long story short, after a number of attempts this did indeed appear to cure that problem, which appeared quite extensive.

4) I then had a message that there was a problem with the BT Yahoo Protection system which required attention. This turned out to be that the e-mail protection was turned off; with a bit of fiddling around, I managed to reset that as well.

5) Making sure that I had the latest version, I ran SpyBotS&D. This only came up with 'Microsoft Windows Security Centre-disabled'. I wasn't sure if this was just the result of the Norton component of the BT Yahoo protection, but it was presented as a major risk.

6) SuperAntiSpyware, on the other hand, came up with the usual collection of AdWare cookies and two Trojans, Fake Drop and Vundo Variant. Quarantining them appears to have worked, and they haven't re-spawned.

As I said above, I'm a novice in this area. I'm careful when I'm on the Internet or e-mailing, but I wondering now whether I haven't just been lucky. Anyhow, any comments would be gratefully received.

  Fruit Bat /\0/\ 22:39 13 Apr 08

Firewall?
Anti virus?

I run Sygate FW, Avast AV, SuperAntiSpyware and SpywareBlaster as AS and of course keep everything upto date.
Not had a problem since having this setup.

If you have a decent firewall and antivirus and are sensible there is not much else you can do, maybe you have been unlucky and picked it up from an e-mail from a friend who is not so well protected.

  brundle 22:46 13 Apr 08

No evidence of a "significant malware attack" I can see. Its not unusual for various dodgy-looking files to go into your temporary internet cache while you browse, your software is doing it's job by finding them with a scan. I am guessing you use Norton, in which case the SpyBot warning is normal and nothing to worry about, Norton asks if you want to disable Windows' built in Security Centre in favour of the Norton version when first installed.
It's good to be aware of the dangers, not worth worrying about unduly though.

  UncleP 16:54 14 Apr 08

Sorry, I should have said that the BT Yahoo protection consists essentially of Norton Anti-Virus and Firewall, together with an anti-spyware program, e-mail protection and pop-up blocker of unspecified origins.

I should also have said that my system disk is a 260Gb RAID1 array. The significance of this is, I believe, that it indicates that the file corruption did not originate on either HD, as this would have resulted in degradation of the array.

Indeed, the reason I considered the event significant was the amount of file corruption that occurred. I checked the Symantec website for the Trojans found; I could find no trace of Fake Drop, which might be significant. The Vundo series were covered, but appear to be relatively innocuous pop-up generators.

I've also considered the possibility that the incident started with some file corruption which affected the security system, allowing the Trojans unhindered access one way or another. But I haven't yet come up with a mechanism which consistently fits all the facts.

Anyhow, thank you both for your interest and comments.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Hands-on with the Star Wars fighting drones you can fly yourself

15 macOS Sierra tips | How to use macOS Sierra: Secret tricks and best new features in Apple's new…