OT: OS changes...possible virus infection?

Discussion in 'PC Hardware' started by rhys, Feb 1, 2005.

  1. rhys

    rhys Guest

    Off-topic, but any other NG with "virus" in its name seems empty.

    On a home-built dual processor rig, I run the latest Grisoft AVG 7
    free anti-virus package, and update at least twice a week. I have
    partitions (logical and physical) for the OS, all other programs, and
    all data. I run Windows 2000 (latest service pack) on this dual
    processor workstation connected via a router to a DSL modem.

    I also use POPfile and Ewido security/anti-spam software.

    I notice that when I scan either selectively (C: drive for the WINNT
    and F: drive for all e-mail and downloads) or do "full scans" (two
    hours over 13 partitions), I rarely find a virus of any description. I
    have, however, found that AVG notes the following files as "changed"
    (AVG reports zero infections).

    C:\winnt\system32\kernel32.dll
    C:\winnt\system32\userl32.dll
    C:\winnt\system32\ntoskrnl.exe

    Equivalent scans on my laptop running AVG 7 (latest update) under
    WinXP (latest SPs) does NOT show "changed" in these system files.

    I noticed in the last month also that my domain and a couple of my
    e-mail addresses had been "harvested" and that I was being "spoofed".
    While I have blocked false e-mails, I am wondering if I have a problem
    and what to do about it.

    Thanks,
    R.
     
    rhys, Feb 1, 2005
    #1
    1. Advertisements

  2. rhys

    John Doe Guest

    I don't know if this is of any use, but can you try Symantec
    Security Check? It's a free online service for which they try to
    sell you products. It's useful and not pushy, in my opinion.

    Good luck.

    For what it's worth.

    Other related groups:
    alt.privacy.spyware
    comp.security.firewalls

    I was browsing two days ago when ZoneAlarm advised me that a program
    was trying to dial out. The program name was obscure. Then another
    obscure program tried to dial out. I checked the hard disk at the
    ZoneAlarm identified location and did not see that program (all
    Windows files exposed). Very suspicious. So I went to Symantec's web
    site and ran the virus check. It found at least one infected file. I
    rebooted to my PartitionMagic CD, deleted the current Windows
    partition, and copied back a replacement. And that was the end of
    that problem.
     
    John Doe, Feb 1, 2005
    #2
    1. Advertisements

  3. rhys

    DaveW Guest

    Sounds like you've downloaded Spyware into your system, and that's causing
    the problems.
     
    DaveW, Feb 2, 2005
    #3
  4. rhys

    Tony Guest

    Try running another anti virus programme. I've used AVG for year and never
    thought it was a problem but I kept getting bounced emails from an email
    address that was never given out to anyone (just set up locally for
    testing). I downloaded and run Kapersky and it picked up two trojans and a
    virus that AVG missed.
     
    Tony, Feb 2, 2005
    #4
  5. rhys

    rhys Guest

    Well, I've loaded CW Shredder, SpySubtract, Spybot S+D, and Ad-Aware
    so far...

    I've found quite a few suspicious files, dialers, cookie redirects,
    and possibly e-mail harvesters. Nothing that would change Windows 2000
    OS files.

    It's becoming an education. Thanks for the advice. Free is good, and
    they can pitch me while I wait.

    R.
     
    rhys, Feb 2, 2005
    #5
  6. rhys

    JAD Guest

    Those file were immunized and they are ALWAYS changing. after every
    software upgrade/update hardware change, stuff like that effects
    certain system files.






    @nospam.com> wrote in message
     
    JAD, Feb 2, 2005
    #6
  7. rhys

    rhys Guest

    Yes. After further investigation, I've concluded this is the case, and
    there is no actual problem.

    On the time spent up-side, however, I've got rid of a vast amount of
    spy-bots, diallers and redirection crap.

    Hurrah!

    R.
     
    rhys, Feb 2, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.