×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Where did I catch that stinking virus??
4

Where did I catch that stinking virus??

Where did I catch that stinking virus??

(OP)
Today I'm virus free on all 6 PC's but I've had my share of virus/Trojans/malware etc over the years and half the time I know where I got them.

Other times I haven't a clue where they came from like when I caught the FBI/MoneyPak and a web search said it was from unscrupulous browsing; believe me it wasn't. It just appeared and I removed it.

My question: Is there anyway to trace where one gets infected when it's not obvious where it came from?

Thanks in advance

Sam

RE: Where did I catch that stinking virus??

Wow, what a great question. I anxiously await an answer to it.

I have one PC in my house that it constantly getting infected by one thing after another. I know the reason (teenage boy into anime and online games), but I'd love to be able to identify the exact site or email it came from. That would allow me to block it ot at least educate him. That would save me a lot of time cleaning the dang thing.

RE: Where did I catch that stinking virus??

2
Hi Sam,

I seriously doubt it is possible. You're AV logs might give you a the name of the Trojan, but that is not sufficient.
Virusses/Trojans are not unique to one site. You can get the same virus from a lot of sites.
They can also be contained on CDs from computer magazines, backpacking on freeware tools, multi media files, etc.

On second thought, there might be a way, by playing a little Sherlock Holmes:
a) Install a internet usage tracker, e.g. one of these:
http://www.hongkiat.com/blog/monitor-internet-usag...

b) Once you detect an infection, note the time of infection from your AV logs.

c) now cross reference that with your internet monitor and you should get an idea where it came from.

Besides that, it is good to have a strong and up-to-date anti virus with web protection. It will block the opening of infected sites - provided the virus there is identifiable.
Another thing I am doing is using "Google Safe Browsing" before opening an unknown site.
=>http://www.google.com/safebrowsing/diagnostic?site...

Just replace "site=google.com" with "site=" + the site address you want to check for malware.

Cheers,
MakeItSo

“Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.” (Kofi Annan)
Oppose SOPA, PIPA, ACTA; measures to curb freedom of information under whatever name whatsoever.

RE: Where did I catch that stinking virus??

Quote:

I seriously doubt it is possible. You're AV logs might give you a the name of the Trojan, but that is not sufficient. Virusses/Trojans are not unique to one site. You can get the same virus from a lot of sites.

I'd say that is correct unless you go to a lot of trouble as mentioned, but then you're STILL infected. And teenager + internet + click on whatever they feel like on any web site = virus.

RE: Where did I catch that stinking virus??

On one of the reputable forums I frequent, I have seen a lot of complaints about ads, whether they are clicked on or not, being the source of malware. Unfortunately, it seems like the default is to execute everything (unless you want it to) making it easy to contract them. Couple that with a little cross-site scripting or hijacking and you can catch critters.

RE: Where did I catch that stinking virus??

My favourite way of blocking unwanted ads - other than with adblock+ or whatever - is the MVPS HOSTS file:
http://winhelp2002.mvps.org/hosts.htm

It basically associates known ad sources (adserver, doubleclick etc.) with 127.0.0.1. This way, the ad isn't loaded and neither are any connected viruses.
It's a bit cheating on those sites that need advertisements to finance themselves but I say "hey: I don't want no viruses in return, so live with it".
Extend that HOSTS with known porn sites and you are a lot safer.
No 100% safety exists on the web though.

“Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.” (Kofi Annan)
Oppose SOPA, PIPA, ACTA; measures to curb freedom of information under whatever name whatsoever.

RE: Where did I catch that stinking virus??

(OP)
Nice responses so far, they make sense but I would really like to make a virus creator cry just once.

Presently my defense regiment consists of monthly running the following:
CCleaner, Glary Utilities, RegScrubXP, HiJack This, Malwarebytes, TDSKiller
MSConfig start-up, Smart Defrag, Avira Antivirus, SuperAnti Spyware, Rogue Killer

I mostly get ad-ware from my wife's PC but I'm generally very clean.
Any additions/deletions or suggestions about my defense regiment are welcome.

Tonight I will visit the links supplied by MakeItSo, they look to be promising.

I still believe a virus of any kind must leave some kind of I/P footprint or hexadecimal DNA or something to help trace a source.
As said above there may be many sources for the same virus but I'll be happy to uncover one.

If there really aren't ways to trace sources than I'll pass that info on to the many Crime Series TV shows that seem to think there is.

Thanks
Sam

RE: Where did I catch that stinking virus??

Quote:

Presently my defense regiment consists of monthly running the following: CCleaner, Glary Utilities, RegScrubXP, HiJack This, Malwarebytes, TDSKiller MSConfig start-up, Smart Defrag, Avira Antivirus, SuperAnti Spyware, Rogue Killer
If this didn't save you, nothing will!!! My honest feeling is that your putting $10 into a $1 problem. Conquer malware, move on, profit.

RE: Where did I catch that stinking virus??

(OP)
Thanks goombawaho

Yes it's definitely overkill and time consuming but I'm retired and have been working on computers (building and programming)since 1962; it's in my blood LOL.

I am constantly deleting and adding new detection software and I agree I should be doing more deleting than adding.

Do you have your favorites?

RE: Where did I catch that stinking virus??

(OP)
Thanks again MakeItSo

I've visited your recommended links and will try netspeedmonitor simply to see what my average up/down speeds are.

I'll also try cucusoft to capture web connected programs and trace them to antivirus logs in the event I get infected.

I will also play with Google safe browsing to see how that works.
It somewhat looks like what one does to monitor third party cookies which is cumbersome at first and requires maintenance but pays off tremendously by keeping malware/ADware at bay.

RE: Where did I catch that stinking virus??

I think you mentioned the main things I normally use: CCleaner, TDSSKiller, MBAM, HiJack This, Rogue Killer.

If you're happy chasing the source of the malware that's great since you have the time.

RE: Where did I catch that stinking virus??

Comodo Antivirus, even the free one, has a program called Virtual Comodo included with it, it is their version of a sandbox & works quite well. What it does is you can download and try anything or any site without fear of screwing up your computer, nothing is written to your actual computer so when you exit any malicious files are gone. If you do download a program you want to keep, it goes into a separate shared folder you can access after you exit Virtual Comodo, there you can scan it to be sure it is safe.

Just a suggestion to stay safe

RE: Where did I catch that stinking virus??

(OP)
@xit

I like the sandbox approach and I'll give Virtual Comodo a try as soon as I have something to test (download).

Thanks
Sam

RE: Where did I catch that stinking virus??

What OS are you running?

There are some great tools out there.

If XP I highly recommend Steady State, but you may struggle to find a legit download as it's been dicontinued.

Also have a ganders at this
http://support.microsoft.com/kb/2458544

It is an interesting tool:

I'll stick up a dedicated link to this actually smile

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

http://alvechurchlounge.org.uk

RE: Where did I catch that stinking virus??

(OP)
Thanks Symplolgy

XP SP3

Is this the download you suggested, if so I'll give it a try?

I'll also have a gander at the kb link

sam

RE: Where did I catch that stinking virus??

Yes that looks liek it.
The way it works is to create a Virtual XP machine instance and boots to this. If you turn on disk protection, by far the best thing ever, then everything that gets written to the pc is not stored permantly. So a reboot wipes everyting since the last update. However you can set it to override and say "I want to save changes" (admin mode only). It also allows windows updates to run without admin mode.
You can set exceptions, so you can save to say a USB drive or some other folder / device.
We've used it in an Internet cafe for 3 years, never had even the slightest issue with it.
The most annoying thing they don't do a Win7 / 8 version, so we've got to use a 3rd party solution sad

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

http://alvechurchlounge.org.uk

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close