virus/trojan question

[W4EWH]

Bottom line?  Get a program that can make an image of your OS.  There are several choices:  ...

You can also use "dd", the disk dump program that comes with all Linux distributions. It's free.

73,

Bill W1AC

[k4kyv]

I recently upgraded to the latest ZoneAlarm free version.  I can't tell much if any difference from the older versions.  It is currently using about 4k of memory (per Task Manager, two each zlclient.exe @ about 2k each).  I now have Firefox 3.0.5 and it still eats up gobs of memory, despite claims that the memory leak problem was solved with Version 3.

[w1vtp]

<snip> I now have Firefox 3.0.5 and it still eats up gobs of memory, despite claims that the memory leak problem was solved with Version 3.

Hi Don and others.  Well, I have held off 'cause I've heard that FF 3 was having some issues.  So I'd be most interested in any feedback re: security issues.  My problem was a new experience for me.  Never had that problem and hope I never have it again

Al

[k4kyv]

The problem with FF3 that I was aware of was that it wasn't compatible with the "record" function on the newer version of RealPlayer that allows you to download flash videos such as YouTube to HDD.  Supposedly, they corrected the problem, but even before upgrading to FF3 I sometimes had trouble saving videos, and would have to copy and paste the URL to IE to save a copy.

What would happen to me is that the video would appear to record normally, but when I would try to play it back, all I would get was a black screen, even though the  little thing at the bottom of the viewing area would tick off seconds and indicate that the video was playing, and "properties" indicates the full size file is saved.

It still happens to me at times.  One thing I have found that helps is to let the video download 100% before trying to save it.

[K1JJ]

Bob,

I found another way to get the system back.

The other night my mouse software suddenly stopped working in XP.  I couldn't get the keyboard to do a past system restore... just no keys to get the job done - needs the mouse.

So I took out the original XP installation disks and rebooted. One of the options is a "Repair" of a previous installation. It took about 45 minutes, but the system was replaced and I retained everything as before. Original files, everything.  The mouse worked again.

I'll bet that is a good method for serious virus problems too, since it boots directly before the old Windows boots up. I would try a standard system restore first, of course, but this worked just as well.

Later -

T

[W1RKW]

Thanks Tom.  I never thought of the installation disk and doing a repair but that's good to know for future reference.   I'll keep that in mind. Hopefully, there won't be a next time at least for some time to come.

Doing a system restore going back 2 months seems to have done the trick.  I did scan the system with various scan tools but they revealed nothing. So I think going back 2 months rather than a few days helped.  In addition to that, I put the offending web addresses in the hosts file and 127.0.0.1'ed them. There's no evidence that my system is looking for these websites either. So far so good at this point.  All seems normal again.

[k4kyv]

Now is probably a good time to be extra careful. Many IT professionals have recently been laid off. Some may turn to criminal activities for income.

[W1VD]

<2 cents>

Be familiar with what's normally running in Accessories > System Tools > System Information > Software Environment > Startup Programs and Running Tasks. You'll normally be able to detect unusual activity there. Many trojans will put .dll, .ini etc files in C:\Windows or C:\Windows\Win32. Sort by date and look for recent additions - about the time of infection. Knowing what doesn't belong, delete these (you may find some are currently running  ) and their associated registry entries and you're usually all done.

Slaying them manually is great sport! Oh yeah...if you think you're infected unplug your internet connection pronto to put a halt to possible additional unwanted downloads.

</2 cents>   

[W1RKW]

Oh yeah...if you think you're infected unplug your internet connection pronto to put a halt to possible additional unwanted downloads.
 

Totally agree. Not only downloads and uploads but snooping and control.  That was my first action upon suspicion and left it disconnected until cleaned.