Malware on W7 has me upset

[texpat]

This is just venting some serious <snip> here, so just bear with me - if you're up to it...

Ubuntu runs on three machines I use and it works wonderfully. It just works. I mean, I couldn't love it more. Its like being married for decades: we both know what goes on, a gesture, a glance and the other just does what has to be done.

Recently, though, I took on a job that requires me to use Windows-only software (Google Sketchup, plus a series of related stuff, like Layout and special PDF gear, if you have to know - no, it doesn't perform well under WINE, very much to my distress).

So I get this computer with Windows 7 and I immediately stick an anti-virus (AVG) and anti-spyware (Spybot S&D) system on it. No need to say that this alone, what, with its resident agents and on-demand scanning stuff, bogs down the otherwise super-efficient four-core, 64-bit hardware to just-about-workable. I also run registry cleaning software every so often and backup all the bloody time - just in case.

You know whats next, don't you? Yep, bloody virus infection. Its called cycbot or somesuch, and it pretty much disables any anti-malware gear on the machine and goes on doing whatever it is that viruses do: subdue your computer into zombie-dom...

So your humble servant - me - checks out what goes and you know what? Its all over the <snip> Internet. This isn't some exotic zero day exploit that some script kid came up with. No, this is major league botnet malware that roams the interwebs.

Its also not easy to get rid of. I'd normally opt for wiping my drive and start from scratch, but my brand-spanking-new Dell Inspiron didn't come with installation media...!? So I spend like ages reading forums, downloading special cleaning software, running said software, getting mediocre results, as in it'll kill suspicious processes and registry entries but a day later I'm back where I was (or better: the virus is back where it was).

Take this as you like, but if I ever have the choice, I'll go for boring, stable, reliable and TRANSPARENT Linux any day.

[haqking]

This is just venting some serious <snip> here, so just bear with me - if you're up to it...

Ubuntu runs on three machines I use and it works wonderfully. It just works. I mean, I couldn't love it more. Its like being married for decades: we both know what goes on, a gesture, a glance and the other just does what has to be done.

Recently, though, I took on a job that requires me to use Windows-only software (Google Sketchup, plus a series of related stuff, like Layout and special PDF gear, if you have to know - no, it doesn't perform well under WINE, very much to my distress).

So I get this computer with Windows 7 and I immediately stick an anti-virus (AVG) and anti-spyware (Spybot S&D) system on it. No need to say that this alone, what, with its resident agents and on-demand scanning stuff, bogs down the otherwise super-efficient four-core, 64-bit hardware to just-about-workable. I also run registry cleaning software every so often and backup all the bloody time - just in case.

You know whats next, don't you? Yep, bloody virus infection. Its called cycbot or somesuch, and it pretty much disables any anti-malware gear on the machine and goes on doing whatever it is that viruses do: subdue your computer into zombie-dom...

So your humble servant - me - checks out what goes and you know what? Its all over the <snip> Internet. This isn't some exotic zero day exploit that some script kid came up with. No, this is major league botnet malware that roams the interwebs.

Its also not easy to get rid of. I'd normally opt for wiping my drive and start from scratch, but my brand-spanking-new Dell Inspiron didn't come with installation media...!? So I spend like ages reading forums, downloading special cleaning software, running said software, getting mediocre results, as in it'll kill suspicious processes and registry entries but a day later I'm back where I was (or better: the virus is back where it was).

Take this as you like, but if I ever have the choice, I'll go for boring, stable, reliable and TRANSPARENT Linux any day.

just to be pedantic, cycbot is a trojan/backdoor and not a virus, but does come under the malware definition.

It has been around for a while.

make sure you use upto date definitions in your anti malware solutions.

And always have backups and/or restore points and/or clones of your system which is the first thing you should do upon install or receipt of built system and definately before connecting to the internet then this type of thing is never a problem.

Cheers

[CharlesA]

The system admin at your job should have locked the machine down.

I am betting the machine was running on an admin account too.

[haqking]

The system admin at your job should have locked the machine down.

I am betting the machine was running on an admin account too.

+1

indeed, if it is a work machine the IT dept should have a backup for easy restore and tied down to try and prevent such things.

System security is always down to the user/admin for the most part

Cheers

[QIII]

Let's not be so sure of our secure redoubt that we miss the the PFY (pimply faced youth) who is even now ready to release into the wild an siege engine that, sapper like, will reduce our ramparts to rubble in a great explosion and leave our flank open to those who besiege us.

[haqking]

Let's not be so sure of our secure redoubt that we miss the the PFY (pimply faced youth) who is even now ready to release into the wild an siege engine that, sapper like, will reduce our ramparts to rubble in a great explosion and leave our flank open to those who besiege us.

no such thing as a secure redoubt in a connected world only as secure as can be within the constraints of functionality and ease of use for its intended system or target user

[QIII]

no such thing as a secure redoubt in a connected world only as secure as can be within the constraints of functionality and ease of use for its intended system or target user

Yeap. Due diligence and a wary eye are required, but not always entirely effective.

Leaving the back gate open, however, is folly.

[texpat]

just to be pedantic, cycbot is a trojan/backdoor and not a virus, but does come under the malware definition.

It has been around for a while.

make sure you use upto date definitions in your anti malware solutions.

And always have backups and/or restore points and/or clones of your system which is the first thing you should do upon install or receipt of built system and definately before connecting to the internet then this type of thing is never a problem.

I'm OK with pedanticism (not sure that's even a word). That just means I downloaded the <snip> thing onto my machine all by myself... GREAT

Its been around for a while: well, yeah. Its just a damn shame my daily-updated anti-stuff didn't get the message, apparently.

And I have the backups/restorepoints allright, its just that I'm not used to this crap...

[CharlesA]

It happens to everyone. I had a developer at work get a nasty bug on his work laptop. Took a week or so to get the damn thing cleaned up.

[goofey24]

Its been around for a while: well, yeah. Its just a damn shame my daily-updated anti-stuff didn't get the message, apparently.

My sister has a machine with Vista and she has the 'redirect' drama going on .
Every time you do a google search and the page with all the links comes up, but every time you click a link, it redirects to some page with this 'StarFixMe' or some other crap. I have run all kinds of cleaner programs and nothing found.
She has the paid version of McAfee.

END RANT