Convekta Web Site infected with Trojan/Virus

[Peter Skinner]

Get the AVG or Avast Anti Virus.. Also don't forget to use the system store to restore your system back to the day when there was no virus in the system.

AVG is horrible. Avast is fine.

The system restore feature of Windows is a killer when it comes to ridding a system of malware.

Simply turn off the system restore (yes I know you will lose all restore points, but can you be sure they are all clean points?), clean the infected system, re-enable system restore (now you have a clean restore point to start from again), and install protection.

Restoring to a previous point when you don't know what is exactly infected is not a great of handling things. Just like formatting an entire system because of an infection seems like overkill to fix the problem.

[swami]

Ofcourse you are right, there are even better softwares out there such as BitDefender, Kaspersky.

my system had a virus attack yesterday, and it caused my system to run slower...I then decided to use system restore feature to restore it back to 2 days earlier and software managed to remove the viruses and it's working faster as usual.

[Nimzovik]

Yes.................All very fine. However is not the real issue that convetka was bugged in the first place? Was it irresponsibility? Was it - OMGoodness- deliberate? Were they just attacked successfully?. I do not buy things on line from Russia or China ( or others) directly. The black market et. al. is just too strong there IMHO. I support this forum and buy the disk so I can scan thoroughly PRIOR to initializing program. I find it VERY disturbing that the convetka site permitted? Allowed? or were successfully ataked themselves...... This shows - for whatever reason-- a definite faith buster in the company if what was said is true. I also note that you said -you made them fix the website-.........why would you have MAKE (made) them fix it? Why would they not gasp and say Blast and JUMP to fix it voluntarily? Perhaps I am reading too much into all of this? Please comment.

[LJC]

Ofcourse you are right, there are even better softwares out there such as BitDefender, Kaspersky.

my system had a virus attack yesterday, and it caused my system to run slower...I then decided to use system restore feature to restore it back to 2 days earlier and software managed to remove the viruses and it's working faster as usual.

I shut off system restore. I have had cases where that would not even work because windoze was trashed so you were screwed all round . Best to use a third party restorer

[Albert Silver]

The best solution would be to formate the hard disk and make a clean XP installation....
Believe me,you'll never get rid of the damn thing....

Or he could just do a quick file repair with sdfix.exe. That eliminates pretty much anything that I encouter or my technicians encounter on a daily basis.

You _do not_ have to format a computer to rid it of trojans/malware.

Use effective tools, then patch the system. Make sure your Java and Flash are up to date, and all Windows Updates are applied. Then install something like Kaspersky Anti-Virus or NOD32 Anti-Virus for protection.

It really is that simple.

Zone Alarm Pro does the job also. Their AV is in fact the Kaspersky AV.

Albert

[swami]

I shut off system restore. I have had cases where that would not even work because windoze was trashed so you were screwed all round. Best to use a third party restorer

Can you name some good softwares out there, that work as a restorer? Thanks!

[Dr.Wael Deeb]

Get the AVG or Avast Anti Virus.. Also don't forget to use the system store to restore your system back to the day when there was no virus in the system.

AVG is horrible. Avast is fine.

The system restore feature of Windows is a killer when it comes to ridding a system of malware.

Simply turn off the system restore (yes I know you will lose all restore points, but can you be sure they are all clean points?), clean the infected system, re-enable system restore (now you have a clean restore point to start from again), and install protection.

Restoring to a previous point when you don't know what is exactly infected is not a great of handling things. Just like formatting an entire system because of an infection seems like overkill to fix the problem.

It depends if you have an access to it

[Peter Skinner]

If you can't get it in normal mode Windows, you can usually get it in Safe Mode.

On the chance that both of those fail, you could just use the following registry fix:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=dword:00000000
"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
  00,00,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0"="Root\\LEGACY_SR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=dword:00000000

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]

Or

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
  00,00,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0"="Root\\LEGACY_SR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Just copy that into notepad, name it sysrestore.reg, double click that bad boy, and voila, you have System Restore enabled again just to turn off

[Marc MP]

Get the AVG or Avast Anti Virus.. Also don't forget to use the system store to restore your system back to the day when there was no virus in the system.

AVG is horrible. Avast is fine.

...

Hi Peter,

Why do you consider AVG horrible? I have 2 comps here, one with AVG 8 and the second one with PCTools 5.0. Should I switch to Avast? It offers a better protection?

[Peter Skinner]

Get the AVG or Avast Anti Virus.. Also don't forget to use the system store to restore your system back to the day when there was no virus in the system.

AVG is horrible. Avast is fine.

...

Hi Peter,

Why do you consider AVG horrible? I have 2 comps here, one with AVG 8 and the second one with PCTools 5.0. Should I switch to Avast? It offers a better protection?

There are only three Anti-Virus programs that I recommend.

Kaspersky Anti-Virus (not a product that uses the engine, because usually it is an outdated version of the Kaspersky engine. ie. Bit Defender.)
ESET NOD32 Anti-Virus.
Avira Anti-Vir

All have the best detection rates and more importantly, removal rates.

I personally use ESET NOD32 on all my systems in my home, and I haven't had a bug in forever. If and when I do, I can clean it very quickly, so no OS re-install is needed.

My company website http://www.edmontontek.com has it clear as a bell what I recommend that people use.

My monthly newsletter is coming out in a few days where I talk about this very issue, and why software firewalls are horrible, yet a good anti-virus solution with a hardware based firewall like a properly configured router is 200 times better.

AVG has a high false positive rate, and when it does find something, it only has a removal rate of 11%. That is _horrible_.

You want a program that detects viruses, trojans, and malware. In saying that, you want the program to not only detect all those things well, but have a low false positive rate and a very high removal rate.

Peter

edit: I stated that Avast is "fine". And it is just that. It isn't however a product that I would recommend highly to anyone.