Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Computer With A Virus


  • Please log in to reply
9 replies to this topic

#1 music1

music1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 June 2006 - 10:45 AM

Is it possible to get a new computer and it has a virus? We bought a Dell a few months ago and I have been getting trojans ever since. I have scanned and nothing has ever found it. I restarted the system and it still happens. I scanned last night with CamWin and it found a virus in an Earthlink setup installer. I do not use Earthlink but the setup came with the computer.
Thanks for any opinions.

Linda

BC AdBot (Login to Remove)

 


#2 pascor22234

pascor22234

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 06 June 2006 - 12:05 PM

No, new computers don't come with any viruses. The manufacturers would be put out of business in a blink of an eye if they let this happen.

However, the computer can quickly catch all sorts of malware if an antivirus, a decent firewall and other anti-malware apps are not installed immediately before internet use. Did you surf the internet before these programs were installed ? If so your system was at extreme risk.

You need to exorcise all malware from your system and then install good anti-malware apps. There is no need to buy any any anti-malware programs - excellent ones exist at no cost.

Someone with more virus, trojan, adware and other malware removal experience should help you clean out your system. If the infection is severe you may find it much easier and faster to restore your system rather than dealing with many infections at once.

Once your system is clean you need to install:

- Only one anti-virus such as AVG or Avast (both are free)

- Only one decent firewall such as ZoneAlarm (free)

- Several anti-adware and anti-malware programs. Opinions vary widely on what combination is best, but I personally use SpywareGuard, SpywareBlaster (*not* "Spyware Blaster") and Startup Inspector.

Adaware and Spybot Search & Destroy are good scanners/removers but do not provide protection.

#3 music1

music1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 June 2006 - 12:40 PM

Before I found it I did a system restore and before I had even connected to the internet I had a lot of items in my prefetch. My internet was unplugged so it is something that is on my computer. I did set up my norton before I connected to the internet. I have done a system restore before and the virus always shows up. That is why I believe it came with the computer. How would it get into a setup installer when I am not connected to the internet?
Thanks for you help,
Linda

#4 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:03:54 AM

Posted 06 June 2006 - 12:57 PM

Hello music1,welcome to BC :thumbsup:

How do you know its a virus if its not showing up?
Go here http://www.ewido.net/en/ and download the free ewido anti-malware remover.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu"and once installed,update it.
Depending on the strength of the virus,if its a real nasty one,it can keep regenerating,even if you're not on the net. What name comes up for the virus and what is its location? Have you tried scanning in safe mode using Norton to see if that destroys it?
To start in safe mode,restart your PC,keep tapping the F8 key until you get a screen offering you different ways to load up your PC, and then select safe mode. It will look different,not everything will be accessable but just scan your PC and delete any virus it finds whilst noting what it is and its location,also while in safe mode run a scan using ewido and remove anything it finds.If it finds things called tracking cookies,dont panic!Remove them also,but these are normal.Then reboot and start normally.

Edited by graveangel, 06 June 2006 - 01:24 PM.

....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#5 music1

music1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 June 2006 - 12:46 AM

I scanned with Clamwin last night and it found Trojan.winReg in the Earthlink setup. I did a system restore again today and scanned right away and it showed up again in the same place. I was not connected to the internet. How does this happen? Norton has never found anything. I have scanned Norton over a trojan and it has told me no virus. I believe this virus has protected itself because I have been trying to find it for months now. I have tried running many scans in safe mode and still they do not find it. I did run the malware scan and it only found some cookies and deleted them. I believe I have deleted the virus now. How do I get my hidden files to show again and my computer back to normal. A system restore always brings the virus back that is why I think it came with the Earthlink program. Thank you for your help. Linda

#6 HitSquad

HitSquad

    You're Bleepin' or you're Weepin'


  • Members
  • 1,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Momma
  • Local time:09:54 PM

Posted 07 June 2006 - 07:43 AM

I scanned with Clamwin last night and it found Trojan.winReg in the Earthlink setup

Hello music1
I think you're dealing with a false positive here. It's more common then you may think.
TrendMicro's Housecall will detect and remove it if it's actually there.
Run it and see. Temporarily disable Clamwin and any other anti malware program first.
Sorry Linda, that'll teach me to read the whole post.
Looks like your happy now. :thumbsup:

Edited by HitSquad, 07 June 2006 - 07:54 AM.


#7 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:03:54 AM

Posted 07 June 2006 - 09:08 AM

Hi Linda,like Hitsquad said and in regards to your last post,i also believe this to be false positive too,which simply means that it is not a virus,but is just being recognised by Clamwin as one. Thats why i asked you how you knew it was a virus,Norton would have surely detected it if it was one. Just run the scan as directed by Hitsquad,im sure you will find that you are fine.
Just for your own piece of mind try running this scan also:

http://virusscan.jotti.org/

When loaded it conducts an online scan using several popular anti-virus scanners.Simply use the browse button at the top of the page and locate it to the Earthlink setup and ok it.The virus softwares will all report back. This does not delete anything it finds,only informs. But, i think you should find that you are fine! :thumbsup:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#8 ThorXP

ThorXP

  • Banned
  • 880 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 June 2006 - 03:20 PM

Please read this guide before actually doing the procedure
And it has all of the links for downloads you need.

Preparation Guide for use before posting a HijackThis Log
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Go to the following to post your log file and it will be analyzed by a qualified tech

HijackThis Logs and Analysis
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

#9 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:10:54 PM

Posted 07 June 2006 - 09:54 PM

Before I found it I did a system restore and before I had even connected to the internet I had a lot of items in my prefetch.


When you say you had a lot of items in your prefetch, you don't say what the items were - were they viruses? It's not abnormal to have items in prefetch - that has nothing to do with the internet, everything to do with what Windows thinks you'll want to open.

My internet was unplugged so it is something that is on my computer. I did set up my norton before I connected to the internet.


Did you pay for Norton? It usually comes with a temporary subscription and once it's expired, you're vulnerable.

I have done a system restore before and the virus always shows up. That is why I believe it came with the computer. How would it get into a setup installer when I am not connected to the internet?


The false positive idea may be correct. I'm not familiar with CamWin. Why do you keep using System Restore? Whatever you have saved in System Restore will come back if you use it. Your system keeps a snapshot of what it consists of in System Restore and the restore files are not usually accessible by an antivirus. If there is a virus there, there is no way to clean it. But it can't affect your computer, either, unless you use the restore feature.

Also, many people are not aware that the internet is not the only way to get a virus. If you're swapping disks or other storage devices like a thumb drive back and forth from another computer, you may be bringing viruses with them. Files burned to CD or DVD may contain viruses.

#10 fireboy

fireboy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 June 2006 - 09:08 AM

Cannon once (back on 1997) released a printer driver disk that inadvertantly contained a trojan virus, so it can appen - but that is the only case I have ever heard of.

Also, when you get infected with trojans or viruses, they can also infect system restore points. It is also important to remember that running a system restore does not remove files from your hard drive that were installed by programs, including viruses.

I agree, you need to run some reliable anti-virus and anti-malware software and see what you find.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users