Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How likely is it to get infected again by the same virus


  • Please log in to reply
10 replies to this topic

#1 Wh0

Wh0

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:05:25 AM

Posted 05 March 2015 - 01:22 PM

or pup, or malware?

 

Do the folks that create them keep a list of easy targets?


Edited by hamluis, 05 March 2015 - 01:38 PM.
Moved from Gen Chat to General Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 05 March 2015 - 01:35 PM

This isn't something that can be answered to be honest. Infections are "situationnals", it can happen by going on a website, downloading a certain file, opening an attachment from an email, being hit by an exploit kit, etc. Most malware have "variants" which means that there's multiple malware that are based on the same core malware. Chances of being hit by the exact same malware that you just got infected with are rare, unless you get infected the exact same way you got infected in the first place. However, being infected again with a variant is possible. If you were infected by a "dropper" like malware and only removed part of it, that dropped could download and execute the same malware on your system that you just got rid of. Long story short, it's situationnal, it can happen.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 AM

Posted 05 March 2015 - 01:38 PM

Lol ,on the list.. But yes you can get infected if the page is and you return.. Also if you have no security tools you are open to constant infection. Some PUps can be installed and reinstalled with certain application's, See description PUPs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 05 March 2015 - 01:48 PM

As Aura and boopme said, you can easily be reinfected if you are exposed to the infection source again without proper AV/AM protection running.

For PUPs, it's a matter of avoiding installers that contain them, or uncheck them when they ask if you want to install those.

Alex

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:25 AM

Posted 05 March 2015 - 02:20 PM

You may want to read these topics.To avoid that, read Best Practices for Safe Computing - Prevention of Malware Infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:05:25 AM

Posted 05 March 2015 - 02:30 PM

It depends on how you define two malware instances as equivalent.  "The same" as in the same family?  The same classification?  The same variant?

 

Nevertheless, the resilience of your device depends on the mitigating controls deployed.  If you are infected with an instance of malware from a location that you frequent, for example, and you simply run an AV scanner to remove it but employ no preventive control to prevent re-infection, it's highly likely that you will become infected again.

 

AV scanners are reactive tools.  To truly prevent infection, multiple different types of controls should be employed and many different infection vectors must be explored and their vulnerabilities remediated.  These controls come in all different shapes and sizes; administrative controls if you are in an organization's network enforced by upper management that perhaps mandates regular Security Awareness training, reactive controls such as AV scanners to remove the malware, especially in the case of relatively low-impact malware that is just annoying (PUPs, etc.), to preventive controls such as host-based intrusion prevention.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#7 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:05:25 AM

Posted 09 March 2015 - 07:08 AM

For some odd reason I overthink problems when working on my desktop, as it turned out all it took to remove the last trace of my Trovi PUP was to uninstall Chrome and on the reinstall , uncheck all the other search engines.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 09 March 2015 - 07:13 AM

Trovi is more of a browser hijacker than PUP due to its persistence so stay present on a system and in the web browsers. I doubt that simply reinstalling Google Chrome completely removed it, I suspect it to still be present on the system and to comeback sooner or later if you don't remove it completely.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:25 AM

Posted 09 March 2015 - 07:24 AM

...as it turned out all it took to remove the last trace of my Trovi PUP was to uninstall Chrome and on the reinstall , uncheck all the other search engines.

While not explicitly malware or an infection in the typical sense, the Trovi detection is more accurately classified as a Potentially Unwanted Program (PUP) because it is often installed stealthily (bundled) without knowledge or consent from the end user. Bundled software can often be the source of various issues and problems to include adware, unwanted toolbars, pop-up ads, browser hijacking which may change your home page/search engine, and cause user profile corruption.

Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.

Anti-Malware programs generally scan for adware, spyware, unwanted toolbars, browser hijackers, potentially unwanted programs and potentially unsafe applications which are classified differently and do not fall into any of those categories...that is the primary reason some anti-virus programs do not detect or remove them.

One characteristic of PUPs and other junkware is that they insert themselves (components) into various areas throughout a computer's operation system to include browsers, hidden folders and windows registry making it more difficult to remove. As such it is not uncommon for security scanners to detect numerous files, folders and registry settings after repeated scans are performed.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:05:25 AM

Posted 09 March 2015 - 07:52 AM

Trovi is more of a browser hijacker than PUP due to its persistence so stay present on a system and in the web browsers. I doubt that simply reinstalling Google Chrome completely removed it, I suspect it to still be present on the system and to comeback sooner or later if you don't remove it completely.

I reformatted my hard drive over Christmas break, when I reinstalled my programs, Trovi kept showing up whenever I did a search. Over the last two months whenever I used my desktop I would try to isolate its location but all the scans would come back negative as far as an infection.

Cleaning Chrome yesterday removed Trovi from my the search choices in Chrome, Hopefully when I fire it back up on Thursday it will still be clean.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 09 March 2015 - 07:54 AM

If you're ever stuck with a malware you can't remove by yourself, you can always seek assistance in the malware removal section of BleepingComputer, to get assisted by a trained malware removal helper :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users