Infected PC

[HavocXphere]

So one of my boxes caught a network worm. (PPPoE + no FW = bad ) It'll get formatted when I have the time, but for now a band-aid solution will have to be adequate.

1st thing I tried was running MSE over LAN to scan the boxes C$ w/ admin rights. Found the worm & deleted it but that didn't kill the infection.

Next I installed Comodo firewall to stop it from doing port scans. Added Comodo AV out of curiosity and it found another 5 different types of nasties (Backdoors, trojans etc) plus some more copies of the network worm.:wtf:

I know MSE usually scores pretty high & Comodo only OKish on those comparative AV test so whats going on here? Why didn't MSE catch them?

 

[tortured]

Unfortunately no AV will ever be perfect. There will always be a chance of something getting in without being detected. Although since I've been running Eset Smart Security the past few years I've not had one infection.

 

[Rock Bottom Computers]

See if your MSE is updated to the latest 2.0 version.
It is a manual download and don't upgrade through the normal Help-Check for updates in version 1

I know it will be alot of slep to go through but you can try these also.

Avira free
AVG free
Avast free edition
Panda free cloud antivirus

If all else fails try Coranti. It is a huge download but it have four detection engines. It does have a trial period.
http://www.coranti.com/

http://www.virusbtn.com/vb100/latest_comparative/index

Compare the Anti Virus detection figures here.

http://www.virusbtn.com/index (Virus Bulletin)
http://www.av-comparatives.org/ (AV Comparatives)

After you got the culprit also consider installing Microsoft EMET tool. It hardens the Windows kernel.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04

http://www.h-online.com/security/fe...g-exploits-with-Microsoft-s-EMET-1102501.html

Check if you have any vulnerable applications with Secunia Personal Software inspector.
http://secunia.com/vulnerability_scanning/personal/

If it found vulnerable, unpatchable or end of life programs and you suspect and might a application backdoor exploit ....sandbox the specific application.
If you run Windows Ultimate you can use the Applocker feature.
Another third party tool for this is "Sandboxee"

Kaspersky also have application vulnerability scanning and sandbox feature with it's internet security package


Let us know if/how you found the problem

 

[Mephisto_Helix]

Combofix - it's gotten rid of / killed some nasties before

 

[IceQB]

Combofix - it's gotten rid of / killed some nasties before

+1

 

[HavocXphere]

Unfortunately no AV will ever be perfect.

Thats my point. Missing the occasional thing is normal, but missing 5 out of 6 things present....is very far from perfect.

This is of course assuming that the things Comodo flagged weren't false positives, which is also possible.

See if your MSE is updated to the latest 2.0 version.

Yep. Latest & greatest.

After you got the culprit also consider installing Microsoft EMET tool. It hardens the Windows kernel.

Interesting. I'll have a look.

Combofix - it's gotten rid of / killed some nasties before

Tried that just now. It had an unexpected side effect: Got locked out of the OS due to my eye patch. Took a while to break back in, but all good now.

Let us know if/how you found the problem

I *think* comodo got the bugs, but I'll format anyway later....I can never really trust a box again after it has been compromised like that.:erm:

 

[DarthCat]

Use a bootable anti-virus