So this week, our AVG installation has taken to popping up warnings about isolating viruses - all coming from my daughter’s account . Several a few days ago, and another today. All trojans.
One type is labeled as “Infection”, and has file names like setup########.exe (where the # refers to random numbers); those are flagged as Trojan horse Generic23.YWE (googling suggests the extension is random).
One “Malware” Win32/Tracur.X, filename 0.92########.exe
One Infection, Trojan horse SHeur3.CGFZ. Similar name to the Tracur.X file. That last one showed up again today, at a specific time in the morning.
I looked at her websites visited report to see if there was anything that jumped out at me - with the intention of specifically blocking that site and Having A Talk - and the history started from about 1 minute AFTER that virus file was isolated.
So I’m wondering if the virus’s first act is to clear out the web history???
Obviously I’m making sure our AVG is up to date, and I’ve downloaded MalwareBytes and will post its log to the appropriate forums. The computer is behaving OK so far and I don’t think it’s got an active infection…
Malware Bytes is definitely your friend. Beyond that, you might consider getting your daughter her own computer and using a proxy server so you can log what she’s been doing without the problem of having the history deleted.
Thanks - yeah, I’ve run Malware Bytes both the quick scan and the full scan and it turned nothing up.
So it seems that AVG is doing its job… I’m just twitchy that it attempted another download yesterday.
Separate computer is an issue for several reasons, not the least of which is where would we put it :). One of the things we do is have the kids sharing a computer, which is in fairly plain sight; they know that any attempt to hide what they’re looking at will result in banning from the computer for a while. We do have parental controls, and she whines about having sites restricted (there’s some filtering, but of course that’s always iffy and won’t stop every bad site) but after this week, she understands the reasoning!
Out in the open. You put your computer in your study or den. If you cannot, invest in a KVM so you can switch between two computers. The object of the exercise is to not have your computer affected by whatever she does.
Well, that assumes the study has room for a second computer (it doesn’t).
Current theory is that it might be a bad ad on one of 3 sites she visits - all legit sites but I don’t know how discriminating their advertisers are. She emailed me a couple minutes ago to let me know she got the AVG popup again. I’ll review the browsing history again tonight and hope it includes the time the popup showed. I also need to check that Adblock is active on her user (she has a non-admin user, and I installed it under the Admin user).
She’s a good kid, knows about “those” sites that even if she can get to them, are highly likely to have viruses, and is working with me to help identify the culprit. Didn’t even grumble when I said that for the moment, downloads are disabled.
We’re wondering in particular about Deviant Art. She had a membership there, which expired a few days ago… right about the time this started happening. The ads are blocked for active members (like the SDMB).
Status update: The history wouldn’t have shown us anything useful, most likely - turns out the computer had a rootkit (variant of TDL3), which was probably doing the attempts to download the files that AVG was catching.
So, the damage was limited because a) daughter’s account doesn’t have admin rights, b) Vista’s controls over what can be allowed to happen, and c) because AVG was stopping the rootkit’s attempts to let someone in - sort of like a burglar came in the house through the chimney, phoning his buddies to come in the front door, but the buddies were getting stopped by the electric fence.
A few days of help from someone at the Malwarebytes forum and we appear to be clean, with newly beefed-up firewall and spyware protection.
my best defense for my nieces PC is Microsoft Security Essentials, MalwareBytes paid version with active protection turned on, and AdMuncher.
for a total of around 35 bucks one time. She has not gotten anything in the past 3 years. Before this she managed to screw up one household PC trying to stream a pirate rip of the Twilight movie which was still in theatres. Not even reinstallation could kill that virus finally just bought a new hard drive and restored. and had to zero out the old to use as a spare. total time spent 2 days. 35 bucks is cheap.