Trojan horse Agent.AOMA

[thewolfe]

I'm running AVG on a friend's son's computer and it's found 35,000 \"threats\" so far.

Infection - Trojan horse Agent.AOMA

They're all zip files in
C:\\Docs&Setting\\\"owners name\"\\!\\.......

With no files hidden a \"search\" comes up empty.

The owner uses Limewire and has a lot of songs under \"Shared\".

Never seen this before. What say you?

[thewolfe]

Found Sys files that were not being shown. The \"threats\" are there.

[shaktazuki]

Now you need to eradicate the viral threat from the computer. This reminds me of a video game plot. Some old 90's game...

[thewolfe]

Got 38,029 bad guys so far.

[Duper]

you share music, you run that chance. My daughter ruined her hard drive doing the same thing. I just finally pitched it, it was so infected.

[thewolfe]

Hard to get the message through the kids until you take the hd out but don't put a new one back in.

[Canuck]

Do an online scan as well;
http://housecall.trendmicro.com/

[shaktazuki]

What kind of virus rides MP3 files?

[Duper]

Hard to get the message through the kids until you take the hd out but don't put a new one back in.

True. and I did just that. She went several months without a computer ... which resulted in some kind of confrontation nightly when I would not let her use mine.

Skakt, none that I'm aware of, but these sharing softwares are hardly secure. They leave all sorts of holes. Even through firewalls.

[Krom]

More often viruses that infect P2P software are distributed to masquerade as software cracks or free pornography. When someone runs them they copy themselves to hundreds or thousands of similar filenames inside the users shared folders in an attempt to make someone else download them and repeat the same mistake. In addition they usually take control of the computer to turn it into a botnet zombie computer, steal information from the computer, log keystrokes and spy on the user(s) for identity theft purposes.

Any peer to peer service that uses \"shared folders\" such as kazaa, edonkey, direct connect, limewire, etc are all vulnerable to this type of virus spread. Although the applications themselves may be fairly secure, it is user error or ignorance that causes the virus to execute. No amount of anti-virus software can protect your computer from you, even if you are running a registered commercial software suite to protect your computer this kind of attack will breeze right through it as if it wasn't there at all.

[Canuck]

Its like putting the best deadbolt on your door to keep people out, but when you file share you are \"opening the deadbolt\" and letting them in.

[Krom]

Actually that analogy isn't very good. Antivirus programs are more like smoke alarms: when they do go off, usually something is already burnt beyond recognition and its depending on what burned it is possible you will be unable to prevent your house from burning down. They do not protect you from something bad happening, they warn you when something bad has already happened.

The only deadbolt on your computers door is you and security updates to your operating system and software. Getting infected by a virus is usually like ordering a package from a shady dealer, you expected some handy appliance for cheap but what you got was an incendiary device and you failed to properly inspect it before turning it on.

Your antivirus software can act like a watch dog, but only if you wake it up and make it smell something before you try and use it. However, if you are going to go that far; inspecting the package yourself is equally as effective. Really the safest thing to do is only accept packages from trustworthy sources and inspect them carefully before using them. The only time the dog is going to bark at something all on its own, is when it is painfully obvious to everyone in the entire neighborhood that there is a problem (like your house is burning down).

[Spidey]

Well…there is no such thing as a “A fire is about to start” alarm…so a smoke alarm is the next best thing, and they \"can\" help prevent the entire house from burning down, or worse…

My AV software “prevents” infection all the time, by blocking stuff and warning of threats. (but in fairness, the firewall has something to do with that as well)

I do agree with Canuck’s analogy, it’s like having a good lock, and then leaving the door open.

“inspecting the package yourself is equally as effective”

Maybe for a geek...

[shaktazuki]

I don't use AV software - I've gotten 1 virus in all my years as a computer user, back in 2000, when I discovered the emulation scene.

Some helpful tips:

• Keep your important *documents* backed up on a thumb drive - the stuff you really wouldn't want to lose if your computer died.
• Don't download zips or executables from, nor visit, sites that have pr0n ads on them.
• Don't open zip files or executables from sites that aren't \"big names.\" Big names are the highly recognizable sites like www.download.com, www.microsoft.com, and the like - important, well-known publishers.
• Don't open zip files or executables from file-sharing services! You don't know where that file's been, or what's in it. If you're going to download, only download media content files (.AVI files, .MP3 files, etc.). I don't know yet if someone has infected disc images, since they contain executables, but it's a logical possibility. Caveat downloader.
• If you use windows, make sure you have all the updates, and your firewall is turned on.
• Don't open zips or executables sent to you via email under any circumstances - unless your email has a virus scan, as Yahoo mail does, and even then you have to evaluate if you can trust the sender to not sent you malware.

In short: only trust sites whose owners you can sue if something goes wrong. Don't trust that nifty screen-saver executable Aunt Tillie just emailed you. And avoid all sites of bad intent (like www.descentbb.com).

[TechPro]

I don't use AV software ...

Ticking time bomb.

[shaktazuki]

I don't use AV software ...

Ticking time bomb.

9 years and it ain't gone off. What's your record?

[Krom]

9 years and it ain't gone off. What's your record?

Been using PCs since the early 1990s and the internet since 1997. No problems yet.

Every job I've gone out to clean viruses from a computer, the infected machine had a up to date anti-virus/security software suite installed and it was operating properly when the machine was infected (usually Norton Internet Insecurity <insert year here>, but there were others) with a current paid subscription. Sometimes the suite had been disabled by the virus. A long time ago I concluded that anti-virus/security suite software was some of the most dangerous software available because of these experiences.

The main sources for infection are either individually or a mix of:
#5: Email worms from friends and relatives + Microsoft Outlook/Outlook Express (most webmail sites are immune to this type).
#4: Unsupervised children/adults doing "homework/games/chat" and catching a STD in the process.
#3: Microsoft Internet Explorer (often in combination with #2 and #4).
#2: Failure to install critical security updates.
#1: Overconfidence in their security suite leading to careless behavior like #2-5 ("But I have anti-virus software!").

[captain_twinkie]

All the downloading that happens on my system, happens in a virtual machine.

[Warlock]

I use avast boot scanner to kill any bugs.

[Hattrick]

And avoid all sites of bad intent (like www.descentbb.com).

[EngDrewman]

The whimpy AVG, Norton, McAfee, Avast, and TrendMicro all bow before the almighty NOD32. No it isn't a freebie, but it is SO worth it! Easy to use and light on system resources. Get it here! I recommend the full security suite, but a standalone scanner is available. They also have a free online scanner.

If you are tight on money, the best free scanner is Avira.

So pretty much, if you use one of those scanners and Spybot- Search & Destroy you should be malware free