Caught something?

Posted on August 15, 2008. Filed under: Anti-Virus, Security | Tags: , , , , , , , , |

This is so important that I’m going to quote most of it here directly from Gizmo Richards Tech Support Alert Newsletter of 15th May 2008:

Every week I get letters from subscribers who are worried that their PC may have become infected after they’ve downloaded and installed a program.
Many of these so called “infected download” problems are due to a security scanner claiming a program is infected when in reality it is not; that is, a “false positive.” While this doesn’t worry experienced PC users, it certainly scares the hell out of the average Joe or Jane.
These false positives have become increasingly common as security vendors employ “behavior-based” checking to augment their signature scanners.
Behavior-based checking works on the principle “if it acts like malware it probably is malware.” All too commonly, it isn’t.
Despite the fact that false positives are common, you still need to follow up on suspected problems, because malware infections are also common. So if you fail to investigate, you will never know if the problem is real or just a figment of your security program’s imagination.
Here’s Gizmo’s simple, zero-cost, three-step procedure to follow next time you feel your PC might have become infected as the result of installing a program you downloaded.

(a) First, upload the installation file of the program you installed to Jotti.org [1] for a free scan. Jotti will then run it through more than a dozen malware scanners and let you know if there is a problem.

If Jotti determines that your file is clean, it doesn’t mean that there is no infection. It simply means that it’s unlikely there is an infection, and that folks, is a very comforting finding.

(b) Download and run the free Panda Rootkit detector [2]. Again, a clean scan is not a 100% guarantee of no infection, but should add greatly to your confidence. Panda doesn’t run on Vista, so Vista users should use the BlackLight [3] anti-rootkit scanner instead.

(c) Finally, download HijackThis from this page [4], and follow the instructions on the same page which tell you how to create a log that you can paste to web forums.

There are several forums where you can post. You can find two here [5], [6] and many more by doing a Google search on “Post HiJackThis log”. Tell the forum helpers you have already done a Jotti scan and a rootkit scan, and let them know what the results of these scans were.

The folks in the forum will then let you know if you have a problem. If you do, they will also be able to tell you how you can get rid of it permanently. And it won’t cost you a cent.

Now in most cases you will find that nothing shows up with Jotti, the rootkit scan or HiJackThis. That’s good news. OK, you have spent some of your time chasing a false lead, but that’s a lot better than having an infected PC and doing nothing about it.

[1] http://virusscan.jotti.org/
[2] http://www.majorgeeks.com/Panda_Anti-Rootkit_d5457.html
[3] http://www.antirootkit.com/software/F-Secure-BlackLight-Beta.htm
[4] http://www.whatthetech.com/hijackthis/
[5] http://www.techsupportforum.com/security-center/hijackthis-log-help/
[6] http://forum.piriform.com/index.php?showforum=12

Kaspersky offers free virus removal tools if you actually turn out to have a virus.

Richards is now part of the Windows Secrets team and blogs there, but maintains an archive of his newsletters and advice here.

Advertisements

Make a Comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: