How to get rid of virus and malware etc online?

I'm using AT&T and they have a package deal that they say will check out your
computer online and get rid of all virus and malware etc problems for so much
per month, but they want you to agree to a contract of a year at a time and
they're already charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to give them even
MORE... Can anyone suggest a good online service that will find that crap and
keep it off the computer at a reasonable price, but that's dependable? AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address..."

Thanks for any help!
David

Best (and free) way to nuke viruses is to have and use a backup of
your windows C drive.

[email protected]. wrote:
I'm using AT&T and they have a package deal that they say will check out your
computer online and get rid of all virus and malware etc problems for so much
per month, but they want you to agree to a contract of a year at a time and
they're already charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to give them even
MORE... Can anyone suggest a good online service that will find that crap and
keep it off the computer at a reasonable price, but that's dependable? AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address..."

Thanks for any help!
David

It's good to be skeptical of the ISP-offered packages.
I've read enough horror stories about ISP-offered malware
packages, to steer well clear of them.

To start your cleaning, you can use the free one-shot MBAM scanner.

"Think you're infected? Fire up Malwarebytes Anti-Malware Free"

http://www.malwarebytes.org/antimalware/

That one runs while Windows is running. It can use heuristic
behavior (watch what malware does) to figure out malware is
present. The hard part of using that one, is getting it to start.
As the malwares are skilled at defeating MBAM.

http://www.bleepingcomputer.com/viru...lware-tutorial

*******

There are also a few offline scanners. Windows is not running when they
do their work. The scanners come as a "boot CD" and so the scanner
has its own (clean) OS to use. The scanner cannot use heuristics,
as Windows is not running, no malware behaviors can be observed. The
scan is signature based.

The download here is listed as "~375MB" but the size increases
regularly due to the size of malware definitions. The definitions
when you download will be within a week of being up to date, so
if the CD attempts to download definitions at the start of the
run, it won't need a lot of files to bring it up to date. Three
months from now, the size of download could be pretty big.

http://support.kaspersky.com/8092

*******

We'll assume MBAM quarantined the bad stuff.

That leaves nuisance-ware. Which probably isn't the stuff making
a "bot" out of your machine right now. Your machine is probably
sending spam email, or participating in a botnet (doing denial
of service attacks when commanded to do so). If all of that
stuff was cleaned up, there is the milder "potentially unwanted programs"
or PUP to get rid of.

http://www.bleepingcomputer.com/download/adwcleaner/

http://www.bleepingcomputer.com/down...-removal-tool/

Programs like MBAM were not intended to remove everything.
Programs which "claim to not be malware" are in a gray zone,
and antimalware companies don't touch them. For fear of
being sued by the lawyers of the companies making PUP programs.
That's why small developers, in countries far away, make programs
to clean your machine.

*******

Your machine could have a rootkit. A popular rootkit is TDSS.

http://support.kaspersky.com/viruses...?qid=208280684

Kaspersky makes TDSSkiller.exe, a program maintained specifically
for the purpose of stopping variants of TDSS/Alureon.

I've also seen a page on another site, with specific removal
packages for some pretty nasty malware. So nasty in fact,
that the chances of "saving" the installation are slim indeed.
Many malwares have a "light touch" and the damage can be
repaired. But some just ruin the OS (over 200 files are modified)
and the chances of a specific tool fixing all of those successfully
is limited.

Even for a professional, such as the malware guy at the computer
store, at some point they just re-install as it's faster.

You can get "guided help" at bleepingcomputer.com and other sites,
to help you remove stuff. But you can wait several days before
they see your posting, and they're normally swamped with work. But
they're also pretty good at figuring out what the machine has. Sometimes
your case is unique enough, several of their experts will be working
in the background, trying to defeat the new example.

*******

When I got something nasty a number of years ago, I used the
"trial version" of Kaspersky to remove it. It took several reboots
of the computer, until Kaspersky "got in control" of the machine.
And if I was doing that today, there's a good chance the malware
simply wouldn't allow the software to install. And that's where
the offline scan method is better than nothing.

*******

In terms of free programs, there are three of them that begin with
the letter "A" that you might consider.

http://en.wikipedia.org/wiki/Compari...virus_software

And there are sites that test the AV programs (commercial ones),
to see how effective they are. I would think a subscription to
a real AV program, a good one, would be cheaper than the ISP offer.

http://www.av-comparatives.org/

These would be for your "cleaned up" machine, for later.
Not all of the programs are equally adept at taking over
from a malware attack. Some of the weaker AVs are just
"gutless" when under attack, and can't stop anything.
I particularly remember a "free web scan" site, that
just threw up error dialogs the whole time it was running :-)

*******

Steps:

1) Back up the computer. The link in the lower left corner of the link below
can be used. The purpose of making a backup, is in case any of
your attempts to clean the machine, prevent the computer from
booting. This software includes a boot CD, which allows "bare metal
restore", so no matter how ruined C: is, you can return things to
their current (infected) state. You would discard the backup image,
once things are under control again. In this case, if my drive had
a C: partition and a data partition, I'd just make a copy of C: onto
the data partition. Macrium makes a single .mrimg file holding the
whole thing (whatever you ticked to be backed up). If you want to
image the whole disk, Macrium will likely ask for a second disk to
hold the output.

http://www.macrium.com/reflectfree.aspx

You would install Macrium on your "clean" computer, make the boot CD
(which cannot be infected), carry the boot CD to the infected machine,
and make your backup copy by booting the CD, not booting the hard drive.
The boot order of the machine should have the CD before the hard drive,
as set in the BIOS.

2a) Go crazy. Knock yourself out. Run some of the tools above. If a system
file is quarantined and the OS no longer boots, you can restore from
your backup.

or

2b) Seek guided help from bleepingcomputer.com or similar. Use
a second, uninfected computer, until your helper has finished
repairing the damage, one repair tool at a time. For safety, do not
connect the two computers to the same router or switch at the same
time, in case this is Sality. The infected machine will need to be
connected to the router long enough, to get AV definition updates.
You should also be careful moving data between machines with a USB key,
since some (U3) USB keys have fake CDROM drives in their configuration, and
an autorun can be used to infect the second computer. Microsoft thinks
it is OK to run software off any CDROM, which is a dumb-ass idea.

3a) Install your new suite of tools, on the clean computer

or

3b) If you're just not cleaning the stuff off, reinstall the OS from scratch.
You can "browse" the Macrium backup image to get at your data files. Make sure
your new AV scanner is installed, before you start browsing the Macrium
backup image. Same would go for keeping the "infected" disk drive separate,
using a new hard drive for your clean OS install, and then re-connecting the
infected disk later. Make sure your defenses are ready. You can start with
a "long scan" using your new AV, when the old disk is connected.

There are some really bad malwares out there. The worst for removal so far,
is called "BadBIOS", for its ability to leap from machine to machine. A
malware researcher happened to get attacked by it. And it defeated virtually
all efforts to remove it. Even new computers brought into the building,
end up infected. The guy has some idea how it works, but still doesn't
claim mastery of the thing. That's an example of what nation-states use
for malware, to attack others. That's not something normally deployed
against end-users like yourself. A copy of something like that, is
sent as an email attachment, to the "victim". A more focused delivery
method is used. They've even been known to use the "I left a USB stick
in your driveway" trick, and you'd be surprised how many people are
stupid enough to immediately plug that into their USB port.

Good luck,
Paul

[email protected]. wrote:
I'm using AT&T and they have a package deal that they say will check out your
computer online and get rid of all virus and malware etc problems for so much
per month, but they want you to agree to a contract of a year at a time and
they're already charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to give them even
MORE... Can anyone suggest a good online service that will find that crap and
keep it off the computer at a reasonable price, but that's dependable? AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices using your
Internet connection may be infected with malicious software. Internet traffic
consistent with a malware infection was observed on Sep 15, 2014 at 9:34 PM EDT
from the IP address..."

Thanks for any help!
David


David,

Are you sure the message you are receiving is coming from AT&T? I have
U-Verse and AT&T provides McAfee free for subscribers. (Most providers
have something similar) Is it the best out there? Probably not. But
it seems to do the job for me, and before I would accept the offer you
describe I would call someone from AT&T to make sure it is from them.
They might also have a free AV program you can use that you might not be
aware of.

Ken Ken invalid.com wrote:

mur .not. wrote:

I'm using AT&T and they have a package deal that they say will
check out your computer online and get rid of all virus and
malware etc problems for so much per month, but they want you
to agree to a contract of a year at a time and they're already
charging me way more for the service I have than what I agreed
to to begin with. That part's another issue but I don't want to
give them even MORE... Can anyone suggest a good online service
that will find that crap and keep it off the computer at a
reasonable price, but that's dependable? AT&T is sending me
emails saying it's infected now:

"AT&T has received information indicating that one or more
devices using your Internet connection may be infected with
malicious software. Internet traffic consistent with a malware
infection was observed on Sep 15, 2014 at 9:34 PM EDT from the
IP address..."

Are you sure the message you are receiving is coming from AT&T?

Good question. But, either way there's something wrong.

John Doe wrote:
Best (and free) way to nuke viruses is to have and use a backup of
your windows C drive.
FALSE!
At best (or wort, depending on viewpoint) backup makes a copy, and do
ALL programs, virii, rootkits, adware, etc are retined intact.

Ken wrote:
[email protected]. wrote:
I'm using AT&T and they have a package deal that they say will check
out your
computer online and get rid of all virus and malware etc problems for
so much
per month, but they want you to agree to a contract of a year at a
time and
they're already charging me way more for the service I have than what
I agreed
to to begin with. That part's another issue but I don't want to give
them even
MORE... Can anyone suggest a good online service that will find that
crap and
keep it off the computer at a reasonable price, but that's dependable?
AT&T is
sending me emails saying it's infected now:

"AT&T has received information indicating that one or more devices
using your
Internet connection may be infected with malicious software. Internet
traffic
consistent with a malware infection was observed on Sep 15, 2014 at
9:34 PM EDT
from the IP address..."

Thanks for any help!
David


David,

Are you sure the message you are receiving is coming from AT&T? I have
U-Verse and AT&T provides McAfee free for subscribers. (Most providers
have something similar) Is it the best out there? Probably not. But it
seems to do the job for me, and before I would accept the offer you
describe I would call someone from AT&T to make sure it is from them.
They might also have a free AV program you can use that you might not be
aware of.
....and McAfee, to be polite, is not exactly the best AV program.
I like Avast, one of the better ones.

Robert Baer robertbaer localnet.com wrote:

John Doe wrote:

Best (and free) way to nuke viruses is to have and use a backup
of your windows C drive.

FALSE! At best (or wort, depending on viewpoint) backup makes
a copy, and do ALL programs, virii, rootkits, adware, etc are
retined intact.

I don't know what "wort" or "and do ALL programs" are supposed to
mean, but apparently that's trolling for answers.

And here's the answer...

When I do an installation, and at all times during use of that
installation, I perpetually make incremental backups of the
Windows C drive. Of course the backup makes a copy, so I simply
revert to a copy that was made prior to the infection. That makes
my system bulletproof. It's the shotgun method, and it works like
a charm.

I think that's pretty simple. Then again, if you can't write worth
beans...





--
Path: eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!feeder.erje.net!eu.feeder.erje.net!f eeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!nx01.iad01.newshosting.com!newshostin g.com!69.16.185.112.MISMATCH!peer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!fx26.iad.POSTED!not-for-mail
From: Robert Baer robertbaer localnet.com
User-Agent: Mozilla/5.0 (Windows NT 5.0; rv:10.0) Gecko/20120129 Firefox/10.0 SeaMonkey/2.7
MIME-Version: 1.0
Newsgroups: alt.computer,alt.computer.workshop,alt.comp.hardwa re.pc-homebuilt
Subject: How to get rid of virus and malware etc online?
References: raek1a9mqaf03j709mvmevprl19ejp98k6 4ax.com lvde8o$ohs$1 dont-email.me
In-Reply-To: lvde8o$ohs$1 dont-email.me
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 7
Message-ID: VPCSv.171527$p7.48152 fx26.iad
X-Complaints-To: abuse teranews.com
NNTP-Posting-Date: Thu, 18 Sep 2014 15:25:41 UTC
Organization: TeraNews.com
Date: Thu, 18 Sep 2014 08:25:44 -0700
X-Received-Bytes: 1081
X-Received-Body-CRC: 580485517
Xref: news.eternal-september.org alt.computer:14723 alt.computer.workshop:833 alt.comp.hardware.pc-homebuilt:31111

John Doe wrote:
Robert Baerrobertbaer localnet.com wrote:

John Doe wrote:

Best (and free) way to nuke viruses is to have and use a backup
of your windows C drive.

FALSE! At best (or wort, depending on viewpoint) backup makes
a copy, and do ALL programs, virii, rootkits, adware, etc are
retined intact.

I don't know what "wort" or "and do ALL programs" are supposed to
mean, but apparently that's trolling for answers.

And here's the answer...

When I do an installation, and at all times during use of that
installation, I perpetually make incremental backups of the
Windows C drive. Of course the backup makes a copy, so I simply
revert to a copy that was made prior to the infection. That makes
my system bulletproof. It's the shotgun method, and it works like
a charm.

I think that's pretty simple. Then again, if you can't write worth
beans...





1) I did NOT ASK for an answer, READ!
2) I misspelled "worst", which you should have figured out in context.
3) I meant that backup copies ALL programs.
Just doing a backup is NOT a "solution".
Get back into your cave.

Yeah, I know what you meant. But if you put that sort
of gibberish into a computer, heaven help you...

--
Robert Baer robertbaer localnet.com wrote:

Path: eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!usenet.blueworldhosting.com!feeder01 .blueworldhosting.com!peer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post01.iad.highwinds-media.com!fx02.iad.POSTED!not-for-mail
From: Robert Baer robertbaer localnet.com
User-Agent: Mozilla/5.0 (Windows NT 5.0; rv:10.0) Gecko/20120129 Firefox/10.0 SeaMonkey/2.7
MIME-Version: 1.0
Newsgroups: alt.computer,alt.computer.workshop,alt.comp.hardwa re.pc-homebuilt
Subject: How to get rid of virus and malware etc online?
References: raek1a9mqaf03j709mvmevprl19ejp98k6 4ax.com lvde8o$ohs$1 dont-email.me VPCSv.171527$p7.48152 fx26.iad lvfe22$ldi$1 dont-email.me
In-Reply-To: lvfe22$ldi$1 dont-email.me
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 37
Message-ID: 73NSv.205867$DJ7.5819 fx02.iad
X-Complaints-To: abuse teranews.com
NNTP-Posting-Date: Fri, 19 Sep 2014 03:04:35 UTC
Organization: TeraNews.com
Date: Thu, 18 Sep 2014 20:04:37 -0700
X-Received-Bytes: 2062
X-Received-Body-CRC: 1262253425
Xref: news.eternal-september.org alt.computer:14727 alt.computer.workshop:836 alt.comp.hardware.pc-homebuilt:31114

John Doe wrote:
Robert Baerrobertbaer localnet.com wrote:

John Doe wrote:

Best (and free) way to nuke viruses is to have and use a backup
of your windows C drive.

FALSE! At best (or wort, depending on viewpoint) backup makes
a copy, and do ALL programs, virii, rootkits, adware, etc are
retined intact.

I don't know what "wort" or "and do ALL programs" are supposed to
mean, but apparently that's trolling for answers.

And here's the answer...

When I do an installation, and at all times during use of that
installation, I perpetually make incremental backups of the
Windows C drive. Of course the backup makes a copy, so I simply
revert to a copy that was made prior to the infection. That makes
my system bulletproof. It's the shotgun method, and it works like
a charm.

I think that's pretty simple. Then again, if you can't write worth
beans...





1) I did NOT ASK for an answer, READ!
2) I misspelled "worst", which you should have figured out in context.
3) I meant that backup copies ALL programs.
Just doing a backup is NOT a "solution".
Get back into your cave.