do i have a virus?

lockmac

Senior member
Dec 5, 2004
603
0
0
Hi.

I have a fully updated windows xp system with every update installed and up-to-date virus definitions. Anyways what happens is quite often, like a few times a day, my mcafee virus scan enterprise will popup telling me that i have all these infected files. How do I stop this? I do full virus scans of the system and it finds nothing. The definitions are up-to-date and as is the system.

Please Help
Thanks
 

Cdubneeddeal

Diamond Member
Oct 22, 2003
7,473
3
81
Try an anti-spyware program. Mcafee detects spyware as trojans as well. Spybot, Adaware, or Giant (Microsoft) anti-spyware.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
lockmac, some questions:

1) please open VirusScan Console, right-click On-Access Scanner, choose View Log, and post the contents of the log here, so I can see what types of threats it's detecting and get a better picture of what vector of attack is being used.

2) do the same as #1 for the Access Protection item and the Buffer Overflow Protection item (I assume you have VirusScan Enterprise 8.0i and not 7.0 or 7.1 here).

3) is your computer sharing a router with other peoples' computers, or on a LAN?

4) are you running P2P?

5) do you have a router, or no router

6) do you have a software firewall, or no SW firewall


I also suggest right-clicking On-Access Scanner > Properties > All Processes > Advanced tab, and set the settings as shown in this pic (those checkboxes won't be enabled by default). And in the Unwanted Programs properties, turn on all this stuff.
In my personal opinion, it's probably at the bottom of the "Would sell to a family member" list.
This is VirusScan Enterprise, you don't buy it for your family unless you got a LARGE family :D To see how different it is from the home-user versions, click here.
 

lockmac

Senior member
Dec 5, 2004
603
0
0
Hi. Sorry about not replying I didnt realise someone actually replied to my thread. Please note that this computer has been freshly wiped and windows installed so I am pretty certain none of these are coming from Limewire as I havnt downloaded anything through LimeWire yet as it hasnt been working, and I am a very cautious person who never gets viruses or spyware

Thanks

With the log files, the links are below where to find them. The log file for the Buffer Overflow Protection contained nothing so I didnt provide it. Also, with the Acess Protection, I disabled all the rules because I thought maybe that was stopping my Limewire from working, but I was already receiving Virus messages before this. Also a full scan usually reveals that I have no viruses which is beyond me why I then later on get viruses..

My Computer is part of a home network and is shared on a router. I am running peer to peer (limewire) but havnt been on this latest install of windows as it hasnt been working, and only ever download music. I have no firewall setup

Any help greatly appreciated.

Access Protection Log- http://www.aforattitude.com.au/AccessProtectionLog.txt
On Access Scan Log- http://www.aforattitude.com.au/OnAccessScanLog.txt

By the way, I am aware that VirusScan Enterprise 8.0 is not designed for family members, but I use it because you barely know it is their.. it doesnt chew up a heap of resources like Norton and I dont care much for that eyecandy etc. All I care about is a Virus Protection that I will barely know about.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Looking at your logs, it looks like your computer is in serious harms' way.

1) What hardware and/or software firewall are you using? Because it appears that your system is being attacked by worms over the Internet, among other things. If you've placed your system in your router's DMZ or forwarded ports to it, undo that.

2) Is all your software legit (not cracked, warez, etc) including VirusScan Enterprise itself? Minimum buy-in on VS Enterprise is 5 units, last I checked, so no offense but I'm wondering how you got it. :evil:

3) Start > Run > cmd for a command prompt, and run this command: net localgroup administrators. The local Admin-class accounts will be listed by name. For each username listed, run this command: net user username lockmac@AT and this gives each Admin-class accounts a strong password that you can easily remember. This helps stave off some types of worm attacks.


But at this point, if it were me, I would download the full Service Pack 2 installer file, save it on CD, burn that badly-done Windows installation to the ground, and start from the top and get it right this time. No warez, no cracks, no blank passwords, no flyin' around with the firewall down, no using year-old virus definitions. Etc. mech's take on installing WindowsXP with minimal risk


edit: also, if there are any other systems on "your side" of your router, definitely run a software firewall to protect you from those other systems if they get worms and try to infect yours.