We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Shopodo Shopping Browser Hijacker

13»

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Truegho wrote: »
    ...have decided to order a SEAGATE EXPANSION 500GB HARD DRIVE to put the files on. Is this a good option for backing up files from a Toshiba Satellite Laptop?
    closed wrote: »
    not if you have a worm

    http://blogs.technet.com/b/srd/archive/2009/04/28/autorun-changes-in-windows-7.aspx
  • closed
    closed Posts: 10,886 Forumite
    disabling autorun/play won't stop a worm
    !!
    > . !!!! ----> .
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    edited 14 October 2011 at 8:42PM
    Explain more?

    Edit: Never mind, we're clouding the issue. With autorun disabled in this instance it should stop Ramnit re-infecting. The drive would need to be checked for any offending autorun.inf files.
    Win32/Ramnit then writes an Autorun configuration file named "autorun.inf" pointing to the worm copy in the target drive. When the removable or networked drive is accessed from another computer supporting the Autorun feature, the malware is launched automatically.
  • closed
    closed Posts: 10,886 Forumite
    edited 14 October 2011 at 9:00PM
    If the worm infects and spreads only by changing autorun.inf, then disabling autorun would stop a user infecting a clean machine by plugging in an infected drive/usb key/cd/dvd etc.

    Worms that infect/corrupt/simulate/tag onto data files or folders can go from an infected machine to anything plugged in, network shares etc, depends on the code. If the user then reinstalls windows/wipes the c: drive, plugs in infected drive again and clicks on what looks like a folder/pic/doc/html, it's back to square one.
    !!
    > . !!!! ----> .
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Agreed, but from the information we have - limited, I know - possibly not relevant in this instance. The link was more for the OP, for information as how to mitigate re-infection.
  • Truegho
    Truegho Posts: 839 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Ho no, you've got me worried now!

    Does this mean that once all my Word docs, JPGs and HTML files are all on my back up drive, there is a chance the virus would still be on them and affect my hard drive too? Tell me it isn't so.

    If it is, then how do I scan all those copied docs to ensure the damn thing is completely eradicated?

    Oh yes, and what is the BEST virus/firewall protection I can get - and not one that slows my computer up like Norton did - to ensure my laptop never suffers such damage from these rogue programs ever again?

    waddler_8 wrote: »
    Be careful what you back up.

    From the MS link I gave (post #10)
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    .JPeg's should be fine but there's a good chance the .HTML's & .doc's are infected.

    You could upload a sample few to VirusTotal to check.

    http://www.virustotal.com/

    You could try disinfecting them with an AV, but there's a chance they may be left corrupted. With other file infectors such as virut, the viral code was often buggy so did leave files corrupted.

    I have to say, if these files were important you should already have made backups of them - in the event of things like this happening they can prove invaluable.

    My advice would be, when you backup your files - BE CAREFULL what you back up. Read the information & links posted previously and make sure you don't backup ANY file types Ramnit may infect.
    After reinstalling windows make getting windows updates and installing & updating an antivirus your priority. Then, & only then, scan the media you have your files backed up to by initiating the context menu (right click) scan of your antivirus on the drive.
    If the scans are clear, then proceed to restore the files.
    Truegho wrote: »
    Oh yes, and what is the BEST virus/firewall protection I can get - and not one that slows my computer up like Norton did - to ensure my laptop never suffers such damage from these rogue programs ever again?

    See post #21. You have to try to identify & eradicate whatever behaviour is causing you to be at risk from this kind of thing.
  • closed
    closed Posts: 10,886 Forumite
    by using a boot cd first - post 17
    !!
    > . !!!! ----> .
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    looking back, I assume I'm correct in thinking you have a website? All the more reason to make sure the .html files are disinfected or removed.

    http://blogs.mcafee.com/mcafee-labs/taking-a-look-at-w32ramnit
    http://techblog.avira.com/2010/11/25/closer-look-at-w32ramnit-c/en/
    This malware spreads via web sites, for example, as infected webmasters upload infected web pages and binary files to their servers
  • Truegho
    Truegho Posts: 839 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    How do you disable autorun? And when do you disable it - after you have formatted your drive and reinstalled Windows?

    waddler_8 wrote: »
    Explain more?

    Edit: Never mind, we're clouding the issue. With autorun disabled in this instance it should stop Ramnit re-infecting. The drive would need to be checked for any offending autorun.inf files.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.6K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.7K Work, Benefits & Business
  • 603K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.