virus

I Googled this virus and it seems fairly serious but does not make any mention of causing restarts on a PC. So the restarts must come from something else.

thanks...didnt even think to google it.

Just be careful of passwords for gmail, banking etc. Might e a good idea to change them all using an uninfected pc not on your network.

If you're stuck for a fix, or just lazy like me then go to the Trend Micro site and download 'hijackThis'. Install and run it. You can try posting the log file here if you want or there are various forums around that specialise in reading them and offering you advice on how to dig the nasty little critter out of you pc manually.

Good luck and stay off the pron sites in future

this is what i dont understand is i dont do pron sites and normally any site i am visiting if any form of pop up appears i close it...

i think this started on the weekend...i was working on my laptop and i heard the netebook make a clip sound and when i turned to look at the screen it had gone off...i thought just to screen saver but after i a while the picts hadnt come up...so i pressed enter...nothing...i had to restart the pc...then the warnings from security essentuals started popping up.

something else i noted was there is a new user name which appears in our wireless network area...there were 4 names which appeared when i reset wireless network...every now and again i notice this new name and it one of those sicko type names...like now when i reset wireless network its not there at the moment

my wireless network is security enabled via the normal telkom setup...but i dont know if the 3 g sim card is security enabled

These things can come in from quite a few sources, including web sites, emails, across network shares, flash discs, etc. (but not limited to them). Are you only using M$ Security Essentials? I'd advise you have a decent true AV installed as well (I like Avast!, but there's quite a lot of others - lots of them free). M$SE isn't a full blown security package, it doesn't stop all access points. Neither do AV's but they're closer to being full protection. Usually the "best" setup is to have M$SE + a good AV running concurrently, but that may hog your system (especially if it's a NetBook and/or AVG).

Now the Wireless is yet another place where lots of problems can come in. I'm not sure what you mean by "security enabled via the normal telkom setup", there's 2 points to note here as well:
(1) "Security" on wireless means the data sent over the air gets encrypted. There's several encryption methods, some better than others - but as yet (and probably never) there's no unbreakable encryption.
(2) "Access Control" to the wireless is also handled by various means. Newer routers have something like a button your press to allow a new connection. Other than that there could be a passkey, or the one I prefer is using Physical Address filtering.

A new unknown user on the wireless may mean someone's leaching off your network by having cracked the wireless's access control. Perhaps you should modify your access control method - I know it's a pain, but that's the only way you're going to get around it. And having someone linked to your network means they could have introduced the virus through their browsing - virusses sometimes have the capability to infect all PC's linked on a LAN (especially if there's shared folders / printers about).

Microsoft Security Essentials (MSE) is warning the user and requesting what it must do with the virus!!!!!!!!

MSE is a full blown AV refer to comprehensive discussions on this topic by www.mybroadband.co.za by the software thread.

MSE works for me if your OS an genuine version that is updated etc,etc. Remember MSE is "Mahala" for genuine OS only.

Yes, if you compare it to something like ClamWin. But if you compare it to Avast! you find that it doesn't have internet / email scanning / fire-walling. E.g. one of the forums I usually use was hacked and some malware introduced there. With M$SE only nothing was noted and the malware installed on my office PC by just visiting the site, SE did find the malware later (during a scan) and try to remove it (which it couldn't but at least I then knew what to google for to get the removal tool). I visited the same site with my personal PC (with Avast! only), which blocked the site inside firefox - disallowing the malware to install in the first place.

That's what I mean by "full blown". While SE is a very good (small, fast & mostly comprehensive) "AV" it stops short of being a preventative AV. Since the issue above, I've installed Avast! on my office PC as well - doesn't use any more RAM than SE and doesn't seem to slow down the PC any more either. Other than what I found previously with AVG.

We can have this tread rolling on and on, but the facts show that the PC user who's system OS is fully updated and running MSE is generally safe.
Win 7 has a "Firewall" native to the system.
MSE scans ALL inclusive of Emails and Browser operations and ports to your PC, SO IT IS A FULL BLOWN AV.
Thank you.

Strange. From my personal experience it wasn't the case. Perhaps because of WinXP and not 7, though I've had the latest updates installed prior to the malware happening. Or else there's some setup on my system that was preventing SE to work correctly?

i have a genuine xp pro...installed on the netbook...which was one of the conditions of the purchase of the netbook...it had to be installed or downgraded because of the it was supplied with vista...i need xp to for my test equipment.

we have a few people in the area who i can see of the wireless networks...but i cannot access their network because they are security enable...but as i mantioned there is a new "kid on the block" as soon as i see his network again i will make a point of getting the name...something else i noted is he has a WPA 2 security enabled network...all the others are just WPA

just done a full scan and noted the virusses are still active in the netbook and there is now a new one...PWS:win 32 / Fareit . A

my laptop doesnt have a 3 g card and i havent been affected by these viruses yet...could it be possible that i dont have a secure link via the 3 g sim card?

Regarding WPA/WPA2: forget anything to do with WEP - that's simply an old, "easily" breakable encryption ( http://www.suite101.com/content/encr...andards-a25951 ). Regardding the difference between the WPA/2, the one's not necessarily more secure than the other - they just use different methods / transmission protocols. Also WPA2 is intended for use with other hardware as well as PC's (e.g. cellphones, etc.): http://www.securityprocedure.com/com...n-wpa-and-wpa2

As I've stated before, access to wireless networks goes through the Access Control mechanism. This is usually a separate thing from the Security Encryption, but can be affected by what encryption you use. E.g. if you use a passkey access control, you're probably using WEP/WPA/WPA2 as well - otherwise the passkey can be seen whenever you connect by anyone in range. If you use the push-button / physical address method, no such pass key is sent - the router checks the connecting device's MAC (Physical Network Address) then saves that to a list of allowed devices. The push-button method just does this less manually, otherwise you'd have to open the router's control program to add a MAC manually.

If you don't have an access control installed it would be possible for anyone to use your router (even if you have WPA running). Did you have to provide a passkey when you 1st connected to the router? If not you might be in trouble as this is usually the default, unless the default is to not have any control (which is the worst possible scenario). If you had to press a button on the router, you should be reasonably fine.

Some routers also have the ability to "hide" themselves to all devices except those which have been connected before. These usually also have the push-button method, which temporarily displays the router to everyone, then waits for a connect request, and then waits for you to press the button again.

Irrespective of if you use access control and / or security encryption or not: if a PC is connected to the network, it's got access to all others. At which stage it becomes up to the OS to try and protect itself. If that fails, then you're relying on stuff like firewalls and AV's. So if one of the PC's (laptops / notebooks as well) is infected, be careful that it doesn't infect something else on the network - otherwise you could end up having the virus jump from one to the other. So try to have only one device connected at a time when you clean these things.

If M$-SE doesn't want to remove these, first try to reboot into Safe-Mode (press F8 during WinXP bootup). Then run SE and see if it can now remove the offending files. If not, do a google for a removal tool for that particular virus.

Doing a google, that sounds like a very nasty thing you've got there: http://www.microsoft.com/security/po...ID=-2147321963 I.e. it can "steal" any passwords you type.

Edit: strangely only MSSE calls that virus by that particular name. Doing some further searches I came across this: http://www.virustotal.com/file-scan/...302-1304151829

From there doing a search on what AVG/Avast! calls it: Win32: Delf-OXZ removal - http://www.spywareviruscleaner.com/H...2.Delf.ox.html

The original trojan you had will download other worms and trojans and install the appropriate services on you pc and it is also scripted to upload your usernames and passwords etc so my suggestion still stands to go online from an uninfected pc and change them all before it's too late. Did you try hijackthis yet?

open gmail this morning...big red banner across the top of my pc...WARNING YOUR ACCOUNT HAS BEEN ACCESSED FROM CHINA...

and full of rubbish...the amazing thing was not one email in spam all directly into my front page.

well that is a clear indication it time to shut the netbook down ans send it in for clean up by the proffessionals.

i was about to have my entire system networked together...so that i could access everything from any of the pcs but after this fiasco...i will be isolating my netbook from the rest of my office.