Anti-Virus Tutorial

View Poll Results: Do you agree with this essay?

13. You may not vote on this poll
  • Yes

    5 38.46%
  • No

    8 61.54%
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Anti-Virus Tutorial

  1. #1
    Senior Member
    Join Date
    Jan 2002

    Anti-Virus Tutorial

    Okay recently ive had a lot of people talk to me about finding, detecting, and removeing virii so im gonna go over a few basic rules and methods when it comes to virii (multiple virus)

    #1. Never download a file if you have no idea what it is - This should go with out saying.. Many people get emails with files attached and have no clue what it truely is or who its comming from but just because it sounds interesting they download it and usually end up with a virus of some type.

    #2. Never accept files from people you dont know - I dont care if its a picture, a executable, or a rubber ducky in a pink swim suit... NEVER accept files from soneone u dont know and trust and i mean someone you know in real life not some internet dork you met a month back many hackers and script kiddys will go to ANY lenghts to kill a target and if this person hates u enough they could take up multiple identitys to try and fool you to be infected or hacked.

    #3. Always run a virus scanner - i dont care if ur just surfing the web or playing a game and thinking closeing it will free up some memory or whatever u think itll do. ALways run it because there is no saying when a virus might be activated or how it got there for all you know the program you could be running could have a security flaw allowing remote access and someone to upload a virus to your computer.

    #4. Always update your DAT file frequently - A virus scanner is only as good as its database of known viruses. A common problem with being infected with a virus is the virus is too new for a virus scanner to have detected by now and if u update ur virus scanner weekly or even daily you have about a 10x better chance of not being infected by a virus.

    #5. Run the latest security patchs - Always patch your system and software to keep from there being some kind of security hole that could be well known or even sorta known to allow a user to run malicious code or upload a virus to ur machine

    #6. Run a firewall - What does this have to do with a virus? a lot! a virus if not detected or found could use your computer to run other task such as scanning out new victems and trying to infect them! So yes always run a firewall and check it frequently for activity.

    #7. Your operating system - I suggest you dont run OSes such as 95 98 or ME because they seem to be the most targeted for virii specially for home users.. NT and 2k are my personal fav Windows OSes and a lot of the older virii and trojans dont effect these OSes as well as they do the 9* oses and the NT OSes also allow you to see the task list of what running and this is a VERY good thing!

    #8 Known your task list - make a list of files that normally run in ur task list so you know if anything new is running that wasnt running lets say a week back.. this could mean that software your not seeing is running in the background and could accually be a virus or trojan.

    #9 Do full system scans weekly or monthly - Every week or month update ur DAT file as talked about above and do a scan of EVERYTHING on ur computer.. This is just a safety measure and not well practiced by many when it should be.

    #10 Your email software - Many software like OUT LOOK EXPRESS is targeted by viruses, Why? mainly cause its widely used and microsoft wrote it what most virii do is they use Outlook to send itself out to all the people on your email list.. So choose your email software wisely

    Thoes are just some good tips that everyone should know..

    Now going into more details of finding virii without relying on ur virus scanner

    It is a known fact that new virii are produced everyday and are spread pretty widely by a wide range of diff types of people. When dealing with a virus you should always do research on it and try to find out if anyone elese has had the same type of problems or discovered what it was. Last week my friend vanessa got infected with a virus and every 10 mins or so messages would pop up saying things like "Patch the leaks or the ship will sink" I of course had never heard of this virus before but knew right away how to find out what it was..

    I went to and type in "Patch the leaks or the ship will sink" with the quotes and all because that was the exact message given by the virus... It of course found MANY results.. many of which were not english but i found which had a lot of info on the virus includeing removal instructions..

    You best friends when it comes to a virus are..

    Common sense, Google, AVP(anti virus protection), firewall, and our good old buddy RegEdit

    Regedit is great if u know how to use it but should not be messed with if you do not understand it.. Im not going into details on exactly how to use reg edit to its fullest extent but just enough to help you if u need it..

    The virus vanessa was infected with used a file called blaargh.exe so i went to START then FIND FILES OR FOLDERS and found blaargh.exe

    it was a new file and i did research on it and found it linked with the virus (duh) turns out it spreads thew kazaa with files shared by infected users...

    some info on the virus i found was this

    Name: Win32.Worm.Supova.A / B / C
    Aliases: W32/Supova.Worm (McAfee, NAV), Worm.P2P.Surnova (AVP)
    Type: Executable P2P Worm
    Size: 40960 (version A), 45056 (version B), or 49152 bytes (version C)
    Discovered: 13 July 2002
    Detected: 13 July 2002, 01:00 (GMT+2)
    Spreading: Medium
    Damage: Low
    ITW: Yes

    the rest of the information comes from here *quote his sources*

    - one or more files named Alles-ist-vorbei.exe, Desktop-shooting.exe, Hello-Kitty.exe, BigMac.exe, Hellokitty.exe, Cheese-Burger.exe or Blaargh.exe in the Windows folder, matching in size one of the values listed above;

    - the registry entry HKLM\Software\Microsoft\CurrentVersion\Run\SuperNova referring one of the files above;

    - a lot of copies of the virus (with different names, but all aprox. 40 / 44 / 48 KB in size) in the Windows Media folder (usually C:\Windows\Media or C:\WinNT\Media).

    Technical description
    This is another worm that uses the KaZaA file sharing network to spread itself; it also tries to replicate via MSN Messenger. All three versions were written in Visual Basic.

    It usually only displays a message box in an attempt to trick the user into thinking that the downloaded application crashed:

    When the user clicks OK, the virus copies itself in the Windows folder, using one of the following filenames:
    Hellokitty.exe (version A only)
    Blaargh.exe (versions B and C only)

    It will then attempt to send itself to the user's contacts in the MSN Messenger friends list; the instant message sent includes a text from this list:

    Hehe, check this out :-)
    Funny, check it out (h)
    LOL!! See this
    LOL!! Check this out

    This brings us to another point, never accept files even from friends unles u were expecting it or know EXACTLY what it is or you too might infect your friends..

    well the list continues with information and removal instructions using reg edit

    Manual Removal:
    - Invoke task manager (by pressing CTRL+ALT+DEL once in Windows 95/98/ME, or CTRL+SHIFT+ESC in Windows NT/2000/XP) and terminate the process (or processes) corresponding to the filenames listed in the Symptoms section; doing this, or starting Windows in safe mode, will then allow you to remove (using REGEDIT) the malicious registry entries described above. You should also remove all the copies of the virus in the Windows Media folder; these are all EXE files, and they have sizes of 40960, 45056 or 49152 bytes.
    Automatic Removal:
    - Let BullGuard (or other AVP that detectes the files to remove it)

    basicly how u can do this is by finding the files associated with the virus and remove all traces of them from the registry

    lets say the virus files are "virus.exe" and "virus2.exe" *ull never see a virus like this unless someone was a real idiot *

    Then go to the CTRL ALT DEL task list and find the 2 files and hit END PROCESS

    after you are sure they are closed go to START , FIND FILES OR FOLDERS, and delete thoes 2 files..

    After that go to START RUN and type "Regedit" and hit ENTER or OK

    this will open reg edit... Then hit EDIT under regedit and hit FIND and type in "virus.exe"

    and hit FIND NEXT this will find any registry that uses that file..

    after it finds sumthing right click it and hit DELETE then hit F3 to continue to find the next file associated with it

    do this till it says nothing is found

    then go on to do the same thing with virus2.exe

    after this shut down ur computer and leave it off for 10 seconds (u should always do this instead of hitting RESTART) then turn back on your computer

    and check for the virus again and the virus files.. if u get any errors seek further assitance on why the errors pop up or search the registry and delete whatever is makeing the errors pop up..

    I do not suggest any newbies trying to use reg edit as i described and you should have a good idea of what ur doing before u do it or u might remove something u needed... Always leave anti-virus to the experts such as mcafee and norton

    Well guys that draws this tutorial to an end...

    Please let me know what you thought or if u have any more questions!


    *all i got to say in closeing is THANK GOD i copied this tutorial and pasted it to a txt file and saved it before i hit post because my IE crashed and i woulda lost everything i just typed by hand.... gotta love common sense and predicting your software*
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  2. #2
    Senior Member
    Join Date
    Jan 2002

    Re: Anti-Virus Tutorial

    Nice job.
    Did not now the Regedit trick!
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  3. #3
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Excellent tutorial, very good advice/pointers for anyone who isn't familiar with the concept of viruses and dealing with them. Specific information for viruses can be found on AV web sites if anyone needs detailed information.
    Paul Waring - Web site design and development.

  4. #4
    Join Date
    Jun 2002
    lots of good common sense practices. nice job man, looks like you put a lot of work into it.
    know how to sell your wares. intrinsic quality isnt enough. not everyone bites at substance or looks for inner value. people like to follow the crowd;they go someplace because they see other people do so. uniqueness appeals both to the taste and to the intellect.

  5. #5
    Senior Member
    Join Date
    Jan 2002

    Thumbs down Oh Come On

    Alright this getting banned crap is getting out of hand, i write a tutorial to help people and im getting mad negs for it, are you people really this immature that you take peoples hard work and neg it because you cant do anything better?

    I dont see how on earth you can disagree with my tutorial but hey your not gonna tag your negs cause your scared ill neg you... Why dont you feel free to make a new account and post here and let me know why you disagreed with my post??

    Please do take up on my offer and for once put your name on your work unless you are in such disgrace of your work that you dont want people to see you for what you really are.

    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  6. #6
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    I know exactly how you feel Netsyn, I got negged for my first tutorial, Asking Smart Questions (although the majority of people came up with some excellent comments/suggestions, which I'm grateful for), after I'd spent 4 hours writing it. This really put me off writing tutorials and AO in general.
    Paul Waring - Web site design and development.

  7. #7
    A wounderfull tutorial.

    May I also sugest to download the windows kernel power toys, in there is a program called wintop that will list all running processes. The difernce between what wintop displays and what the CTRL ALT DEL displays is that win top will also show registered processes. Common trojans will register themself as a process to avoid detection.

    And one other thing I would like to add that I idnt see mentioned, you should get in the habit of removeing floppys from their drives prior to rebooting or shuting down the computer, because some viruses will scan for a floppy drive at startup and begin to infect it.

    Great tutorial I found it very informitive.

  8. #8
    Senior Member
    Join Date
    Mar 2002
    thank q netsyn. u give me lot of info, tips removing virus. hope there is more tutorial like this again

  9. #9
    Senior Member SodaMoca5's Avatar
    Join Date
    Mar 2002

    Thumbs up Cheer up

    I just want to say that while I didn't find the tutorial all that helpful to me personally I cannot find any reason, whatsoever, for someone to neg it. It was well written, clear, concise for the amount of material covered (certainly more concise than the verbose posts I tend to make), and had a purpose which it accomplished. I enjoyed reading it and applaud you effort.

    \"We are pressing through the sphincter of assholiness\"

  10. #10
    Senior Member
    Join Date
    Aug 2002
    Good tutorial.A lot of it seems like common sense,but I learned a few things I didn't know,and that's what counts.I knew not to open strange Emails and such,but I didn't have a clue as to how to go about removing virii.Thanx
    [shadow]I don\'t believe in anarchy.If you\'re not smart enough to beat the system it\'s your problem. [/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts