This has brightened up my day. Thought I'd share it. Bear in mind I have been chasing MS for a few weeks now, with the buck being passed constantly. I'm at the end of my patience and just wanted someone to acknowledge this failing. Welcome to Microsoft Support Services, we will be with you shortly. Note that this session may be monitored or recorded for quality assurance purposes only. Ted Knott [02:20 PM] : Hello and welcome to Microsoft Support Services ! My name is Ted. How may I help you today? ed [02:20 PM] : hi ted ed [02:20 PM] : i'm running MSE on my machine and have somehow been infected with a Ramnit.e virus (from a website about printers, of all things). ed [02:21 PM] : how on earth has this got through my up to date version of mse? Ted Knott [02:22 PM] : ok well i can have a look Ted Knott [02:23 PM] : Would you like me to remote into your computer and fix it for you. ed [02:23 PM] : it's not on this machine - i've had to turn the infected one off as the virus was replicating too fast ed [02:24 PM] : have now got a ruined installation and a data drive i cant connect up to anything until they're cleaned ed [02:24 PM] : as soon as the drives are connected even via usb dock, it spreads Ted Knott [02:27 PM] : oh ok well you will probably need to have it fixed local then ed [02:29 PM] : i'm going to try and handle it myself, but i've been passed from pillar to post by MS Support - i just want to know how a virus over a year old can get past mse Ted Knott [02:30 PM] : no antivirus is perfect sorry to say ed [02:31 PM] : oh. so even though it's been in the ether for a year or more and is a known issue, mse can't prevent it downloading to my machine or even warn me before it comes down? Ted Knott [02:34 PM] : well not bieng able to see what you are looking at i really dont know what you are talking about sorry
Ted Knott [02:40 PM] : so is that the only thing you wanted to know was how it got past MSE? ed [02:43 PM] : basically - just how come a year-old virus has not been picked up? I'm left with more than a few pieces to pick up myself as a result ed [02:43 PM] : any wonder people are moving to macs and linux? Ted Knott [02:45 PM] : is there anything else i can do fo you today?
Love it. Detected 2010, but you'll be okay as long as you keep MSE updated. Angry doesn't even come close.
So reinstall and restore your backups. No big deal. If you are annoyed by your operating systems lack of security and it's vendors lack of interest in making it secure, write your own. On a technical note, malware distributors and writers are packing there malware with really good obfuscation methods these days. As Ted indicated it's impossible to write a perfect anti virus (amongst every thing else), particularly when writers of malware are intentionally trying to avoid detection.
Don't see this as funny , more just trolling the ms guy. He asked a few times if there was anything else he could help you with and you refused, you just kept going on about the one thing he couldn't fix.
I don't use MSE - I don't trust it enough seeing as its built by the same people who have an OS prone to viruses...not that I am complaining. Win 7 is awesome and a huge improvement. I love it and I am never going back to Win XP that I've had for the last goodness knows how many years. I still can't believe I only just upgraded it - I should have done it sooner. I have used Macs and have read up on Ubunto, and though they have their strengths I could never move to their OS, at least not yet, and definetely not until I can play any and every game I want to on them...PC gaming is a big thing for me. In addition, I am too much of a Windows user to be able to make the transition at least until the other OS can provide something more alluring. I however use a firewall and antivirus together. I have used an enormous variety, and I have even have tried illegal downloaded versions whilst trying to test which ones are better. I finally settled in on using Comodo Internet Security. I find it to be an amazing piece of software, using the bare minmum of system resources and providing a very secure environment. Here is a link for some more information about the software and a review.
Cheers SirFur - at least someone read the intro. Obviously the whole point of these forums is to invite discussion but as I mentioned at the very start, I have been asking MS for weeks to explain how this happened. It doesn't matter what the company is, or whether or not the product is free, if I put my trust in someone on the basis of what they say then I expect their product to perform and I would like an explanation when it doesn't, not least so I can avoid the situation happening again. I've got better things to do than troll some bloke who didn't actually try and help, but instead suggested I get it fixed at cost elsewhere. It's hardly trolling when the one question you're asking from the start is the one thing the expert can't answer. Maybe re-read the post. I have the update Kenco linked to; typing impractical suggestions like writing your own AV software is a waste of the skin cells on the end of your fingers - shall we also all go and build our own cars and houses? Or shall we trust in the fact that we've paid someone with more experience to do that for us? As I haven't been able to learn programming overnight I've paid for Windows and adopted their software - as a consumer I would like to know why this has failed so I can determine whether to change to a competitor. You are right about the backups though and my own error in this is that I haven't backed up regularly enough, normally doing it before a big change, not a session on the internet. Lesson learned though. Although viruses are a changing landscape, this one is a year old. I'm in the same captive canoe as SirFur in that alternatives to Windows are few and also have their drawbacks. Most of the software I use is written for Windows, unfortunately. And I do like the choice you have with PCs as opposed to Macs. I'll check out that Comodo link and due to the shortage of other practical options I'll consider upgrading to 7 and seeing which of my programs still require XP functionality. Interesting comment about illegal downloads, though - I've never done it on the basis of not knowing exactly what I'm getting and always paid for software or contributed to freeware development, but this whole debacle begs the question of whether this is the correct route when the alternative is to just get everything for free and deal with the same issues anyway.
ModSquid, Can I ask what you expecting Microsoft to do for you? I understand you would like to have an answer as to why the virus got into your system, but you didn't allow Microsoft to look at your system to even check anything on your system. The are not psychics. They can't look into a turned off, disconnected computer from hundreds miles away and tell you how your system got infected. If you had it plugged in and turned on and accessible to Microsoft and they still said they weren't going to help you, I would be sympathetic to you, but you asked for an answer to a problem and then told them they can't look at the problem. That's like telling your car dealer that your car won't start when you turn the key and you want an answer to why, but they aren't allowed to look at the car. What do you expect them to do? Put yourself in the tech support guy's shoes. What if your friend/parents called you with this problem? What would you say or do?
25 million installs (that they know of!) and they say it's not well known? Well, as long as it means that malware writers are not targetting it, that can't be a bad things
True - point well made. That's also another reason I'm upset, though - I couldn't even leave the system switched on for them to help as the bug was spreading faster than glandular fever in Ibiza. However, they could have either suggested I send them my disk for free recovery or even helped out with some other solution such as a bootable recovery disc - to use your analogy, if my car's brakes unexpectedly failed due to obvious manufacturer error and I smashed into a wall, I wouldn't expect them to ask me to drive the car to their headquarters for inspection. Regardless, I'm going to try an Avira recovery disc, then a reimage and a directory list to see what's on the infected drives to see what I've lost and whether I can get it all back. Then I'll check out Comodo.
im sure you can probably stop and remove this virus without restoring. have you tried running the derivatives of rkill? Stop being a drama queen as well it happens, life goes on, and its not Ted Knott from microsoft's fault.
What you have to do is the following: Install Avast!, AVG, Norton 360 and a couple of other AV programs on your computer. Just get a bunch of layers. Currently I have those 3 AV's running, and 2 anti-spyware programs. Then connect the harddrive from your infected computer to the computer with the AV programs. Then do a complete scan of the harddrive and delete all of the permuations of the virus you find. I have used this method a couple of times and when you use 2 or more AV's the risk of all of them failing to detect the virus before it's too late is near zero. And really. Relying on MSE to protect you is like running around a warzone with a orange flotation vest and hoping you won't get killed.
I was under the impression that running more than one AV software was counter productive, as they can interfere with each other? Also, I'm not entirely sure why MSE failed to stop this particular virus for this particular person, but in general MSE is widely praised by many, many people (just take a look at the 'what AV software do you use' thread here on bit-tech).
Thanks for chipping in, all. It's sweet that some of you are defending poor old Ted from MS, but do read the post within context first - I'm aware it's not his personal fault the virus appeared, but it is his fault his assistance (and that of MS as a whole) was shockingly poor. Take a read of some of the posts on here - there has been more help offered by forum readers than from the actual customer service professional. And, yes, life does go on, but it IS a big deal to me that this has happened - my PC is a tool and is used for a lot more than just gaming, so this is impacting me massively in terms of time spent on recovery and possible data loss (although I acknowledged in an earlier post that I should have kept my backups more frequently refreshed). For reference, I wasn't just relying on MSE either - I had MSE, Malwarebytes, Spybot, Avira, AdAware and Norton Corporate running (so although I like the idea of wearing blue paint against the Romans and an orange vest in a warzone, I reckon I'd only be tempted if respawns were active). The reason for so many is that not all are realtime scanners. And before anyone points out the obvious, my ire is directed at MSE both because it spotted a year-old virus but failed to prevent the infection and because the after-event support was crap. I don't know whether anything else picked it up as I've had to unplug the drives and so can't view the log files. I'll check out rkill and Norton 360 (cheers), but last time I used Avast! or AVG the resource drain was horrendous. Same goes for the Lavasoft Firewall and Spybot 2 beta - both slowed me down to a crawl. I'll post again when/if it's fixed, but apparently the only thing I can do to be sure is a zero-fill. How about this for a poser - given that many people seem to believe it's inevitable a virus will get through and many subscribe to the belief that a comprehensive AV suite is bombproof, where is the argument against using a copied version of Windows for free, scanning it for malware and renewing it each time a service pack comes out if the copy won't enable you to install it? If it's just a moral issue, I have to say that my belief in that has just been eroded (but not to say I will definitely choose this path).
I would join those counseling against running multiple AVs simultaneously (unless you disable the background scans for all bar one, running the others in "on demand" mode). The problem is that most AVs hook into Windows' file system, so they can monitor file access and scan (or rescan) files prior to them being used by any other Windows process. When you have 2 AVs using this technique, then when a file is accessed, scanner A jumps in to check it. However scanner A has to access several files itself (its own program files and DLLs plus signature databases) - it will know not to trigger scans when its own files are involved, but scanner B will not. So scanner B will then jump in to check scanner A - which results in B's code and signature files being accessed which triggers scanner A again. So you might have a infinite loop (with scanners A and B continually triggering each other) or, more likely, greatly slowed file access with A checking the file, B checking A, A checking B then B checking the file (possibly triggering more rechecks by A). Specifics will depend on how the scanners operate and their order of install, but a significant performance hit is the most likely consequence. Having layers of security is a good thing, but those layers need to be doing different things to avoid stepping on each others' toes. An example would be running an AV scanner with a decent firewall, which could then alert you to attempted network access by any new programs (virtually all malware requires network access to function). Add to that software that alerts to sensitive Registry changes (new startup entries - again most malware needs to make an addition here) or restricts direct access to disk (to block boot sector infection) and memory (to block attempts to disable security software). Doing an offline scan with a "known clean" system is good advice. Alternatively, prepare a recovery CD with various AV scanners (the Ultimate Boot CD for Windows contains a few) and boot the infected system with that. Not so - multiple AVs should improve detection rates, but if you encounter a new release of malware before the AV vendors, you'll still get no warning (new malware has to be received, identified and analysed before being added to signature databases which then have to be issued to AV users before it gets detected - this process typically takes several hours at least). Anyone who's used multiple scan sites like VirusTotal often will have encountered situations where several AVs miss a malicious file. Then you have the downside that the likelihood of a false positive (which could cripple a system if it involved a key Windows system file) will typically multiply by the number of AVs installed. As for MSE's effectiveness, it scored third from bottom (92.1% detection rate) in AV Comparatives on-demand detection tests (in August 2011). In comparison, Avira scored 99.5% (tests run against 206,043 malware samples). Posters here should not be recommending MSE (nor a previous favourite, AVG, which scored 95.7%) when there are better options available.
Could well be the problem right there. AstralWanderer above me has gone into more detail about why, but it's not good practice to run multiple AV's. By all means have an antivirus, an anti-malware and a firewall in place, but I've always understood that multiple AV's was plain daft, as they are constantly battling with each other instead of doing their jobs propperly. You don't have to stick with MSE, go by whatever is considered best at this time, but I'd suggest going with only one, and combine that with some anti-malware and preferably a hardware firewall (router etc.).
Comodo is a real time scanner and will scan files before its opened and will even scan any new network you add or any device you connect to the computer. The main benefit of comodo is its firewall, which is one of the bext available. The AV isn't the best out there...however as a package the firewall does its job and the AV helps out as a second defence. It will enable you to control every new process that access the internet and important registry files/windows files and will ask you whjether you want to allow a program to do something. It will learn based on your preferences each time a program is run for the first time and if you ask it to store the data it will never ask for it again, UNLESS, the initial program is modified in any way or if changes are made.
