eager

My friend's computer, running XP Media Centre 2002, was infected with
Malware, viruses, and Trojan horses
His Norton had expired long time ago. I downloaded and installed Antivir,
the free version, did a system recovery and free online scanning using Trend
Micro HouseCall.

I also suggested my friend to take his computer to a computer store to
format the HDD and re-install windows, because he did not have a winXP CD.
Probably he did not get a CD when he purchased his computer.

I could not get to start his PC in safe mode either ....

I am trying to find some info regarding what is a malware, how does it
damage the computer and what are the symptoms?
What is the difference between the malware and the viruses?

Wikipedia:

Malware is software designed to infiltrate or damage a computer system
without the owner's informed consent. It is a portmanteau of the words
"malicious" and "software". The expression is a general term used by
computer professionals to mean a variety of forms of hostile, intrusive, or
annoying software or program code.

I know that Trojan horses are kind of spyware and do not damage the
computer, worms are dangerous for networks rather than for a stand-alone PC,
etc.

I am also trying to understand the difference between access deny, delete
and move to quarantine options.

I know there are so many questions raised in my post, but any little help
would be much appreciated.

Sebastian G.

eager wrote:

> My friend's computer, running XP Media Centre 2002, was infected with
> Malware, viruses, and Trojan horses
> His Norton had expired long time ago. I downloaded and installed Antivir,
> the free version, did a system recovery and free online scanning using Trend
> Micro HouseCall.
>
> I also suggested my friend to take his computer to a computer store to
> format the HDD and re-install windows, because he did not have a winXP CD.
> Probably he did not get a CD when he purchased his computer.
>
> I could not get to start his PC in safe mode either ....
>
> I am trying to find some info regarding what is a malware,


malware = malicious software = software written with malicious intent

> how does it damage the computer


in every physically and logically possible way

> and what are the symptoms?


.... every physically and logically possible way. That means it could
perfectly emulate an uninfected system to hide its presence.

> What is the difference between the malware and the viruses?


virus: a program that infects other programs

> I know that Trojan horses are kind of spyware


Not necessarily. A trojan horse is supposed to provide access to a third
party, it might but doesn't have to be used to transmit personal data to
this third party.

> and do not damage the computer,


Of course they can, and most do.

> worms are dangerous for networks rather than for a stand-alone PC,


Worms are viruses that replicate among network boundaries.

> I am also trying to understand the difference between access deny, delete
> and move to quarantine options.


There is none: the system is compromised and cannot be trusted anymore.

Todd H.

"eager" <eager@beaver.it> writes:

> My friend's computer, running XP Media Centre 2002, was infected with
> Malware, viruses, and Trojan horses
> His Norton had expired long time ago. I downloaded and installed Antivir,
> the free version, did a system recovery and free online scanning using Trend
> Micro HouseCall.
>
> I also suggested my friend to take his computer to a computer store to
> format the HDD and re-install windows, because he did not have a winXP CD.
> Probably he did not get a CD when he purchased his computer.

What's the make/model? Typically you can get replacement CD's at a
rather nominal cost, sometimes free (e.g. HP or Compaq business
pc's).

This machine needs a fresh OS.

> I am trying to find some info regarding what is a malware, how does it
> damage the computer and what are the symptoms?
> What is the difference between the malware and the viruses?

If you think of a virus as just one possible type of malware, you'll
be in good shape.

Read some more in wikipedia to do your own comparison of the terms:

Computer Virus
http://en.wikipedia.org/wiki/Computer_virus

Computer Worm
http://en.wikipedia.org/wiki/Computer_worm

So technically, a virus isn't necessarily malware (it's defined
typically as code that can self-replicate and attach itself to another
existing host program, without regard to its badness or goodness).
But in the lexicon used by normal people (who aren't pointy headed and
hang out in security newsgroups just to disagree with people or engage
in protracted semantic debates) it's become synonymous with it,
e.g. "anti-virus" software meaning software that attempts to detect
and thwart programs you don't want/need/or that do bad stuff.

And likewise, a worm is self-replicating code that doesn't necessarily
attach itself to another program like a virus would.

> I know that Trojan horses are kind of spyware and do not damage the
> computer, worms are dangerous for networks rather than for a stand-alone PC,
> etc.

A Trojan horse is more simply defined than that. It's generally a
program that purports to do one thing, but actually does something
else or more than that thing. THe definition speaks to a delivery
mechanism more so than what the program does.

And spyware is more defined in terms of functionality--in that it does
some harvesting of personal information in one way or another. It's
not as well defined as the other terms discussed here.

Trojan Horse
http://en.wikipedia.org/wiki/Trojan_horse_(computing)

Spyware
http://en.wikipedia.org/wiki/Spyware

> I am also trying to understand the difference between access deny, delete
> and move to quarantine options.

Those terms would require knowing which Anti-virus or anti-malware
program you're speaking of, but a reasonable guess is that access deny
does nothing to the file, except the AV program tellst eh operating
system not to open the file whenever a program calls to open it.
Delete would aim to remove the file from teh disk (which may or may
not be possible). Quarantine, in most software connotes moving the
file to a "vault" so that in case a good file is mistakenly flagged
as bad, it could be removed from quarantine. In a delete option, the
file is deleted with no recovery (easily) possible.

I imagine the terms you brought up will generate lots of debate and
response though, that you may take with a grain of salt (this post
included if you like). Nothing like definition questions to give
those who love to point out things that are wrong a chance to try to
prove their intellect. Pointing out something that's wrong, after
all, is the easiest way to be right, isn't it? And we all love bein
right!


Best Regards,
--
Todd H.
http://www.toddh.net/

eager

"Sebastian G." <seppi@seppig.de> wrote in message
news:5qmpucF10nml1U1@mid.dfncis.de...
> eager wrote:


> malware = malicious software = software written with malicious intent


Thanks for your reply!

I have also found, "malware = malicious code = computer programs created to
break into computers or to create havoc on computers. The most common
types of malware are viruses, worms, logic bombs, Trojan horses, and back
doors."

So, code, software, program seem to be used interchangeably .... On the
other hand, when I scanned the computer for viruses, using AntiVir, I got
different warnings for viruses, different warning for trojan horses and
different warning for malware. Confusing, isn't it?



>

>
>> What is the difference between the malware and the viruses?
>
>
> virus: a program that infects other programs


I guess, malware is a general term that refers to viruses, worms, logic
bombs, trojan horses and back doors, then, right?


>
>> I know that Trojan horses are kind of spyware
>
>
> Not necessarily. A trojan horse is supposed to provide access to a third
> party, it might but doesn't have to be used to transmit personal data to
> this third party.
>
>> and do not damage the computer,
>
>
> Of course they can, and most do.
>
>> worms are dangerous for networks rather than for a stand-alone PC,
>
>
> Worms are viruses that replicate among network boundaries.
>
>> I am also trying to understand the difference between access deny, delete
>> and move to quarantine options.
>
>
> There is none: the system is compromised and cannot be trusted anymore.

eager

"Todd H." <comphelp@toddh.net> wrote in message
news:84ir3tznto.fsf@ripco.com...
> "eager" <eager@beaver.it> writes:
>
>> My friend's computer, running XP Media Centre 2002, was infected with
>> Malware, viruses, and Trojan horses
>> His Norton had expired long time ago. I downloaded and installed Antivir,
>> the free version, did a system recovery and free online scanning using
>> Trend
>> Micro HouseCall.
>>
>> I also suggested my friend to take his computer to a computer store to
>> format the HDD and re-install windows, because he did not have a winXP
>> CD.
>> Probably he did not get a CD when he purchased his computer.
>
> What's the make/model? Typically you can get replacement CD's at a
> rather nominal cost, sometimes free (e.g. HP or Compaq business
> pc's).


It's a compaq


>
> This machine needs a fresh OS.

Average home users do not back up data and, when it comes to this point,
they do not want to lose their songs...; they do not want to pay much money
either.... . My friend had norton (hate it) and when it expired, he
procastrinated ...
Well, he is a teenager, the son of my wife's friend; my wife, who _thinks_
that I know about computers, got me in trouble. lol

Mr.Lipman has posted numerous times about cleaning up infected computers,
just have to find his threads .... I am still wondering though, why I was
not able to start the PC in safe mode? Was the boot sector infected ... or
... something else?


>
>> I am trying to find some info regarding what is a malware, how does it
>> damage the computer and what are the symptoms?
>> What is the difference between the malware and the viruses?
>
> If you think of a virus as just one possible type of malware, you'll
> be in good shape.

Thank you Mr. Todd!

>
> Read some more in wikipedia to do your own comparison of the terms:
>
> Computer Virus
> http://en.wikipedia.org/wiki/Computer_virus
>
> Computer Worm
> http://en.wikipedia.org/wiki/Computer_worm
>
> So technically, a virus isn't necessarily malware


Now you are confusing me, man

(it's defined
> typically as code that can self-replicate and attach itself to another
> existing host program, without regard to its badness or goodness).
> But in the lexicon used by normal people (who aren't pointy headed and
> hang out in security newsgroups just to disagree with people or engage
> in protracted semantic debates) it's become synonymous with it,
> e.g. "anti-virus" software meaning software that attempts to detect
> and thwart programs you don't want/need/or that do bad stuff.
>
> And likewise, a worm is self-replicating code that doesn't necessarily
> attach itself to another program like a virus would.

Yes, I read about the difference between these two and they have two major
dofferences:
1. A virus attaches itself to a document and is spread by travelling along
with the document. A worm can travel by itself.
2. A virus needs the user to perform some type of action, to start the
infection. A worm can replicate itself until it clogs all the available
resources.

still wandering though, how can a worm travel by itself, where does it find
the energy, how does it find the way? we could use worms instead of cars,
ships and planes ) or at least, apply the idea ...

>
>> I know that Trojan horses are kind of spyware and do not damage the
>> computer, worms are dangerous for networks rather than for a stand-alone
>> PC,
>> etc.
>
> A Trojan horse is more simply defined than that. It's generally a
> program that purports to do one thing, but actually does something
> else or more than that thing. THe definition speaks to a delivery
> mechanism more so than what the program does.
>
> And spyware is more defined in terms of functionality--in that it does
> some harvesting of personal information in one way or another. It's
> not as well defined as the other terms discussed here.
>
> Trojan Horse
> http://en.wikipedia.org/wiki/Trojan_horse_(computing)
>
> Spyware
> http://en.wikipedia.org/wiki/Spyware
>
>> I am also trying to understand the difference between access deny, delete
>> and move to quarantine options.
>
> Those terms would require knowing which Anti-virus or anti-malware
> program you're speaking of, but a reasonable guess is that access deny
> does nothing to the file, except the AV program tellst eh operating
> system not to open the file whenever a program calls to open it.
> Delete would aim to remove the file from teh disk (which may or may
> not be possible). Quarantine, in most software connotes moving the
> file to a "vault" so that in case a good file is mistakenly flagged
> as bad, it could be removed from quarantine. In a delete option, the
> file is deleted with no recovery (easily) possible.


Thank you!

>
> I imagine the terms you brought up will generate lots of debate and
> response though, that you may take with a grain of salt (this post
> included if you like). Nothing like definition questions to give
> those who love to point out things that are wrong a chance to try to
> prove their intellect. Pointing out something that's wrong, after
> all, is the easiest way to be right, isn't it? And we all love bein
> right!
>
>
> Best Regards,
> --
> Todd H.
> http://www.toddh.net/

kurt wismer

Sebastian G. wrote:
[snip]
>> and what are the symptoms?
>
>
> ... every physically and logically possible way. That means it could
> perfectly emulate an uninfected system to hide its presence.

active stealth only works if the malware is actually active... there are
ways around that...

[snip]
>> I know that Trojan horses are kind of spyware
>
>
> Not necessarily. A trojan horse is supposed to provide access to a third
> party, it might but doesn't have to be used to transmit personal data to
> this third party.

actually, not all trojans are supposed to provide access to 3rd parties,
only remote access trojans do that...

[snip]
>> worms are dangerous for networks rather than for a stand-alone PC,
>
>
> Worms are viruses that replicate among network boundaries.

and typically don't infect other programs (which, given your definition
for virus, might prove confusing)...

>> I am also trying to understand the difference between access deny,
>> delete and move to quarantine options.
>
>
> There is none: the system is compromised and cannot be trusted anymore.

in general the system is not compromised just because the malware is on
the hard disk... the user may have just downloaded it and not actually
run it... the system is not compromised until the malware gains control...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

kurt wismer

eager wrote:
> My friend's computer, running XP Media Centre 2002, was infected with
> Malware, viruses, and Trojan horses
> His Norton had expired long time ago. I downloaded and installed Antivir,
> the free version, did a system recovery and free online scanning using Trend
> Micro HouseCall.
>
> I also suggested my friend to take his computer to a computer store to
> format the HDD and re-install windows, because he did not have a winXP CD.
> Probably he did not get a CD when he purchased his computer.
>
> I could not get to start his PC in safe mode either ....
>
> I am trying to find some info regarding what is a malware, how does it
> damage the computer and what are the symptoms?
> What is the difference between the malware and the viruses?

viruses are a type of malware... malware is an umbrella term that
basically means malicious software - it covers just about everything...

> Wikipedia:
>
> Malware is software designed to infiltrate or damage a computer system
> without the owner's informed consent. It is a portmanteau of the words
> "malicious" and "software". The expression is a general term used by
> computer professionals to mean a variety of forms of hostile, intrusive, or
> annoying software or program code.
>
> I know that Trojan horses are kind of spyware and do not damage the
> computer, worms are dangerous for networks rather than for a stand-alone PC,
> etc.

actually, only some types of trojan horse program are spyware... some
just destroy data, some show ads, etc... the essence of a trojan horse
is that it appears to be something good (or at least benign) but is
actually something bad... the way in which it's bad isn't specified and
could be anything...

also, worms can be a problem for stand-alone pc's as well, depending on
the worm...

> I am also trying to understand the difference between access deny, delete
> and move to quarantine options.

moving to quarantine is usually the safest option because it means you
still have the file (which you wouldn't if you chose the delete option)
in case the scanner was issuing a false alarm when it triggered on the
file... not sure about access deny - it could mean that you're simply
denied access to the file, but if the anti-virus became disabled for any
reason there wouldn't necessarily be anything left to stop you from
running the suspect file (unless you also run other types of security
software)...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Tim Jackson

eager wrote:

> I have also found, "malware = malicious code = computer programs created to
> break into computers or to create havoc on computers. The most common
> types of malware are viruses, worms, logic bombs, Trojan horses, and back
> doors."
>
> So, code, software, program seem to be used interchangeably .... On the
> other hand, when I scanned the computer for viruses, using AntiVir, I got
> different warnings for viruses, different warning for trojan horses and
> different warning for malware. Confusing, isn't it?
>

It's all very simple really, but confused by, among others, those who
want to muddy the water so as make their wizardry seem more amazing, and
saleable. Sometimes the metaphors get in the way of the facts.

Software is any sort of program which is not physically built into a
machine. And sometimes the word includes programs that are built in,
like the BIOS in a PC. "Ware" meaning something that can be bought and
sold independently, "soft" meaning intangible.

Malware is any program that is supplied with intent to harm, which is
somewhat subjective, so lets say its any software you acquire unwillingly.

Malware is classified by it's method of propagation and its intent or
function. The categories are not mutually exclusive, and
self-propagating programs are not always written with harmful intent.
Most malware will consist of one or more parts which perform propagation
and a "payload" which performs the damage.


A virus is a piece of software that attaches itself to another program
so that when that is run, it runs the virus again which copies itself
into any other programs that are visible to it at that time. Thus if
the program is copied to a 'clean' machine and run, it infects all the
other executables on that machine.

A trojan horse is a program which purports to be something it isn't in
order to get the user to run it, most commonly an email attachment.

A worm is a program that explores a network to seek out other computers
to copy itself onto.

A back door is a program which once installed provides unauthorised
access to a computer. This is used to create zombies, (also known as
'bots or bot-nets), which are computers that have a back door installed
to allow unauthorised control for such purposes as the sending of spam.

Spyware is software that once installed records information about the
computer and it's use and report it back to a remote site, without the
user's knowledge. This could be simply gathering marketing information,
or it could be something more hostile like keystroke (i.e. password)
recording.

Adware is software that once installed periodically presents unsolicited
advertising to the user, eg by pop-up windows. This is used as source
of revenue to pay for allegedly 'free' software.


Tim Jackson
www.tim-jackson.co.uk

eager

"Tim Jackson" <tim@tim-jackson.co.uk> wrote in message
news:13kfqk9qck4pne1@corp.supernews.com...
> eager wrote:
>
>> I have also found, "malware = malicious code = computer programs created
>> to break into computers or to create havoc on computers. The most
>> common types of malware are viruses, worms, logic bombs, Trojan horses,
>> and back doors."
>>
>> So, code, software, program seem to be used interchangeably .... On the
>> other hand, when I scanned the computer for viruses, using AntiVir, I got
>> different warnings for viruses, different warning for trojan horses and
>> different warning for malware. Confusing, isn't it?
>>
>
> It's all very simple really, but confused by, among others, those who want
> to muddy the water so as make their wizardry seem more amazing, and
> saleable. Sometimes the metaphors get in the way of the facts.
>
> Software is any sort of program which is not physically built into a
> machine. And sometimes the word includes programs that are built in, like
> the BIOS in a PC. "Ware" meaning something that can be bought and sold
> independently, "soft" meaning intangible.
>
> Malware is any program that is supplied with intent to harm, which is
> somewhat subjective, so lets say its any software you acquire unwillingly.
>
> Malware is classified by it's method of propagation and its intent or
> function. The categories are not mutually exclusive, and self-propagating
> programs are not always written with harmful intent. Most malware will
> consist of one or more parts which perform propagation and a "payload"
> which performs the damage.
>
>
> A virus is a piece of software that attaches itself to another program so
> that when that is run, it runs the virus again which copies itself into
> any other programs that are visible to it at that time. Thus if the
> program is copied to a 'clean' machine and run, it infects all the other
> executables on that machine.
>
> A trojan horse is a program which purports to be something it isn't in
> order to get the user to run it, most commonly an email attachment.
>
> A worm is a program that explores a network to seek out other computers to
> copy itself onto.
>
> A back door is a program which once installed provides unauthorised access
> to a computer. This is used to create zombies, (also known as 'bots or
> bot-nets), which are computers that have a back door installed to allow
> unauthorised control for such purposes as the sending of spam.
>
> Spyware is software that once installed records information about the
> computer and it's use and report it back to a remote site, without the
> user's knowledge. This could be simply gathering marketing information,
> or it could be something more hostile like keystroke (i.e. password)
> recording.
>
> Adware is software that once installed periodically presents unsolicited
> advertising to the user, eg by pop-up windows. This is used as source of
> revenue to pay for allegedly 'free' software.
>
>
> Tim Jackson
> www.tim-jackson.co.uk


Thanks Tim!