onebir Posted December 21, 2007 at 03:23 AM Report Posted December 21, 2007 at 03:23 AM A friend's computer's just got this - despite having Rising (瑞星)installed, though I'm not sure he had it 100% up to date. Seems pretty nasty, and not much info about it available, so probably new. If anyone's dealt with it before, it'd be good to hear how... Quote
Battosai Posted December 22, 2007 at 08:26 AM Report Posted December 22, 2007 at 08:26 AM despite having Rising (瑞星) despite? running an anti-virus software does not protect you from viruses If anyone's dealt with it before, it'd be good to hear how... what you should do is google it (i.e put "txomou.exe" in google) i did and here is what I found. It appears that "360safe" will take care of it. Quote
liuzhou Posted December 22, 2007 at 09:24 AM Report Posted December 22, 2007 at 09:24 AM running an anti-virus software does not protect you from viruses What? What do you think they do? Running a constantly updated (at least daily) anti-virus program does just that. Next you'll be telling me Word processors don't process words. Quote
Quest Posted December 22, 2007 at 05:52 PM Report Posted December 22, 2007 at 05:52 PM A more general way to clean up any virus is to boot into safe mode and prevent it from starting automatically when windows starts. There are stubborn viruses that would bind to your legit programs and libraries, those would require special removers. But, you can always try doing the following first: 1. Power down the compouter 2. Power up and keep hitting F8 (no need to be fast, if you time it right once is enough) until you see an option to go into safe mode 3. choose safe mode and let it boot up 4. When you are at desktop, press the windows flag key and R at the same time, then type msconfig and hit enter or click ok 5. go through the startup tab list and uncheck any suspicious programs 6. go through the services list and uncheck any suspicious services (be careful here, don't disable required services). 7. click apply 8. reboot your computer and reinstall/rerun your antivirus program, update definitions, and scan your computer again (you may not be able to uncheck services on xp, in that case, press winflagkey and R together, then type services.msc you can disable services there by right clicking and selecting properties) PS: if you do see "txomou.exe" in the startup list, you can attempt a manual removal: 1. note its location, go there and find it 2. hit ctrl+alt+del, choose task manager if it doesn't pop up automatically (vista) / or right click on start menu bar and select task manager 3. make sure txomou.exe is not a running process, if it is, select it and click on end process/task 4. delete txomou.exe by holding shift and pressing "delete" 5. press winflagkey+R, and type "regedit" enter/ok 6. Using the menu on the left, browse to the location that you saw "txomou.exe" listed in the msconfig startup list. 7. delete that entry Quote
onebir Posted December 23, 2007 at 12:52 AM Author Report Posted December 23, 2007 at 12:52 AM running an anti-virus software does not protect you from viruses what you should do is google it (i.e put "txomou.exe" in google) Of course I googled it. On 21st Dec. Very few results then. The posts you linked to were made on 22nd... (But thanks Battosai for doing a bit of googling on my behalf.) Quest - thanks for the detailed info. My friend just completely reinstalled windows - perhaps if he'd followed your instructions he could have saved some time. Quote
imron Posted December 23, 2007 at 02:04 AM Report Posted December 23, 2007 at 02:04 AM running an anti-virus software does not protect you from viruses What? What do you think they do? Just came across this article from heise-security that mentions a c't study that found anti-virus software is becoming less effective thanks to the increasing sophistication of malware. Money quote from the article: the way these programs cope with new and completely unfamiliar attacks is more important. And that's where almost all of the products performed significantly worse than just a year ago. The typical recognition rates of their heuristics fell from approximately 40-50 per cent in the last test - at the beginning of 2007 - to a pitiful 20-30 per centPersonally, I agree partly with Battosai, in that anti-virus software alone will not protect you, you also need to make sure you don't do stupid things like installing random software you downloaded from the internet, or clicking on attachments people send you in email. Another good way to avoid most viruses is to use a limited user account rather than an administrator one. Quote
onebir Posted December 23, 2007 at 03:38 AM Author Report Posted December 23, 2007 at 03:38 AM Ok - I guess Battosai meant "running an anti-virus software does not completely protect you from viruses". Quote
Luobot Posted December 23, 2007 at 04:10 AM Report Posted December 23, 2007 at 04:10 AM Following the article in Imron's post, I read an even more disturbing article here, which says, "the danger of protective software, of all things, mutating into a gateway for pests is still largely underestimated." Not only won't most AV software protect you from the majority of new viruses ("The typical recognition rates of their heuristics fell ... to a pitiful 20-30 per cent."), but the AV software, itself, is vulnerable to being body snatched. Quote
gato Posted December 23, 2007 at 06:50 AM Report Posted December 23, 2007 at 06:50 AM http://www.heise-security.co.uk/news/100900 the way these programs cope with new and completely unfamiliar attacks is more important. And that's where almost all of the products performed significantly worse than just a year ago. The typical recognition rates of their heuristics fell from approximately 40-50 per cent in the last test - at the beginning of 2007 - to a pitiful 20-30 per cent You have to realize these rates refer to recognition of completely new viruses. For known viruses, the recognition rate of most programs is probably around 100%. And it's just as important to protect against known viruses, as it is to protect against new ones. Only NOD32, with 68 per cent, still delivered a good result, while BitDefender, with 41%, could be called satisfactory. NOD32 is what I use. Quote
muyongshi Posted December 23, 2007 at 06:57 AM Report Posted December 23, 2007 at 06:57 AM The moral of the entire story.... Get a Mac! Quote
imron Posted December 23, 2007 at 11:30 AM Report Posted December 23, 2007 at 11:30 AM You have to realize these rates refer to recognition of completely new viruses.Yep, I realise that completely, and that's the reason why this article is so appropriate, because it was a new virus that was causing the problem. Quote
adrianlondon Posted December 23, 2007 at 04:35 PM Report Posted December 23, 2007 at 04:35 PM Many of my friends in Beijing got viruses (virii?), as did the BNU computers, by sharing dodgy USB memory sticks. These often have autorun viruses in them so your PC gets infected as soon as you plug it in. Best is to disable auto-run for all USB drives. Quote
LaoZhang Posted December 23, 2007 at 11:07 PM Report Posted December 23, 2007 at 11:07 PM I disabled auto-run for USB devices and CD, which does seem to prevent viruses from infecting me at insertion, but I've had mixed results once opening the drive to browse it or open files from it (even Word docs). You can do a permanent "disable autorun" through the run terminal/gpedit.msc, or you can just hold Shift while inserting a drive. I agree with muyongshi. The only way to be SURE is to browse the USB drive on a mac/linux machine, delete offending files/viruses (it's pretty obvious which ones, look for *.EXEs and AUTORUN.INIs) and then you know you're good to go. Just be sure to go through all of your folders. Another option is to only use Bluetooth/IR for file transfers, then you know exactly what you're getting/sending. I guess email would work, too. Quote
adrianlondon Posted December 23, 2007 at 11:14 PM Report Posted December 23, 2007 at 11:14 PM Usually, even if you disable auto-run in Windows, if you simply double-click the drive in "My Computer" it'll do an autorun anyway. You need to right-click and "open" or "explore". A decent virus-checker should stop a dodgy auto-run from running though. Quote
cdn_in_bj Posted December 24, 2007 at 06:40 AM Report Posted December 24, 2007 at 06:40 AM Although there are a tonne of viruses on Chinese websites, what always gets me are "dirty" USB keys. Hehe that sounds so... dirty. Disabling autorun is a really good suggestion. Quote
Battosai Posted January 6, 2008 at 08:53 AM Report Posted January 6, 2008 at 08:53 AM Ok - I guess Battosai meant "running an anti-virus software does not completely protect you from viruses". true thats what i meant also running on a limited-rights user (if using Windows XP) using firefox+no-script for web browsing or another safe browser updating regularly alternatively - buying a Mac or installing Linux Quote
Luobot Posted January 14, 2008 at 05:11 AM Report Posted January 14, 2008 at 05:11 AM The moral of the entire story.... Get a Mac! The Mac is a less popular target because it enjoys a smaller market share, including the "market share" of hackers attention. However, the Mac has been gaining market share in both ways, recently. In the end, the only security is a false sense of security -- it enables us to go on computing. A security researcher has unearthed a buffer overflow remote code execution vulnerability that affects QuickTime on both the Windows and Mac platform. See: "Another QuickTime code execution flaw surfaces" Quote
imron Posted January 14, 2008 at 06:53 AM Report Posted January 14, 2008 at 06:53 AM The Mac is a less popular target because it enjoys a smaller market share, including the "market share" of hackers attention.It also has a more strict security model, meaning it's much harder to write viruses for. Quote
Recommended Posts
Join the conversation
You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.