Permanently block certain processes anti virus

In summary, the conversation discusses a problem with viruses that slow down the computer and internet connection, and suggests various solutions. One solution is to install a firewall like ZoneAlarm, but the other solution is to permanently disable Norton Antivirus. ZoneAlarm also tells the user the IP address of the computer that is attempting to access their computer.
  • #1
Bartholomew
527
0
This morning I got a ton of those Messenger Service messages that urge you to go to some site for a patch to prevent them, followed by Norton Antivirus informing me of many, many viruses that it could neither fix nor delete. This happened once before and I solved it at that time by doing a system restore. But now, one of the viruses has apparently "updated" my windows version, so system restore no longer works. Since my computer is a piece of crap, the cd-rom drive is broken so I can't just backup my data and reinstall windows.

The only real problem I have with the viruses is that they slow down my internet connection. Is there any way that I can designate what programs can access the modem, and exclude all others?

Edit: if I could permanently block certain processes, that might also fix the problem.
 
Computer science news on Phys.org
  • #2
What version of windows are you using?

You need is a firewall like zone alarm. The program will warn you when an application is trying to access the internet and you can block it.

Also, are those messages coming from norton or windows. If it is from windows then you need to disable the messaging service in the adminstrative tools. This is assuming your running windows xp.

http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx
 
Last edited by a moderator:
  • #3
I have Windows XP 5.1.2600, but in Windows Restore it says that at 10:06 AM today it installed "Windows XP kb823980." I think one of the viruses did that.

Thanks for the link. How do I get that firewall-type thing you were talking about?
 
  • #4
http://www.webattack.com/freeware/security/fwfirewall.shtml [Broken]

go to Zone Alarm.
 
Last edited by a moderator:
  • #5
Bartholomew said:
I have Windows XP 5.1.2600, but in Windows Restore it says that at 10:06 AM today it installed "Windows XP kb823980." I think one of the viruses did that.

Thanks for the link. How do I get that firewall-type thing you were talking about?

Are you sure you don't have auto update enabled? You should do so anyway.
 
  • #6
Thanks a lot, Klusener, I got ZoneAlarm and immediately after I connected to the internet after installing it, it let me block internet access to 3 suspicious-looking processes. Just now it let me block another one.

Dduardo, I'm pretty sure that the virus did it, because the computer also spontaneously restarted which may have been at about 10 AM.

I'm thinking of permanently disabling norton antivirus. That thing is useless. All it's ever been able to do is tell me that I have a virus, that it cannot fix it, and that it cannot delete it. It's been doing this a _lot_ recently. Would this be a real bad idea or not, now that I've got ZoneAlarm working?
 
  • #7
Spontaneously restarting means that you have/begin attacked by blaster (I think). You should look into upgrading to Service pack 2
 
  • #8
Yes--Blaster and Welchia are a couple names I remember, and also Trojan-something, and I think something else too.

So long as ZoneAlarm stops the viruses from doing anything with the internet, is there any reason to get rid of the viruses?
 
Last edited:
  • #9
Trojans are not good because they can log keystrokes. By logging keystrokes someone can capture credit numbers and passwords.
 
Last edited:
  • #10
Yeah, but if they can't communicate back, is it a problem? I mean is it likely to start doing damaging stuff without being online?
 
  • #11
Yes, it is nice to get rid of the virsuses because they still slow down your system and internet connection even if they don't reach the outside. This type of attack is called a Denial of Service. This means that the program (virsus) keeps on trying to access your resources and you keep dropping the request, but the action of dropping takes time. Just imagine someone poking you in the eye repeately and everytime you have to move your head. It takes energy to move your head. This is the same thing your system is doing.
 
  • #12
Well how bad does it get? I mean my computer is 2.4 GHz and the attempts at internet access are (thus far) only occasional.

Do you know how I might manage a system restore? That would easily disable all viruses in one stroke.
 
  • #13
--Also, ZoneAlarm tells me the IP address of the computer that is attempting to access mine. Think there might be a way to act on that knowledge?
 
  • #14
The kb823980, if legitimate, is likely from the windows auto update feature.
Its design is to block the blaster worm.
It will not get rid of the infection if you already have it.

Bring up the task manager and do a google search on each of the tasks displayed.
If it is a problem task (virus) you should get plenty of info on how to get rid of it.
 
  • #15
Yeah, but personally, I don't want to waste time on hunting down every single worm individually if they can't do anything anyway. That's good to know about the update, but right now it just seems to be preventing me from doing a system restore.
 
  • #16
Bartholomew, ZA won't tell you what is trying to access the internet all the time. That would be annoying.

I suggest you spend the $20 bucks and buy a cdrw. Download SP2 and burn it onto a cd pull the network cable. Proceed to install windows and then install SP2. Put back the network cable. This is the only way to install windows nowadays, which is just ridculous.
 
  • #17
Bartholomew said:
Yeah, but personally, I don't want to waste time on hunting down every single worm individually if they can't do anything anyway. That's good to know about the update, but right now it just seems to be preventing me from doing a system restore.
You could try going to the uninstall menu and try uninstalling it.
But, I don't know if that will help.

Also it is useful to make it a habit to check the task manager for uninvited new processes. Normally the time to get rid of one is a lot less than the time you sit around waiting for the useless virus checker progams to run.
 
  • #18
Task manager had been my only line of defense until today. But it's tough to close the processes... they just start back up again somehow.

I _do_, technically, have a CDRW drive already. It just doesn't work anymore, it thinks all disks inserted into it are corrupted... I don't know why. The same goes for the floppy drive. This computer also has been giving me warnings about SMART failure predicted (hard drive) when it starts up, in addition to the destroyed screen and lousy 10-minute+ boot time. I think it's only a matter of time before the entire computer collapses.
 
  • #19
If it is that broken just get a new computer. Did you build this computer yourself?
 
  • #20
No, it's a medium-end Hewlett Packard laptop from two years ago. It has never completely worked right but it probably has a year or two left in it.
 
  • #21
Is it still under warranty?
 
Last edited:
  • #22
Bartholomew said:
Task manager had been my only line of defense until today. But it's tough to close the processes... they just start back up again somehow.
Of course. The registry will just restart them.
That's why you need to look up how to get rid of them.
 
  • #23
Funny thing about the warranty, when I bought the computer I was careful to ask about it. I was actually planning on buying one of those military shockproof laptops (which would have cost more and would have had much lower performance), but the salesperson convinced me otherwise by assuring me that the HP laptop's warranty covered accidents. It didn't. So even though the computer was malfunctioning months before the first time it was dropped, by the time I got around to trying to get it fixed, they wouldn't do it.

NoTime, what do you mean? How do you get rid of them?
 
  • #24
You get rid of viruses with an antivirus. Just make sure you have the lastest definitions.
 
  • #25
Norton finds the viruses but can't delete them.
 
  • #26
Last edited by a moderator:
  • #27
Aiiii. These kind of Windows viruses are a menace, and it looks like you got a cocktail of them, too.

Why NAV can't delete them is as follows. An open process opens a file handle to its executable, so it can't be deleted while it's running. This has been a long-standing Windows policy that makes no sense to me; the program's code is fully loaded into memory before execution and swapped out to the swap file if necessary. But I digress. These viruses are designed so that when they get a TERMINATE signal from Windows, they spawn a new instance of the process; this happens long before Windows forcibly terminates the virus (there is no KILL that will immediately terminate execution AFAIK). This new instance opens its own handle, so you can't kill the file. Someone suggested this was done in the registry; that is NOT the case.

If you're tech savvy, the solution is to get http://www.sysinternals.com/ntw2k/freeware/procexp.shtml [Broken], open up the viral processes, and forcibly close all their handles; then you can delete their executables on disk, and then you can kill them in memory. But they might be smart enough to recreate the file on disk, you never know. You can also try the Microsoft malware removal tool, which supposedly cures the worse infections. I've never needed it, nor has anyone I know of, but I'm sure it's a high quality tool - after all, Microsoft are aces at security issues.


Solution #2: Boot in safemode. Windows will not run any startup tasks in safe mode, so you should be able to clean the viruses while dormant. At the very least you can clean up their registry startup entries.

Note: I no longer recommend NAV for power users because it keeps assuming its users are idiots. But I have found no acceptable substitute.

dduardo: There are ways to install WinXP without yanking the cable out, though it is the easiest way. The best way is to disable your network during setup and manually close the three evil holes: UPnP, DCOM and the Messenger service; then go online and get the myriad of lesser updates. My own firewall stats indicate a viral attack every minute or so; it's gotten to this point because there are a lot of Windows boxes out there whose owners are unaware (or unwilling to act on the knowledge) that their computer is virused and spreading out plague on their subnets. I've had to deal with the latter case once; it was a fun experience in cognitive dissonance and/or apathy. Thankfully his ISP took these complaints seriously...
 
Last edited by a moderator:
  • #28
Best thing would be do do a clean reinstall of windows from scratch, from disks that you know are clean. Then install antivirus program and firewall, and THEN connect to the internet. Not in any different order. That way you know you're clean.

In SP 2 you will find the XP internal firewall is automatically on, contrary to SP1, which can lead to conflicts with certain program permissions. Check the Microsoft site for more up-to-date info.

IMO, best turn the internal firewall off altogether and install a proper firewall like ZA, as suggested earlier.
 
  • #29
norton is not even a antivirus i think, it does not detect a lot of viruses, and takes most of the ram of you computer. I would do as said above, reinstall windows from a new cd, because sometimes store bought computers have a lot of advertisement on them, and if you try to remove it windows start crashing more often, maybe it was just me but this is what happened. So you bran new windows then install sp2, don't use IE, use firefox, and install some antivirus most have like 30 day trial or something, so when one expires just try another. Also firewalls are good, but are not really that important, most of the good antivirus can block attacks.

you can also try linux, there are very very few virus for it, mostly not very effective. I would recommend ubuntu, its free, easy to use, easy to install, and recongnized a lot if not most of your things automaticly.
 
Last edited:
  • #30
Suddenly today I was getting 100% CPU usage whenever I went online--I think because ZoneAlarm had to block so many attempts by the viruses to get online! So what I did was I found the programs at startup on the System Information-Software Environment window and a couple of them looked suspicious. Then I did a search in RegEdit for the most suspicious-looking one of them, and deleted that. Now it works again. Question is though, there's more than one suspicious-looking file on the startup list, but the others don't look so suspicious that I'm certain they're viruses. Can I backup the registry before getting rid of those others too? --I didn't see any options for that on regedit. Is there a better way to remove these programs from the startup list than using regedit?
 
Last edited:

Similar threads

  • Computing and Technology
Replies
5
Views
2K
  • Computing and Technology
Replies
4
Views
7K
  • Computing and Technology
Replies
17
Views
16K
  • Computing and Technology
Replies
15
Views
5K
  • Computing and Technology
Replies
12
Views
2K
  • Computing and Technology
Replies
2
Views
2K
  • Precalculus Mathematics Homework Help
Replies
4
Views
717
Replies
4
Views
935
Replies
4
Views
21K
  • Computing and Technology
Replies
16
Views
8K
Back
Top