The Evil Within 2 review-in-progress
I recently received an email purporting to be from from a friend of mine, copies to everybody in his address book. The email, however, is just a spam message from an electronic wholesaler with the web address of Welecp.com (don't worry, I wouldn't even think about looking at this site).
Clearly, this pal of mine has had his computer hijacked. He tells me that he runs McAfee Antivirus, and has a firewall.
Any tips as to
a) how he can get rid of whatever infection / Trojan has taken over his computer
b) how to make sure that it doesn't happen again.
Has anybody else come across this outfit, Welecp.com (from their email address it appears to be Canadian)?
McAfee recently failed it's Virus Bulletin test. Check that your friend updates his Mcafee and that his firewall is set correctly. If so, run a Kaspersky online scan. It'll show you what and where. From there he can find out how to get rid and clean his system. I'd recommend Spybot. Welecp are known fraudsters based in Shanghai and any trojan could well pose a serious risk to his security. He should change his passwords immediately from a clean PC.
Thank you rawprawn and slimk. I shall pass the advice on.
Very worryingly, the next question - of course - is how does Welecp manage to hijack the computer? How can one prevent it happening again (or another dodgy outfit gaining access)?
Although a virus checker and firewall were in use, am I correct in thinking that you can acquire infection by a Trojan simply by visiting a disreputable website? No need even to open an nknown e-mail attachment.
If the golden rules are followed of having an up-to-date virus checker, a firewall, and regularly scanning with a anti-malware program, then is there any other way of protecting oneself from this difficulty?
It is not Canadian but from Shanghai-- Type the name in google for more details.
Yes you are correct, trojans can easily bypass firewalls and AV's. Perhaps the best defence is "Real Time" protection. First I would suggest installing Spyware Blaster click here
I run SuperAnispyware Professional which has real time protection, but Spyware Terminator is free and is often recommended on this forum which also has real time protection.
You cannot fully protect, and many times these Trojans are installed on your computer simply by clicking a link in an email.
Sorry Spyware Terminator link click here
I disagree with rawprawn. Trojans can't easily bypass firewalls and AV. THe majority will be picked up by a good AV. Two-way firewalls like Comodo, ZoneLabs and Kaspersky stop the Trojan having easy access to 'call home'.
Current trends show that 'disreputable sites' aren't necessarily the problem. Never open an attachment that hasn't been scanned. Don't download any programs without researching them on Google/Yahoo etc. The latest Trojans will change your registry and can invite 'remote control' by very shady characters. At the same time, without a good firewall, they can keylog and screenshot you when you open fields that require passwords (banks, email, Paypal etc). This information is then sent to the controller and can be used in ID fraud.
It's imperative that your friend changes his passwords immediately and doesn't use his PC for anything more than browsing until it is definitely clean.
Many thanks to everyone for their advice. As usual, the PC Advisor Forum has been of great help.
This thread is now locked and can not be replied to.