Quake3World

My school disconnected my wireless access because of what they think is a virus. Here's the email they sent me:

Because of behavior consistent with a virus infection,
the user account xxxxxx cannot use the modem/VPN/Wireless access.
This happened while using the address xxx.xx.xxx.xxx connected to xxxxx.
Your system needs to be taken off the network until it is cleaned up.

(You will also not be able to log into to the RACS system in the dorms.)

This reason was : spyware.

The computer in question appears to be infected with
a backdoor Trojan that steals private information.
(see http://en.wikipedia.org/wiki/Spyware for more
information on spyware).

This system should be cleaned with current Symantec antivirus
before bringing back online.

Now, I have scanned my computer with AVG, Symantec, and SpyBot, and it comes up clean. I also keep my definitions up to date, do daily/semi-daily scans, and keep the Windows Firewall on. I'm pretty confident there is no spyware on this machine.

So I called up the IT folks and asked them what's up. They said that their "expert" is of the opinion that the only safe way to ensure your computer is clean of spyware is to reinstall Windows; no amount of scanning or cleaning will fix it. Therefore, they won't let me use my wireless connection until I reinstall XP.

Frankly, fuck that.

My question is this: is there a way they might be mistaken about what they perceive to be "behavior consistent with a virus infection"?
And if not, is there truth to their claim that reinstallation is the only solution? Theoretically, I could tell them that I reinstalled, just to get them to reconnect me, but if there really is something wrong, they might disconnect me again for good.

Any insight is appreciated, thanks.

Spybot isn't as good as it used to be a few years ago. There have been several products since then (most shareware) that have suprpassed it's accuracy and quality.

I'd say, give webroot spy sweeper a try, the free trial should work uncrippled. See if it comes up with anything.

http://www.webroot.com/consumer/product ... 5d10f234a2

werldhed wrote:My school disconnected my wireless access because of what they think is a virus. Here's the email they sent me:

Because of behavior consistent with a virus infection,
the user account xxxxxx cannot use the modem/VPN/Wireless access.
This happened while using the address xxx.xx.xxx.xxx connected to xxxxx.
Your system needs to be taken off the network until it is cleaned up.

(You will also not be able to log into to the RACS system in the dorms.)

This reason was : spyware.

The computer in question appears to be infected with
a backdoor Trojan that steals private information.
(see http://en.wikipedia.org/wiki/Spyware for more
information on spyware).

This system should be cleaned with current Symantec antivirus
before bringing back online.

Now, I have scanned my computer with AVG, Symantec, and SpyBot, and it comes up clean. I also keep my definitions up to date, do daily/semi-daily scans, and keep the Windows Firewall on. I'm pretty confident there is no spyware on this machine.

So I called up the IT folks and asked them what's up. They said that their "expert" is of the opinion that the only safe way to ensure your computer is clean of spyware is to reinstall Windows; no amount of scanning or cleaning will fix it. Therefore, they won't let me use my wireless connection until I reinstall XP.

Frankly, fuck that.

My question is this: is there a way they might be mistaken about what they perceive to be "behavior consistent with a virus infection"?
And if not, is there truth to their claim that reinstallation is the only solution? Theoretically, I could tell them that I reinstalled, just to get them to reconnect me, but if there really is something wrong, they might disconnect me again for good.

Any insight is appreciated, thanks.

they're asking you to use Symantec, is that what you're using? either way, use it if you have to, and print the fucking log after scanning and cram it up their ass.

werldhed wrote:So I called up the IT folks and asked them what's up. They said that their "expert" is of the opinion that the only safe way to ensure your computer is clean of spyware is to reinstall Windows; no amount of scanning or cleaning will fix it. Therefore, they won't let me use my wireless connection until I reinstall XP.

They say that because it is the only way for them to be sure your computer really is clean. Don't fight it, just reinstall.

^misantropia^ wrote:

werldhed wrote:So I called up the IT folks and asked them what's up. They said that their "expert" is of the opinion that the only safe way to ensure your computer is clean of spyware is to reinstall Windows; no amount of scanning or cleaning will fix it. Therefore, they won't let me use my wireless connection until I reinstall XP.

They say that because it is the only way for them to be sure your computer really is clean. Don't fight it, just reinstall.

I disagree. Fight it.

If every "tool" you have and they ahve find NOTHING, they can shove it up their ass. And id goto the board about it.. Frankly reinstalling is a pain in the ass if you have a shit ton of things running and installed.

umm just say you formatted?

do what djzepp said, and what juggs said, then tell them you reinstalled xp too.

edit:

ek wrote:umm just say you formatted?

eggzackree :icon14:

Thanks all.
Is there a possibility that something else is making them think I have a virus? e.g. Azureus, or something like that?

The reason I don't want to just say I reinstalled is because if they detect a virus again, they'll probably disconnect me for good.

@dzjepp: Thanks for the suggestion. I'll give that a try when I get home (can't access the net with the laptop right now, afterall :icon33: )

Do what Juggz said. Just print out a bunch of scan logs from different programs and shove em up their asses.

Aye... I'm gonna do that once I try a scan with Spy Sweeper. :icon14:

Wait, are they claiming it's a virus or spyware? spy sweeper dosen't scan for viruses ya know, but as long as we're on the same issue I could recommend a better virii scanner as well :icon30:

nod32 and kaspersky av are both damn good

http://www.eset.com/download/index.php

http://fileforum.betanews.com/detail/Ka ... 08918303/2

AVG Free ftw ey

dzjepp wrote:Wait, are they claiming it's a virus or spyware? spy sweeper dosen't scan for viruses ya know, but as long as we're on the same issue I could recommend a better virii scanner as well :icon30:

nod32 and kaspersky av are both damn good

http://www.eset.com/download/index.php

http://fileforum.betanews.com/detail/Ka ... 08918303/2

They claimed both. First they said it was behavior consistant with a virus, then they said it was spyware, then they said it was a trojan.

But they said it I should scan with Symantec, so I don't know what they really want. :icon8:

Captain Mazda wrote:AVG Free ftw ey

That's what I use. :icon14:

werldhed wrote:
That's what I use. :icon14:

Which Symantec product is it they want you to use? If its the corporate edition it trounces AVG in every way possible but if its Norton 200x its not too great.

They didn't mention which they wanted me to use, but this computer has Corporate Ed. v.9.0.3.1000 on it.

JUST SEND IN THE FUCKING REPORT ALREADY.

+JuggerNaut+ wrote:JUST SEND IN THE FUCKING REPORT ALREADY.

olo

Plus if they switched around between the culprit so much, I bet they know they fucked up and don't want to admit it. Shitstorm time.

+JuggerNaut+ wrote:JUST SEND IN THE FUCKING REPORT ALREADY.

lol... relax, tiger.
I've already sent the scan logs. I'm just waiting for a reply now.

I'll let you know what they say.

lol i know man, giving you a hard time. i'm real interested in their response.

Did spy sweeper find anything?

Nope. Just some old cookies I forgot to delete from IE back in the day.


Bah... no reply yet. I suspect I won't hear from them until after the weekend.

I already ran Blacklight, and it came up clean... Although, I forgot to mention that when I emailed them. Oh well..

Blacklight is the only one I'm familiar with. Any suggestions for other rootkit scanners?

what you need is a good firewall set to block everything and see what tries to get out.