What causes viruses etc to reinfect itself?

[speedy11131]

Basically other than visiting an infected site or running it, what else can cause a virus to reinfect?

 

[von kain]

a line in its code.

 

[speedy11131]

i mean even after its removal by something like MalwareBytes?

 

[2DividedbyZero]

if the virus has been removed, then it has to be reintroduced to reinfect

can be from a USB pen, a recently created CD, web page, portable HDD, anything that can have Data written to it.


i was gonna say Floppy but, gave myself a reality check

 

[speedy11131]

what sort of methods would it use?

 

[2DividedbyZero]

anything. a virus can auto run on insertion of a USB stick for example. what are u getting at?

 

[AsRock]

Some don't use the original file and copy them self's else were to run. Although that file needs to be ran again to reinfect. Could be triggered from a website or coming from code in the website it self.

 

[streetfighter 2]

The question is kinda flawed. So I done fixed it :

what causes viruses malware etc to reinfect itself a computer after removal?

The answer is, of course, incomplete removal. There are a billion and one places for malware to hide on Windows; the most common of which being system restore, registry, services, ADS and rootkits (with significant overlap between places). If malicious software is not completely and utterly removed it can easily reinfect a system.

 

[speedy11131]

Thanks for the correction streetfighter.

Yaah, I was wondering how it could reinfect with improper removal, not how it originally gets on there. Thanks guys.

 

[2DividedbyZero]

Thanks for the correction streetfighter.

Yaah, I was wondering how it could reinfect with improper removal, not how it originally gets on there. Thanks guys.

well u kinda got it right there, improper removal. it will be hidden waiting till you fall asleep, then it will sneak up behind you and BAM

re-infected.

full format and install OS from the original disk

but even then, it could be hidden in your back-up files, its like having herpes.... (err... so I've read)

best tip, stop surfing pr0n

 

[speedy11131]

hehe, not my machine, was just wondering is all

 

[scaminatrix]

Other computers on your network.
I always have a rule of disconnecting the infected PC from the network, cleaning/re-installing OS, sorting out anti-virus and ONLY THEN reconnecting to the net/network.

streetfighter, I suppose you're the man to ask:

If a virus infects someone and they clean it, can they be re-infected by another (infected) computer over the internet (not network) without any user action?
Kinda like all infected computers keeping a note of other infected computer's ip's, and "calling" them periodically to check to see if they are still infected (and reinfecting if not)? Over the internet, not PC's on the same network.

 

[W1zzard]

it will be hidden waiting till you fall asleep, then it will sneak up behind you and BAM

re-infected.

disturbing picture?

 

[Drone]

Basically other than visiting an infected site or running it, what else can cause a virus to reinfect?

System restore. That's why all the cleansing should be performed in safe mode

 

[streetfighter 2]

If a virus infects someone and they clean it, can they be re-infected by another (infected) computer over the internet (not network) without any user action?

The only way I can imagine that being possible is if the virus had (prior to removal) opened a port in the firewall(s)/router(s) which was not detected and repaired during the removal process. That port would have to be connected to a service (running on the machine in question) that the virus either created/modified or was capable of exploiting.

There are probably other ways of a virus reinfecting over the internet without user interaction, but if your firewall(s)/router(s) and security settings are intact the risk should be minimal.

 

[scaminatrix]

The only way I can imagine that being possible is if the virus had (prior to removal) opened a port in the firewall(s)/router(s) which was not detected and repaired during the removal process. That port would have to be connected to a service (running on the machine in question) that the virus either created/modified or was capable of exploiting.
There are probably other ways of a virus reinfecting over the internet without user interaction, but if your firewall(s)/router(s) and security settings are intact the risk should be minimal.

Mmm I suppose it's a quite narrow "maybe" then.
I'm guessing you would need:

Infectee (you)
Infected PC (over net)
Inadequate firewall/AV
Exploitable exploit/freshly installed OS (no recent updates etc.)

For a reinfection to occur. Throw "user error" into the mix and you're f****d...

 

[Mussels]

Basically other than visiting an infected site or running it, what else can cause a virus to reinfect?

Viruses can come from:

The web (bad websites)
Files - either downloaded or remaining on your drives
External/portable drives: Autorun viruses that infect as soon as you recconect them

 

[Drone]

Viruses can come from:

The web (bad websites)
Files - either downloaded or remaining on your drives
External/portable drives: Autorun viruses that infect as soon as you recconect them

email
im
p2p

 

[Mussels]

email
im
p2p

those three would be covered under 'the web'. i simply listed their base elements.


if you disconnect your internet, all of those are gone. if you do not attach any extra internal or external storage devices, you eliminate that risk. if you use a formatted drive with no leftover files, that risk is gone. a computer impossible to be infected (barring a virus infected OS installation disc)

 

[Drone]

email and p2p doesn't necessarily mean internet

 

[Mussels]

email and p2p doesn't necessarily mean internet

where else are they coming from? who runs an email server on their LAN to email each other?

P2P could theoretically run over a LAN, but if you have a network full of infected machines and not just one, you're in for a busy day.

also, P2P apps dont allow viruses to spread. Worms can propogate over a network on their own, but no P2P programs can auto download files without a local user setting them up to do so (RSS feeds and such) - and who would run a torrent to download a virus over a LAN?

 

[Drone]

who runs an email server on their LAN to email each other?

um ... all the companies in the world?

but no P2P programs can auto download files without a local user setting them up to do so

no one said they can. someone might download a pdf or gif packed with malicious code.

 

[Mussels]

um ... all the companies in the world?

all those companies would have antivirus on the LAN as well, so they're completely unrelated to the topic here. Also, they'd have heavy security to prevent infections in the first place.

no one said they can. someone might download a pdf or gif packed with malicious code.

again... from LAN? where are they getting these without internet.

 

[Drone]

all those companies would have antivirus on the LAN as well, so they're completely unrelated to the topic here. Also, they'd have heavy security to prevent infections in the first place.

That's knida a myth. Today incompetence appears anywhere. If someone works for a company with some buzz name it doesn't mean they're invincible. A/v server can just appear down for a moment and whole their network might be fried by some zero-day stuff.

 

[scaminatrix]

The only way I can imagine that being possible is if the virus had (prior to removal) opened a port in the firewall(s)/router(s) which was not detected and repaired during the removal process. That port would have to be connected to a service (running on the machine in question) that the virus either created/modified or was capable of exploiting.
There are probably other ways of a virus reinfecting over the internet without user interaction, but if your firewall(s)/router(s) and security settings are intact the risk should be minimal.

So, if 2 PC's on a network were infected and you disconnected PC "A" from the network, re-installed OS and enabled firewall but didn't install antivirus, could PC "B" reinfect it?
I'm wondering if a clever virus could re-infect you in this way:
1. You get infected (PC A), so does someone in Australia (PC B) (with the same virus, from the same source)
2. The virus infects both properly and stores PC A and PC B's i.p.'s on each PC.
3. PC A gets OS reinstalled while disconnected from the net.
4. PC A gets reconnected to the net after OS reinstall, and (with firewall enabled by default) you start downloading antivirus program.

Q: Can PC A get re-infected by PC B between connecting to the net after OS re-install, and finishing downloading the antivirus (between step 3 and step 4)?

For argument's sake, say the variables are at "worst case scenario": the virus would have to be enabled to:
"save and call/ping/check other infected i.p.'s peridoically"
"take advantage of an exploit from an OS with no updates" (for example, after installing XP with no service packs, where no Microsoft Updates have been installed that deal with the simplest, oldest of exploits)

I know it's a bit of a small gap of time, but if a virus is made to check on other infected PC's, then could it be done with no user action (again, I stress with default firewall settings and no SP's/updates that may protect against this)?

um ... all the companies in the world?

Yes companies use e-mail over LAN, but as I said above, how many of them are disconnected from the net at the same time (just LAN, no internet)? If the answer is negligible then it's covered under "The web"

Today incompetence appears anywhere. If someone works for a company with some buzz name it doesn't mean they're invincible.

True to an extent; in the corporate sector, all updates (which are the virus-makers first point of attack) must go through rigorous checks before being installed network-wide, so it would almost have to be incompetence that causes an infection in the workplace. But kinda like Mussels is saying; you're much less likely to find corporate computers infecting eachother than end-users infecting eachother, as they have measurements in place to avoid being exploited in the first place.

It doesn't even take incompetence for an end-user to get infected:
Adobe Flash receives an update.
Download and install.
New virus takes advantage of a new component within the latest Adobe update.
Adobe pop-up comes up and says "do you want to update Adobe?".
You click "No" as you know you've already updated it; you are being cautious.
Virus infects you anyway as it preys on a gammy Adobe exploit.

Most people think if they have a decent AV they will be safe forever, but a new virus can infect you, even if you have *insert your favourite av here* with all the latest updates. Not because of incompetence or user error, but all due to the coding talent of the author.


APK


j/k