Helping people with computers... one answer at a time.

Anti-malware tools need to be run frequently enough, and be kept updated to keep you safe. I'll look at what to consider when configuring protection.

I have Windows XP 2007. Recently,my system crashed. I took it to my wife's ex who built it and he said it was trashed. It had 29 viruses. I run Norton Antivirus ,AdAware, Spybot, and Malware. How do you get all these viruses after running these programs weekly? Am I wasting my $$ on Norton? Please tell me a good way to back up my info since I am using my step daughters 'puter and we think we are going to lose everything in ours.

I'll admit to a little confusion, as there is no such thing as "Windows XP 2007". There's Windows XP, and it may or may not have service pack 1, 2 or 3 applied, but there's never been a year designator on XP.

Fortunately, that doesn't really matter in this case.

I won't say you're wasting your money, but I do think there are a couple of things you'll want to change.

A lot can happen in a week.

29 Viruses!

While it's quite possible that there were 29 viruses, I'm going to guess that there were 29 "somethings", some of which were viruses, some of which were spyware and some of which were other things.

One of my gripes with many anti-malware tools is that they over report, or over dramatize some of the things they find. For example 29 tracking cookies isn't anywhere near as serious as 29 actual viruses. In fact, 29 tracking cookies might be considered normal and nothing to really worry about, whereas 29 actual viruses represents a serious threat.

"... there's no anti-malware software or solution that will protect your computer from you."

Not all malware reports are created equal.

So before we panic too much, let's at least consider that 29 may not be as bad as it seems.

But for our purposes here, let's assume that it is.

A Week is a Really Long Time

One thing that you've said concerns me: "How do you get all these viruses after running these programs weekly?"

Weekly?

Weekly's not often enough. A lot can happen in a week. In fact, depending on things that I'll discuss below, it's quite possible that you could accumulate 29 viruses in a week.

If that's really what's happening, then I recommend:

  • Making sure that Norton, or any anti-malware tool you might be using, has its "real time" scanning enabled. This scans files and web pages and whatever else as they are downloaded to your computer. The moment something suspicious appears, the software will notify you right then and there.

  • Scanning your entire system daily. This is best done when you're not using the computer but the idea here is that once a day your anti-malware tool scans your entire hard disk for malicious software. Technically it might be redundant with the prior point, but given the situation here I think it makes a lot of sense, just in case something's missed.

  • Making sure that your anti-malware solution is updating its database of known threats daily. New malware is being developed every day - that means if the database is even a day out of date you're vulnerable to the latest malware. Malware creators know this, and count on it to infect as many people as they can before anti-malware tools and databases are updated.

There's one more thing I need to touch on, though.

You

I've said it elsewhere, I've said it before: there's no anti-malware software or solution that will protect your computer from you.

By that I mean you are capable of bypassing any security solution placed on your machine. If you download and execute random attachments sent to you in email, then absolutely you're going to end up with 29 viruses, or more, in short order. Visiting questionable web sites? Downloading lots of illegal files via file sharing services? Clicking on links when you're not sure where they go? Emailing off your user name and password because someone you don't know asked?

I'm not saying that you did any of these things.

I have no idea.

What I do know, though, is that some of those things, all of those things and even more of those kinds of things I haven't even thought of are the kinds of things that can quickly result in a compromised machine.

And 29 Viruses.

Backing Up

Since your info could be scattered all over your computer, I recommend a full image backup of the entire hard disk (or disks) to an external drive. Acronis True Image is one solution, but essentially any solution that will allow you a complete backup, and then later allow you to access that backup to restore individual files will do.

Quite honestly, a daily backup regimen probably needs to be added to your system as well so that no matter what happens or how infected you get, you're always and constantly backed up.

Article C4499 - October 22, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

21 Comments
Bob
October 25, 2010 2:12 AM

'Viruses', are quite often not viruses - as Leo pointed out. Our in-office protection regularly flagged 10-20 viruses during it's scan, only for them to turn out to be cookies.
Virus writers are also getting sneaky, as I found out after having to fix a number of friend's PCs - most recently with my other half falling for a "you have viruses" popup which scragged her laptop.
To paraphrase a game I used to play:
"The Computer Is Your Friend - Trust No-One - Keep Your Backup Handy"

Josh
October 26, 2010 9:24 AM

One sure way to avoid viruses is to as Leo said, STOP downloading illegal files. These 'free' software are usually infested with trojans and the like. Stay away from piratebay.org.

Dave Markley
October 26, 2010 10:03 AM

I have owned a computer repair business in South Florida for over 4 years now. In that time, (aside from people who just never installed any anti-virus, and believe me there are plenty), the vast majority of customers whose Windows were infected beyond all hope were using either McAfee or Norton Anti-Virus. I hate to publicly put down any business but the facts are the facts. I have taken as many as 400 malware incidents out of a single computer whose anti-virus was up-to-date and real-time scanning activated. Needless to say the Windows by that point needed re-installed and they lost most of their photos, stored music, files etc. Leo made the points that your anti-virus MUST scan daily and be updated daily, but don't forget also to make sure that your Windows updates are current. Many people don;t realize that a critical update is just that. It's there for your protection, not Nicrosoft's.

Gloria
October 26, 2010 11:02 AM

Also, very important - everybody needs both a hardware and software firewalls. Even with the best update and scanning practices, and staying away from high-risk sites and not clicking on unknown attachments, you are still vulnerable to uglies coming in via instant messaging programs. A router should stop these.

Alan
October 26, 2010 12:55 PM

Leo, you say scan your entire system daily. I use MS Security essentials and run the "quick scan" daily - do you recommend I change that to a FULL scan daily?

I happen to do a quick scan daily, which scans the files that are the most likely to be affected by malware. But honestly there's no reason not to do a full scan.
Leo
27-Oct-2010

Daffey
October 26, 2010 1:04 PM

I'm sure I haven't seen 'the worst' of them, but why should one loose their music and photos, unless the virus cleaned out the drive? Seems one could use a bootable OS and scrape those files off the corrupted drive before reformatting and re-installing the OS??? Alternatively, a techie friend should be able to attach the drive as an external drive and strip it. Just curious!

I agree. Unless a virus explicitly deletes files or corrupts a hard disk an malware infection these days rarely need result in data loss. Even if you just backup the infected drive before cleaning it you should be able to restore individual files from that backup to your cleaned system.
Leo
27-Oct-2010

Larry Allen
October 26, 2010 1:20 PM

I have been using Norton AV/2010/2011(free update 2 weeks ago)for about 4 months. It has caught a Trojan, a downloaded plug-in with that contained several undefined threats to the System, and many tracking cookies. It runs a full scan at idle each day. I don't download anything that I can't absolutely trust(mostly VG patches). I never open attachments from anyone except family. I never go to sites that I see warnings about. In my 12 years of on-line computing I have never ever had a virus. My last computer went haywire and my builder thought it was virus-trashed. Turned out to be a defective Main-board. I recommend learning self defense maneuvers to protect your machine and irreplaceable data.

Gwyn
October 26, 2010 1:25 PM

Re scanning, your wrote:"This is best done when you're not using the computer" Why? Does it slow down the machine if you use it during a scan? Or make the scan less reliable? Or what? Thanks Leo.

Depends on the tool, but it can slow the machine down yes. Using the machine does not interfere with the scan.
Leo
27-Oct-2010

Roberto
October 26, 2010 2:23 PM

In this article the guy is concerned that he may be unable to get his data back. I suggest to remind him that if he can get to the start-up menu that he can still do a "system restore" to an earlier date and bring his computer back to health.

Maybe, but more often that not ... no. System restore does not restore your system - it saves and restores only certain things - like the registry - that can help in many situations, but certainly not all. My experience is that system restore is unreliable - I don't use it at all, prefering instead to use a proper system backup.
Leo
27-Oct-2010

John Neeting
October 26, 2010 5:21 PM

I wrote an article on anti virus software and unfortunately, Norton came out as less than adequate [ without using strong words ]. Since using Malwarebytes Anti-maleware in conjunction with Avast professional. I have caught stuff nothing else see's. What's not documented in Avast is the fact IF you run Malwarebytes scan on it's own with Avast running real time, it handshakes with avast and together they BOTH scan the same files so what one misses, the other picks up. So far not a sausage has managed to defeat them in 2 years.I update every 24 hours in the wee hours of the morning when the PC is idle.

Gene
October 26, 2010 6:35 PM

Sometimes we are our own worse enemy; as surfers we find more viruses than viruses find us. The configuration of your virus software is important. However, how configurable is your virus software? I tell my customers to be cautious about where you go on the web. Don't walk out in front moving cars. You can multiply your viruses by 1 x 29 sites that may not be as safe as they appear. Sometimes we can apply that formula. My best advice is to be careful where you go and keep your antivirus maintenance updated. I like Norton 360 v4. I have been using Norton since 2001. I have had some serious let downs using Norton. But I think they have finally engineered a great piece of Antiviues software with the Norton 360.

Thanks

David
October 26, 2010 8:59 PM

Step 1. Install AVG Free or Avast Free
Step 2. Uninstall Norton
Step 3. Enjoy the extra performance

I haven't heard about any symbiotic relationship between Malwarebyte and Avast - usually it's best to stick with just one AV product but maybe...

If you're obsessed with wanting to spend money, I've pointed clients towards Kaspersky. But among most IT people, AVG or Avast are really popular.
BTW,in a corporate environment, you should be paying for those two products.
In Linux world though, although I'll p**s many off by saying so; "what's a virus?" :P
And if you really must download 'free' music or p**n, do so from reputable sites - P2P is like opening your front door and leaving the house for a week.

Alex Dow
October 26, 2010 10:21 PM

One aspect not mentioned in any of the previous comments is that generally the Anti-Viral Software providers first have to be aware of a New Virus or such-like, before they are able to develop the remedy, whichever form that takes.

So there must be several to many new threats potentially "invading" our PCs before the associated A-V Updates become available; and we have the opportunity to download and FULLY install them.

Regarding running Full Scans in quiet time, better still is to re-boot in "Safe Mode", so as to minimise the active , background programs, so giving the A-V Software access to more of the Disk/s Contents, as well as using MSCONFIG to reduce the "Start-Up" programs.

Make sure that any Full Scan does cover subsidiary "disks" that may be temporarily attached to the PC.

Again PC Users at all levels have to realise that they have taken on board the responsibility for the general and specific "housekeeping" that previously was by the operators of the the main-frames etc.

One bad practice I observed recently was that of a Local Council employee, supposedly having been trained to use "her" PC, which was giving her a lot of problems.

When she finished a session, instead of Stopping gracefully from the Start "button", she simply switched OFF at the Wall Outlet!!

Another came to help; and did exactly the same.

Why did they do that?

"Och, it taks ower long tae feenish - we want awa hame!"

Tom C
October 27, 2010 12:28 AM

In reference to David's comment - "I haven't heard about any symbiotic relationship between Malwarebyte and Avast - usually it's best to stick with just one AV product but maybe..."

I cannot speak about Avast - I run Sunbelt Software's Vipre AV Premium - it has AV, anti-Malware, and firewall. I subscribe to thier email list and a little over a month or so ago they told us that in combination with Vipre we should be running Malwarebytes to make completely sure we were safe. I installed MWB and sure enough it found things that Vipre hadn't. Nothing that could have hurt my box - the things it found were AV killers that only work on XP - I run Win7. They mentioned nothing about hand-shaking or symbiotic relationship, however. And David is correct. You should never run two AV systems at the same time. You will be shooting yourself in the foot. Vipre Premium has antimalware, but they say to run MWB alngside Vipre. MWB isn't AV - it's just Anti-Malware.

David Hutchins
October 27, 2010 7:59 AM

Here's another vote for VIPRE premium from Sunbelt Software. It runs quietly in the background, without using too much memory. It's inexpensive, even for a unlimited home license. It's very comprehensive with anti-spyware, anti-virus and a firewall. Have used various products over the years and none as trouble-free as VIPRE. For free products, AVG is pretty good (have used it) and so is Panda Cloud Antivirus. As Leo and others have pointed out, no security program will do the job if you are careless in what you do. It can't be said often enough either to watch your settings and make sure you security programs are updating daily or oftener and on automatic mode so they constantly monitor and do comprehensive scans at least once in a 24-hour period.

MARO
October 30, 2010 3:32 AM

1. The absolute best AntiMalware (not just AntiVirus), although non-resident in your computer, is from Microsoft scannong online at:
http://onecare.live.com/site/en-us/default.htm?redir=true
Ot also OPTIMIZES your Windows operated computer.
2. The most effective way to usean AntiVirus program that you have, is to first remove the "System Restore" files and then start on Safe Mode and run YOUR Antivirus program in this safe mode. After cleaning your computer, go back to re-activate "System Restore". All or almost all (excluding Microsoft's own oline scan) cannot access and clean the system restore files. If they are infected, they will reload again. I noticed now that my updated version of McAfee has the capability to go through the "System Restore". It was not like that before.

Carlos Coquet
October 31, 2010 11:52 PM

What I tell my clients is that there is absolutely, positively NO GUARANTEE you will not get a virus no matter what software is protecting you. The reason is simple. Somewhere, viri are being written 24 hours per day and most antivirus software depends on someone reporting the virus to its developer, which must analyze it to figure out its "finger print" ("signature"), then it must be added to the latest datbase, and then the user has to download those latest definitions. That means that between the time each and every virus is written and when the AV software can detect it weeks can elapse.
If you frequent social networks, music downloading sites, entertainment places in general, you will probably get "tagged".
Some AV programs claim to detect viri heuristically, i.e. by their behavior. Problem is, it does generate false positives.
You can't always be a good judge of behavior. Example, a father notices a questionable looking character in a playground following his young daughter's every move. Suspecting a pedophile, he calls the police. Problem is, when questioned, the guy pulls out his id and business card and he happens to be a talent scout for Sesame Street. Annoyed, he leaves and the possible TV star loses out.

Jerry
November 1, 2010 9:55 AM

The big problem is still YOU. You're driving the Computer, As far as I know, over the period of time I've operated a personal computer, I've never had a problem. Do I subscribe to file sharing, no. Do I invite anything that might undermine the sanctity of my system? No. Do I allow someone else to use my system? No. The fact of the matter is, that whoever uses that Computer has got to have the knowledge that safe guards the integrity of that system. I saw some information proposed that is " bleeding edge" But the real value is you and knowing what to do, and what not to do.

paul
November 2, 2010 12:58 PM

wanna fix it right. get NOD32 antivirus and spyware etc. ive used it for 3 yrs and never ever a single prob or bug. its worth every cent.

Cathy
November 6, 2010 8:21 PM

I run my browsers in a sandbox which isolates them. They think they're working integrated with the rest of the computer, but unless I specifically allow them, they are not. After my browsing session, I can delete the sandbox, and any potential problems are deleted along with it. Of course, I also run daily scans and practice safe computing with scans of every item downloaded along with Firefox add-ons that rate sites before or as I go to them. Check out Sandboxie at sandboxie.com .

Monte
November 7, 2010 6:32 PM

I recently helped a friend who's computer was infected and he decided it was time for a new computer. The friend/technician who built the new machine scanned the external backup drive before I hooked it up to the new machine to restore the files. I had done an extra manual backup because the automatic ones had stopped. The drive was scanned with four different anti-virus and anti-malware programs.

The drive had over 350 "viruses," however, almost every one was in an attachment to a backed up e-mail (either unread or in the e-mail trash folder). [The high number was also because the auto-backup keeps the last five backups plus the extra manual one.]

On another machine, the anti-virus scan of the drive found the quarantined viruses from the original anti-virus software installed on the drive.

[cookies are usually not a big contributor to the count on machines I set up because I set Firefox to delete cookies on close and Better-Privacy to delete Flash Cookies.]

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.