|
ProjektorBoy posted:I work for a large corporation's help desk and the occasional malware infection comes up on the computers of the people who call me. I've been able to scrub these computers clean manually by just a combination of resourcefulness, a good solid knowledge of known-good processes, and having Process Explorer at hand. indeed, process explorer owns. helped me kill some threads attached to winlogon and lsass so i could run some tools without the drat trojan cockblocking it. customers bring in scarier poo poo every day.
|
# ? Dec 30, 2008 21:47 |
|
|
# ? Jun 8, 2024 09:19 |
|
Elected by Dogs posted:CDRW? If it was burned along with the files (dunno if any malware does this kind of insertion) - it would still infect anyways. so use a finalized CDR? does anyone actually use CDRWs any more?
|
# ? Dec 30, 2008 21:59 |
|
Well, curiosity is killing me. Can anyone actually give a summary of what the hell SPTH stands for / means? After having McAfee throw a fit from the first couple results on Google, it seems like I might be better off just asking if anyone already knows. Public service: Don't click results for SPTH in Google. :f
|
# ? Dec 30, 2008 22:10 |
|
second part to hell edit here's a cool (albeit old) article with probably-related details nail fucked around with this message at 22:23 on Dec 30, 2008 |
# ? Dec 30, 2008 22:18 |
|
Nthing superantispyware. It seems to be a few days in front of Malwarebytes now consistently, but MWBAM is still a vital tool. Between those two you can pretty much get anything. A few posts up where it was suggested to run a livecd... is there a way to run SuperAS or MWB off a livecd? That would be unbelievable.
|
# ? Dec 30, 2008 22:30 |
|
Edit:It sounds stupid to me, but is it possible using wine or something? (clicked quote instead of edit like an idiot)
|
# ? Dec 30, 2008 22:31 |
|
Duck and Cover posted:I'm enjoying having my ads hijacked so that I can be sold vimax and other lovely products. While I solved the problem of the ads by blocking through the hosts file I'd like to eliminate the problem instead of working around it. Oh and for the hell of it, it seems to block any attempts to update anti virus malware software. Have you looked to see if TDSServ is in the device manager? That was sending any kind of anti malware related URL to an ad site. In the device manager, show hidden devices, and under non system devices I believe. Just disable it, not uninstall it. If you have to, rename the executable installer for malware bytes or superanti or what have you, sometimes you have to rename the exe when it is installed as well. ^^^^ I believe UBCD4Win comes with Super Antispyware. List of progams in UBCD For Windows
|
# ? Dec 31, 2008 21:19 |
|
hyperborean posted:edit here's a cool (albeit old) article with probably-related details That was a really good article, and I was a bit surprised to find out that a sixteen-year old kid has made enough of a name for himself since that article (assuming it's the same SPTH, which seems likely) to be the subject of a Microsoft blog. The security side of IT is getting more interesting to me all the time.
|
# ? Dec 31, 2008 22:06 |
|
So reading this has made me paranoid again. Is there any reason not to run multiple Antiviruses on one computer?
|
# ? Jan 1, 2009 02:40 |
|
Well, they will bitch at each other. It is best to have one antivirus, and a few antispywares.
|
# ? Jan 1, 2009 04:31 |
|
Luck of the draw I guess, but this morning I got hit with malware or something on my windows xp64 workstation for the first time ever [first time since 95 when I switched to windows]. I guess I was overdue at one point but I never use email on my machine or click on stupid bullshit. I'm currently using avast! 4.8 and it usually catches things once in awhile but this morning was different. Avast started freaking out about malware, and the next thing I know, windows firewall crashes, and IE fires up right away and starts shooting up pages and pages of banner ads. I swear, I'd be laughing my rear end off if it wasn't happening to me. It was just so sudden and random. I turned off my machine and left it for the evening when I could look at it but honestly I'm scratching my head here. I tried to get avast to run in safe mode, but because I run a high resolution desktop, the avast scan window opens off screen and I wind up having to switch to normal boot in order run it. I'm currently running the scanner now and it did find a few things [Its still scanning I can't bring up a verbose list] but most seen to be gen.exe or some form of trojan that's sitting on a old backup drive with files dating back years. I created a new profile [one with admin and one plain user account] and noticed it just happened again. I'm 83% on my current scan, and just a minute ago I get IE trying to open, but its asking me if I want to make it the default explorer first [since it was never run on this profile], I killed it in the task manger. Is avast crap? Or is it because I'm running the 64bit version and won't pick up things running under 32bit? And is there a way for me just to ensure IE will never ever run? I'm trying to figure out if I'm getting hit by something coming in over the network or something thats running as a service. /edit Avast just blocked something online called antivirusscanneronline but it closed before I could hit edit.. it's still scanning and I can't bring up a log file yet until it's done scanning .. sigh. I'm checking my hosts file and system32 folder to see if theres anything afoot there. /edit #2 downloading process explorer Last time I had to troubleshoot viruses was boot sector amiga poo poo back in the old days. Oh Saddam virus, so funny and topical back in 1991. Big K of Justice fucked around with this message at 07:16 on Jan 1, 2009 |
# ? Jan 1, 2009 06:44 |
|
If Avast doesn't fix it, then try burning the UBCD4Win I linked above. What whatever you want (Asquared and Superanti seem to work the best of the programs included). Then try malware bytes in safe mode.
|
# ? Jan 1, 2009 09:11 |
|
Do a scan in safe mode with Avira and Superantispyware. That should get rid of everything.
|
# ? Jan 1, 2009 09:17 |
coinstarpatrick posted:Nthing superantispyware. I ran MWB and SuperAS off of a Backtrack 3 liveCD in Wine. It found (and removed) a rootkit on an infected Windows XP machine. PROTIP: Install MWB and SuperAntispyware, then run winecfg and change your C: drive to /mnt/hda1 (or whatever your C: drive is. /mnt/sda1, whatever.)
|
|
# ? Jan 1, 2009 09:20 |
|
BigKOfJustice posted:Install SUPERantispyware in normal mode, boot into safe mode and run it
|
# ? Jan 1, 2009 09:23 |
|
I'll do that tonight, I"m guessing its sitting somewhere in 32bit space since it seems to want to run IE 32. Avast scanner picked up 3 or 4 items, but on very old files. It couldn't scan a bunch of jpegs but that was it.
|
# ? Jan 1, 2009 16:17 |
|
I think this may be a side effect of all the cleaning I did to get rid of my infection. Some text comes up like this in firefox. How do I fix this? Edit: It's not a font or encoding issue either. Hillridge fucked around with this message at 20:00 on Jan 1, 2009 |
# ? Jan 1, 2009 17:58 |
|
Hillridge posted:I think this may be a side effect of all the cleaning I did to get rid of my infection. Some text comes up like this in firefox. How do I fix this? Your system language might have been changed... try and see what it is set to
|
# ? Jan 1, 2009 22:40 |
Hillridge posted:I think this may be a side effect of all the cleaning I did to get rid of my infection. Some text comes up like this in firefox. How do I fix this? It would appear several of your vowels have become surprised. Give them time to calm down.
|
|
# ? Jan 1, 2009 22:46 |
|
darkforce898 posted:Your system language might have been changed... try and see what it is set to It looks fine, though Asian languages are unchecked, and I'm almost positive I've installed them before. I don't think it's systemic because IE displays the text fine on that page. Jo posted:It would appear several of your vowels have become surprised. Give them time to calm down. I put on some smooth jazz and lit some candles...no help.
|
# ? Jan 1, 2009 23:29 |
|
Thinks for the super anti spyware recommendation. I found the malware that was causing IE to go bonkers at random: Adware-Prun via PRUNNET.EXE in my system folders.. It's the only thing that was picked up and the time stamp on the files seem to be around 2-3 days ago, right when my firewall crashed. I'm still trying to figure out how I got it, my guess an MSN/messanger exploit or something else. Adware really really doesn't dig it when you change the home url default for IE, which I think how it works. SuperAntiSpyware seems to play nice with Avast 64, so I'm ordering the commercial versions for the extra features.
|
# ? Jan 2, 2009 16:00 |
|
gently caress you Rapid Antivirus 2.7. Looks like combofix took care of it pretty quick though.
Kaboobi fucked around with this message at 17:13 on Jan 2, 2009 |
# ? Jan 2, 2009 17:09 |
|
I haven't done the clean up thing for anyone in a long time, but a friend needed help and offered to do some of my housework. Whatever was in there was crashing explorer.exe within 60 seconds of launching it and his DVD drive was screwed so I couldn't reinstall windows. For some reason safe mode just hung every time I tried it. I managed to launch the malwarebytes installer through task manager off of a thumb drive which killed enough stuff to make the system usable. Followed that with superantispyware which found a bunch more poo poo and they have a usable computer and I have a sparkling kitchen. They are pretty nice tools.
|
# ? Jan 2, 2009 18:25 |
|
Most of the time now, the hardest part about killing Spyware is getting the stupid computer to boot into Windows. Our shop sees a lot of BSODs and black screens on boot, and Safe Mode isn't even a sure fire way past that trash. But once you're on the desktop, those viruses and spyware will be gone soon.
|
# ? Jan 2, 2009 21:31 |
|
Otacon posted:Most of the time now, the hardest part about killing Spyware is getting the stupid computer to boot into Windows. Our shop sees a lot of BSODs and black screens on boot, and Safe Mode isn't even a sure fire way past that trash. But once you're on the desktop, those viruses and spyware will be gone soon. One thing to try is to use an ERD boot CD, and use the system restore function. It will do the same system restore the same way that windows does. The only thing that you need to do beforehand is to backup the %windir%\system32\config folder because sometimes (probably a third of the time) it forgets to restore the registry.
|
# ? Jan 2, 2009 22:41 |
|
Cojawfee posted:Well, they will bitch at each other. It is best to have one antivirus, and a few antispywares. Actually, it's best not to download stupid poo poo. I could run NO antivirus software at all, because I don't download crap from limewarez or whatever.
|
# ? Jan 3, 2009 04:49 |
|
ab0z posted:Actually, it's best not to download stupid poo poo. You're precious, really. I'd like you to think back to 2003 for why this is amusing.
|
# ? Jan 3, 2009 04:51 |
|
ab0z posted:Actually, it's best not to download stupid poo poo. My old buddy W32/Blaster would like to have a word with you. Or rather, a 30 second shutdown timer.
|
# ? Jan 3, 2009 05:17 |
|
ab0z posted:Actually, it's best not to download stupid poo poo. I was waiting for this to show up. I laugh every time. I also laugh every time someone says it at work.
|
# ? Jan 3, 2009 05:29 |
|
I didn't say that I DON'T run antivirus software, or that you should recommend people to do so. I'm just saying that with the help of common sense you can avoid most problems.
|
# ? Jan 3, 2009 06:04 |
|
*Backpedal* *backpedal*
|
# ? Jan 3, 2009 06:53 |
|
Cojawfee posted:*Backpedal* *backpedal* Fine. I'll uninstall AVG and run for 1 year without it or any other antivirus software.
|
# ? Jan 3, 2009 07:27 |
|
Actually thanks to this thread, I downloaded SUPERantispyware, and ran a scan. It ended up finding a Trojan, without any symptoms. Also while running Avast and Spybot. So you never know.
|
# ? Jan 3, 2009 07:51 |
|
ab0z posted:I didn't say that I DON'T run antivirus software, or that you should recommend people to do so. I never had a virus since 1991 on an Amiga. Until last week when, out of the blue, via no prompt or action on my own, avast flips out with 2-3 error messsages, crashes, followed by the firewall crashing and IE launching and firing up all sorts of ads. Common sense can only help so much, what happens if some joker uses a jpeg exploit and hotlinks it to a thread?
|
# ? Jan 3, 2009 11:02 |
|
BigKOfJustice posted:I never had a virus since 1991 on an Amiga. Same here, I got infected through a Java exploit before they patched it. The only way to be sure you never get anything is to unplug your network cable/kill wireless.
|
# ? Jan 3, 2009 16:42 |
|
Hillridge posted:Same here, I got infected through a Java exploit before they patched it. The only way to be sure you never get anything is to unplug your network cable/kill wireless. flash drives, cd's, any kind of interface that lets you talk to anything else through anything The only way to be sure you never get anything is to not have a computer.
|
# ? Jan 3, 2009 16:55 |
|
ugh. I just spent 45 minutes on the phone with my dad trying to talk him through some fixes. combofix.exe won't even run in safemode. I sent him an email with some other things to try like SDfix, so we'll see if he gets anywhere.
|
# ? Jan 3, 2009 18:54 |
|
I didn't want to start a thread on this, but I thought this would be a good place to ask. My wife just sent my mother-in-law a bunch of jpgs attached to an email. They were not zipped or anything, just 12 or so .jpgs @ 200KB each or so. My wife uses Yahoo email, as does my in-law. As you guys probably know Yahoo does a virus scan when you upload/download attachments. They came out clean when uploaded... which isn't a big surprise as they were just resized/uploaded right from our camera. So, here is where it gets interesting. When my mother-in-law got the email, the individual files seem fine (jpgs) to download but if she tried to download them ALL (a yahoo option which zips them together), her free Anti-Vir (the one with the umbrella) detects a virus in the zip file, a feebs.gen I ran a deep scan on my PC (the one she used for the email) and I didn't find anything. Yahoo didn't find anything when the photos were uploaded. I logged into her email acct and tried to download them all and I found no problem either. I downloaded them combined (yahoo made zip) and the Yahoo scan didn't find anything, nor did my PC. I forwarded them to my gmail acct and nothing was found. This is making me think the feebs is on her local PC but her antivir can't seem to find it automatically unless the .zip is being "created" on her PC. Any ideas on what to do? She's a distance away and not very computer saavy. I can upload the .zip
|
# ? Jan 3, 2009 20:09 |
|
BigKOfJustice posted:I never had a virus since 1991 on an Amiga. No, I am not being serious.
|
# ? Jan 3, 2009 21:08 |
|
|
# ? Jun 8, 2024 09:19 |
|
Oh boy, interesting day at the office. Sony Vaio laptop, stuck in a bootloop. 0xB4, which is a video init error. Instantly restarts. Can't get into safemode, same problem. Can't get into VGA mode, same problem. Of course the owner doesn't have any system restore points, nor does she have the Vaio recovery CDs. She refuses to let me back up her computer, because she is cheap, and concerned that our company will "store copies" of her data. I tried doing an XP Home repair install, and of course, that doesn't work either. Same problem, 0xB4. Finally, I tried mashing F# keys at boot up, and found one (either F9, F10, or F11, one of the three) that enters into the Vaio Recovery Mode. The only option that I'm allowed to select is to do a factory reset, which would wipe the data. I have no other options at this point, other than spending 45 minutes on the phone with her assuring her that we won't keep copies of the 500 pictures of her dog and grandkids. INFURIATING. I can't even boot into Windows to run any scans. I'm out of ideas. Anyone have something for me? LiveCDs work, I tried ERD Commander 2007, but can't make heads or tails of the 200 drivers, ~75% of them which are set to Manual or Disabled. Please, someone must have some advice on replacing the erroring video driver with a Vaio approved one. The installer won't run on any PC other than the Vaio it's supposed to be used on, and it won't run in ERD. The chipset is Intel Alviso-Gi915G, video is Mobile Intel(R) 915GM/GMS, 910GML Express, and the model is VGN-FS640-W. Anyone? Bueller? Please? ------------ The other case was a Toshiba laptop that freezes upon the insertion of any USB plug. All of the plugs freeze the system. Flashdrives, Printers, anything USB will freeze it. This sounds like hardware to me, but she claims it just started happening a few weeks ago. Any ideas on this one? I've never experienced these problems before. Please help. Otacon fucked around with this message at 22:48 on Jan 3, 2009 |
# ? Jan 3, 2009 22:40 |