|
JustFrakkingDoIt posted:I use Comodo's free firewall. It works pretty well, gets good ratings from various security sites (or it did) but I've been told it's pretty dumb/overkill and Window's firewall + the one in your router is fine. If you have a NAT device (and aren't forwarding ports 0-65535, obviously), then you are confused as to what effect your Windows firewall is having on those scans.
|
#
?
Feb 19, 2011 09:57
|
|
|
|
| # ? Jun 7, 2024 18:19 |
|
|
I almost got hit twice on my desktop and a few times on my laptop with that fake AVG bullshit...while just browsing the SA Forums! I just had to hurry and close down firefox and log off my account. Is there a way to prevent this from happening? I'm running MSE on both machines and it comes up clear on both machines. My desktop runs Win7 Home Premium x64 and my laptop runs the x86 version.
|
|
#
?
Feb 19, 2011 14:57
|
|
|
Update flash and java, enable DEP and SEHOP.
|
|
#
?
Feb 19, 2011 15:26
|
|
|
Maniaman posted:Update flash and java, enable DEP and SEHOP. I did all of this on my laptop just now and almost got hit again. On the SH/SC forum no less. Got that AVG popup again and it tried to get on my laptop again. I may just put Linux back on my laptop so I don't have to deal with this bullshit.
|
|
#
?
Feb 19, 2011 17:26
|
|
|
Daynab posted:I've decided to give it a try since hey, it's free, and it was amongst the top 3 pretty much everywhere. Seem's cool so far, thanks! As far as avoiding personal exploitation; run an anti-virus for the old stuff (MSE works great), patch regularly, use noscript while browsing, and enable all the anti-exploit security settings in windows (DEP, SEHOP, ASLR, etc).
|
|
#
?
Feb 19, 2011 17:32
|
|
|
spasticColon posted:I almost got hit twice on my desktop and a few times on my laptop with that fake AVG bullshit...while just browsing the SA Forums! I just had to hurry and close down firefox and log off my account. Is there a way to prevent this from happening? I'm running MSE on both machines and it comes up clear on both machines. My desktop runs Win7 Home Premium x64 and my laptop runs the x86 version. I never really understood how the forums manage to gently caress up school computers so quickly and consistently, then again goons 
|
|
#
?
Feb 19, 2011 17:44
|
|
|
spasticColon posted:Is there a way to prevent this from happening? Buy No-Ads. 
|
|
#
?
Feb 19, 2011 20:04
|
|
|
Kelson posted:Personal firewalls won't protect you from those. They serve primarily to make sure folks outside your computer can't poke your system for vulnerabilities, but the vast majority of attackers these days drop content exploits on websites which folks themselves go to (like SA's banner ads). Firewalls can also prevent outbound traffic on odd ports, but the vast majority of attackers use common ports for outbound to avoid such risks (80, 443, email ports, etc). Thanks for the advice, that's what I already do for the most part. I was just under the impression though that if a program was trying to access the internet and modify settings when it's not even supposed to go online, it would detect it.
|
|
#
?
Feb 20, 2011 00:43
|
|
|
Daynab posted:Thanks for the advice, that's what I already do for the most part. I was just under the impression though that if a program was trying to access the internet and modify settings when it's not even supposed to go online, it would detect it.
|
|
#
?
Feb 20, 2011 02:06
|
|
|
So was this some new 0day exploit, or did people get infected due to unpatched flash/java/acrobat reader?
|
|
#
?
Feb 20, 2011 04:53
|
|
|
ymgve posted:So was this some new 0day exploit, or did people get infected due to unpatched flash/java/acrobat reader? Either or, with a usual spicing of stupidity. A lot of my recent calls start off with "Something on the Internet told me I have a virus" or "I clicked a link in my e-mail" \/ Flash and java both have autoupdaters. There has to be a way to gently caress with group policy to get them to run automatically And \\// rkill is neat, but the problem is that it's got a pretty narrow range of process it can find. OTR is pretty awesome - it kills everything but itself. PopeOnARope fucked around with this message at 04:53 on Feb 21, 2011 |
|
#
?
Feb 20, 2011 05:22
|
|
|
Anyone know of any tools that will auto update flash/java? Seeing if there's anything out there for me to run after cleaning up a system for a customer before I look into making something myself.
|
|
#
?
Feb 20, 2011 21:42
|
|
|
In all my reading in this thread I've never seen anyone mention Rkill (I thought it was pretty well known?). This is a life saver when you are dealing with tricky malware. It kills malware processes instantly. http://www.bleepingcomputer.com/forums/topic308364.html Basically run it before you run MWB and SAS to insure they will run without issue, I've had great success with it.
|
|
#
?
Feb 20, 2011 22:31
|
|
|
MeestarK posted:Anyone know of any tools that will auto update flash/java? Seeing if there's anything out there for me to run after cleaning up a system for a customer before I look into making something myself. Not an auto-update, but Secunia PSI is free for non-commercial use and will alert you to potential security problems (sometimes non-existant ones; mine likes to inform me about previous versions of Chrome that aren't even installed (e.g. versions older than my install date for Chrome.) I've been hit on these forums, as in I had Gmail and three SA tabs open and got the "your computer might be infected" fake pop-up. I had white-listed SA in AdBlock/Noscript but though it's still allowed in Noscript, it's blocked in AdBlock. I should probably buy no ads, since I have archives and Plat.
|
|
#
?
Feb 21, 2011 08:38
|
|
|
Ditto about having lots of fake AV hits from ads while browsing SA lately. I don't see why allowing flash ads is necessary..
|
|
#
?
Feb 21, 2011 13:50
|
|
|
Oddhair posted:Not an auto-update, but Secunia PSI is free for non-commercial use and will alert you to potential security problems (sometimes non-existant ones; mine likes to inform me about previous versions of Chrome that aren't even installed (e.g. versions older than my install date for Chrome.) I have it disabled and never tried it, but the current version does have an option to auto-update programs.
|
|
#
?
Feb 21, 2011 19:52
|
|
|
IEatBabies posted:I have it disabled and never tried it, but the current version does have an option to auto-update programs. I just upgraded, and this feature is spotty at best. I still have to do a lot of it manually.
|
|
#
?
Feb 21, 2011 21:37
|
|
|
If you don't use Java on a regular basis, just uninstall it and then re-install it when you need it.
|
|
#
?
Feb 21, 2011 21:40
|
|
|
coinstarpatrick posted:In all my reading in this thread I've never seen anyone mention Rkill (I thought it was pretty well known?). This is a life saver when you are dealing with tricky malware. It kills malware processes instantly. This looks awesome. I will bookmark it and report back. Thanks for sharing.
|
|
#
?
Feb 22, 2011 02:25
|
|
|
I was browsing the forums at work while waiting for closing time and got hit with Antivira AV.  it's one of the easy ones, just ctrl-alt-del, kill process, clean up with malware bytes, remove proxy, but dammit. So annoying.
|
|
#
?
Feb 22, 2011 02:39
|
|
|
pienipple posted:I was browsing the forums at work while waiting for closing time and got hit with Antivira AV. I admit to being a little clueless here, how the hell does this even happen? I rotate between IE, Chrome and Firefox at work but I stick to sites which are 100% SFW content, would so get fired if I was caught on the forums.
|
|
#
?
Feb 22, 2011 20:09
|
|
|
jet_dee posted:I admit to being a little clueless here, how the hell does this even happen? I rotate between IE, Chrome and Firefox at work but I stick to sites which are 100% SFW content, would so get fired if I was caught on the forums. Ad networks get tricked by unscrupulous advertisers who will run normal ads for a while before replacing them with ones that also contain a java/flash/pdf/browser exploit. If you don't keep your poo poo up to date, and sometimes even if you do but there's some currently unpatched vulnerabilities everyone knows about, you'll get hit. And as easy as it is to happen at home, it's even easier at work since updates for some of those get rolled out and you can't update the programs yourself.
|
|
#
?
Feb 22, 2011 21:48
|
|
|
hackedaccount posted:If you don't use Java on a regular basis, just uninstall it and then re-install it when you need it. Or just disable the browser integration if the Java dependency is on a local program.
|
|
#
?
Feb 22, 2011 22:35
|
|
|
pokecapn posted:Ad networks get tricked by unscrupulous advertisers who will run normal ads for a while before replacing them with ones that also contain a java/flash/pdf/browser exploit. If you don't keep your poo poo up to date, and sometimes even if you do but there's some currently unpatched vulnerabilities everyone knows about, you'll get hit. And as easy as it is to happen at home, it's even easier at work since updates for some of those get rolled out and you can't update the programs yourself. Ah I see. My coworker just got hit with a few dozen trojans on a business trip to India, couldn't use her laptop for the majority of the duration. I think it was via a USB-stick. I recommended a new MS patch for disabling autorun on USB-devices actually but the company said IT regularly rolled out updates... I've been there six months and never been updated (do it all manually). I've also been sent a couple of emails from here: http://www.skype-instant-downloads.com/ which purport to be Skype, providing a new version of the software for download, and stating in the email never to send your password, only to use them within Skype or this site... sneaky phishing groups :-S
|
|
#
?
Feb 22, 2011 23:32
|
|
|
Kelson posted:As far as avoiding personal exploitation; run an anti-virus for the old stuff (MSE works great), patch regularly, use noscript while browsing, and enable all the anti-exploit security settings in windows (DEP, SEHOP, ASLR, etc). I run W7 with DEP, UAC turned up to max, and keep things updated on a regular basis, but then again I was still under the circa-2010 assumption that x64 W7 wasn't rootable. Guess that's out the window. 
|
|
#
?
Feb 26, 2011 06:42
|
|
|
Nomenklatura posted:So does that mean no Chrome? I use noscript with Firefox, but as far as I know there's no such beast with Chrome. (And, supposedly, Chrome is solid enough not to need it.) Chrome has Adblock and a noscript equivalent (which is kind of a bitch to set up) but it also runs a lot of things in a sandbox like environment and I think Flash is going to be put in said sandbox (if it isn't out of beta already) so it's relatively secure. Someone more familiar with the current builds might clarify this. e: and hey, if you know of a current Chrome vulnerability collect your $20k. syscall girl fucked around with this message at 08:43 on Feb 26, 2011 |
|
#
?
Feb 26, 2011 08:30
|
|
|
Nomenklatura posted:So does that mean no Chrome? I use noscript with Firefox, but as far as I know there's no such beast with Chrome. (And, supposedly, Chrome is solid enough not to need it.) 
|
|
#
?
Feb 26, 2011 09:37
|
|
|
I just got a fake anti-malware while browsing SA. Called itself Win 7 Total Security 2011. I killed the process and Malwarebytes is currently scanning that system. How can I protect my Windows box from this after I clean it?
|
|
#
?
Feb 26, 2011 21:59
|
|
|
UncleSmoothie posted:I just got a fake anti-malware while browsing SA. Called itself Win 7 Total Security 2011. I killed the process and Malwarebytes is currently scanning that system. Adblock, noscript, etc. Stop it from executing in the first place. EMET. And by "clean" you mean "flatten and reinstall, along with wiping the MBR with a livecd"
|
|
#
?
Feb 26, 2011 22:08
|
|
|
UncleSmoothie posted:I just got a fake anti-malware while browsing SA. Called itself Win 7 Total Security 2011. I killed the process and Malwarebytes is currently scanning that system. This question has been asked and answered three times on this page.
|
|
#
?
Feb 26, 2011 22:53
|
|
|
Biowarfare posted:And by "clean" you mean "flatten and reinstall, along with wiping the MBR with a livecd" (And when you say "flatten and reinstall, do you mean "format"?)
|
|
#
?
Feb 26, 2011 23:00
|
|
|
Nomenklatura posted:This is the only option? It would seem that reinstalling every single time a dodgy ad shows up on SA would get to the point where it'd be pointless to even configure your programs, considering you're going to have them around for, like, a week max. Noscript does a whole lot to prevent the exploit from running in the first place, so you won't be getting hit nearly as much.
|
|
#
?
Feb 27, 2011 00:16
|
|
|
angrytech posted:Noscript does a whole lot to prevent the exploit from running in the first place, so you won't be getting hit nearly as much. I wouldn't have a problem with nuking windows and reinstalling, either, if the problem should come up; what concerns me is the data that is shared on the drive, as well as the data on the backup/media drive attached to it. I don't do cloud backups, as Canadian residential transfer limits make that prohibitively expensive, so any backup would be on a drive. But since theoretically any drive attached to a compromised system could become compromised, it raises the problem of having to sacrifice no small amount of difficult-to-replace personal data, media and the like, and incurring MASSIVE transfer charges in the attempt to do so. (I'm thinking of getting an x64 W7 SP1 image just in case, but that doesn't fix the data problem.) Again, I don't think I'm actually compromised, though I had a scare a little while ago with a website I accessed in Chrome that was clearly attempting to try some shenanigans that I nuked about as fast as human reaction time allows. Neither MSE nor Malwarebytes scans turn up anything. But if "flatten and reinstall" is the only solution to ANY sort of even possible infection, it raises a whole lot of very, very difficult questions. (Edit: And, obviously, I use secunia, but that's as much of a convenience thing as anything else. Secunia makes updating trivial.) Nomenklatura fucked around with this message at 02:43 on Feb 27, 2011 |
|
#
?
Feb 27, 2011 02:20
|
|
|
Nomenklatura posted:stuff Ok man, seriously: run Ubuntu/Mint at home. That + NoScript will stop your worries. (I'm assuming that this is your personal machine, disregard otherwise.)
|
|
#
?
Feb 27, 2011 07:07
|
|
|
angrytech posted:Ok man, seriously: run Ubuntu/Mint at home. That + NoScript will stop your worries.
|
|
#
?
Feb 27, 2011 08:07
|
|
|
Kelson posted:OpenBSD with wget. GNU/Linux with wget. Eat something off of your foot and you've become RMS.
|
|
#
?
Feb 27, 2011 15:06
|
|
|
angrytech posted:Ok man, seriously: run Ubuntu/Mint at home. That + NoScript will stop your worries. In a virtual machine if you have to.
|
|
#
?
Feb 27, 2011 16:34
|
|
|
I've scanned the last couple of pages and didn't see anyone with my specific symptoms. I get an Open File- Security Warning dialogue that says it's trying to startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\New Text Document.exe . I certainly don't have a New Text Document setup as a startup program... Obviously I tell it to cancel instead of running. I ran MSE and had a few Java exploits that it claims to have cleaned up. But I still get the startup issue. Anyone know what the gently caress?
|
|
#
?
Feb 27, 2011 23:43
|
|
|
drop new text document.exe in a password-protected rar, upload and i'll take a look at it You can also upload the exe on virustotal, anubis.iseclab.org, or google its md5sum to see what comes up Impotence fucked around with this message at 01:56 on Feb 28, 2011 |
|
#
?
Feb 28, 2011 01:53
|
|
|
|
| # ? Jun 7, 2024 18:19 |
|
|
Today my copy of AVG 2011 picked up new text document.exe as a virus along with JUSCHED.EXE and a few registry entries pointing to thoses files. They both seemed to be related to one of those fake anti-virus things. It's proably being told to startup in the registry.
|
|
#
?
Feb 28, 2011 03:16
|
|