|
so couple of notes here, one to the gentleman who had the giant list of AV and av tools installed, put them on a flash drive and then keep only ONE AV on your system, having multiple AV's means they will conflict with and crash each other making them all useless. 2nd point, to anyone using combofix it is a machete in a world where you need a precision scalpel, do not be surprised if your OS fails if you click the wrong thing. Use it only as a desperation tool when all else has failed. now onto one of the latest "fun" viruses out there rogue.HDD, it literally hides all your files, no desktop not start menu items, etc. most people panic and think all their data is gone so they re-install OS. There is a fix for this but it requires cmd knowledge and if done wrong can cause more issues then fixing. If you know your stuff, look for the cmd line prompts, if you don't pay a pro. Edit: somehow missed that someone had already posted the fix for this,(bangersinmyknickers) in the discussion they talk about admin/perms being revoked/not working, sorry to repeat, the cmd prompts they list are exactly what to do to fix it. Valdaya fucked around with this message at 04:28 on Jun 1, 2011 |
# ? Jun 1, 2011 04:26 |
|
|
# ? Jun 8, 2024 08:01 |
|
Warp Zone posted:I recently ran malwarebytes on a relatives computer and found 254 infected items, which just might be the most I have ever seen at once. I do tech support for a living, worst mbam results I ever saw had over 1004 infected items, 90% of which were Adware, most from MyWebSearch
|
# ? Jun 1, 2011 04:35 |
|
coldsnap posted:Some friends with a new laptop running Windows 7 have had Windows Media Center take over their computer. After looking at their laptop, it would appear to be a virus, and googling Windows Media Center virus brings up some hits, but nothing definitive. Right before Windows starts to load, hit F8 to get to the Repair Your Computer prompt. Once you load into Windows 7 Recovery, you will see an option at the bottom called Dell DataSafe Recovery - this lets you restore the unit back to its original factory image.
|
# ? Jun 1, 2011 04:54 |
|
Valdaya posted:2nd point, to anyone using combofix it is a machete in a world where you need a precision scalpel, do not be surprised if your OS fails if you click the wrong thing. Use it only as a desperation tool when all else has failed.
|
# ? Jun 1, 2011 05:30 |
|
It (CCleaner) depends more on what you have on your system/in your registry then anything else, but as it can be used as a registry editor (it has a lot more options then just click and run) my biggest problem with it is still its the machete approach or the kill em all sort it out later type tool and has no place in the toolbox of a serious tech, other then as a last ditch effort before a re-install
|
# ? Jun 1, 2011 09:17 |
|
Kind of a repetitive dumb question but I'll ask it anyways regarding admin accounts. When everyone says "Don't use Administrator for everyday use", do they mean the default Windows 7 account or any admin account? Right now, I have the default Windows 7 Admin account disabled/hidden, with my everyday account as an admin with UAC turned to the highest setting if I need admin privileges. Is this okay or should I create a "RovingReporter-Admin" account and convert my everyday one to a standard account? Seems like it would be a big hassle to fast switch every time vs elevating via UAC.
|
# ? Jun 1, 2011 12:25 |
|
Microsoft has a bootable malware remover now. Anyone checked it out? http://connect.microsoft.com/systemsweeper
|
# ? Jun 1, 2011 13:41 |
|
Valdaya posted:It (CCleaner) depends more on what you have on your system/in your registry then anything else, but as it can be used as a registry editor (it has a lot more options then just click and run) my biggest problem with it is still its the machete approach or the kill em all sort it out later type tool and has no place in the toolbox of a serious tech, other then as a last ditch effort before a re-install I think you are confusing combofix (the spyware removal utility) with CCleaner. They are not the same and are not related aside from starting with the letter C. You are also misreading the guys post about the flash drive with the removal tools. No one in this thread is advocating running more than one active anti virus. You will find most of the tech threads in SH/SC are full of active posters who are generally more apt than 90% of the techs you meet on the job. Just lurk around a bit more before posting advice . warning fucked around with this message at 15:12 on Jun 1, 2011 |
# ? Jun 1, 2011 15:09 |
|
Crossbar posted:Microsoft has a bootable malware remover now. Anyone checked it out? I'm running it on a client's (seemingly) rootkitted Vista machine now, I'll update the post with the results. The installation was great, it formats and installs on a flashdrive automatically with the latest definitions. However it seems that to keep an updated stick with this software you would have to let it reformat and reinstall on the drive (maybe the final version will have a better option). Edit: Scan took about 1:30, despite selecting a partition upon boot it scans all the partitions and drives by default. It found a java exploit that MBAM and SAS didn't find so I am optimistic about this program. coinstarpatrick fucked around with this message at 20:08 on Jun 1, 2011 |
# ? Jun 1, 2011 18:53 |
|
coinstarpatrick posted:I'm running it on a client's (seemingly) rootkitted Vista machine now, I'll update the post with the results. The installation was great, it formats and installs on a flashdrive automatically with the latest definitions. However it seems that to keep an updated stick with this software you would have to let it reformat and reinstall on the drive (maybe the final version will have a better option). So it doesn't try to update its definitions via the network each time it runs? That's a little disappointing.
|
# ? Jun 1, 2011 20:42 |
|
For those of you relying on Apple's solution to the MacDefender problem, it's already been sidestepped: http://www.theregister.co.uk/2011/06/01/mac_osx_scareware_evasion/
|
# ? Jun 1, 2011 20:44 |
|
Roving Reporter posted:Kind of a repetitive dumb question but I'll ask it anyways regarding admin accounts. When everyone says "Don't use Administrator for everyday use", do they mean the default Windows 7 account or any admin account? This is okay because you'd need to go through UAC in either case to get admin priviledges, and making a second account would just make things more complicated. Some people dig around and enable the actual "Administrator" account, which is a Bad Thing to Do because then they're completely exempt from UAC.
|
# ? Jun 1, 2011 20:47 |
|
Crossbar posted:Thanks for the update. It is called Standalone System Sweeper... You can't realistically expect a WinPE based boot disc to have network connectivity on all hardware. If you use it regularly you stick your flash drive into your technician computer and run the setup program. If it detects you already have MSSS on the flash drive it will automatically update the definitions for you which is much faster than setting up the stick for the first time. Actually if you setup the stick right away then run it again it downloads 60+ megs of updates so I'm not sure if it even puts the latest definitions on the stick to begin with.
|
# ? Jun 1, 2011 21:05 |
|
warning posted:It is called Standalone System Sweeper... Kaspersky and others manage to make bootable malware removal tools capable of updating themselves. It's such a basic feature that I'm quite surprised that this tool can't do it. It makes putting the tool on a disc pretty much worthless for anyone who does malware removal on a regular basis.
|
# ? Jun 1, 2011 21:12 |
|
warning posted:I think you are confusing combofix (the spyware removal utility) with CCleaner. They are not the same and are not related aside from starting with the letter C. *grudgingly admits to his mistake and goes to hide in the corner* (thanks for the heads up, and for the extremely courteous manner in which you pointed out my noob gaffe.)
|
# ? Jun 1, 2011 22:00 |
|
ninepints posted:This is okay because you'd need to go through UAC in either case to get admin priviledges, and making a second account would just make things more complicated. Some people dig around and enable the actual "Administrator" account, which is a Bad Thing to Do because then they're completely exempt from UAC. You can actually change Security Policy to require the Administrator account to display a UAC prompt. There are a lot of other fine-grained settings for UAC in Security Policy as well, such as an option to require administrators to enter their passwords at the UAC prompt and an option to prevent regular users from using alternate credentials.
|
# ? Jun 2, 2011 02:19 |
|
MSS has been included in the ERD commander/MSDaRT package since the vista version, so it's a good 4 years old. It also uses the same definitions as MSE so if you download mpam-fe/mpam-fe64 from http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx you can just update it from that. As for combofix killing computers I have used it on every machine I have cleaned in the past 3.5 years, with an average of like 7 a week and I would say combofix has caused maybe 5 problems with windows(other than loving up autorun). It used to come with a warning that 1 in 100 computers would be hosed irreparably when it was run, so I always used to joke with my co-workers about this being the 100th time I've run it, but I don't think I ever had an issue with it while it still had that warning. Do you guys in corporate settings ever get registry fix tools, and poo poo like drivercure installed on machines that have been infected? I work on home PC's mainly, and I always remove poo poo like that on the machines I work on but am never 100% sure if it's something the customer has put on themselves or is the result of an infection.
|
# ? Jun 2, 2011 03:57 |
|
Sorry if this is the wrong place to ask, but I'm building a new computer and was wondering what the SHSC recommended procedure is for a new install. The newer viruses are pretty terrifying, so I'd like to do my best not to contract one. It'll be on windows 7. My plan was, in order: 1) Create a system restore point. 2) Install Microsoft Security Essentials 3) Install Firefox with adblock and noscript, and opera 4) Install spybot, immunize, and create system snapshot 5) Intall spyware blaster 6) Set up folders to auto-backup onto an external drive Should this cover it? Is both spybot and spyware blaster overkill? Do I need AV beyond MSE? Should the order be different? Do I need some files on a flash drive as well? Thanks for the help, and sorry again if this isn't the right place (the stickied haus op is pretty old now).
|
# ? Jun 2, 2011 16:36 |
|
Forever_Peace posted:Sorry if this is the wrong place to ask, but I'm building a new computer and was wondering what the SHSC recommended procedure is for a new install. The newer viruses are pretty terrifying, so I'd like to do my best not to contract one. It'll be on windows 7. My plan was, in order: Get SandboxIE and use that to do all your browsing. If you're really paranoid, get Virtualbox and drop Linux in it. I've never heard of spyware blaster, I would get MBAM instead. MSE seems to be as good as any free AV, if you really have doubts about a certain file pass it through virustotal.
|
# ? Jun 2, 2011 16:44 |
|
sfwarlock posted:I've never heard of spyware blaster, It's a preventative anti-spyware program. It uses your browsers' built-in blocking ability to block known distribution servers.
|
# ? Jun 2, 2011 18:12 |
|
Install Secunia PSI and/or use Ninite to keep your plugins and other third-party software updated.
|
# ? Jun 2, 2011 18:51 |
|
sfwarlock posted:Get SandboxIE and use that to do all your browsing. If you're really paranoid, get Virtualbox and drop Linux in it. I've never heard of spyware blaster, I would get MBAM instead. MSE seems to be as good as any free AV, if you really have doubts about a certain file pass it through virustotal. Just wanted to chime in and say virustotal is awesome if you have some sketchy freeware that you think you need but isn't from like download.com or something and you want to get a good idea about what's in it.
|
# ? Jun 2, 2011 19:57 |
|
Thanks for the advice. SandboxIE is brilliant - I had never even heard of it. I had planned to install ubuntu on a partition anyways, which would at least let me poke around for solutions if the new comp got something on the windows side.Megiddo posted:Install Secunia PSI and/or use Ninite to keep your plugins and other third-party software updated. I've been using FileHippo Update Checker on my current xp machine, which checks all the programs here for updates. Is secunia better, or would either do?
|
# ? Jun 2, 2011 20:18 |
|
http://anubis.iseclab.org/ is another good online scanner that tells you more of why something is dangerous, instead of just giving you something like W32.Generic.Downloader. SpywareBlaster is a good idea, it basically dumps a huge list of known bad domains into IE/firefox's restricted sites zones, along with blocking some activex stuff. I put it on every computer I work on.
|
# ? Jun 2, 2011 22:22 |
|
Forever_Peace posted:I've been using FileHippo Update Checker on my current xp machine, which checks all the programs here for updates. Is secunia better, or would either do?
|
# ? Jun 2, 2011 22:56 |
|
This is just as good of a thread as any to ask: Is there a thread, or GoonResource (GR?), that recommends all of the software and/or browser add-ons that one should use to be as protected as possible from malware/viruses? Thanks!
|
# ? Jun 7, 2011 16:32 |
|
There's been several recco posts in this thread, as well as the new firefox thread has a lot of plugins listed.
|
# ? Jun 7, 2011 19:04 |
|
Scaramouche posted:There's been several recco posts in this thread, as well as the new firefox thread has a lot of plugins listed. Okay cool. I'm not going to go through over 50 pages to hunt for just one or two recco posts though. Maybe it should go in the op, as this seems like an appropriate thread. I'll head on over to the Firefox thread
|
# ? Jun 7, 2011 21:33 |
|
Yakse posted:Do you guys in corporate settings ever get registry fix tools, and poo poo like drivercure installed on machines that have been infected? I work on home PC's mainly, and I always remove poo poo like that on the machines I work on but am never 100% sure if it's something the customer has put on themselves or is the result of an infection. See it all the time, and its a toss up, some the customer installed themselves (and was the actual cause of infection) and others the programs appeared after viral infection. All this of course is "per the user" and we all know how reliable that is. Since we are often unaware if the customer put it there or not, we usually just disable said programs in AR and suggest to the customer they remove it in service receipt notes
|
# ? Jun 7, 2011 21:54 |
|
Toast Museum posted:Early this morning one of my secondary gmail accounts e-mailed my primary account and several other addresses (all addresses I had previously sent to, I think) with spam. MSE and MBAM turn up clean on both of my computers (the only ones I can recall entering the compromised account's password on), and I've changed the password on both of my gmail accounts. It's unlikely I'll discover how the account was compromised, but are there any other actions I should take to prevent continued access to my accounts? I didn't see anyone answer you. Assuming you have a smart phone, Google's two-step authentication is really well done and would protect you from this.
|
# ? Jun 7, 2011 21:57 |
|
Paid Avira users are now getting spam from Uniblue (the registry cleaner scamware people). I thought their mailing list had been stolen or something. Nope! It's official, Avira is now marketing Uniblue's products, and my new laptop is getting Avast or NOD32 instead. http://forum.avira.com/wbb/index.php?page=Thread&threadID=131604
|
# ? Jun 12, 2011 00:49 |
|
Morris posted:Paid Avira users are now getting spam from Uniblue (the registry cleaner scamware people). I thought their mailing list had been stolen or something. What the gently caress? You pay for their Antivirus and they try to shoehorn malware onto your computer anyway? How much money is Uniblue offering these people?
|
# ? Jun 12, 2011 01:02 |
|
PopeOnARope posted:What the gently caress? You pay for their Antivirus and they try to shoehorn malware onto your computer anyway? How much money is Uniblue offering these people? This is loving ridiculous. I'm so glad that I got the owner of the shop I work at off of Avira now.
|
# ? Jun 12, 2011 02:50 |
|
Same as Webroot bundling Ask Toolbar, imo.
|
# ? Jun 12, 2011 04:10 |
|
How is AVG these days, compared to other AVs? I use MSSE myself of course, but the store I work at pushes AVG licenses. We're a "Silver Level Reseller" apparently, which means we sell a fair amount of AVG to people. They were installing AVG Free on every re-install we did until I came along and convinced them to use MSSE instead. Should I be trying to push for a different antivirus or is AVG pretty decent for the average clueless end-user?
|
# ? Jun 12, 2011 04:52 |
|
Gilok posted:How is AVG these days, compared to other AVs? I use MSSE myself of course, but the store I work at pushes AVG licenses. We're a "Silver Level Reseller" apparently, which means we sell a fair amount of AVG to people. They were installing AVG Free on every re-install we did until I came along and convinced them to use MSSE instead. Should I be trying to push for a different antivirus or is AVG pretty decent for the average clueless end-user? AVG is dogshit. You're right in pushing MSSE as a free solution, Nod32 otherwise.
|
# ? Jun 12, 2011 05:41 |
|
Morris posted:Paid Avira users are now getting spam from Uniblue (the registry cleaner scamware people). I thought their mailing list had been stolen or something.
|
# ? Jun 12, 2011 14:19 |
|
gruvmeister posted:AVG is dogshit. You're right in pushing MSSE as a free solution, Nod32 otherwise. Yeah, that's about what I thought. Can you explain why in any detail? My boss, the owner of the shop, likes AVG for whatever reason. To give you an idea of how deep this rabbit hole goes, we had an AVG rep call us up to let us know that our previous AVG rep had left the company and that she would be taking over. They call us and let us know when one of our customer's subscriptions is about to expire. Aside from that my boss is just incredibly stubborn. He plays WoW, and I think he sees getting to the "silver" level as bringing down a difficult raid boss. I want to push a better solution but I'm gonna need a hell of a pitch.
|
# ? Jun 12, 2011 17:01 |
|
What I would do instead is try to convince him to apply for an ESET partner program. NOD32 is the best paid antivirus there is, and you'll make money off of the deal. Money will speak more than a "silver rank" or whatever bullshit AVG offers.
|
# ? Jun 12, 2011 17:52 |
|
|
# ? Jun 8, 2024 08:01 |
|
FronzelNeekburm posted:Aw, cheeseballs. I just re-upped. Call and ask for a refund on the grounds that you don't want to pay to have ads for malicious software sent to you?
|
# ? Jun 12, 2011 18:07 |