|
NecessaryEvil posted:Unfortunately, it is in my job description, and I'm part of the IT company they hired. You are probably salaried, too, right?
|
#
?
Oct 26, 2012 04:24
|
|
|
|
| # ? Jun 7, 2024 20:51 |
|
|
NecessaryEvil posted:Unfortunately, it is in my job description, and I'm part of the IT company they hired. I hope there were bees in the trap. 
|
|
#
?
Oct 26, 2012 17:40
|
|
|
in other news, I just reformatted because of that google redirect thing, and changed all my banking passwords just in case. I'm still loving pissed off that a virus won - first time I've given up in a couple years.
|
|
#
?
Oct 26, 2012 17:41
|
|
|
NecessaryEvil posted:It hit again overnight, and reinfected everything. At this point, you've got more than enough to tell them "Option A is to rebuild everything. There is no option B." If it's something an AV company has never seen before, why should you (your client) be their free beta tester? Furthermore, since it's previously-unseen, there's ABSOLUTELY zero guarantee that you've got it. Unless you nuke and pave the whole infrastructure. Unless these are all billable hours. In which case, find something that looks like you're working, and waste the time however you want. You're wasting your time either way, might as well enjoy it.
|
|
#
?
Oct 27, 2012 00:47
|
|
|
Just ask them to explain the literal point of "scanning" for something that there are no definitions for.
|
|
#
?
Oct 27, 2012 03:10
|
|
|
NecessaryEvil posted:Unfortunately, it is in my job description, and I'm part of the IT company they hired. Let me guess! Does your boss charge the customer by the hour and pay you a flat salary? 
|
|
#
?
Oct 27, 2012 22:53
|
|
|
The Something Awful Forums > Discussion > Serious Hardware / Software Crap > Rootkit.KInject is a sexy new virus, tell us about viruses that lead to E/N drama
|
|
#
?
Oct 27, 2012 23:15
|
|
|
I dont know when it happened, but today I noticed at some point a virus has deleted a shitload of my windows security services. I've scanned with MSE, avast, and malwarebytes and they all show nothing, so I assume it is ZAccess virus I caught last month. I cant think of any other reason why windows firewall, update, and defender would all be completely missing from vista.
|
|
#
?
Nov 9, 2012 03:00
|
|
|
I'm not an IT specialist but if I do get a virus infection, first thing I do is pull the drive and scan it on a different machine, so if u wasted 4 days trying to work this one out, I wouldn't pay u a penny (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
?
Nov 10, 2012 00:17
|
|
|
let me be the first to just say "lol"
|
|
#
?
Nov 10, 2012 18:23
|
|
|
Dick post and use of "u", classy. Unrelated to above the amount of those loving FBI malware infections is rising like wild fire where i'm at and I can't seem to put a stop to it. The obvious solution would be to disable execution of programs from the Startup folder in the start menu and also from %userprofile%\appdata\local\temp\* but that breaks just about every installer that writes files to that location so i'm at a loss. AV obviously is of no help which doesn't surprise me. Need to get our new web filtering agent out there it does a spectacular job of blocking malicious URLs and content.
|
|
#
?
Nov 10, 2012 20:24
|
|
|
P Grey posted:I'm not an IT specialist but if I do get a virus infection, first thing I do is pull the drive and scan it on a different machine, so if u wasted 4 days trying to work this one out, I wouldn't pay u a penny Sometimes the IT specialist doesn't have the final say. You can have the tools to fix a computer, but not have the permission to actually implement those tools. Wasting time goes both ways. You waste their time if you can't fix it, and they waste your time if they won't let you do what's needed to fix it. Just as a followup...the infection is gone, it's been 2 weeks without it popping back up. The damage was too severe for the server, where it had taken out the ability to modify anything in AD or Exchange, device manager was nonexistent, and right clicking on anything to run in admin mode crashed Explorer. It was running on momentum, but that won't work when new users are needed, or something breaks. It finally hit a point where when the owner's email stopped working on his phone for some unknown reason, and I finally got permission to "repair" the server. I told them I wasn't going to waste their time or mine trying to fix what I had told them weeks ago was broken, and spun up a VM from their 2 month old backup, reattached the Exchange info store, copied over the data files, and they're back up and running. I wish they'd have let me do that before. Hell, it took less time to reconfigure (ignoring conversion time, which I just let run overnight) than from when I submitted my MS ticket to when I got off the phone with them after they said "yeah, you need to do a repair or rebuild". Besides, we were going virtualized for their new server anyway, and that's due to be ordered this week, and put in next year (they wanted it ordered ASAP so they'd have a spare option should something happen again) NecessaryEvil fucked around with this message at 14:34 on Nov 11, 2012 |
|
#
?
Nov 11, 2012 14:30
|
|
|
Not really relevant to the thread, but still:Exclusive: John McAfee Wanted for Murder (Updated) posted:Antivirus pioneer John McAfee is on the run from murder charges, Belize police say. According to Marco Vidal, head of the national police force's Gang Suppression Unit, McAfee is a prime suspect in the murder of American expatriate Gregory Faull, who was gunned down Saturday night at his home in San Pedro Town on the island of Ambergris Caye http://gizmodo.com/5959812/john-mcafee-wanted-for-murder
|
|
#
?
Nov 12, 2012 21:11
|
|
|
Not an IT guy, but this morning our company was hit with a supposedly new virus. We use Trend Micro for antivirus and as far as I can tell the big effect it had was to turn most of the items on our shared company drive from $Folder_Name to $Folder_Name.exe, with the .exe files being unusable. I guess Trend Micro is saying it's a new virus and that other companies have also been affected, but I don't know how much of that is genuine or if they're just saying that to make us feel better (i.e. all viruses are 'new' and plenty of 'other companies' are being affected so don't worry you're not alone). Anyone here seeing anything like that or know what virus we've got? Edit: Sounds like this is a variant of the virus W32.SillyFDC, so probably not new news but maybe a new version? Hoopaloops fucked around with this message at 19:31 on Nov 27, 2012 |
|
#
?
Nov 27, 2012 19:27
|
|
|
mindphlux posted:in other news, I just reformatted because of that google redirect thing, and changed all my banking passwords just in case. I'm still loving pissed off that a virus won - first time I've given up in a couple years. I've run into 3 of the same google redirects at work over the last few weeks, and haven't been able to fix it without a reformat. Would happen in every browser, not just IE, and not on all links. Nothing in hosts, nothing weird in IP settings, Malwarebytes/Symantec/SuperAntiSpyware/ComboFix/TDSS/loving everything didn't pick up a thing, no weird processes I could see, nothing out of the ordinary in hijack this logs, no corrupted system files, spent a good 4 hours just loving around it with it. If anyone else runs into a redirect and figures out what's going on, let me know.
|
|
#
?
Nov 27, 2012 21:28
|
|
|
Kaboobi posted:I've run into 3 of the same google redirects at work over the last few weeks, and haven't been able to fix it without a reformat. The only thing I can think of with this, as it hit me too a while ago, is a hidden partition on the drive or a bootkit.
|
|
#
?
Nov 28, 2012 00:26
|
|
|
Laserface posted:The only thing I can think of with this, as it hit me too a while ago, is a hidden partition on the drive or a bootkit. I owned my partition table, dualbooted linux and 7, mine was clean... I'd love an answer if anyone finds it too...
|
|
#
?
Nov 29, 2012 00:01
|
|
|
I really hope I don't have to deal with this: W32/Autorun.worm.aaehquote:Description I've heard of a couple different people having issues getting rid of it, and so far very few vendors even detect it.
|
|
#
?
Nov 29, 2012 21:08
|
|
|
Maniaman posted:I really hope I don't have to deal with this: W32/Autorun.worm.aaeh It doesn't sound difficult to get rid of but the problem with the infection in the 'A ticket came in...' thread is no one with the power to do it properly(ie, disable shares) will do it due to the inconvenience
|
|
#
?
Nov 29, 2012 21:17
|
|
|
Maniaman posted:I really hope I don't have to deal with this: W32/Autorun.worm.aaeh We were hit with it the day before thanksgiving. Forefront couldn't catch it. I ran one of the exe's through http://virscan.org/ and only 5 out of 37 scan engines detected it. 
|
|
#
?
Nov 29, 2012 21:27
|
|
|
I've yet to come across this infection yet in mass quantities, i've got one teleworker that had a detection on his machine but no other detection for malware have come out of his system since that point so i'm guessing it got nuked before it could even run. Crossing my fingers knocking on wood and all that other fun stuff that this doesn't impact us. We had a run in with a mass wave of spam email hitting our users earlier this week but that turned out to be unrelated. edit: http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=27493 That's the one that we saw earlier this week. I don't think a single infected attachment made it through 
Hex Darkstar fucked around with this message at 00:39 on Nov 30, 2012 |
|
#
?
Nov 30, 2012 00:22
|
|
|
Are there that many people out there who have Autorun enabled on everything still? Microsoft released an update a while ago that restricted Autorun to optical drives by default.
|
|
#
?
Nov 30, 2012 05:25
|
|
|
I have to fix several computers with that FBI MoneyPak Virus a few times a week. If anyone hasn't seen it before, a page comes up saying you've been watching child porn and if you don't pay $200 you will go to court. Seems to be floating around a lot these days.
|
|
#
?
Nov 30, 2012 06:52
|
|
|
Liverslapper posted:I have to fix several computers with that FBI MoneyPak Virus a few times a week. If anyone hasn't seen it before, a page comes up saying you've been watching child porn and if you don't pay $200 you will go to court. Seems to be floating around a lot these days. Most people should know that if you are watching child porn, you're going to be getting a personal visit from the police/FBI, not a popup on the screen. Then again, USERS.
|
|
#
?
Nov 30, 2012 16:22
|
|
|
I've had to explain that concept to multiple people, most of them were rather difficult to convince. If you get caught with child porn, they aren't going to let you off the hook for $200.
|
|
#
?
Nov 30, 2012 16:40
|
|
|
Maniaman posted:I've had to explain that concept to multiple people, most of them were rather difficult to convince. If you get caught with child porn, they aren't going to let you off the hook for $200. I pose this question: "Do you think the FBI would take a bribe to let you go, or burst down your door and arrest you for child porn?" Then remind them that child porn is a really drat serious offense, not a misdemeanor in any way. The best thing I heard about this virus though was a new story on my morning radio station. Dude was caught dumping child porn into a dumpster outside his apartment building. Why was he dumping it? He got the FBI virus, and he got scared.
|
|
#
?
Nov 30, 2012 23:38
|
|
|
My roommate just got infected with the Moneypack virus. With this version, it asks for $400 and he cannot boot into safe mode or safe mode with command prompt, it just bluescreens and he has to restart. He is also unable to access anything on the computer with a regular restart, he just gets the FBI page. Aside from a factory restore, can anything be done?
|
|
#
?
Dec 5, 2012 18:44
|
|
|
kunoichi posted:My roommate just got infected with the Moneypack virus. With this version, it asks for $400 and he cannot boot into safe mode or safe mode with command prompt, it just bluescreens and he has to restart. He is also unable to access anything on the computer with a regular restart, he just gets the FBI page. Boot from a LiveCD/USB stick and use any of the tools mentioned above to clean it off.
|
|
#
?
Dec 5, 2012 18:48
|
|
|
Yea bootable drive would be best, if that isn't an option if the machine has another user on it that can login that should do the trick. It only impacts the user it first infected usually since it is running from their %temp% folder as a .tmp (in this case) via rundll32 or lsass.exe. It should also be noted the last two I saw that exhibit these same symptoms attempted to drop Rootkit.ZeroAccess as well so you might want to investigate if that got installed if the person logged in was an administrator on their machine.
|
|
#
?
Dec 5, 2012 19:18
|
|
|
Walter_Sobchak posted:Boot from a LiveCD/USB stick and use any of the tools mentioned above to clean it off. (Wrote a bunch of stuff here then deleted it) Nevermind the first part I wrote resolved itself. I guess the XP cd isn't one that you can boot from, so he'll have to learn how to create a bootable disk He also has no other accounts on the computer except the one that snagged the virus. kunoichi fucked around with this message at 19:34 on Dec 5, 2012 |
|
#
?
Dec 5, 2012 19:31
|
|
|
Most versions of the FBI program aren't in any way clever, and loading in as a different administrator and using system restore can be a perfectly viable fix. If you've got something dropping ZA and you're on XP/32bit Windows, then use your regular backups and just start from a clean drive. You can remove it, but at the cost of hours of your time and a certain level of uncertainty at the end.
|
|
#
?
Dec 5, 2012 19:36
|
|
|
I've been derelict and haven't perused this thread in detail yet; are you guys using this as a generic computer security/~~InfoSec~~ thread or is there enough to go on here about just viruses and malware?
|
|
#
?
Dec 6, 2012 23:17
|
|
|
movax posted:I've been derelict and haven't perused this thread in detail yet; are you guys using this as a generic computer security/~~InfoSec~~ thread or is there enough to go on here about just viruses and malware? viruses and malware
|
|
#
?
Dec 6, 2012 23:59
|
|
|
So my girlfriend was featured in an article on Ars Technica about the FTC taking down a major sham anti virus company: http://arstechnica.com/tech-policy/2012/12/how-windows-tech-support-scammers-walked-right-into-a-trap-set-by-the-feds/ It's a good read and its crazy to see it get some coverage on a major tech blog. I remember her (Jennifer Rodden) talking about the case and her phone calls to the company. Edit: i realize this may be the wrong place for this... I can remove it if the mods want, just excited for her. AppleCobbler fucked around with this message at 00:24 on Dec 7, 2012 |
|
|
#
?
Dec 7, 2012 00:21
|
|
|
movax posted:I've been derelict and haven't perused this thread in detail yet; are you guys using this as a generic computer security/~~InfoSec~~ thread or is there enough to go on here about just viruses and malware? Do we have one? I guess I've never really looked for it, but I've never seen one either. If not I'd love to start one.
|
|
#
?
Dec 7, 2012 00:58
|
|
|
AppleCobbler posted:So my girlfriend was featured in an article on Ars Technica about the FTC taking down a major sham anti virus company: Nah it is relevant, a few of them were known to install backdoors on the machine as another means of making money. Pay per install schemes etc..
|
|
#
?
Dec 7, 2012 07:06
|
|
|
Drunk Badger posted:Do we have one? I guess I've never really looked for it, but I've never seen one either. If not I'd love to start one. No, I don't think we do and I know we have a bunch of InfoSec goons. If you want to write up an OP for one, please do; we're a bit light on the security part of IT it seems. The whole reason I went digging was to see if encrypted e-mail ever took off after wondering what the S/MIME option was on my iPhone, or if it's a relic of neckbeards from years past.
|
|
#
?
Dec 7, 2012 19:33
|
|
|
I think Corvettefisher made a thread for Information Security but it fell by the wayside or wasn't updated much. e: yea must have been archived.
|
|
#
?
Dec 7, 2012 20:11
|
|
|
I'll throw something together tonight. I figured there had to be something in the past, if it's been archived that's why I never found it.
|
|
#
?
Dec 7, 2012 22:55
|
|
|
|
| # ? Jun 7, 2024 20:51 |
|
|
Anyone know what this virus is?  ^ The popups on the browsers no matter what page I go to. I've tried MSE, AVG, Spybot, Adaware, and TDSSKiller to try to get rid of whatevers infecting my browsers, but whatever I find and delete, it keeps coming back. Is there a name for this so I can look up how to get rid of it?
|
|
#
?
Dec 8, 2012 05:17
|
|
