|
Yeah, um, PassDrop is an iOS client for Keepass databases... It can sync your KP DB using Dropbox or just keep an cached version for coal mine use.
|
#
?
Oct 19, 2015 01:43
|
|
|
|
| # ? May 21, 2024 01:09 |
|
|
Tapedump posted:Yeah, um, PassDrop is an iOS client for Keepass databases... Thanks. Windows Phone user, so I have used iOS in a few years.
|
|
#
?
Oct 19, 2015 02:46
|
|
|
  10 seconds of googling makes me think I have an immortal USB firmware virus, this means every USB device that has touched that computer is also infected, and I don't think the USB developers are going to do anything about this within the next 10 years sooo. I guess I basically have to throw that computer out even though I spent $600 hiring people to repair, and for the USB backups I guess I have to find one of those "USB Condoms". Any advice? You are probably right, and I don't think there's enough information for me to confirm anything. SugarAddict fucked around with this message at 05:47 on Oct 20, 2015 |
|
#
?
Oct 20, 2015 04:33
|
|
|
Can you link to the search results? I can't find anything except stuff about Atheros using "Alaska Day 2006" as a device name, a presentation on a proof of concept USB firmware virus that doesn't seem to have appeared in the wild, and a guy that thinks that Windows auto installing Bluetooth drivers is a sign of a firmware virus.
|
|
#
?
Oct 20, 2015 05:36
|
|
|
SugarAddict posted:Best Buy didn't do anything about it without more money, so I took it to a repair shop and due to a lack of communication they flattened and reinstalled the OS from a backup made when I bought the computer. AND ITS STILL SLOW, so like a good A+ training technician I look in the logs... stop taking your A+ classes! ASAP! ffs 
|
|
#
?
Oct 21, 2015 09:10
|
|
|
 Windows 10. I keep getting this SSL connection warning from Kaspersky. I've read that epicunitscan is tied to malware, but Kaspersky and Malwarebytes can't seem to find anything. I checked installed software there's nothing suspicious. My main browser is Chrome, and there's no unusual extensions installed. Any thoughts? I've Googled it and the advice I've found either seems sketchy or doesn't work.
|
|
#
?
Oct 22, 2015 01:15
|
|
|
shyduck posted:
Yeah, you have malware. I don't know this malware in particular, but the best advice is to boot from a completely separate source since the virus scanner can't efficaciously scan the OS or its own files. I think Kaspersky has a boot scanner - if regular/rootkit/full scans in Malwarebytes or Kaspersky aren't turning it up that's your next measure, scan before the poo poo gets loaded. Second, I know Kaspersky does have a Rescue Disk that can be booted from CD or USB. You should also try to get a Malwarebytes scan going from a USB boot too. For that type of stuff, way back when I used to use BartPE to build rescue discs myself with McAfee and Malwarebytes on them. Nowadays, I think perhaps you can do that stuff with the "Rufus" USB tool? It's a good tool that does unetbootin type stuff, I know there's a "build live-boot" option on there but I've never tried it. Probably a good question for this thread: what's your "deep-scan" procedure nowadays for stuff you can't afford to just wipe and re-image? Yes, dumb situation to be in, etc. Some stuff will gently caress you incredibly thoroughly and the only way to get clean is nuclear wipe the whole thing. It's always the safest option. Microsoft licenses Windows 10 based on the motherboard serial or some poo poo like that, and if you burn a disk and clean-wipe they will let you reactivate on that hardware no problem. In the past, restoring to factory original wasn't as good unless you had a factory-restore CD - some stuff will install itself to the factory recovery partition. Windows 10, though, I'd give the "wipe everything and restore to a clean build" a shot. Paul MaudDib fucked around with this message at 03:51 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 03:45
|
|
|
Read this thread if you have malware on your workstation.
|
|
#
?
Oct 22, 2015 03:58
|
|
|
shyduck posted:
rkill combofix hijackthis add / remove programs check browser plugins, reset settings as needed reboot adwcleaner malwarebytes sfc /scannow check all the logs
|
|
#
?
Oct 22, 2015 04:01
|
|
|
mindphlux posted:rkill someone should just add this to the OP tbqh
|
|
#
?
Oct 22, 2015 04:02
|
|
|
mindphlux posted:someone should just add this to the OP tbqh No. Stop giving terrible advice. Just read the thread I linked to and consider your options.
|
|
#
?
Oct 22, 2015 04:02
|
|
|
OSI bean dip posted:No. Stop giving terrible advice. Just read the thread I linked to and consider your options. you have given some decent advice in this thread, but.......... really? your linked thread doesn't address malware removal at all, and the advice given is.... errr.... ??? "unplug your machine from the internet and run an (undefined) scan"? or reformat? dunno what you're on about dude...
|
|
#
?
Oct 22, 2015 07:22
|
|
|
mindphlux posted:you have given some decent advice in this thread, but.......... really? your linked thread doesn't address malware removal at all, and the advice given is.... errr.... ??? "unplug your machine from the internet and run an (undefined) scan"? or reformat? dunno what you're on about dude...
|
|
#
?
Oct 22, 2015 07:27
|
|
|
Wiggly Wayne DDS posted:Your malware removal advice is from a decade ago, and wasn't even that effective then. it has been effective in practice for me for the past 5 years, I can think of only 2 machines out of several hundred where I wasn't able to identify/remove the malware, and had to reflatten. I mean, I do this for a living. I'm not saying you're wrong, because I really haven't altered my SOP in at least half a decade. but not for lack of want - I'd love something better, but really digging in to logs and actually troubleshooting is the only thing I've found that works. but seriously, outline a better generic malware removal workflow top to bottom or gtfo. mindphlux fucked around with this message at 07:49 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 07:38
|
|
|
mindphlux posted:it has been effective in practice for me for the past 5 years, I can think of only 2 machines out of several hundred where I wasn't able to identify/remove the malware, and had to reflatten. I'm not saying you're wrong, but seriously, outline a better generic malware removal workflow top to bottom or gtfo. e: I see you have edited your post. mindphlux posted:it has been effective in practice for me for the past 5 years, I can think of only 2 machines out of several hundred where I wasn't able to identify/remove the malware, and had to reflatten. I mean, I do this for a living. mindphlux posted:rkill Wiggly Wayne DDS fucked around with this message at 08:33 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 08:17
|
|
|
mindphlux posted:. but seriously, outline a better generic malware removal workflow top to bottom or gtfo. Flatten, reinstall, restore from backup.
|
|
#
?
Oct 22, 2015 11:21
|
|
|
mindphlux posted:you have given some decent advice in this thread, but.......... really? your linked thread doesn't address malware removal at all, and the advice given is.... errr.... ??? "unplug your machine from the internet and run an (undefined) scan"? or reformat? dunno what you're on about dude... Yes. This is sane advice. Is it hard to understand? mindphlux posted:it has been effective in practice for me for the past 5 years, I can think of only 2 machines out of several hundred where I wasn't able to identify/remove the malware, and had to reflatten. I mean, I do this for a living. Great. I am glad that something that has "worked" for you over the past five-years has been effective in giving you the illusion that you've "fixed" the problem. How about understanding the problem at hand or as you put it "GTFO"? mindphlux posted:rkill If you're so certain about this advice, please explain to me in detail why you feel justified in suggesting each of these tools and methods. If your experience is as good as you think, you should be able to tell me with confidence why your advice is sound and why I am completely wrong. I am waiting with eagerness here.
|
|
#
?
Oct 22, 2015 15:49
|
|
|
The Rkill, combfix etc stuff is more useful for figuring out what got in, and maybe how to stop it int he future then fixing things. You should still do a clean install or backup restore after you're done.
|
|
#
?
Oct 22, 2015 16:01
|
|
|
mindphlux posted:you have given some decent advice in this thread, but.......... really? your linked thread doesn't address malware removal at all, and the advice given is.... errr.... ??? "unplug your machine from the internet and run an (undefined) scan"? or reformat? dunno what you're on about dude... That's because you don't have much of a guarantee that you've removed anything unless you format the affected device and any media that ever came in contact with it. Do you honestly think that running a blitzkrieg of random detection and removal utilities in the hopes that one has actually picked up the virus signature and knows all the locations that it will modify is a good solution? It's only really a tenable solution if your job is helpdesk repair for naive end users that want some snake oil peace of mind that maybe their computer is fixed. The real way to combat malware is to remove all the possible entry vectors it could have so you don't get infected in the first place. Use an ad blocker; don't install flash; don't open pdfs unless you know the sender and are expecting one. In this regard, the best antivirus is ublock and some self restraint rather than hoping you can play cleanup after a fuckup. I think that if you do desktop support for a while you get this notion that these tools can get rid of viruses because you don't get much of a chance to educate users to not get infected. Instead, you get to deal with cleanup of affected machines. However, given that you can't really be certain that you've removed anything aside from doing a format, using some tools that work 95% of the time (if even that) is simply not good enough because you don't know when they haven't completely removed a threat.
|
|
#
?
Oct 22, 2015 16:13
|
|
|
Its easy to tell when you have removed a virus because the AV software says it quarantined a bunch of file names I don't personally recognize.
|
|
#
?
Oct 22, 2015 16:28
|
|
|
Notorious R.I.M. posted:That's because you don't have much of a guarantee that you've removed anything unless you format the affected device and any media that ever came in contact with it. Do you honestly think that running a blitzkrieg of random detection and removal utilities in the hopes that one has actually picked up the virus signature and knows all the locations that it will modify is a good solution? Gotta agree here - I have maybe 4 tools I'll use to find/remove malware. Sometimes I don't have a backup to restore from, so I usually: - Scan/remove malware (Superantispyware/ADWCleaner/Norton Power Eraser/Malwarebytes) - Rename the user's profile, set up a new one & migrate data over - Remove/reinstall browsers that might have been infected (Chrome/Firefox especially, including deleting their AppData cache folders) - Delete old profile once all data is moved over - Monitor & reimage if issues come back May not be the exact best method but the first 3 steps don't take very long, maybe 30-40 minutes tops. I only go that route because a flatten/reimage can easily take a couple hours from end to end, depending on what the user has on their machine.
|
|
#
?
Oct 22, 2015 16:28
|
|
|
OSI Bean Dip - To be fair, you're basically asking him/her to prove a negative* and are asking him/her to provide counter-evidence to your claim. You might be right, but it's a lousy way to go about arguing for yourself. * How do you know there isn't a thing you can't see?
|
|
#
?
Oct 22, 2015 16:43
|
|
|
OSI bean dip posted:Yes. This is sane advice. Is it hard to understand? If you think flattening and reinstalling every time a machine gets infected with malware is sane advice, you are either a. an individual with lots of time on your hands, b. someone who has never worked in a business environment, or c. a sysadmin at a large organization that has the luxury of a standard system image with poo poo already preinstalled that you can just push out to any machine that gets infected. almost every one of the tools I listed gives you logs that are very useful in tracking down whatever the gently caress has gone wrong, and if you're competent, you can identify and remove the most lovely portions of the malware on a system and rehabilitate it in 30-45 minutes. that's 30-45 minutes too long, but again, give me a more time effective solution and I'm all about it. flatten and reinstall? lol yeah, totally going to bill a client for 5 hours of time while I do the needless and support them while they try and track down all their software installs and licenses and reconfigure all their poo poo. should I have prefaced this by saying my company is a MSP for small to midsize clients, with very disparate budgets and operating environments? As Ynglaur points out, you can't prove a negative. Is there maybe some PUP or something that makes it through my SOP? yeah I'm sure! but if brodude lawyer whose time is worth $500/hr is back up and running again (in 30-45 minutes) for the next 8-12 months without opening a new ticket, and I can't find any trace of the original malware identified (and haven't found any utterly disgusting rootkits), tell me why flattening is a better option. Also, computers are generally on a network, so really by your logic I should be flattening the entire network every time anything remotely serious rears its head. ** the IT company we replaced for one of our larger clients did this, btw. it was a shitshow, every user down for multiple days, and viruses back in a month's time. **** and yes, let me spend my time trying to "educate" the entire metro area of my city on how to properly operate a computer so they don't get a virus. really, I mean, give me a better suggestion. I'm all ears.
|
|
#
?
Oct 22, 2015 17:02
|
|
|
mindphlux posted:If you think flattening and reinstalling every time a machine gets infected with malware is sane advice, you are either a. an individual with lots of time on your hands, b. someone who has never worked in a business environment, or c. a sysadmin at a large organization that has the luxury of a standard system image with poo poo already preinstalled that you can just push out to any machine that gets infected.
|
|
#
?
Oct 22, 2015 17:21
|
|
|
mindphlux posted:almost every one of the tools I listed gives you logs that are very useful in tracking down whatever the gently caress has gone wrong, and if you're competent, you can identify and remove the most lovely portions of the malware on a system and rehabilitate it in 30-45 minutes. that's 30-45 minutes too long, but again, give me a more time effective solution and I'm all about it. flatten and reinstall? lol yeah, totally going to bill a client for 5 hours of time while I do the needless and support them while they try and track down all their software installs and licenses and reconfigure all their poo poo. should I have prefaced this by saying my company is a MSP for small to midsize clients, with very disparate budgets and operating environments? And of course right off the bat you go to your example of your clients and not to the fact that you're cited off a list of applications that you yourself had claimed as sure-fire by stating "someone should just add this to the OP tbqh". I don't give a gently caress if your attitude is because your clients are cash-strapped and-or insignificantly-sized leads you to believe that your advice is sound by your accounts, because it is not. You're free to go and milk your clients for your work by underselling them, but you're not free to give poo poo advice with the expectation that said poo poo advice won't be called out upon. Again, can you explain to me what each of those tools do and why you think that they're good enough for you to come into this thread and cite them as a solution? Or are you unwilling to do this because you feel it is better to boast about owning some insignificant service provider and that you've managed to save your clients money by not being truthful about what these tools actually do? Of course you cannot prove a negative: that is exactly my point. So again, instead of citing "experience" or "saving my client money", why not tell me why you think those tools are good enough for the OP? Lain Iwakura fucked around with this message at 17:26 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 17:21
|
|
|
if "offline scan" isn't your first step then you're pretty poo poo at this hope that helps explain things!
|
|
#
?
Oct 22, 2015 17:26
|
|
|
OSI bean dip posted:Again, can you explain to me what each of those tools do and why you think that they're good enough for you to come into this thread and cite them as a solution? Or are you unwilling to do this because you feel it is better to boast about owning some insignificant service provider and that you've managed to save your clients money by not being truthful about what these tools actually do? Yes, I'm completely willing to do this, and have already several times. They are diagnostic tools that help identify malware, provide their user with logs, and allow me (or one) to rehabilitate otherwise unusable systems. And yes, of course scanning offline. I've seen you troll other people enough to know I shouldn't continue seriousposting, but I'll just say this : you haven't provided any productive contribution to this discussion aside from flatten; reinstall. Give a better solution. v  v
|
|
#
?
Oct 22, 2015 17:41
|
|
|
mindphlux posted:Yes, I'm completely willing to do this, and have already several times. They are diagnostic tools that help identify malware, provide their user with logs, and allow me (or one) to rehabilitate otherwise unusable systems. And yes, of course scanning offline.
|
|
#
?
Oct 22, 2015 17:44
|
|
|
mindphlux posted:Yes, I'm completely willing to do this, and have already several times. They are diagnostic tools that help identify malware, provide their user with logs, and allow you to rehabilitate otherwise unusable systems. And yes, of course scanning offline. As expected, you're incapable of responding seriously about why those ten items are good enough for you to suggest that they go into the OP and would rather instead back-peddle, resorting to telling me that "I am trolling you" and as a result you "shouldn't continue seriousposting". I'll gladly say this: you're fleecing your customers and I can easily tell you this because you cited ComboFix, which is generally the go-to tool for those who wish to come off as "superhero IT person". I've provided more than enough information on why your advice is dangerous, wrong, and bullshit in the thread I posted. So I'll change my request to the following questions: - Why do you believe that ComboFix is the best tool for the job? - Why do you suggest those two malware solutions over something else? - What belief do you have that the logs have not been tainted post-infection? I am not "trolling you", I am calling you out on your feckless ability to actually tell me what you're attempting to accomplish. Why are you too chicken-poo poo to reply to me with an answer? In the eyes of others reading the thread, you're contributing sweet gently caress all as the link to the thread I created has more than enough information for a person to decide what the best course of action is. If you have even bothered to read it, it doesn't immediately tell you to "flatten the machine" as you erroneously claim, it suggests to consider the ramifications of not doing so which means I am asking for people to assess the risk. In your case, you do zero risk assessment and falsely assume that your fixes will be fine, which is outright dangerous considering you must have clients who work with sensitive information. To add to this, at no point have I cited my credentials, work experience, or the fact that I have been doing this for n years. This is irrelevant to the conversation when I am asking you questions about why you are reluctant to come out and explain why your advice is sound. Answer my questions and stop giving loving idiotic advice.
|
|
#
?
Oct 22, 2015 17:50
|
|
|
Beandip and Wiggly aren't wrong, they're just approaching the problem as though every piece of malware is custom written for their machine and they're a middle-eastern state starting a nuclear program. So you're just arguing a POV, and they won't ever budge. Just give up. You can tear your hair out with their bizarre "prove a negative" nonsense or you can just ignore the crazies who spend far too much time thinking about this kind of thing. You can play their game of "show me the evidence" and then they just claim the evidence is wrong, because they are right and it doesn't agree with them. They're either the same person or have been jerking each other off so long they've fused, but it's functionally the same at this point. e: Can either of you blowhards stop trying to play "prove the negative", and suggest a piece of malware that slips through the SOP you're stamping your feet about? e2: I'm not in principle arguing against flatten and install, I'm saying your reaction (as usual) is to act like a couple of hyper paranoid monkeys to a 0.001% threat chance. Khablam fucked around with this message at 18:31 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 18:25
|
|
|
Khablam posted:Beandip and Wiggly aren't wrong, they're just approaching the problem as though every piece of malware is custom written for their machine and they're a middle-eastern state starting a nuclear program. So you're just arguing a POV, and they won't ever budge. Just give up.
|
|
#
?
Oct 22, 2015 18:38
|
|
|
OSI is an actual Info Sec researcher. Wiggly is OUYA fan no.1.
|
|
#
?
Oct 22, 2015 18:46
|
|
|
Khablam posted:Beandip and Wiggly aren't wrong, they're just approaching the problem as though every piece of malware is custom written for their machine and they're a middle-eastern state starting a nuclear program. So you're just arguing a POV, and they won't ever budge. Just give up. You just like the other person don't understand the concept of "risk assessment" which is something that glorified help desk technicians fail to grasp. Have you even read the thread I posted after your idiotic one was closed? I know that you have sour grapes for having been called out in the past for giving bad advice, but it does say that you need to consider how bad the situation is before you decide on what to do next. Post infection, do you trust that machine to handle sensitive tasks? For the average user in this thread, are you willing to log into your various accounts (like online banking) given the past history of your current OS install? Considering consumer protection laws in the United States, do you really want to continue to access details on your finances on a machine that may still be compromised? This is part of why I rail against you and the other person for these things because neither of you have the concept of "risk assessment". I think it's telling that you have no clue about things when you go about a "0.001% threat chance", but unlike mindphlux, I don't think you're fleecing clients and are just generally unaware of what is going on. You and mindphlux are being called out because you give bad advice and have no concept of other terms used in information security. I get that you believe you're doing the right thing, but you do not demonstrate an understanding of fundamental concepts and have never given consideration to the ramifications of outright "fixing" an infected machine. Lain Iwakura fucked around with this message at 19:00 on Oct 22, 2015 |
|
#
?
Oct 22, 2015 18:56
|
|
|
Oh my god I can't resist.mindphlux posted:If you think flattening and reinstalling every time a machine gets infected with malware is sane advice, you are [...] someone who has never worked in a business environment quote:if brodude lawyer whose time is worth $500/hr is back up and running again (in 30-45 minutes) for the next 8-12 months quote:I can't find any trace of the original malware identified (and haven't found any utterly disgusting rootkits), tell me why flattening is a better option. quote:Also, computers are generally on a network, so really by your logic I should be flattening the entire network every time anything remotely serious rears its head. Welchia, by the way, was a supposedly white-hat worm which did nothing except patch the vulnerability it used and spread to other machines with that vulnerability. At least, that's all anyone could tell that it did, but we still had to wipe the whole machine because you can never be sure. quote:**** and yes, let me spend my time trying to "educate" the entire metro area of my city on how to properly operate a computer so they don't get a virus. Well, you can't, but maybe there'll be more incentive for them to get educated when they realize the actual cost of getting back up and running after getting one.
|
|
#
?
Oct 22, 2015 19:14
|
|
|
How do you trust your computer not to be infected already? Maybe it's such a good malware that you can't even find it. Also, what do consumer protection laws in the US have to do with malware anyway? Malware is made to steal info or coerce the user to spend money, not the most legitimate business practices. Do you really think a malware writer stops to think if they are handling the passwords and credit card numbers they steal in accordance to the relevant legislation? 
|
|
#
?
Oct 22, 2015 19:30
|
|
|
OSI bean dip posted:This is part of why I rail against you and the other person for these things because neither of you have the concept of "risk assessment". I think it's telling that you have no clue about things when you go about a "0.001% threat chance", but unlike mindphlux, I don't think you're fleecing clients and are just generally unaware of what is going on. How have you concluded the threat chance of a machine that shows clean to the list of things he mentioned? Like, the problem here is you perform a risk assessment based on a notion that every piece of malware is a theoretical worst-case scenario and cry and stamp your feet and project your frustrations onto people who suggest anything other than a contingency for that. I'll ask again for an example of a relevant threat that exhibits the need for this paranoia, and you will just reply without such, ask me to prove a negative, and carry on insulting me whilst just yelling "I'm right because I am right" which isn't useful in this thread or any other.
|
|
#
?
Oct 22, 2015 19:35
|
|
|
Geemer posted:How do you trust your computer not to be infected already? This, but unironically. How do you know how long there was (example) a keylogger on your machine before something finally tipped you off? How do you know your backups haven't been infected as well? I'm asking this mainly from a home perspective. So I don't have months of individually stored backups.
|
|
#
?
Oct 22, 2015 19:35
|
|
|
Geemer posted:How do you trust your computer not to be infected already? Maybe it's such a good malware that you can't even find it. quote:Also, what do consumer protection laws in the US have to do with malware anyway? Malware is made to steal info or coerce the user to spend money, not the most legitimate business practices. Do you really think a malware writer stops to think if they are handling the passwords and credit card numbers they steal in accordance to the relevant legislation?
|
|
#
?
Oct 22, 2015 19:37
|
|
|
Wiggly Wayne DDS posted:It was to do with fraudulent usage of your banking account. Reading comprehension, much like risk assessment, is a hard problem but someday someone will solve it. Things are that dire in the US, huh? I actually had no idea. Then again, I live in a commie hellscape with the EU enforcing consumer rights and all.
|
|
#
?
Oct 22, 2015 19:40
|
|
|
|
| # ? May 21, 2024 01:09 |
|
|
Man, I respect you infosec guys, and I get why you have to be in paranoia mode at all times, but sometimes you gotta break it down for the mortal folks. Being all angry  about it aint' going to win you fans, (or get people to follow your advice.) (That being said, if I saw any of my boxes get hit with anything, it's pretty much grounds for a flatten and restore from backup. If it's a lovely 60 dollar router or whatever that I'm fiddling around with at home though... probably not so much. Maybe I can set up a test network for it isolated from everything else and see what it does.)
|
|
#
?
Oct 22, 2015 19:44
|
|