|
Delamore posted:So a mates PC is showing symptoms that could point to an infection of some kind so I'm going to lend a hand over the weekend, but it's been years since I did any of this. Microsoft Defender in offline mode. That other stuff is junk. If you have something Defender can't fix/find, it's flatten and reinstall time.
|
# ? Nov 26, 2021 01:40 |
|
|
# ? Jun 8, 2024 07:49 |
|
Back up anything important, nuke the whole thing and reinstall.
|
# ? Nov 26, 2021 12:48 |
|
c0burn posted:Back up anything important, nuke the whole thing and reinstall. That's the plan, but the malwarebytes scan was giving flags in some of the important stuff. Haven't had a look myself at it yet but it's possible some of his important stuff is already hosed
|
# ? Nov 26, 2021 16:25 |
|
c0burn posted:Back up anything important, nuke the whole thing and reinstall. I’m not second guessing your advice, but wouldn’t backing up after a suspected infection also possibly save the malware, too? Or is Defender capable of stopping that now? I don’t have any auto-backups because my environment only really changes when the default Win10 photo app gets new photos from a wired-only connection to my phone, and my “backup” solution is a full backup every 3-4 days to two separate 2TB thumb drives on a manual basis, then disconnected and stored offline. I figured if I got infected (especially ransomware, which even works if drives are encrypted and/or compressed), it would infect always-connected backups as well. I have 10s of thousands of photos from the early 90s to now, plus some old Napster and movies/programs/”warez” that isn’t available anywhere on Geocities anymore and figured it wasn’t safe to keep access to the internet facing system these days. Is there a safer way I’m not keeping up with? If a family member wants something I usually connect the right flash drive, copy/paste the photos or whatever to a throwaway SD card or even email/text to them. It’s kept stuff safe and uncorrupted for decades, and I don’t keep up with “incremental” anything but my novels & journals and other original materials via Git (even though none is “code” or “scripting” at all…it works great!). Edit: I flatten and restore occasionally anyway, but I always figured connected autobackup solutions are easily as “vulnerable” as the computer they backup for in the first place! I want to learn better practices for a valuable ton of files kept safe, though. DerekSmartymans fucked around with this message at 19:34 on Nov 26, 2021 |
# ? Nov 26, 2021 19:29 |
|
NordVPN has been acting weird on one of my laptops lately. It chews through 20-30% of the CPU resources even when the NordVPN app isn't technically running. Several times now I've woken up to find the laptop fans churning away at max. The app is fully up to date and the CPU load ramps back down when it's actually running. Malwarebytes scans say everything is fine, but it's getting pretty annoying having to double check the laptop turns off, then tinker with the VPN after every reboot. Anyone have any ideas as to what causes this?
|
# ? Dec 30, 2021 17:32 |
|
Switch to Mullvad?
|
# ? Dec 30, 2021 19:12 |
|
Cup Runneth Over posted:Mullvad Every time I read that I can't help but think of that one Seinfeld episode...
|
# ? Dec 30, 2021 19:19 |
|
Hipster_Doofus posted:Every time I read that I can't help but think of that one Seinfeld episode... Is "Mulvad" just "Mulva"+ "d?" Like "systemd," only scarier? This is an OS thread, after all... My 22y/o and his gal binge-watched like 30 episodes of Seinfeld last night...they'd always heard about it, but never watched it. They are starting to realize how "American" that show was, and why old fogies in my TV generation still quote lines from it without even realizing where we do it!
|
# ? Dec 31, 2021 18:27 |
|
DerekSmartymans posted:Is "Mulvad" just "Mulva"+ "d?" Like "systemd," only scarier? This is an OS thread, after all... Mullvad is swedish for mole
|
# ? Jan 2, 2022 21:23 |
|
F4rt5 posted:Mullvad is swedish for mole And that, my friends, is why I post in the same forum for 20 years. SA's "reach" is still worldwide (even if smaller than it used to be!).
|
# ? Jan 2, 2022 21:50 |
|
DerekSmartymans posted:And that, my friends, is why I post in the same forum for 20 years. SA's "reach" is still worldwide (even if smaller than it used to be!).
|
# ? Jan 2, 2022 21:54 |
|
Is the reset my pc option (all files gone) comparable to the traditional flatten and reinstall method? I ask because my mom was sent a phishing email with pdf attachment, opened it in preview (gmail on the web, I think it’s chrome or Firefox, forgot to ask) without clicking anything in it and then realized later in the day that was a silly thing to do. Didn’t pop the automated gmail av scan or windows defender and no weird behavior observed yet but I had her disconnect from internet and turn the thing off to be safe. I don’t see her being able to do the old fashioned way and I’m 10 hours away so I can’t do it for her, so I’m hoping the built in is good enough - is that so? Or is this overkill? I’m sensitive about this poo poo since she’s getting targeted by this stuff a lot recently Sleng Teng fucked around with this message at 00:34 on Jan 14, 2022 |
# ? Jan 14, 2022 00:31 |
|
If your description is accurate then nothing actually happened and no action is needed
|
# ? Jan 14, 2022 00:44 |
|
I thought there was still some risk in opening pdf attachments in the gmail file preview, is that not the case? For more context it was a fake invoice pdf with fake customer service info and stuff for a fake Norton subscription, that kind of thing As you can tell I am not plugged into this kind of thing!
|
# ? Jan 14, 2022 00:53 |
|
Sincerely doubt anything could happen in preview mode (since she didn't click anything within it), but put a little time into some persistent googling and make sure.
|
# ? Jan 14, 2022 01:20 |
|
gmail file preview is several layers of defense. burning a powerful exploit like that likely means a very targeted attack
|
# ? Jan 14, 2022 01:22 |
|
Okay that all makes me feel a bit better, thank you all! I’ll continue looking into it out of curiosity (naturally I see divided opinions at first blush) but I’ll relax a bit and ask her to be careful. Since I don’t want to do phone tech support often
|
# ? Jan 14, 2022 01:36 |
|
whoever is giving you other opinions please share so we can bemuse ourselves at them
|
# ? Jan 14, 2022 03:10 |
|
Wiggly Wayne DDS posted:whoever is giving you other opinions please share so we can bemuse ourselves at them Yes, but… Sleng Teng posted:Is the reset my pc option (all files gone) comparable to the traditional flatten and reinstall method? I agree with the opinion, but actually would like to see this answered real quick, too!
|
# ? Jan 14, 2022 04:22 |
I have a couple of apps exposed to the internet on my home network, both are running on the same device using Docker, an old HP workstation running Debian. Plex is on one port and Overseerr, which is a plex request app, is on another port running through a reverse proxy that I set up using SWAG. Both of them use Plex's auth system to allow access and I have that set up to use 2FA. My router is an Asus RT-AX86U. I turned on a feature it has called "AIProtection" just to see how that went. It has been sending me several emails a day about how it "blocked' a Russian datacentre's IP address. Can I turn this AIProtection thing off or does it offer something more than the fail2ban and SSL that are configured in swag? Edit: Forgot to mention, in that AIProtection section, my router has a security assessment built in and it looks good otherwise: tuyop fucked around with this message at 21:43 on Feb 18, 2022 |
|
# ? Feb 18, 2022 21:40 |
|
tuyop posted:I turned on a feature it has called "AIProtection" just to see how that went. It has been sending me several emails a day about how it "blocked' a Russian datacentre's IP address. Yes
|
# ? Feb 28, 2022 22:26 |
|
But also figure out what is causing that request? maybe? like it's probably fine but it's ok to be extra cautious
|
# ? Feb 28, 2022 22:26 |
alexandriao posted:But also figure out what is causing that request? maybe? like it's probably fine but it's ok to be extra cautious I assume it’s some kind of bot or something pinging open ports on duckdns pages. Not exactly unexpected the way I have my vpn and Overseerr set up
|
|
# ? Mar 1, 2022 05:29 |
|
deleted, wrong forum
Fruits of the sea fucked around with this message at 11:26 on Jun 28, 2022 |
# ? Jun 28, 2022 11:24 |
|
Just got back home after three days out of town and found my PC was sitting on a "could not shut down properly" blue screen. Whatever, maybe windows update screwed up in some way. Rebooted and everything seemed normal but when I went to ctrl+shift+t to restore my open tabs it opened up something unexpected: the website for EaseUS, some kind of software backup program. There were a total of 4 tabs, all related to this EaseUS program that I've never heard of before. Opened chrome history and it's completely wiped back to 2018. EaseUS showed up in my start menu but the program is missing so it's a dangling shortcut now. Surely this is a sign of some kind of remote access? Is there any way at all to find out more information or do I just need to scorched earth ASAP? The only sensitive thing I have on here is my 1password vault which is locked with a unique password that I just have memorized. Eggnogium fucked around with this message at 03:36 on Jul 5, 2022 |
# ? Jul 5, 2022 02:33 |
|
Eggnogium posted:I have a weird situation that I want to run by experts. Just in case you haven't thought of it, disconnect the PC from your network and shut it off completely, as a stop-gap until you get better advice here.
|
# ? Jul 5, 2022 02:41 |
|
Yeah, I pulled the wifi card out so it's completely offline. I think maybe this is not a security issue though: I mentioned my chrome history was only deleted back to 2018. Well in the last 100 sites of that 2018 history it seems like when I was moving my system drive from an HDD to an SSD and includes results for EaseUS. So maybe I used this software to backup my system drive and clone it on the new drive. And now my SSD died so windows booted onto the next drive which contained this old image? The HDD I use for primary storage which was never my system drive looks normal and has recent files. Hopefully I'm just a dolt who forgot I used this program 4 years ago and forgot about it.
|
# ? Jul 5, 2022 02:50 |
|
FWIW I used EaseUS to clone a drive a few years ago, and I recall it being fine. Did your system boot from the HDD you'd cloned in 2018? If you don't deliberately remove Windows from a cloned drive and just leave it hooked up then if the boot order changes or the SSD disappears then it will boot from the old drive.
|
# ? Jul 5, 2022 03:04 |
|
CaptainSarcastic posted:FWIW I used EaseUS to clone a drive a few years ago, and I recall it being fine. Did your system boot from the HDD you'd cloned in 2018? If you don't deliberately remove Windows from a cloned drive and just leave it hooked up then if the boot order changes or the SSD disappears then it will boot from the old drive. Yes, this is what happened. I had a kid since 2018 and lost half my memories due to sleep deprivation so the name was just completely unfamiliar to me. The program seemed legit from googling but I wondered if it had just been used to make a quick copy of my drive for offline inspection or something. Anyways, case closed, user is dumb.
|
# ? Jul 5, 2022 03:35 |
|
always blame the child
|
# ? Jul 5, 2022 04:41 |
|
I've been thinking of doing a 'security refresh' on my home infrastructure, based on a few pieces of random advice I've accumulated over the years. Now, I don't know if they are sensible or not, so I'd be interested to hear the thread's thoughts on these. In descending order of "likelihood I will try them" are: 1: Setting up a second / guest wifi network to connect work devices to, separate from my existing personal network and devices. I see the process described here and it seems straightforward enough. Is it worth the bother? 2: Password managers: my old crusty password manager (PasswordSafe) is bordering on no longer being fit for purpose as I start accumulating more and more devices, so it might be time to start with an actual cloud-based service. Are any better or worse than any other? Are any others open source? 3: A bill-paying email address. Currently, I use my 'resume' email for bills, but I saw someone suggest that having an entirely separate email is a reasonable way to avoid phishes. It would be some work to change it all over, and add some additional overhead, but would it be worth it? 4: A bill-paying laptop: Similar to above, except that the only device which handles bills is a cheapo Chromebook or whatever. It feels kind of e-Waste-y to me to have an entire device for that, but I'm curious if it's worth the bother. Let me know what you think, or if there is a better place to post this question.
|
# ? Jul 23, 2022 11:38 |
|
2: BitWarden
|
# ? Jul 23, 2022 14:27 |
|
Subjunctive posted:2: BitWarden Yup it’s awesome. I’m keen to hear about most of your other questions though too, no expertise myself sorry.
|
# ? Jul 23, 2022 22:49 |
|
Subjunctive posted:2: BitWarden Vaultwarden
|
# ? Jul 23, 2022 23:25 |
|
4. Assuming you aren’t a likely prospect for targeted attacks and don’t torrent/click on random stuff, I think it would be easier to set-up another user dedicated only to financials on your primary computer. And set your daily user account to restricted permissions and no admin. I did this (primarily for productivity reasons so I don’t get distracted by steam notifications and the like) and it’s been a godsend when I’m working Fruits of the sea fucked around with this message at 12:13 on Jul 24, 2022 |
# ? Jul 24, 2022 12:10 |
|
Magnetic North posted:4: A bill-paying laptop: Similar to above, except that the only device which handles bills is a cheapo Chromebook or whatever. It feels kind of e-Waste-y to me to have an entire device for that, but I'm curious if it's worth the bother. I'd say there are different stages to employ this. Minimum is a separate Firefox profile you use only for banking. Next stage is a different user account for banking. Beyond that you could setup a Hyper-V virtual machine. All these are free options before buying another computer.
|
# ? Jul 24, 2022 12:41 |
|
Saukkis posted:Beyond that you could setup a Hyper-V virtual machine. I have done something similar to this with my social media presence, and it is kind of a pain in the neck and slow.
|
# ? Jul 24, 2022 12:45 |
|
Presumably you'd have to run all your risky things inside the VM (i.e. everything other than banking), rather than just doing your banking in the VM and everything else on the host, because it's escaping from a VM to the host that is supposed to be difficult for malware, not vice versa
|
# ? Jul 24, 2022 13:38 |
|
The OP mentions switching off the ISP-provided DNS to something else - is that still best practice? I have been having intermittent networking issues that I think is caused by problems with my ISP's DNS server anyways, but I thought I'd ask. Is there a list of recommended DNS servers available somewhere?
|
# ? Nov 1, 2022 15:48 |
|
|
# ? Jun 8, 2024 07:49 |
|
PERPETUAL IDIOT posted:The OP mentions switching off the ISP-provided DNS to something else - is that still best practice? I have been having intermittent networking issues that I think is caused by problems with my ISP's DNS server anyways, but I thought I'd ask. Is there a list of recommended DNS servers available somewhere? 1.1.1.1, 8.8.8.8, 8.8.4.4, 9.9.9.9. thats cloudflare, 2 googles, and quad9(ibm) Thats off the top of my head
|
# ? Nov 1, 2022 15:58 |