|
Casao posted:You might've been running SP3, but unless these Chinese gold farmers know of some jpg exploit that nobody else in the universe does, you didn't get it via a jpg, you got it from doing something else. Probably something stupid, too. My least favorite question to answer clients is "how did I get infected?" There's never a good way to answer that.
|
# ¿ Dec 17, 2008 14:56 |
|
|
# ¿ May 21, 2024 00:36 |
|
hyperborean posted:
|
# ¿ Dec 18, 2008 17:13 |
|
Midelne posted:I have a text file somewhere of the fake-chkdsk results that some malware put out. At first glance the formatting was all correct, but the results give him something like twelve petabytes of disk storage, eighteen petabytes of which (yes, I know) is "dirty" and needs to be "e-cleaned".
|
# ¿ Dec 18, 2008 17:53 |
|
hyperborean posted:avast!, Avira, Antivir, AVG (in order of my personal preference). Someone linked this site in another thread, it's great for making your own pick based on hard numbers from extensive testing.
|
# ¿ Dec 18, 2008 19:28 |
|
Hillridge posted:I'd flatten and reinstall if it didn't take so long to get everything back to the way it was. First you have to install the OS and apply all the updates, which includes what seems like 50 reboots. You can save a little time by slip streaming in the latest service pack to the install disc, but it still sucks. Then you have to reinstall drivers. Then you have to reinstall all the applications and possibly update them. Then you have to reconfigure all the applications and little tweaks you've setup since the last reformat. I'd estimate that it takes me the better part of a week to rebuild my system and get it back to how it was just before infection. Computers are fun
|
# ¿ Dec 18, 2008 22:08 |
|
I was onsite yesterday trying to figure out wtf was wrong with this Windows Server, and to kill time while it was updating (completely unpatched server, awesome), I decided to check Windows Update on a few of the PCs. I noticed that on this one Win2k box, Windows Update wouldn't load. Because the browser was so slow, I say it attempting to open 127.0.0.1. Let me tell you, that HOSTS file was great. It was no only blocking Windows Update and a variety of Microsoft download servers, but it also had a pretty comprehensive list of different antivirus update servers as well. So I fixed the HOSTS file and since they don't have any local antivirus software () I loaded up Housecall to see what came up. I think the final count was somewhere around 4500 infections found. Most of them appeared to be hidden various places around the PC. I suspect that the doctor was probably responsible for the initial infection, but I kind of doubt he's smart enough to have a huge cache of installers and keygens hidden deep within his user profile. I suspect the bulk of that was due to one or more of the infections. It always fills me with warm fuzzies when I come across crap like this in a medical environment. I'm glad my confidential patient information is in safe hands. Edit: here's a blurry pic of the scan in progress (sorry, my cell phone camera doesn't have a macro mode)
|
# ¿ Dec 23, 2008 14:48 |
|
abominable fricke posted:I'm sure I don't need to tell you that disinfecting a win2k machine is a waste of your time. It's just going to get reinfected the very next time it touches the internet. You should recommend that he upgrade his machines to XP, there is absolutely no reason not to at this point. By the way, Housecall locked up on that machine trying to disinfect LONGHORN BETA LEAKED.EXE
|
# ¿ Dec 23, 2008 16:04 |
|
Kaltag posted:I keep my OS/programs and data on separate HDs so when I get this poo poo i just nuke the OS/programs HD.
|
# ¿ Jan 6, 2009 19:02 |
|
Luigi Thirty posted:If you're really clever, you'll encrypt their files and try to get money like the Russian extortion virus.
|
# ¿ Jan 7, 2009 19:07 |
|
abominable fricke posted:But the geeks at Best Buy told me it's the best antivirus software there is...
|
# ¿ Jan 9, 2009 20:18 |
|
Midelne posted:At least this time around Microsoft is on top of it and the January MSRT will take out most versions of Conficker. The lesson today, as loving always? Update update update.
|
# ¿ Jan 15, 2009 16:28 |
|
One of my coworkers who does some work on the side for a local hospital told me she was instructed not to log into the hospital network until further notice. Apparently there's been a crippling virus outbreak that they're still trying to contain, and they've instructed everybody on the hospital network to turn off their computers until they can clean up the mess. Sounds like conficker or something, based on the description. Whoops.
|
# ¿ Feb 6, 2009 15:30 |
|
Otacon posted:This will help you when in 2 weeks, your brother says "Hey my Windows is hosed up again, time to do a system restore!" and the system is reinfected.
|
# ¿ Feb 9, 2009 14:57 |
|
BorderPatrol posted:Anyone here use Counterspy/VIPRE security software? I've been using them for a few years now and they are one of the most underrated security companies I've seen, their stuff is very good (they originally made the first versions of the Microsoft Antispyware product)
|
# ¿ Feb 10, 2009 17:05 |
|
Okay, I just spent 2 hours of my life battling the meanest winantivirus variant I've seen to date. This sucker appears to create some stealth software restriction policy that prevents me from installing anything that might get rid of it. MBAM setup just closes (and yes, I did try renaming the installer). HijackThis closes. Process Explorer closes, even under safe mode. gpresult /v showed me, among other things: code:
code:
If the computer weren't offsite I might be more willing to try to beat it into submission, but for now I give up. I told them to call the local guy who installed the PC and have him deal with it.
|
# ¿ Feb 10, 2009 17:18 |
|
Midelne posted:I guess the next thing to try is a boot CD with portable installations of scanners already present. After that I'd just flatten/reinstall, because goddamn once you're mucking around in phantom software restriction policies you're too far in.
|
# ¿ Feb 10, 2009 17:54 |
|
GREAT BOOK OF DICK posted:Is the owner some kind of OfficeScan fanboy? There's a reason I started the Job thread...
|
# ¿ Feb 11, 2009 21:07 |
|
Otacon posted:It created a bunch of new drivers for devices I didn't even know existed. (Saitek Magic Bus? Who let the magic bus into my computer???)
|
# ¿ Feb 18, 2009 19:19 |
|
lalala... Customer calls describing a typical winantivirus type infection. I tried to do a webex session to run malwarebytes but the app keeps redirecting the webex join page to some "this page may be infected, click here to buy" screen. Awesome. Right now I'm in via RDP from the server, running the scanner. Objects scanned: 82783 Objects infected: 9 Time elapsed: 55 minute(s), 38 second(s) Surely it's almost done... Also, apparently this client is too cheap to buy an enterprise-level antivirus software, so in addition to my mbam scan, I've got this lovely message on the side of the screen from "McAfee Personal Firewall Plus" quote:The application Windows Explorer has changed since you first gave it access to the Internet. Do you still want to let it access the Internet? 58 minutes...
|
# ¿ Mar 2, 2009 17:06 |
|
brc64 posted:58 minutes...
|
# ¿ Mar 2, 2009 17:41 |
|
Independence posted:and softcore porn collection.
|
# ¿ Mar 2, 2009 19:44 |
|
I've got an XP Virtual Machine running right now with a VIPRE Enterprise agent installed. I've been clicking on things from malwaredomainlist and following banner ads and honestly, I'm pretty amazed at the results so far. So far the only thing I've been able to successfully install is The Weather Channel Desktop, which, while a bit annoying, isn't really malware. Everything else that I've tried to install has either crashed or mysteriously vanished. If somebody can provide me with a working link to some vundo, antivirus 2009 or other common nasty poo poo, I'd really like to test that out in my VM.
|
# ¿ Mar 9, 2009 14:17 |
|
Midelne posted:AV2010 stuff
|
# ¿ Mar 9, 2009 18:08 |
|
Cojawfee posted:It all comes down to people admitting that they are retarded and refuse to learn the basics of computer use. And don't realize that internet explorer opened up a fake My Computer window and My Computer is performing a function that it never has before (scanning for viruses).
|
# ¿ Mar 16, 2009 20:54 |
|
Cojawfee posted:All of the examples he gives are of people who simply refuse to learn anything. They think they are smarter than the guy who gets paid to work on whatever they have and won't listen. His examples of people being victims of bank fraud or theft don't really apply. Those people had something happen to them that they had no reason to expect. Blindly clicking things away is figuratively childish in that they just want to get to whatever boring website they want to see and will click yes to anything that comes across their path. You must enjoy making old ladies cry
|
# ¿ Mar 17, 2009 13:51 |
|
GREAT BOOK OF DICK posted:When I find Limewire installed on infected machines, I've only had to explain to teenagers/parents once not to use it because that's the likely source of their infections. They seem to listen to the person fixing the computer (as they should.) "I don't know how that got on there" "Oh I don't use that anymore" "What's limewire?" or they agree not to download it again only for it to show up again just a couple of weeks later
|
# ¿ Mar 18, 2009 05:18 |
|
Midelne posted:Conficker Network Signature Discovered
|
# ¿ Mar 30, 2009 15:14 |
|
Drighton posted:Put in your IP address range in the Target field. I'm not sure which scan to do though, and I'm not sure what you will see if you are infected. Big red CONFICKER label on the IP address or maybe you're looking for a specific port, I don't know.
|
# ¿ Mar 30, 2009 15:25 |
|
I had this lovely email (slightly edited) when I came in this morning. The time on the email was 3:21 AM.quote:I initiated the Trend Scan on all machines. PC05 computer is INFECTED!!!! [emhpasis hers] Notice states "0 files cleaned, 11 infected and unable to fix". I never called her, either.
|
# ¿ Apr 3, 2009 14:50 |
|
BillWh0re posted:The Virut family are all IRC backdoors.
|
# ¿ Apr 7, 2009 19:16 |
|
Midelne posted:New Vundo Behavior Fun fact: our worst vundo-offending client shares a mapped drive on the server between all of the PCs. I don't quite get why that's a problem in this case, though... what is so bad about dropping a randomly named vundo DLL on a mapped drive? I mean, that's not going to magically infect anybody who uses that drive, is it?
|
# ¿ Apr 23, 2009 18:11 |
|
abominable fricke posted:Is it not dropping an autorun.inf there to? Otherwise that would be silly.
|
# ¿ Apr 23, 2009 22:23 |
|
One of my coworkers has been battling something nasty on her laptop for the last couple of weeks that I haven't had any time to look into. A couple weeks ago she told me that her computer "lost" her audio device. Last week she started getting bluescreens and error messages on startup referencing chkdsk.dll (it was in Start Menu/Programs/Startup), and I noticed that OfficeScan was not only outdated but the real time scanner wasn't even running anymore. I've been at a local hospital every day last week so I haven't had any time to look closer into the problem. I downloaded VIPRE rescue to see if it would have any more luck than Trend crap, but her computer couldn't browse the network. Burned it to a CD instead, started it up, then went to the hospital. When I got back she said it didn't do anything when it finished but try to open some website that never loaded (and based on the URL I'm pretty sure VIPRE didn't launch it). I'm pretty sure I'm just going to have to nuke the laptop. I just hope I have some time to look into it this week. Last week was hell.
|
# ¿ Jun 1, 2009 00:57 |
|
Midelne posted:Erm.
|
# ¿ Sep 4, 2009 14:55 |
|
Midelne posted:Maybe something like UltraSpywareKiller2010. Point taken.
|
# ¿ Sep 4, 2009 15:49 |
|
fishmech posted:At least Comic Sans is legible, if informal. She told me that she once received a letter, claiming to be some sort of legal proof that a particular debt had been taken care of or something. The letter was printed in Comic Sans.
|
# ¿ Sep 6, 2009 23:49 |
|
fishmech posted:They're trying to kill lovely "free" antivirus. Their attempt to kill paid antivirus ended back in summer when OneCare was canceled.
|
# ¿ Dec 9, 2009 16:24 |
|
|
# ¿ May 21, 2024 00:36 |
|
m2pt5 posted:Many viruses and malware will refuse to "function" if they detect that they are running inside a VM. But my idea is roughly this: Create a virtual machine image that includes everything the client needs (I assume this would require volume licensing for the Microsoft apps). Have the physical computer effectively be a thin client that does nothing but load this image at startup. Have documents redirected to a share on the server to preserve changes. When they reboot the computer, the same base image is loaded again, so it effectively acts as Deep Freeze as well (undoing any malicious changes since the past reboot). This method would also make keeping things up-to-date easy, since you only have a single image to update. The downsides I can think of are that it might make things like antivirus definitions and windows updates slightly more tedious, and the obvious aforementioned bandwidth issues with loading the image at startup. BangersInMyKnickers posted:If you are on Vista/7, enable SEHOP.
|
# ¿ Feb 16, 2010 15:39 |