|
Midelne posted:You don't really need to do anything more fancy than reinstalling Windows (using the option that formats the hard drive) to get rid of them. I've read around a lot and seems that this is the only way to deal with redirect malware, I actually came across a computer I spent HOURS on and finally reformatted it. Is there nothing that can be done to clean that particular malware off?
|
# ¿ Oct 16, 2010 22:30 |
|
|
# ¿ May 21, 2024 03:08 |
|
PopeOnARope posted:Speaking of Viruses, holy loving gently caress, ThinkPoint was a goddamn epidemic today. 50% of our calls were to handle it. I think we scanned it externally, but dunno if the other guy got anything off by doing that. If that doesn't work, I'm going to manually place the MWB program on the HDD somewhere through another computer then run it that way.
|
# ¿ Oct 24, 2010 07:08 |
|
Okay, I just came across a new rogue antivirus. Typical style name of "Internet Security Suite". I'm having a problem getting rid of the final bits of it. I've run MalwareBytes, attempted a manual removal and it still lingers. I usually see it when I run ComboFix and it tells me to turn off Antiviruses (MSE and this one). The other things is I can't tell if it's blocking my Wireless. I can hook up a hardline and it works just fine. I can get the wireless to connect, but it's as if it's not. Edit: The wireless isn't pulling an IP correctly. Gothmog1065 fucked around with this message at 15:07 on Dec 2, 2010 |
# ¿ Dec 2, 2010 15:03 |
|
sfwarlock posted:Have you done anything towards cleaning out autoruns? (Hijackthis, Autoruns, possibly using a BartPE disk? (I've had success with the minixp on Hiren's.)) Wireless was fine, someone changed the password and didn't tell me. Ironically it didn't kick the password, just showed limited connectivity. I'll rerun combofix in Safe mode again, then try autoruns. I'm trying to get away from formatting this computer as it has a lot of programs on it.
|
# ¿ Dec 2, 2010 15:18 |
|
vlack posted:Well sure, but that's hardly what I'd consider a long-term fix. I'm using Microsoft's backup solution with Microsoft's antivirus solution on Microsoft's operating system; surely they could have it stop the service manually or do whatever is necessary to make this work without manual intervention. That may be some leftover retardation from Vista. I'm running 7, do backups once a week and have never had a problem. I'll test on a laptop at work and see if it's vista specific or just some weird error you're having.
|
# ¿ Mar 15, 2011 13:11 |
|
co199 posted:Everything I'd seen before this has been proof of concept. If you don't mind, can you explain how you got rid of it after you've done your cleanup? I think it'd be helpful for us computer janitors in the thread.
|
# ¿ May 10, 2011 19:02 |
|
Are there any special variables/settings I should be putting on in Ketarin? Can someone email me an example file so I can make sure I'm doing this correctly?
|
# ¿ May 11, 2011 16:42 |
|
bbcisdabomb posted:This is from my Ketarin install from Dropbox, so it doesn't have all that much, but here's my jobs.db. It should get you just about everything. Sweet, thank you. This saves me a ton of time.
|
# ¿ May 11, 2011 20:41 |
|
PopeOnARope posted:What the gently caress? You pay for their Antivirus and they try to shoehorn malware onto your computer anyway? How much money is Uniblue offering these people? This is loving ridiculous. I'm so glad that I got the owner of the shop I work at off of Avira now.
|
# ¿ Jun 12, 2011 02:50 |
|
Quick question with Ketarin: Is there a way to force updates? I have it set up to run daily, but some of the more important files aren't updating at all.
|
# ¿ Jun 16, 2011 20:45 |
|
Scaramouche posted:Little update on the latest TDSS variant: quote:Additional changes include a new antivirus feature that rids TDSS-infected machines of 20 rival malware titles, including ZeuS, Gbot, and Optima. It also blacklists the addresses of command and control servers used by these competing programs to prevent them from working properly. Question: What is the best way to format a hard drive and kill the MBR so the virus is completely gone?
|
# ¿ Jun 30, 2011 03:39 |
|
CA Internet Security, Road Runner's security suite, how good is it? One of those I haven't really heard much about.
|
# ¿ Jul 14, 2011 16:03 |
|
PopeOnARope posted:Don't use it. I figured as much, is there anything that shows how bad it is?
|
# ¿ Jul 15, 2011 00:40 |
|
PopeOnARope posted:gently caress this, gently caress every part of this. I've had to support McAfee's bullshit plenty in the past, and having it seed this deep into the operating system is just begging to have a loving disaster occur. Beyond that, the loving thing could never detect a rootkit if it tried, so why are they even trying to be preventative. Aha! So the Intel purchase of McAffee is finally going through. It's supposed to use chip level security or some poo poo, is this just the precursor?
|
# ¿ Sep 17, 2011 23:43 |
|
I figured this would be the best place to ask, but a co worker sent this link to our entire department. Sorry it's the mobile version, but that's what he gave. This sounds like Conficker in a way, but is this bullshit? The logistics of it just don't seem possible.
|
# ¿ Jun 1, 2012 17:07 |
|
angrytech posted:No it's legit. It's the DNSChanger virus. Thanks, got a google hit with the FBI website. Trying to figure out impact and stuff from work since the guy who gave the link gave nothing else.
|
# ¿ Jun 1, 2012 17:30 |
|
Not sure where to put this, it might as well be a virus but: Has anyone noticed since an adobe update yesterday people aren't getting on the internet? I've had multiple customers complain about this, haven't seen anything else about it. Safe mode gets on fine, but I can't do any real testing (ISP restrictions on support) to see if removing flash/adobe horseshit fixes it or not. Edit: now I'm getting wind that it's a windows security update for 7/vista. Gothmog1065 fucked around with this message at 17:41 on Aug 19, 2012 |
# ¿ Aug 19, 2012 17:07 |
|
Most do not have mcafee. My supervisors are pointing at KB2705219 as the problem.
|
# ¿ Aug 19, 2012 19:50 |
|
vx15i posted:They posted this today: Looks like this was the problem we were having as well.
|
# ¿ Aug 19, 2012 21:38 |
|
Khablam posted:
I think I generally do MalwareBytes, Combofix and MSE. If those three can't get it, I generally just format and be done with it.
|
# ¿ Sep 11, 2012 21:46 |
|
Maniaman posted:I've had to explain that concept to multiple people, most of them were rather difficult to convince. If you get caught with child porn, they aren't going to let you off the hook for $200. I pose this question: "Do you think the FBI would take a bribe to let you go, or burst down your door and arrest you for child porn?" Then remind them that child porn is a really drat serious offense, not a misdemeanor in any way. The best thing I heard about this virus though was a new story on my morning radio station. Dude was caught dumping child porn into a dumpster outside his apartment building. Why was he dumping it? He got the FBI virus, and he got scared.
|
# ¿ Nov 30, 2012 23:38 |
|
Have you double checked to make sure it wasn't an addon of some sort?
|
# ¿ Dec 8, 2012 06:50 |
|
Yeah, it's the new "big" virus. What have you done already?
|
# ¿ Dec 22, 2012 13:39 |
|
I would have done CCleaner first, just so MWB doesn't take as long. Regardless, MWB should clean most of it, Microsoft Security Essentials should be a good second, if anything lingers try combofix and TDSSkiller, if that doesn't work, back up and format the computer.
|
# ¿ Dec 22, 2012 14:29 |
|
There's a virus thread in Haus specifically for removal, should be pretty up to date.
|
# ¿ Apr 15, 2013 12:43 |
|
Farmer Crack-rear end posted:Would it be feasible to use a credit card to pay off the ransom, and then call the bank to demand a chargeback? You would give your CC info to someone who put a virus on your computer and demanded money?
|
# ¿ Oct 4, 2013 19:35 |
|
Just got a client who got hit with Cryptobit. At least it's not CryptoLocker. It only seems to scramble the first 512 bytes of the file and copy it to the end of the file. Hopefully we can recover everything for them but I was about to get scared it was a full on encrypted problem.
|
# ¿ Mar 8, 2014 18:12 |
|
pixaal posted:Someone should get a copy of Lindows that Walmart was selling on computers about 10 years ago and put it on a VM for the scammers. You could play so dumb with it too if I remember correctly its a windows skin on a linux distro and visually you cannot tell the difference. My uncle had one of them and kept trying to get me to install stuff to it. I remember it being very convincing at first glance. I think when I had W7Pro I was going to set up an XP VM on it and gently caress with them. Now I have 8.1 and
|
# ¿ Mar 27, 2014 08:13 |
|
That virus that was moving files and hiding them, where was it moving them to? I'm hoping that's all that's happened to this person's computers. The folder trees are still there but the files are gone.
|
# ¿ Apr 7, 2014 14:23 |
|
Okay, so this is computer #2 I've seen with this now. It's not a sudden hiding of all files, but the first computer (the one mentioned above) is a windows 8.1 computer, and her files and start menu (The Metro) all disappeared, so did all her programs. I just had another computer today at another client's whose shortcuts were slowly going away, and now her programs are just magically disappearing. MSE, Malwarebytes, Combofix, Superanti Spyware are all coming up with nothing. Has anyone seen anything like this?
|
# ¿ Apr 14, 2014 19:54 |
|
mindphlux posted:I've seen this plenty of times, pretty harmless unless there's a new more horrible version out. I can't remember what causes it, but combofix should take care of it. afterwards you can just change the attributes on the user folders to unhide the files - or there's this : http://www.bleepingcomputer.com/download/unhide/ So it's doing more than an +h on the file attributes? That's probably why I'm missing it. I'll run that to see what happens.
|
# ¿ Apr 14, 2014 22:30 |
|
go3 posted:Thats not really a better method If something like that isn't working and it's still behaving erratically, it kind of is. The alternative is spending hours to days manually removing crap and finding you still haven't dug it all out. In terms of a time sense, flattening it and reinstalling is sometimes the best way.
|
# ¿ Aug 3, 2014 16:57 |
|
Bob Morales posted:Are Word viruses still a thing? Someone at my work was emailed this document but Kaspersky doesn't seem to pick anything up. Did the person say they were emailing you an "Adobe Invoice" with macros in word for some stupid reason? It's almost certainly a virus unless they created the doc themselves. There's no reason for an invoice like that to have macros enabled, most invoices are created and saved and have all the data within them. Kaspersky probably didn't catch it as the virus isn't there... yet.
|
# ¿ Aug 18, 2014 15:53 |
|
It is: http://www.jasonslater.com/2014/05/16/fake-adobe-billing-emails/
|
# ¿ Aug 18, 2014 16:23 |
|
Does anyone know if there is a way to remove Avast externally? Their rescue disk only does scans, and I'm pretty sure that is what is stopping this computer from booting. Flattening is the next option, but was wondering if there was something before that (And I really don't want to pull this goddamn harddrive out.)
|
# ¿ Sep 20, 2014 00:18 |
|
Neither mode will boot. It will lock up once it gets to the user selection screen on normal, and on safe mode it locks up at aswRvrt.sys, and everything I've seen from googling shows it's an avast issue. e: And yes, there were a few trojans, I think I got a good portion of them with a Kaspersky Rescue Disk.
|
# ¿ Sep 20, 2014 00:51 |
|
Whew. Just got the go ahead to flatten and reinstall.
|
# ¿ Sep 20, 2014 01:09 |
|
Yeah, I would do any bootable media (Linux, whatever). If you have an External HDD enclosure (I got one off of newegg for $15 or some such) you can hook it up to an external computer. Another way to test is just boot it up and see how it's acting. I've had people claim viruses only to have minor crap and a lot of bloatware where they just installed whatever (and somehow avoided all the really bad crap).
|
# ¿ Oct 26, 2014 22:45 |
|
Crossbar posted:Does anyone know if Fiddler is used in some types of malware? Someone at a remote office was complaining about getting certificate errors when browsing the web and I found Fiddler certs installed on the computer. The office is about an hour away so for now I had them pull the network cable. I've found that 99% of certificate errors are due to bad date/time on the computer. If it is this fiddler, it sounds like someone was trying to self-diagnose something.
|
# ¿ Nov 7, 2014 17:21 |
|
|
# ¿ May 21, 2024 03:08 |
|
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance This just hit my radar for some apparent reason. Should we be donning our tinfoil hats?
|
# ¿ Nov 25, 2014 03:28 |