- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
What about using popup and ad blockers?
Install uBlock Origin and never look back. Don't bother with anything else (even regular uBlock).
What's the difference between them?
|
#
¿
Jun 2, 2015 12:28
|
|
- Adbot
-
ADBOT LOVES YOU
|
|
|
#
¿
May 2, 2024 08:19
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
An on-going spat between Origin's absentee dev and the guy he gave his trademark to when he got bored of maintaining it. I haven't been paying close enough attention since it started to tell who's the bigger douche.
I heard about the developer poo poo fight, but I'm wondering what the actual difference is between Origin and the other uBlock, and why the OP suggests one over the other.
|
|
#
¿
Jun 2, 2015 12:52
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
You should also change passwords of any accounts you used in fake chrome (on another machine). tbh any data that was stored or entered on that computer since you first launched fake chrome should be considered as compromised and you shouldn't use it for anything now as there may well be a keylogger. Unless you can identify exactly what the infection(s) was IMO you should assume the worst.
fdisk format reinstall will probably clean it. I'd say back up essential data to a usb stick but there's a non-zero chance the stick will get infected. Hopefully you already kept backups of anything important offline and anything of potential value to a thief was encrypted.
Hopefully at least this incident will make you use better security practice in the future anyway - follow the advice in the OP, keep offline backups and keep networked data secure. I would also check router settings to make sure the DNS is correct and stuff if you had access to it before or left the default password, but I may well be paranoid.
Is there any virus that formatting and reinstalling Windows doesn't get rid of?
|
|
#
¿
Jul 6, 2015 21:18
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Jesus, that's frightening. The vast majority of the time I can expect a format to take care of things though, right? People I know tend to ask me to sort their computers out when they muck them up, my default action is to format their machines.
|
|
#
¿
Jul 6, 2015 21:33
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Folks just checking - what's more secure, LastPass or Bitwarden? Or is it all the same?
|
|
#
¿
Apr 29, 2019 16:43
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
I'm liking it so far. Should I keep the autofill function disabled or would I be ok to use it?
|
|
#
¿
Apr 29, 2019 23:16
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Thirding Bitwarden, the extensive and phone app are really good.
|
|
#
¿
Feb 1, 2020 15:31
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
There’s also Bitwarden, which does multi-device TOTP and client-side encryption.
I use Bitwarden for password management. Are you sure it does TOTP?
Fake edit: Premium account required.
I use Authenticaor Plus for TOTP, it's terrific and works on Android and iOS.
|
|
#
¿
Jun 15, 2020 19:15
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Bitwarden is pretty nice. Open source, free, Two Factor Authentication, mobile apps and extensions for all the popular browsers.
|
|
#
¿
Aug 15, 2020 07:59
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Is this thread where I should ask how someone got a password for my Outlook.com account? The account has zero known breaches according to Have I Been Pwned.
|
|
#
¿
Nov 24, 2021 00:12
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Where else did you use that password?
That's the thing, nowhere. The account is only used for Outlook.com and my GP surgery website, and both passwords are different. The password for the Outlook site was randomly generated by Bitwarden. I had two factor authentication on anyway so they didn't get access (and it's how I know they had the password).
|
|
#
¿
Nov 24, 2021 11:55
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Did you receive a notification to this effect from Outlook or something?
If all that's true then the next most plausible options are someone watched you type it, you typed it into a computer with a keylogger (possibly your own), you typed/pasted it into a phishing site.
The solution is the same in all cases: change the password to something new from a safe computer.
I got a request on my 2FA app asking to authorise a log on. I'm running a Malwarebytes Scan. It's very strange.
Password changed anyway. Thank god for 2FA. poo poo thing is, it's my grandmother's email address. She died in 2013, I just keep active for sentiment, it's not actually used for anything.
|
|
#
¿
Nov 24, 2021 17:44
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
I have a weird situation that I want to run by experts.
Just got back home after three days out of town and found my PC was sitting on a "could not shut down properly" blue screen. Whatever, maybe windows update screwed up in some way. Rebooted and everything seemed normal but when I went to ctrl+shift+t to restore my open tabs it opened up something unexpected: the website for EaseUS, some kind of software backup program. There were a total of 4 tabs, all related to this EaseUS program that I've never heard of before. Opened chrome history and it's completely wiped back to 2018. EaseUS showed up in my start menu but the program is missing so it's a dangling shortcut now.
Surely this is a sign of some kind of remote access? Is there any way at all to find out more information or do I just need to scorched earth ASAP? The only sensitive thing I have on here is my 1password vault which is locked with a unique password that I just have memorized.
Just in case you haven't thought of it, disconnect the PC from your network and shut it off completely, as a stop-gap until you get better advice here.
|
|
#
¿
Jul 5, 2022 02:41
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Is Sophos still a recommended malware scanner? My parent's ISP called them and said they received complaints about malicious traffic coming from their IP. A scan of my mom's PC did hit something, but the software didn't specify what it was before forcing a reboot. I also noticed what appears to be SSH fishing from my dad's Surface to our NAS (repeated attempts with common default usernames etc) so I'm looking for something I can run on all the Windows machines to help clean them out.
Assuming the call from the ISP was legitimate, with that degree of poo poo going on you should format both parents' machines.
|
|
#
¿
Dec 25, 2022 10:41
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
I don't know what most of that means but it made me chuckle anyway. Like I'm laughing at a mystery fart or something. Glad you're getting sorted anyway 🙂
|
|
#
¿
Jan 3, 2023 01:30
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Was just about to make dinner tonight when I got a frantic text message from my grandma saying her computer got locked down and it's telling her not to turn it off.
gently caress. I bought them a motherfucking iMac because I know they click on any loving link and don't know what the gently caress they're doing but "that's too hard, we'll stick to windows and risk having our entire life savings drained because mac is too hard. P.S. It happened again can you help save us." YES I CAN, USE THE loving IMAC FOR gently caress'S SAKE.
Anyway so I went over there and it looks like some website in Edge had opened a full screen "WE'VE LOCKED YOUR COMPUTER, DON'T YOU DARE TURN IT OFF. PHONE THIS NUMBER TO GET YOUR COMPUTER BACK!" warning, complete with an text to speech voice making all sorts of demands through the speakers, which I basically alt+tabbed out of and closed the browser and everything seemed to be running completely normally... Or so I thought.
I copied the offending website's URL from Edge history, tried it again for shits and giggles, and it came back 404. By "URL" it was basically just a random IP address with some funky hashtag per-session code after it. I deleted everything after the IP address itself and it resolved to some sort of Brazilian hosting page. My best guess is that it runs a unique per-session thing that wouldn't be traceable after the fact, hence why I wasn't able to reproduce it, but I don't really know the ins and outs of networking poo poo to be fully sure.
My baseline assumption was that they just clicked too many stupid ads and got sent to this outwardly appearing malicious but otherwise harmless "ransomware lookalike" honeypot, but a few other things started popping out at me.
My grandpa volunteered some knowledge without being prompted that he pays a company called Nerds On Site $5/month to monitor their computer. I asked "Then why am I here? What value are they to you if this keeps happening? How are they monitoring you? What do they have installed on here?" "Oh, I don't know. He came to my door and told me he does this job for the Canadian Tire on this side of town so I let him in." "So you accepted some guy's cold-call, he installed some random stuff on your computer, and you pay him $5/month on the basis that he told you he's the systems tech for Canadian Tire?" "Yes." "Did he prove that to you in any way?" "No." "Does that not seem suspicious to you that a nationwide chain is relying on some random guy for their IT support, instead of what is very likely an on-site team?" "Well if you put it like that..."
GOD DAMNIT!
So I had him show me one of this company's recent bills. It listed its service as "Webroot monitoring." I have no idea what the gently caress that is, so I google it. I find a program called Webroot SecureAnywhere. I don't see any immediate red flags, but the results I am finding all seem obfuscated or fake in some way to trick me into thinking it's meant to be doing something that a non-technologically oriented person might consider to be technologically advanced. I'm not a tech guru, but I've been around long enough to know when something isn't right.
I searched "Webroot" on his computer and there it is. The first strange thing is that windows Add/Remove programs told me it was installed ten days ago on May 15th. Neither of my grandparents claim to have installed it, nor has anyone aside from them and myself touched that computer in the last ten days. I'm extremely confused how this program came to exist on their computer ten days ago if nobody physically installed it.
Second red flag. I opened the "Webroot SecureAnywhere" program and started poking around to see what its deal was. It looks like a regular sort of AntiVirus program, maybe Nerds On Site put this here long ago and I was unaware? The problem with that hypothesis is that I'm sort of their go-to tech guy for basic poo poo. I installed some Ram and an NVMe for them about three weeks ago, and copied their entire OS onto the NVMe, and basically made it 100x faster for them to click every loving bullshit link in the universe. I did all of the cursory checks at the time to make sure they hadn't hosed themselves to death with virus and malware yet, and I don't recall seeing this Webroot program at the time, as I'm sure it would have registered in my brain that they had something like this to ostensibly protect them.
Anyway, in the Webroot application, I find a tab that lists "Account information," so I click it, and discover it has a serial number listed, partially obscured, which suggests to me that someone has logged into this application in the last ten days and got the program signed in. I click a link that takes me to the program's login portal, and ask both of them "Do you recognize this login page, and can you log into it for me?" Neither of them have ever seen it before, don't know any login info. Okay, strange. There's a little button under the partially obscured serial number that says something like "Copy Keycode Info." I click it, expecting it to copy the serial number into clipboard for me to inspect, instead it shoots me an error that says:
"The keycode is currently hidden and cannot be copied."
What the gently caress? Then why would there be a button for me to copy the keycode? If this were a legit program, it would have done the thing it says. What the gently caress is going on here? The logic here is all screwy.
So I head back to google and type that exact query bounded by quotations on both sides and get four (4) unique results across the entire internet, and all four are from variations on the theme of VirusTotal's hybrid-analysis / adaware quarantine service. Basically, that exact search string happened to show up in the exploded sample text of at least four viruses submitted to those websites.
Which has me even more puzzled. Nerds On Site may have ostensibly installed this program, yet this program is throwing up red flags, and the exact text string of "The keycode is currently hidden and cannot be copied." is showing up in a few virus quarantine pages and nowhere else.
That's when I came to this thread and started reading it for tips. I installed Wireshark, watched a quick tutorial that basically in a nutshell told me that "If you see a "data" category listed in the hierarchical sorting view under TCP or UDP, basically there's some hosed up poo poo happening bruh."
So I captured all of the traffic over ethernet for a few minutes, sorted the data via hierarchy view, and saw that about 7% of all traffic was in this dreaded data category. I still don't know what this means. Then my grandma came in and started badgering me about "you must be tired, it's time for you to go home, thanks for fixing our computer," but because she's deaf I couldn't explain to her that it's not fixed, and had to relay through my grandpa that "No, it's not fixed, I think there's something incredibly wrong here, PLEASE DO NOT TURN THIS COMPUTER ON UNTIL SATURDAY!"
Basically all of the "data" traffic was connecting to a single port in the 64000 region, and literally right when I started to get an idea of what might be happening here, it's 10pm and I'm tired as gently caress and they won't shut up and leave me alone so I had to leave, and now I'm trying this out here to ask if anyone has anything they could point me towards insofar as blocking that port or if there's a cmd command that I can execute to fry every capacitor on that motherboard and force them to use the iMac because holy loving poo poo I hate playing the family tech support role, but I also know that if I don't do it, they're just going to hire some random loving idiot off the street to make their lives even worse. I loving hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it I hate it. I started using a mac in 2008 and told them to gently caress off and figure it out, and over time I forgot what a breath of fresh air that was to not be the family IT guy. But now I have a windows computer again so guess who needs help?
I love them both dearly but holy gently caress it's exhausting. They're turning 90 this year and they make a special trip to the bank every other week to reset their password because they forgot it. I wish I could just teach them how to use a Mac and never have to worry about this poo poo ever again. All they do is click button > look at funny email. The hurdle of jumping over to mac to do the most menial trivial bullshit is practically nonexistent, but it might as well be the grand loving canyon. The only reason I think I have even the slightest confidence in my ability to at least help out in this situation is because I find network security in the broad sense, and social engineering/pen-testing specifically, to be super interesting fields and therefor I like to stay informed about all of the ways people trick other people. Only problem is that this inevitably coincides with me discovering how easy it is to trick old people literally all the goddamn time because I have grandparents predating the invention of the Monopoly board game who, through the grace of god, have a computer with internet access. 
I'm sorry dude but this is one of the funniest things I've ever read. And I feel your pain.
Adding to the cacophony of the advice to format and reinstall. Doesn't sound like it matters if you install Windows or Linux, since this is a combination of social engineering and someone physically being allowed onto the computer.
Just make sure that you install uBlock Origin on the browser, hopefully that will block some of the phishing sites.
|
|
#
¿
May 26, 2023 12:08
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
I know the OP says don't pay for an antivirus and they're all the same, but this thread is the only place I've ever heard that. I used to use NOD32 but stuck with Microsoft Defender for the last 6 or 7 years.
NOD32 seems to score better than Microsoft Defender in lots of scanning tests. Would I be better off with NOD32?
|
|
#
¿
Jul 10, 2023 22:52
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Now that’s a name I’ve not heard in a long time. A long time.
General Kenobi!
Ultimately I'm still best just sticking with Microsoft Defender then?
WattsvilleBlues fucked around with this message at 16:05 on Jul 13, 2023
|
|
#
¿
Jul 13, 2023 11:00
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
It really is just down to the end user.
Didn't this very site once inadvertently deliver malware through its ads?
|
|
#
¿
Jul 20, 2023 12:37
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
What survives a wipe and reinstall?
|
|
#
¿
Feb 10, 2024 23:36
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Haha cool, I won't worry about state-level attacks on my iTunes Library then!
|
|
#
¿
Feb 11, 2024 00:37
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Install uBlock Origin on whichever browser you choose to use. Bitwarden is the password manager I recommend, it supports all major browsers and has great mobile apps (though they don't support passkeys at present). It can generate random, complex passwords up to 128 characters in length.
Use two factor authentication on any account that supports it (including whatever password manager you choose), and use password-less accounts on any that support it.
As a rule, I always format and perform a clean install of Windows. The Windows 11 Media Creation Tool allows you to download the current version. Make sure your BIOS and drivers are all up to date. Many manufacturers will bundle their own driver update software but I personally prefer just to download drivers etc. directly from the manufacturer's website.
WattsvilleBlues fucked around with this message at 10:36 on Mar 5, 2024
|
|
#
¿
Mar 5, 2024 10:32
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Thanks to everyone for the replies! I was planning on Ublock Origin, the reminder to always keep everything up to date is a good one. 2 factor forever on everything, that habit's already baked in. No sketchy downloads from strangers (or candy). Turn on device encryption, disable UPNP and remote access. Presumable Chrome is the browser I should be using?
Most of the major browsers will be using the same rendering engine as Chrome so it comes mostly down to features and which company you want tracking your online activity. I use Firefox which is a good alternative.
quote: Re-installing the operating system is something I've never thought to do on a brand new computer. Is this advisable just because big box store will put junk on them right off the bat before selling them? Best Buy certainly wants me to have a free copy of norton 360 and use it. I don't have the computer in hand yet, but I wasn't planning to take advantage of the offer.
To wildly varying extents, laptop manufacturers and resellers will have software installed that you don't want, need or use. A clean install takes maybe 20 minutes, Cumulative Updates are actually cumulative these days. Spending an entire day installing updates for updates is largely a thing of the past.
Oh yeah, don't use Norton anything. Windows Defender is decent. Go through additional security options and make sure they're all turned on.
Also, find out what SSD drive is in the machine and check for a firmware update.
WattsvilleBlues fucked around with this message at 23:01 on Mar 11, 2024
|
|
#
¿
Mar 11, 2024 00:55
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
When I worked tech support for an ISP in the mid-2000s I used to say that Norton Internet Security was an excellent product, because it kept its users safe by preventing them getting online in the first place.
The Windows XP days really were rough. It seems to be when lots of normal people got desktop PCs with ADSL, making internet use more tolerable than dial-up. The downside being that the file sharing services were a virus fuckathon. I can't count how many times I spent 14 hours reformatting my mate's single core, HDD, 256MB RAM Windows XP machine because his Norton antivirus 2001 expired trial didn't detect that Spider-Man 2.exe was not a movie.
The only thing that eventually stopped that poo poo happening was NOD32, whatever dark magic they used on that. Oh, and the McAfee Site Advisor in Firefox.
Remember Active X? Shockwave? Flash? Needing Java installed? Dark times my friends.
|
|
#
¿
Mar 11, 2024 23:09
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Oh god I think that was 95 that did that. But was it on by default?
Google seems to think it was hiding extensions by default, anyone got a VM?
I don't have W95 in a VM but I have a VGM, a very good memory. Our early 90s school PCs running Window 3.11 always had files showing as 8.3 character file names, the .3 being the file extension. Extensions were hidden by default in Windows 95 onwards, I remember from our first PC in October 1996.
|
|
#
¿
Mar 13, 2024 23:26
|
|
- Adbot
-
ADBOT LOVES YOU
|
|
|
#
¿
May 2, 2024 08:19
|
|
- WattsvilleBlues
- Jan 25, 2005
-
Every demon wants his pound of flesh
|
Hitchhikers page!
To add, I recently got my daughter a new laptop and it came with McAfee installed begging to buy a subscription. Groveling even.
In order to fully get rid of it, a McAfee technical support article(!) pointed to another piece of McAfee software you had to install in order to uninstall it since the uninstaller threw errors and didn’t work. On a brand new laptop…
So we said gently caress off and blew it all away, upgrading her to win11 pro at the same time.
If you work for McAfee you suck rear end. Sorry but I don’t make the rules
Lenovo should also be ashamed
When you say you blew it all away, do you mean you formatted the drive and installed a bare Windows 11 install?
Also can you link the support article that advised an uninstaller because the regular uninstaller was hosed?
Any company that develops or deploys software like this should hang their heads in ropes.
Windows’ default of not showing file extensions is the single stupidest thing they have ever done.
I get why they did that though. Most people using computers these days don't know what a file extension is. The people that do know, know how to enable it in settings.
WattsvilleBlues fucked around with this message at 00:55 on Mar 14, 2024
|
|
#
¿
Mar 14, 2024 00:51
|
|
#
¿
Jun 2, 2015 12:28
