Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
What to do if your PC is infected by malware
11 views
Skip to first unread message
~BD~
Nov 20, 2014, 6:02:33 PM11/20/14
to
New security holes are discovered in Windows and web browsers all the
time, and it’s possible for hackers to exploit them before anyone can
issue a fix.
New malware can also slip under the radar of anti-malware software and
while malware database updates are usually quick to arrive, there’s
often a small window of opportunity when internet nasties can sneak in
undetected.
So how can you tell when your PC is infected by malware and, more
importantly, what can you do about it?
http://home.bt.com/tech-gadgets/computing/what-to-do-if-your-pc-is-infected-by-malware-11363945220841
Yet not one mention of MBAM from Malwarebytes.com! ;-)
time, and it’s possible for hackers to exploit them before anyone can
issue a fix.
New malware can also slip under the radar of anti-malware software and
while malware database updates are usually quick to arrive, there’s
often a small window of opportunity when internet nasties can sneak in
undetected.
So how can you tell when your PC is infected by malware and, more
importantly, what can you do about it?
http://home.bt.com/tech-gadgets/computing/what-to-do-if-your-pc-is-infected-by-malware-11363945220841
Yet not one mention of MBAM from Malwarebytes.com! ;-)
Message has been deleted
Mike Duffy
Nov 20, 2014, 10:33:48 PM11/20/14
to
On Thu, 20 Nov 2014 23:38:04 +0000 (UTC), Dustin wrote:
> [If you reformat your computer to remove trojan based malware, you
> *are* a complete gobshite and actually deserve to have to reload
> everything from scratch.
I most strenuously disagree, Dustin. I always do a complete rebuild
(starting with "full" format) for detected / suspected malware of any kind.
> If you didn't happen to setup this computer originally,
> this is going to be a learning experience for you.
It's always a learning experience even for the same person who performed
the original setup. One major reason for doing this is also to
well-document the entire procedure to be better-prepared for a system loss
due to the more likely reasons. (HDD fail / fire / flood / theft.)
--
http://pages.videotron.com/duffym/index.htm
> [If you reformat your computer to remove trojan based malware, you
> *are* a complete gobshite and actually deserve to have to reload
> everything from scratch.
I most strenuously disagree, Dustin. I always do a complete rebuild
(starting with "full" format) for detected / suspected malware of any kind.
> If you didn't happen to setup this computer originally,
> this is going to be a learning experience for you.
It's always a learning experience even for the same person who performed
the original setup. One major reason for doing this is also to
well-document the entire procedure to be better-prepared for a system loss
due to the more likely reasons. (HDD fail / fire / flood / theft.)
--
http://pages.videotron.com/duffym/index.htm
Message has been deleted
Virus Guy
Nov 21, 2014, 9:40:06 AM11/21/14
to
~BD~ wrote:
> So how can you tell when your PC is infected by malware and, more
> importantly, what can you do about it?
And I continue to ask, and nobody here can or will answer, why NO
> So how can you tell when your PC is infected by malware and, more
> importantly, what can you do about it?
ANTI-MALWARE SOFTWARE has the ability to scan the boot sectors or
windows registry of a SLAVED HARD DRIVE that is known or suspected of
being infected with malware or crapware.
Being able to scan the hard drive and registry of the system that you
are running on is (of course) a necessary ability.
But it is FAR MORE EFFECTIVE to scan a suspect drive when it is in an
INERT STATE, as it is when it is connected as a slave to a known
clean/trusted second computer. Yet there is no anti-malware scanning
software that is able to fully scan such a drive when connected that
way. There is no antimalware software that can scan the boot sectors or
the registry files on a drive connected as a slave. Why is that?
The repair-ability of a drive (ie - the complete extraction of malware
in all it's forms) is far easier to accomplish when the drive is
connected as a slave on another computer, yet no antimalware company
seems to have the foresight or wisdom to endow their software with that
capability. That is one of the true failures of the anti-malware
industry.
Mike Duffy
Nov 21, 2014, 11:34:21 AM11/21/14
to
On Fri, 21 Nov 2014 05:30:17 +0000 (UTC), Dustin wrote:
> While I appreciate your disagreement, I really cannot justify
> reloading a system due a runkey being set and pointing to a malicious
> executable.
>
> Which is most of the time, exactly what you're dealing with
"most" != "all". You know you have detected malware. You do not know if it
is a new concoction; a mix of other methods of propagation / payloads.
> [...]. Unless you just find it easier?
Before I retired, it was policy for any computer coming to the worksite. In
other words, a PC was suspected of having malware despite having shown no
positive evidence. Computers returning from business trips, work at home,
warranty repair, and even new boxes still in shrink wrap were all re-built.
I developed several tricks to ensure that all of the steps were taken, so
rebuildiing was not that big a deal. Sometimes people would ask for
re-builds just because the PC was running slow due to de-installation turds
of tested programs. There were also times when management requested a
complete re-build of all systems without telling us why.
> [...] I'd only be wasting valuable time that could be spent elsewhere.
Of course, there was usually other work to simultaneously perform on other
systems. Most re-build jobs were done in parallel anyways.
> For a non techie individual who hasn't built hundreds of machines,
> sure. But, I could rebuild one of these machines practically blindfolded.
I estimate several thousand during my career. Each system was different in
terms of hardware and installed programs, so a master image was out of the
question.
And because we were obliged to use the lastest drivers and versions of all
software, I found that using system images for each PC ended up creating
more work than it saved.
I still say that I learned something new more often than not, because the
re-build for a particular PC was never exactly the same as previously.
> If the file system is foobared [...] I may resort to reloading,
I plan to re-load my teenager's PC over the holidays because it crashed at
school. It simply is easier for me to do this than to try to evoke an
intermittent problem. Also, it has a side-effect of forcing the end-user to
really think about where the important user files are that need to be
backed-up, because this should be done continually, and not just before
system re-loads.
--
http://pages.videotron.com/duffym/index.htm
> While I appreciate your disagreement, I really cannot justify
> reloading a system due a runkey being set and pointing to a malicious
> executable.
>
> Which is most of the time, exactly what you're dealing with
"most" != "all". You know you have detected malware. You do not know if it
is a new concoction; a mix of other methods of propagation / payloads.
> [...]. Unless you just find it easier?
Before I retired, it was policy for any computer coming to the worksite. In
other words, a PC was suspected of having malware despite having shown no
positive evidence. Computers returning from business trips, work at home,
warranty repair, and even new boxes still in shrink wrap were all re-built.
I developed several tricks to ensure that all of the steps were taken, so
rebuildiing was not that big a deal. Sometimes people would ask for
re-builds just because the PC was running slow due to de-installation turds
of tested programs. There were also times when management requested a
complete re-build of all systems without telling us why.
> [...] I'd only be wasting valuable time that could be spent elsewhere.
Of course, there was usually other work to simultaneously perform on other
systems. Most re-build jobs were done in parallel anyways.
> For a non techie individual who hasn't built hundreds of machines,
> sure. But, I could rebuild one of these machines practically blindfolded.
I estimate several thousand during my career. Each system was different in
terms of hardware and installed programs, so a master image was out of the
question.
And because we were obliged to use the lastest drivers and versions of all
software, I found that using system images for each PC ended up creating
more work than it saved.
I still say that I learned something new more often than not, because the
re-build for a particular PC was never exactly the same as previously.
> If the file system is foobared [...] I may resort to reloading,
I plan to re-load my teenager's PC over the holidays because it crashed at
school. It simply is easier for me to do this than to try to evoke an
intermittent problem. Also, it has a side-effect of forcing the end-user to
really think about where the important user files are that need to be
backed-up, because this should be done continually, and not just before
system re-loads.
--
http://pages.videotron.com/duffym/index.htm
Message has been deleted
Mike Duffy
Nov 21, 2014, 3:18:55 PM11/21/14
to
On Fri, 21 Nov 2014 17:11:34 +0000 (UTC), Dustin wrote:
> Techies shouldn't be so quick to resort to "Oh, I can't fix this,
> lemme reload from image." Aren't much of a tech if that's your fix.
Well, the logic is along the lines of:
I can probably fix this without reloading the OS. But I can never be sure
that I've eradicated the problem. My management insists that I be sure.
> You have very high expectations of you think all home users and
> all small business owners have images, original media,
True. Thus one needs to find all those things on the web first. It also
ensures that you have the latest versions of everything.
Licensing is usually a bigger problem. If you ask the user for a copy of
the licence file that was emailed to them, usually they don't even know
what you are talking about.
--
http://pages.videotron.com/duffym/index.htm
> Techies shouldn't be so quick to resort to "Oh, I can't fix this,
> lemme reload from image." Aren't much of a tech if that's your fix.
Well, the logic is along the lines of:
I can probably fix this without reloading the OS. But I can never be sure
that I've eradicated the problem. My management insists that I be sure.
> You have very high expectations of you think all home users and
> all small business owners have images, original media,
True. Thus one needs to find all those things on the web first. It also
ensures that you have the latest versions of everything.
Licensing is usually a bigger problem. If you ask the user for a copy of
the licence file that was emailed to them, usually they don't even know
what you are talking about.
--
http://pages.videotron.com/duffym/index.htm
Message has been deleted
Message has been deleted
Mike Duffy
Nov 22, 2014, 6:51:03 PM11/22/14
to
On Sat, 22 Nov 2014 19:31:36 +0000 (UTC), Dustin wrote:
> That's what software based toolkit discs/usb sticks are for.
> [...]
> I've been taking advantage of the wsus program to create windows
> update discs for various flavors. I've got DRP always at the ready,
> [...]. Keep a few ISOS of various OSs too.
Good advice. I guess you need to have a callular connection in case there
is no network port / Wifi available as well. I was sort of thinking about
going into freelance PC repair, but I think my work experience was too
narrow to be able to do a proper job. If someone says "My facebook ...." it
doesn't really matter much how the sentence ends, my response would
probably not be appreciated.
> USB sticks [...] badbios (I don't have actual code sample for this,
> and i'm not convinced the version the author claimed to have
> encountered actually exists) malware concept.
I'm of split opinion on this. On the one hand, it seems possible. On the
other, it would be extremely difficult to make it work across different USB
chipsets. But those Chinese are very clever. And if you had given me a
description of how Stuxnet works before it became known, I would have said
that it had a snowball's chance in Hell to actually do as intended.
--
http://pages.videotron.com/duffym/index.htm
> That's what software based toolkit discs/usb sticks are for.
> [...]
> I've been taking advantage of the wsus program to create windows
> update discs for various flavors. I've got DRP always at the ready,
> [...]. Keep a few ISOS of various OSs too.
Good advice. I guess you need to have a callular connection in case there
is no network port / Wifi available as well. I was sort of thinking about
going into freelance PC repair, but I think my work experience was too
narrow to be able to do a proper job. If someone says "My facebook ...." it
doesn't really matter much how the sentence ends, my response would
probably not be appreciated.
> USB sticks [...] badbios (I don't have actual code sample for this,
> and i'm not convinced the version the author claimed to have
> encountered actually exists) malware concept.
I'm of split opinion on this. On the one hand, it seems possible. On the
other, it would be extremely difficult to make it work across different USB
chipsets. But those Chinese are very clever. And if you had given me a
description of how Stuxnet works before it became known, I would have said
that it had a snowball's chance in Hell to actually do as intended.
--
http://pages.videotron.com/duffym/index.htm
Message has been deleted
Mike Duffy
Nov 22, 2014, 8:00:05 PM11/22/14
to
On Sun, 23 Nov 2014 00:12:15 +0000 (UTC), Dustin wrote:
> Mike Duffy <md_...@videotron.ca> wrote in
> news:m4r7go$htr$1...@dont-email.me:
> There's the occasional shady job request too. Someone has you come
> [...] load this commercial spyware program on it and configure it,
> [...] lawyer needs proof he or she is cheating
I would just refuse. You call it shady, but in some places it's illegal.
(I.e. look up "joint" possession, and I'm not speaking about doobies.)
> Hopefully, your name never comes up in the impending legal fight.
Tempers can run hot in this sort of case. You're probably safer just
landing a charge for illegal wiretapping, or whatever the computer-related
term is in your jurisdiction.
> If you had it's description, you wouldn't have said that.
> [...] You would likely have sounded the alarm. :)
I'll rephrase. Given that the targets were isolated from the Internet,
infection had to happen via CD/s USBs. It seems to me that whoever was in
charge (of no less than top secret nuclear program computers) was way more
lax than I would expect.
--
http://pages.videotron.com/duffym/index.htm
> Mike Duffy <md_...@videotron.ca> wrote in
> news:m4r7go$htr$1...@dont-email.me:
> There's the occasional shady job request too. Someone has you come
> [...] load this commercial spyware program on it and configure it,
> [...] lawyer needs proof he or she is cheating
I would just refuse. You call it shady, but in some places it's illegal.
(I.e. look up "joint" possession, and I'm not speaking about doobies.)
> Hopefully, your name never comes up in the impending legal fight.
Tempers can run hot in this sort of case. You're probably safer just
landing a charge for illegal wiretapping, or whatever the computer-related
term is in your jurisdiction.
> If you had it's description, you wouldn't have said that.
> [...] You would likely have sounded the alarm. :)
I'll rephrase. Given that the targets were isolated from the Internet,
infection had to happen via CD/s USBs. It seems to me that whoever was in
charge (of no less than top secret nuclear program computers) was way more
lax than I would expect.
--
http://pages.videotron.com/duffym/index.htm
Message has been deleted
~BD~
Nov 23, 2014, 7:45:28 AM11/23/14
to
> news:m4rbi7$bq5$1...@dont-email.me:
> for people... It's not proper to turn all jobs down though.
> Sometimes, you have to take whats offered. Anyone who does techie on
> the go style repair has probably experienced things like this before.
> It seems to be more and more common, actually.
Do you recall telling folk about a software programme for use in the
motor repair industry which costs $1000's dollars each year.
IIRC, you said you had 'stolen' it (obtained it - for free - by
hacking?) and sold it on to some of your 'shady' customers for peanuts.
Is that correct, Dustin?
I suspect Mike isn't fully au fait with your criminal activity!
>> Tempers can run hot in this sort of case. You're probably safer
>> just landing a charge for illegal wiretapping, or whatever the
>> computer-related term is in your jurisdiction.
>
> LOL. Ayep.
> People so trust them, though.
I very much doubt that Mike would be surprised, Dustin. I do, sincerely,
hope that you and your Happy Hacker Industries (HHI) friends are not
involved in such activity.
"In New York City alone, the thieves responsible for A.T.M. withdrawals
struck 2,904 machines over 10 hours starting on Feb. 19, withdrawing
$2.4 million.
The operation included *sophisticated computer experts* operating in the
*shadowy world of Internet hacking*, manipulating financial information
with the stroke of a few keys, as well as common street criminals, who
used that information to loot the automated teller machines."
http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?pagewanted=all&_r=0
I suppose such activity would be a doddle for you, Dustin! ;-)
-
>
>> On Sun, 23 Nov 2014 00:12:15 +0000 (UTC), Dustin wrote:
>>
>>> Mike Duffy <md_...@videotron.ca> wrote in
>>> news:m4r7go$htr$1...@dont-email.me:
>>
>>
>>> There's the occasional shady job request too. Someone has you
>>> come [...] load this commercial spyware program on it and
>>> configure it, [...] lawyer needs proof he or she is cheating
>>
>> I would just refuse. You call it shady, but in some places it's
>> illegal. (I.e. look up "joint" possession, and I'm not speaking
>> about doobies.)
>
> I sometimes question the legality of things I'm sometimes asked to do
>> On Sun, 23 Nov 2014 00:12:15 +0000 (UTC), Dustin wrote:
>>
>>> Mike Duffy <md_...@videotron.ca> wrote in
>>> news:m4r7go$htr$1...@dont-email.me:
>>
>>
>>> There's the occasional shady job request too. Someone has you
>>> come [...] load this commercial spyware program on it and
>>> configure it, [...] lawyer needs proof he or she is cheating
>>
>> I would just refuse. You call it shady, but in some places it's
>> illegal. (I.e. look up "joint" possession, and I'm not speaking
>> about doobies.)
>
> for people... It's not proper to turn all jobs down though.
> Sometimes, you have to take whats offered. Anyone who does techie on
> the go style repair has probably experienced things like this before.
> It seems to be more and more common, actually.
Do you recall telling folk about a software programme for use in the
motor repair industry which costs $1000's dollars each year.
IIRC, you said you had 'stolen' it (obtained it - for free - by
hacking?) and sold it on to some of your 'shady' customers for peanuts.
Is that correct, Dustin?
I suspect Mike isn't fully au fait with your criminal activity!
>> Tempers can run hot in this sort of case. You're probably safer
>> just landing a charge for illegal wiretapping, or whatever the
>> computer-related term is in your jurisdiction.
>
>
>> I'll rephrase. Given that the targets were isolated from the
>> Internet, infection had to happen via CD/s USBs. It seems to me
>> that whoever was in charge (of no less than top secret nuclear
>> program computers) was way more lax than I would expect.
>
> Ayep. You'd be surprised about the ATM machines around the world too.
>> I'll rephrase. Given that the targets were isolated from the
>> Internet, infection had to happen via CD/s USBs. It seems to me
>> that whoever was in charge (of no less than top secret nuclear
>> program computers) was way more lax than I would expect.
>
> People so trust them, though.
I very much doubt that Mike would be surprised, Dustin. I do, sincerely,
hope that you and your Happy Hacker Industries (HHI) friends are not
involved in such activity.
"In New York City alone, the thieves responsible for A.T.M. withdrawals
struck 2,904 machines over 10 hours starting on Feb. 19, withdrawing
$2.4 million.
The operation included *sophisticated computer experts* operating in the
*shadowy world of Internet hacking*, manipulating financial information
with the stroke of a few keys, as well as common street criminals, who
used that information to loot the automated teller machines."
http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?pagewanted=all&_r=0
I suppose such activity would be a doddle for you, Dustin! ;-)
-
FromTheRafters
Nov 23, 2014, 8:39:31 AM11/23/14
to
Mike Duffy was thinking very hard :
[...]
> I'll rephrase. Given that the targets were isolated from the Internet,
> infection had to happen via CD/s USBs. It seems to me that whoever was in
> charge (of no less than top secret nuclear program computers) was way more
> lax than I would expect.
I would give him the benefit of the doubt, it is the power of the true
virus to jump that gap.
[...]
> I'll rephrase. Given that the targets were isolated from the Internet,
> infection had to happen via CD/s USBs. It seems to me that whoever was in
> charge (of no less than top secret nuclear program computers) was way more
> lax than I would expect.
virus to jump that gap.
Message has been deleted
~BD~
Nov 23, 2014, 3:31:27 PM11/23/14
to
On 23/11/2014 15:34, Dustin wrote:
> ~BD~ <~BD~@nomale.afraid.org> wrote in
> news:TeidnbG7f_J7S-zJ...@bt.com:
http://web.archive.org/web/20071207062813/http://www.aumha.net/viewtopic.php?t=26668
>> I suspect Mike isn't fully au fait with your criminal activity!
>
> I won't pretend to speak for others.
> hundred percent honest.. Yea, if I wanted an ATM under my control, I
> could do it. I wouldn't need help, either.
>
> Is that what you wanted to know for sure?
Yes.
> have I done it? Yes, but I was paid by the owner of said ATM to try.
> I didn't do anything shady and i've *never* used my abilities to rip
> one off. Alot of them are running a variant of windows. If you can
> code, you can.. well, do what you want with it, once your code is
> loaded on it. You can do that via the network, or physical access
> thru either an optical drive or usb port. It works very similar to a
> POS configuration with a locked drawer (the money distribution
> robot).
Too technical for me. :-(
> I'm being careful to be.. vague and not helpful with any specific
> details that can't already be found elsewhere. I'm not interested in
> teaching anyone how to steal actual cash.
I'm delighted to hear you say so! :-)
> ~BD~ <~BD~@nomale.afraid.org> wrote in
> news:TeidnbG7f_J7S-zJ...@bt.com:
>
>> IIRC, you said you had 'stolen' it (obtained it - for free - by
>> hacking?) and sold it on to some of your 'shady' customers for
>> peanuts. Is that correct, Dustin?
>
> lulz. You wish you had the skill. Wheres the MID?
>> IIRC, you said you had 'stolen' it (obtained it - for free - by
>> hacking?) and sold it on to some of your 'shady' customers for
>> peanuts. Is that correct, Dustin?
>
http://web.archive.org/web/20071207062813/http://www.aumha.net/viewtopic.php?t=26668
>> I suspect Mike isn't fully au fait with your criminal activity!
>
>
>> I suppose such activity would be a doddle for you, Dustin! ;-)
>
> All cards on the table, all joking aside... to be completely and one
>> I suppose such activity would be a doddle for you, Dustin! ;-)
>
> hundred percent honest.. Yea, if I wanted an ATM under my control, I
> could do it. I wouldn't need help, either.
>
> Is that what you wanted to know for sure?
Yes.
> have I done it? Yes, but I was paid by the owner of said ATM to try.
> I didn't do anything shady and i've *never* used my abilities to rip
> one off. Alot of them are running a variant of windows. If you can
> code, you can.. well, do what you want with it, once your code is
> loaded on it. You can do that via the network, or physical access
> thru either an optical drive or usb port. It works very similar to a
> POS configuration with a locked drawer (the money distribution
> robot).
Too technical for me. :-(
> I'm being careful to be.. vague and not helpful with any specific
> details that can't already be found elsewhere. I'm not interested in
> teaching anyone how to steal actual cash.
I'm delighted to hear you say so! :-)
~BD~
Nov 23, 2014, 7:08:56 PM11/23/14
to
On 23/11/2014 15:34, Dustin wrote:
> ~BD~ <~BD~@nomale.afraid.org> wrote in
> news:TeidnbG7f_J7S-zJ...@bt.com:
>
> ~BD~ <~BD~@nomale.afraid.org> wrote in
> news:TeidnbG7f_J7S-zJ...@bt.com:
>
>> IIRC, you said you had 'stolen' it (obtained it - for free - by
>> hacking?) and sold it on to some of your 'shady' customers for
>> peanuts. Is that correct, Dustin?
>
>> hacking?) and sold it on to some of your 'shady' customers for
>> peanuts. Is that correct, Dustin?
>
> lulz. You wish you had the skill. Wheres the MID?
Here: Message-ID: <XnsA2B6DACB4694DC9...@94.75.214.90>
"I cracked and sold a commercial app that's worth thousands for a measily
five cnotes a copy. Money isn't a primary purpose for me, Eagle. I wasn't
raised like that.
Get what you need to survive and have a bit of fun. Otherwise, you don't
need to be greedy. Want another easy example? Most/all of the software I've
written throughout the years was either outright free for noncommercial and
commercial use and/or had a very small lifetime registration but was
entirely on the honor system.
The program was fully functional already and wouldn't expire or reduce
features if you decided not to register it. They didn't even tell you they
were unregistered or beg/ask you to register them. I just didn't do that."
>> I suspect Mike isn't fully au fait with your criminal activity!
>
> I won't pretend to speak for others.
[....]
No need. Mike can read for himself! :-)
D.
Message has been deleted
Message has been deleted
Jax
Nov 24, 2014, 12:26:28 PM11/24/14
to
Mike Duffy <md_...@videotron.ca> wrote in
news:m4nphu$3gb$1...@dont-email.me:
>
> Dustin wrote:
>>
>>
>> For a non techie individual who hasn't built hundreds of
>> machines, sure. But, I could rebuild one of these machines
>> practically blindfolded.
>
> I estimate several thousand during my career. Each system was
> different in terms of hardware and installed programs, so a master
> image was out of the question.
>
> And because we were obliged to use the lastest drivers and
> versions of all software, I found that using system images for
> each PC ended up creating more work than it saved.
Mike that's a helluvalot of PCs.... I'm impressed! :)
> Dustin wrote:
>>
>>
>> For a non techie individual who hasn't built hundreds of
>> machines, sure. But, I could rebuild one of these machines
>> practically blindfolded.
>
> I estimate several thousand during my career. Each system was
> different in terms of hardware and installed programs, so a master
> image was out of the question.
>
> And because we were obliged to use the lastest drivers and
> versions of all software, I found that using system images for
> each PC ended up creating more work than it saved.
--
Jax
0 new messages