anti malware

[Davros]

Today I fixed pc tools 2010 infection, its a pita as it blocks you running any programs
so tried to boot into safe mode to access the administrator account, only problem is the wasnt one or rather the normal account the user was using was the administrator account (not a user who is an administrator)
what fuckwit set this computer up like that ?

 

[Silent_Buddha]

Too funny, there's a lot of older people in Japan that I know of that do that. One step down from that is the people that have a seperate account but use the same password for both the administrator account and their own account.

Regards,
SB

 

[Davros]

An update:

today my browser crashed with the error message opera has crashed in modname ***** your browser will now close
where ***** is the name of a file ended in xhd i think

then about 5 seconds later my firewall popped up c:\documents and settings\davros\local settings\application data\vhjfghts\vhjfghts.exe wants to access the internet
I blocked it
then searched for the file killed the process deleted the file and also deleted the autorun entry it created

I searched for the file got no hits in google so i searched for the file that made opera crash and it turned out to be part of acrobat reader (responsible for letting you view pdf files in your browser)
and a known vunerability so i uninstalled acrobat and will use foxit or similar in future

thats how i recon i got infected in the first instance.

 

[Neb]

There is a free edition of A-Square DOS to burn into a disc. That way nothing can hamper your attempts. Just make sure to make it a deep scan. Then when it is done just start up OS and then run it again to clean out the Windows registry of malware traces.

 

[Davros]

Ive used a-squared in the past. good program

 

[Renny 722]

I keep having similar problems. Programs automatically download themselves onto my computer telling me that my computer is infected. It's happend a number of times (most recently it was called Antispyware). I downloaded malwarebytes and it removes the infection, but you have to run rkill before running MBAM. The virus makes it impossible to use internet explorer or any comp programs. Is there any software that will block these downloads? I have MBAM and Symantic on my computer now, but neither blocks the download

 

[Davros]

do you have acrobat reader
thats how i got infected
I would change it for another pdf viewer or at the very least disable the part that lets you view pdf files in a browser view them offline

 

[Mize]

Use noscript in Firefox or use a VirtualMachine app to run Explorer.

 

[Grall]

I keep having similar problems. Programs automatically download themselves onto my computer telling me that my computer is infected.

What kind of websites do you visit? Certain categories of sites are crap full of malware (heh, you can probably figure out yourself which ones that might be...

So to avoid malware, don't visit shady websites. And keep your system patched up using windows update. Avoid Adobe products if possible, acrobat and flash are giant security holes and Adobe's basically doing sweet fanny adams to fix them.

 

[Lightman]

A lot of my customers got this POS browsing social networking sites like Facebook.
Usually you click on a link to a pic or vid and then browser will open new window with stupid warning message that your computer is infected and to get rid of all the spyware just click HERE. Job done! Welcome Personal AntiVirus 20xx or whatever name it might have now.

Someone is making serious money out of this scam because they are releasing new and improved versions on a monthly basis or even faster!

Latest one redirects opening EXE files through itself so you can't start any software it knows might kill it! Clever thing!
After removing by MBAM the link to EXE is not valid so you're stuffed.
Luckily you still can create .reg file fixing EXE file association and doubleclik on it. Job done

I would throw creator of that scam into jail for the lifetime if I could!
This wasted so much of my time is beyond believe! (downside of offering comprehensive desktop support )

 

[Mize]

It's amazingly easy to avoid this crap if you disable scripts entirely (no script) or simply create a VM just for browsing...or run linux or osx or vista/W7 and don't give the users admin rights.

 

[Grall]

I would throw creator of that scam into jail for the lifetime if I could!
This wasted so much of my time is beyond believe! (downside of offering comprehensive desktop support )

Two of the people behind this exact scumware are in fact being prosecuted right now for fraud on the order of tens of millions of $. If convicted on all counts, they stand to serve 200+ years in jail.

Sorry I don't have a link in my back pocket, but sites like Ars Technica has covered this trial I believe. If you search around a bit there I'm sure you can find more information.

This will probably not stop this malware, I'm sure there are more people behind these two jokers who will continue ripping us off.

 

[Grall]

It's amazingly easy to avoid this crap if you disable scripts entirely (no script) or simply create a VM just for browsing...

It's not neccessary to disable scripts entirely, that will just fuck up a lot of websites. It's enough if you disable javascript's ability to forward you to a new page, then these tab hijackings don't work anymore.

Unfortunately, this only works in FF to my knowledge; Microsoft doesn't offer the ability to disable javascript forwarding in their browsers (GRRR!); nor does Chrome from what I can tell. Not sure about Opera or Safari as I've never used those two.

MS could do a lot to stop these forms of malware, but instead they choose to not really give a shit. The only uses I see of javascript forwarding is by evil ads (typically gambling) or malware like fake antivirus programs. No legitimate site uses this shit, as there's no real need for it.

Btw, cool you're posting again... Been busy?

 

[Davros]

Opera allows you to disable javascript

 

[Mize]

Btw, cool you're posting again... Been busy?

A couple weeks in Asia and a pile of work (business and personal) that grew while I was gone...

 

[Malo]

The problem is the enterprise area. My company needs IE for certain websites to function and none of the enterprise class AV systems are good enough to block this kind of shit. Even if they are these bozos update the trojans so fast it's hard for them to keep up.

I'm sick of dealing with these fake anti-virus infections, and of course none of the users know how they got them in the first place.

 

[Mize]

The problem is the enterprise area. My company needs IE for certain websites to function and none of the enterprise class AV systems are good enough to block this kind of shit. Even if they are these bozos update the trojans so fast it's hard for them to keep up.

I'm sick of dealing with these fake anti-virus infections, and of course none of the users know how they got them in the first place.

This make it tough. I will say that Untangle + eset have kept our office incident free for nearly 2 years...

But for this kind of thing you could deploy a VM'd IE. Of course download functionality would be gone, but it would be safe.

 

[Grall]

The problem is the enterprise area. My company needs IE for certain websites to function and none of the enterprise class AV systems are good enough to block this kind of shit.

Sandbox IE in a virtual machine that gets reset each time it is shut down. Then it won't matter how much shit you get infected with, it won't be able to do any harm anyway - have AV software installed all the same of course! - and a strong firewall to block any outgoing unauthorized communications any viruses might want to send out; spam, DDOS packets, copies of itself and so on.

 

[I.S.T.]

It's not neccessary to disable scripts entirely, that will just fuck up a lot of websites. It's enough if you disable javascript's ability to forward you to a new page, then these tab hijackings don't work anymore.

Unfortunately, this only works in FF to my knowledge; Microsoft doesn't offer the ability to disable javascript forwarding in their browsers (GRRR!); nor does Chrome from what I can tell. Not sure about Opera or Safari as I've never used those two.

MS could do a lot to stop these forms of malware, but instead they choose to not really give a shit. The only uses I see of javascript forwarding is by evil ads (typically gambling) or malware like fake antivirus programs. No legitimate site uses this shit, as there's no real need for it.

Btw, cool you're posting again... Been busy?

How do you disable that in Firefox? I can only see the option to disable Javascript.

 

[BRiT]

I think it's available via the NOSCRIPT FireFox Plugin/Addon.