anti malware

Discussion in 'PC Hardware, Software and Displays' started by Davros, Apr 1, 2010.

  1. Davros

    Legend

    Joined:
    Jun 7, 2004
    Messages:
    17,884
    Likes Received:
    5,334
    Today I fixed pc tools 2010 infection, its a pita as it blocks you running any programs
    so tried to boot into safe mode to access the administrator account, only problem is the wasnt one or rather the normal account the user was using was the administrator account (not a user who is an administrator)
    what fuckwit set this computer up like that ?
     
  2. Silent_Buddha

    Legend

    Joined:
    Mar 13, 2007
    Messages:
    19,426
    Likes Received:
    10,320
    Too funny, there's a lot of older people in Japan that I know of that do that. One step down from that is the people that have a seperate account but use the same password for both the administrator account and their own account.

    Regards,
    SB
     
  3. Davros

    Legend

    Joined:
    Jun 7, 2004
    Messages:
    17,884
    Likes Received:
    5,334
    An update:

    today my browser crashed with the error message opera has crashed in modname ***** your browser will now close
    where ***** is the name of a file ended in xhd i think

    then about 5 seconds later my firewall popped up c:\documents and settings\davros\local settings\application data\vhjfghts\vhjfghts.exe wants to access the internet
    I blocked it
    then searched for the file killed the process deleted the file and also deleted the autorun entry it created

    I searched for the file got no hits in google so i searched for the file that made opera crash and it turned out to be part of acrobat reader (responsible for letting you view pdf files in your browser)
    and a known vunerability so i uninstalled acrobat and will use foxit or similar in future

    thats how i recon i got infected in the first instance.
     
  4. Neb

    Neb Iron "BEAST" Man
    Legend

    Joined:
    Mar 16, 2007
    Messages:
    8,391
    Likes Received:
    3
    Location:
    NGC2264
    There is a free edition of A-Square DOS to burn into a disc. That way nothing can hamper your attempts. Just make sure to make it a deep scan. Then when it is done just start up OS and then run it again to clean out the Windows registry of malware traces.
     
  5. Davros

    Legend

    Joined:
    Jun 7, 2004
    Messages:
    17,884
    Likes Received:
    5,334
    Ive used a-squared in the past. good program
     
  6. Renny 722

    Newcomer

    Joined:
    May 12, 2010
    Messages:
    5
    Likes Received:
    0
    I keep having similar problems. Programs automatically download themselves onto my computer telling me that my computer is infected. It's happend a number of times (most recently it was called Antispyware). I downloaded malwarebytes and it removes the infection, but you have to run rkill before running MBAM. The virus makes it impossible to use internet explorer or any comp programs. Is there any software that will block these downloads? I have MBAM and Symantic on my computer now, but neither blocks the download
     
  7. Davros

    Legend

    Joined:
    Jun 7, 2004
    Messages:
    17,884
    Likes Received:
    5,334
    do you have acrobat reader
    thats how i got infected
    I would change it for another pdf viewer or at the very least disable the part that lets you view pdf files in a browser view them offline
     
  8. Mize

    Mize 3dfx Fan
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    5,079
    Likes Received:
    1,149
    Location:
    Cincinnati, Ohio USA
    Use noscript in Firefox or use a VirtualMachine app to run Explorer.
     
  9. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,176
    Location:
    La-la land
    What kind of websites do you visit? Certain categories of sites are crap full of malware (heh, you can probably figure out yourself which ones that might be... ;)

    So to avoid malware, don't visit shady websites. And keep your system patched up using windows update. Avoid Adobe products if possible, acrobat and flash are giant security holes and Adobe's basically doing sweet fanny adams to fix them.
     
  10. Lightman

    Veteran Subscriber

    Joined:
    Jun 9, 2008
    Messages:
    1,969
    Likes Received:
    963
    Location:
    Torquay, UK
    A lot of my customers got this POS browsing social networking sites like Facebook.
    Usually you click on a link to a pic or vid and then browser will open new window with stupid warning message that your computer is infected and to get rid of all the spyware just click HERE. Job done! Welcome Personal AntiVirus 20xx or whatever name it might have now.

    Someone is making serious money out of this scam because they are releasing new and improved versions on a monthly basis or even faster!

    Latest one redirects opening EXE files through itself so you can't start any software it knows might kill it! Clever thing!
    After removing by MBAM the link to EXE is not valid so you're stuffed.
    Luckily you still can create .reg file fixing EXE file association and doubleclik on it. Job done :wink:

    I would throw creator of that scam into jail for the lifetime if I could!
    This wasted so much of my time is beyond believe! (downside of offering comprehensive desktop support :sad:)
     
  11. Mize

    Mize 3dfx Fan
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    5,079
    Likes Received:
    1,149
    Location:
    Cincinnati, Ohio USA
    It's amazingly easy to avoid this crap if you disable scripts entirely (no script) or simply create a VM just for browsing...or run linux or osx or vista/W7 and don't give the users admin rights.
     
  12. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,176
    Location:
    La-la land
    Two of the people behind this exact scumware are in fact being prosecuted right now for fraud on the order of tens of millions of $. If convicted on all counts, they stand to serve 200+ years in jail. :lol:

    Sorry I don't have a link in my back pocket, but sites like Ars Technica has covered this trial I believe. If you search around a bit there I'm sure you can find more information.

    This will probably not stop this malware, I'm sure there are more people behind these two jokers who will continue ripping us off.
     
  13. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,176
    Location:
    La-la land
    It's not neccessary to disable scripts entirely, that will just fuck up a lot of websites. It's enough if you disable javascript's ability to forward you to a new page, then these tab hijackings don't work anymore.

    Unfortunately, this only works in FF to my knowledge; Microsoft doesn't offer the ability to disable javascript forwarding in their browsers (GRRR!); nor does Chrome from what I can tell. Not sure about Opera or Safari as I've never used those two.

    MS could do a lot to stop these forms of malware, but instead they choose to not really give a shit. The only uses I see of javascript forwarding is by evil ads (typically gambling) or malware like fake antivirus programs. No legitimate site uses this shit, as there's no real need for it.

    Btw, cool you're posting again... Been busy?
     
  14. Davros

    Legend

    Joined:
    Jun 7, 2004
    Messages:
    17,884
    Likes Received:
    5,334
    Opera allows you to disable javascript
     
  15. Mize

    Mize 3dfx Fan
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    5,079
    Likes Received:
    1,149
    Location:
    Cincinnati, Ohio USA
    A couple weeks in Asia and a pile of work (business and personal) that grew while I was gone...
     
  16. Malo

    Malo Yak Mechanicum
    Legend Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    8,931
    Likes Received:
    5,533
    Location:
    Pennsylvania
    The problem is the enterprise area. My company needs IE for certain websites to function and none of the enterprise class AV systems are good enough to block this kind of shit. Even if they are these bozos update the trojans so fast it's hard for them to keep up.

    I'm sick of dealing with these fake anti-virus infections, and of course none of the users know how they got them in the first place.
     
  17. Mize

    Mize 3dfx Fan
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    5,079
    Likes Received:
    1,149
    Location:
    Cincinnati, Ohio USA
    This make it tough. I will say that Untangle + eset have kept our office incident free for nearly 2 years...

    But for this kind of thing you could deploy a VM'd IE. Of course download functionality would be gone, but it would be safe.
     
  18. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,176
    Location:
    La-la land
    Sandbox IE in a virtual machine that gets reset each time it is shut down. Then it won't matter how much shit you get infected with, it won't be able to do any harm anyway - have AV software installed all the same of course! - and a strong firewall to block any outgoing unauthorized communications any viruses might want to send out; spam, DDOS packets, copies of itself and so on.
     
  19. I.S.T.

    Veteran

    Joined:
    Feb 21, 2004
    Messages:
    3,174
    Likes Received:
    389

    How do you disable that in Firefox? I can only see the option to disable Javascript.
     
  20. BRiT

    BRiT (>• •)>⌐■-■ (⌐■-■)
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    20,516
    Likes Received:
    24,424
    I think it's available via the NOSCRIPT FireFox Plugin/Addon.
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...