|
Shredder posted:Is there a standalone virus scanner I can throw on a USB stick? Doesn't have to be free, but that would be nice. http://portableapps.com/apps/utilities/clamwin_portable Free for personal AND commercial use. Just make sure you update it regularly. EDIT: For hopeless-seeming cases (or cases that are extremely time-critical), Reimage, a system that basically systematically scans your system from a boot disc and does a sort of selective repair. It's very, very thorough, and is very very good at fixing errors, including viruses and rootkits that prevent normal Windows use. The catch? You have to pay for each repair (repairs which don't work are reversible and refundable). $30 for one, with bulk discounts available as well as a $150/month all-you-can-eat plan if you find yourself needing it a lot. It's basically a robot technician and can, when it works, fix in 30 minutes what might take hours to identify and do by hand. univbee fucked around with this message at 05:56 on Mar 10, 2009 |
#
?
Mar 10, 2009 05:38
|
|
|
|
| # ? May 29, 2024 07:56 |
|
|
Midelne posted:WINANTIVIRUS2009 INFOSTEALER DOT BANKER Slow-Scan Shep fucked around with this message at 00:18 on Mar 12, 2009 |
|
#
?
Mar 10, 2009 07:03
|
|
|
Got a lovely little one the other week. It's dubbed the recycler virus. It comes via remote media, usually memory sticks or hard drives. The blighter sneaks in via auto-run, which I had turned off so it kicked in when I double clicked on my mate's drive. It's dubbed thee for it placing RECYCLER into every drive along with an autorun.ini on every drive it finds. On top of that it seems to enjoy making weird redirects in Firefox. Links in google will open a new tab going to some odd search thing and any links to spybot return null. There was some addon or something buried into Firefox, first time I've seen firefox actually inflicted by something. Along with that there's the usual rootkit. Thankfully it was easy to fix. Had to boot into OSX and rip out anything and everything that appeared to be associated with it, along with shredding any left behind registry keys and re-installing virus scanners and spybot. Malwarebytes picked it up, AVG and Spybot didn't.
|
|
#
?
Mar 10, 2009 10:57
|
|
|
A bit unrelated, but can a DVD burner overwrite already burned areas? I am a bit paranoid and fears a virus that not only wipes your drives, but also destroys any DVDRs that you use on the system, rendering any backups useless.
|
|
#
?
Mar 10, 2009 13:26
|
|
|
ymgve posted:A bit unrelated, but can a DVD burner overwrite already burned areas? I am a bit paranoid and fears a virus that not only wipes your drives, but also destroys any DVDRs that you use on the system, rendering any backups useless. If you burn your disks with multisession off, then the data is written there permanently. A virus wont (physically) destroy your dvd disks, but if you burn already infected data, then your backups may just be good for nothing.
|
|
#
?
Mar 10, 2009 14:19
|
|
|
Usually IsoBuster will allow you to get data off of multi-session disks, even in the eventuality that was described a few posts up (assuming malware could accomplish this, sorry, I don't understand optical media like I probably should.
|
|
#
?
Mar 10, 2009 16:55
|
|
|
ymgve posted:A bit unrelated, but can a DVD burner overwrite already burned areas? I am a bit paranoid and fears a virus that not only wipes your drives, but also destroys any DVDRs that you use on the system, rendering any backups useless. I'm pretty sure unless the drive recognizes the disc as RW, it won't bother trying to write over anything.
|
|
#
?
Mar 11, 2009 03:45
|
|
|
I got a scare the other day when NOD32 was saying it had blocked several viruses. No idea where they came from, but it prompted me to do a full scan which found a few more. All were quarantined. (I also use Spybot search and destroy with it's TeaTimer thing) I haven't had any actual problems (thankfully) other than a random restart the other day. No slowdowns, no weird pop-ups, no weird links, and so on, but I'm still worried something could be lurking, especially since some of these viruses (some sort of trojan, Winsky I think?) were found in my Windows system folder. What would be the best plan to really do an intense search? SuperAntiSpyware, MalwareBytes, anything else? Do I need to disable my antivirus or anything when I run them? Also, how useful really is NoScript in blocking all these nasty things on the internet? I use it and I'm really picky about what I allow, only sites I know and even then only if I REALLY REALLY need to since most sites run fine even with all scripts disabled. But I worry I may have let in something bad by mistake.
|
|
#
?
Mar 11, 2009 13:05
|
|
|
Customer Service posted:Also, how useful really is NoScript in blocking all these nasty things on the internet? I use it and I'm really picky about what I allow, only sites I know and even then only if I REALLY REALLY need to since most sites run fine even with all scripts disabled. But I worry I may have let in something bad by mistake. NoScript, like many tools, is precisely as useful as you, the user, allow it to be. If you specifically allow a malicious script to execute, NoScript will not protect you because you told it not to. Otherwise it's better than just about any other single protective tool to allow browsing in relative safety.
|
|
#
?
Mar 11, 2009 14:48
|
|
|
Customer Service posted:I got a scare the other day when NOD32 was saying it had blocked several viruses. No idea where they came from, but it prompted me to do a full scan which found a few more. All were quarantined. (I also use Spybot search and destroy with it's TeaTimer thing) There was a really bad false positive the other night which quarantined a lot of system files. It's probably related to that. http://www.wilderssecurity.com/showthread.php?t=235606
|
|
#
?
Mar 11, 2009 16:59
|
|
|
Oh, it looks like that may have been it then. (The files aren't in quarantine anymore so it must have fixed itself) Man, I knew it was suspicious since I hadn't clicked or downloaded anything. That's a relief, thank you for pointing it out!
|
|
#
?
Mar 11, 2009 21:57
|
|
|
Customer Service posted:Oh, it looks like that may have been it then. (The files aren't in quarantine anymore so it must have fixed itself) They pushed out another update removing them from quarantine so you should be fine 
|
|
#
?
Mar 12, 2009 04:43
|
|
|
My computer has been running like crap since that false positive, and NOD32 keeps crashing constantly, frequently taking my ability to explore the web with it until I quit the process in task manager. We'll see if the recent update has fixed the problem, but none of later updates, at least up until this morning, seemed to have fixed the problem.
|
|
#
?
Mar 12, 2009 05:29
|
|
|
brc64 posted:If somebody can provide me with a working link to some vundo, antivirus 2009 or other common nasty poo poo, I'd really like to test that out in my VM. http://sunbeltblog.blogspot.com is good for picking up the domains and IPs of new infections. shredder posted:Is there a standalone virus scanner I can throw on a USB stick? Doesn't have to be free, but that would be nice. Sunbelt just recently released a stand-alone self executing scanner for their VIPRE software at http://live.sunbeltsoftware.com . Works very well if the system is absolutely frozen from virus/spyware and an install is not possible. WebDog posted:Got a lovely little one the other week. Good lord, this thing has been floating around our 3 antivirus and data backup machines in the shop, and managed to attach to all our thumb drives and external drives. I finally had to go through all the systems and reimage them, install SteadyState, comb through all the external data drives via OSX and clean them out, and require all tech to use thumb drives ONLY with write-protect switches on them. It also added itself to any CD put in the system via Windows built-in CD burning program. FCKGW fucked around with this message at 17:08 on Mar 12, 2009 |
|
#
?
Mar 12, 2009 17:05
|
|
|
We ran into a virus very much like MSBLAST. It restarts the computer every boot up after a count down of one minute. BUT it also removed administrative tools, the ability to edit services or go into service properties. Can't even edit file options on an administrator account. Is this some mutant form of msblast? That works on XP service pack 2 as well! Anybody else saw anything like this? Or have any tips on how to clean it out? Fixblast does not work. We are pretty stumped. It appeared on one computer so far and We want to contain the spread.
|
|
#
?
Mar 12, 2009 20:00
|
|
|
Cyberdud posted:We are pretty stumped. It appeared on one computer so far and We want to contain the spread. Login as domain user, command line, runas /user:administrator "shutdown -a", enter password, shutdown aborted even if the system is in a state such that aborting the shutdown might be unwise. Dial-a-fix might be able to help you with the restrictions, but you'll need to remove the virus first or it'll probably just get reapplied.
|
|
#
?
Mar 12, 2009 20:11
|
|
|
You could also just set the date back a year to get 365 more days til shutdown 
|
|
#
?
Mar 12, 2009 23:55
|
|
|
BorderPatrol posted:You could also just set the date back a year to get 365 more days til shutdown Requires logging in as admin on a lot of (most? all?) domains, not ideal for an infected machine these days.
|
|
#
?
Mar 13, 2009 00:18
|
|
|
Cyberdud posted:We ran into a virus very much like MSBLAST. It restarts the computer every boot up after a count down of one minute. BUT it also removed administrative tools, the ability to edit services or go into service properties. Can't even edit file options on an administrator account. I encountered something like this, and it was windows messenger messing things up. It looked like the sasser thing, it even said lsass. But I knew it couldn't be, because this was Vista. Reinstalled messenger and it went away.
|
|
#
?
Mar 13, 2009 01:25
|
|
|
Cojawfee posted:I encountered something like this, and it was windows messenger messing things up. It looked like the sasser thing, it even said lsass. But I knew it couldn't be, because this was Vista. Reinstalled messenger and it went away. Uh, lsass.exe isn't a virus, worm, or any such thing. However, sasser exploited a vulnerability in lsass.
|
|
#
?
Mar 13, 2009 01:36
|
|
|
m2pt5 posted:Uh, lsass.exe isn't a virus, worm, or any such thing. However, sasser exploited a vulnerability in lsass. I think theres no lsass on Vista, thus viruses targeting it may create that exe and slip by because people are used to seeing it.
|
|
#
?
Mar 13, 2009 14:01
|
|
|
Chunky Monkey posted:I think theres no lsass on Vista, thus viruses targeting it may create that exe and slip by because people are used to seeing it. lsass.exe is running on my Win7 laptop. You just have to click the "Show Processes from all users" button. I'm assuming the same is true in Vista. Edit: And I am quite sure I'm virus free.
|
|
#
?
Mar 13, 2009 16:13
|
|
|
kapinga posted:lsass.exe is running on my Win7 laptop. You just have to click the "Show Processes from all users" button. I'm assuming the same is true in Vista. You should probably flatten and re-install from known good media just to be safe.
|
|
#
?
Mar 13, 2009 16:24
|
|
|
ZyrKx posted:You should probably flatten and re-install from known good media just to be safe. Also request new media if the process comes back.
|
|
#
?
Mar 13, 2009 22:55
|
|
|
What the hell is this http://www.reddit.com/r/reddit.com/comments/84tvr/warning_to_redditors_torrentzcom_my_favorite/
|
|
#
?
Mar 15, 2009 23:20
|
|
|
DrPlump posted:What the hell is this http://www.reddit.com/r/reddit.com/comments/84tvr/warning_to_redditors_torrentzcom_my_favorite/ The first comment on that is pure loving gold. quote:Now that you've read this, you must FORWARD it to at least 5 PEOPLE or the VIRUS/MALWARE will infect your computer and make it SUCK OUT YOUR SOUL while you are sleeping.
|
|
#
?
Mar 15, 2009 23:56
|
|
|
DrPlump posted:What the hell is this http://www.reddit.com/r/reddit.com/comments/84tvr/warning_to_redditors_torrentzcom_my_favorite/ It's called sheep hysteria. Usually happens when someone who don't know what the gently caress they're talking about start spouting off about poo poo they don't understand, trying to seemingly appear to be an expert on the topic at hand, so they make poo poo up as they go along.
|
|
#
?
Mar 15, 2009 23:58
|
|
|
Basically someone buys an ad on a site and uses some flash exploit to load some form of vundo on your computer. What I want to know is, why do sites blindly accept flash ads from people?
|
|
#
?
Mar 16, 2009 03:15
|
|
|
Cojawfee posted:Basically someone buys an ad on a site and uses some flash exploit to load some form of vundo on your computer. What I want to know is, why do sites blindly accept flash ads from people? Because doing so makes them money. Everyone with the technical skills to figure out how they got the malware are probably already using adblock. Everyone else will continue to use the site.
|
|
#
?
Mar 16, 2009 05:27
|
|
|
It also only seems to happen in IE as well. Though, maybe it happens in firefox, but I always have adblock and noscript enabled in that. But in chrome, when I to to a site that has a vundo attack, it brings up a red screen and I instinctively close the tab without thinking.
|
|
#
?
Mar 16, 2009 05:30
|
|
|
Cojawfee posted:It also only seems to happen in IE as well. Though, maybe it happens in firefox, but I always have adblock and noscript enabled in that. But in chrome, when I to to a site that has a vundo attack, it brings up a red screen and I instinctively close the tab without thinking. Every time I get one of those "Your PC is infected" messages I just open process explorer and kill IE. Haven't got a virus yet. *crosses fingers*
|
|
#
?
Mar 16, 2009 13:15
|
|
|
Chunky Monkey posted:Every time I get one of those "Your PC is infected" messages I just open process explorer and kill IE. Haven't got a virus yet. *crosses fingers* Run Vundofix and see if that's the case. You might very well be surprised.
|
|
#
?
Mar 16, 2009 14:46
|
|
|
Computer Issues Again, Ugh!!!! posted:All was well last night at 10:30 with the computer. This morning, there is something preventing us from going onto our desktops. We try to go to a desktop and are immediately advised we are "shutting down" - placing us back to the desktop selection screen after seeing a glimpse of our wallpaper. The anti-virus software you placed on the computer is identifying several trojan viruses. I click on the buttons to "heal" them or remove them. *sigh*
|
|
#
?
Mar 16, 2009 15:43
|
|
|
devmd01 posted:*sigh* I've been seeing that around a lot lately. I can't say that I particularly enjoy seeing it either.
|
|
#
?
Mar 16, 2009 16:09
|
|
|
Midelne posted:I've been seeing that around a lot lately. I can't say that I particularly enjoy seeing it either. I ran into it last week on a co-workers laptop, wouldn't even let you in under safe mode. Since it was a company laptop, I just booted to a PE cd, copied his excel files off to a flash drive, and reimaged. This, however, presents a bit more of a challenge. As mentioned previously, my parents are a good 1000+ miles away and they are not the most technical, so this is going to be an exercise in frustration. Thankfully, I just checked their NAS and the backup jobs are current, so all of their files are available. What I'll probably end up doing is creating a slipstreamed SP3 disk with all of their drivers, wget it to their NAS from my home server, and then talk my dad through burning the disk off with Imgburn using his work laptop. Or, just convince them to get a new computer altogether since theirs is 5+ years old.
|
|
#
?
Mar 16, 2009 17:54
|
|
|
Have fun preventing users from clicking on this one:quote:Malware authors have incorporated technology designed to find the geographic location of prospective marks as a tactic to enable more convincing social engineering scams. If Waledac is using it, seems likely we can expect to see a lot more of this tactic in similar worms. I wish there were some way to accurately measure malware clickthrough successes based on presented rationale for the user clicking the link -- I'm sure porn would be pretty high up there, but you have to admit that a "radioactive bomb blast in <nearby town here>" would be pretty hard to resist for the average user. I don't think I'd click it even half-asleep, but I'd sure as hell Google for news reports.
|
|
#
?
Mar 16, 2009 20:07
|
|
|
I'd expect to get phone calls, or see it on the internet or on TV or something. Especially something as big as a radioactive bomb going off near me. But I guess people are dumb enough to click on an email from someone they don't even know to get their local news. How do they word the email? They can't use IPs to determine a location in an email. Do they just say "Bomb exploded in the united states!" and then OH NOES IT JUST HAPPENS TO BE NEAR ME! Oh well, I'll never understand how some viruses manage to trick people. It all comes down to people admitting that they are retarded and refuse to learn the basics of computer use. And don't realize that internet explorer opened up a fake My Computer window and My Computer is performing a function that it never has before (scanning for viruses). I'd like to meet the guy that came up with that one. Cojawfee fucked around with this message at 20:23 on Mar 16, 2009 |
|
#
?
Mar 16, 2009 20:20
|
|
|
Cojawfee posted:It all comes down to people admitting that they are retarded and refuse to learn the basics of computer use. And don't realize that internet explorer opened up a fake My Computer window and My Computer is performing a function that it never has before (scanning for viruses).
|
|
#
?
Mar 16, 2009 20:54
|
|
|
brc64 posted:Most novice users are instructed to follow the instructions on the screen, and all they know about viruses is that they are all over the Internet (you hear about them on the news and everything). Combined with the fact that new computers are bundled with all kinds of crap these days, including programs that don't use the standard Windows UI, most users have no idea if a window that pops up is legitimate or not, so they just do what they've been trained to do... follow the instructions on the screen. Unless you are a child, I don't see how anyone could be novice user anymore. The internet and computers have been super mainstream since the late nineties. It all comes down to seeing the word "technology" and refusing to learn anything about it because it must be really hard. Which is why people still have devices that blink 12 and unplug their phone when a thunderstorm rolls through.
|
|
#
?
Mar 17, 2009 01:56
|
|
|
|
| # ? May 29, 2024 07:56 |
|
|
Just got off the phone with my Dad...their computer exhibits the exact same issues as my coworker's laptop last week, can't even get into safe mode. SO IT BEGINS. Man I love the NSLU2 and the Unslung firmware, it has removed 90% of the headache involved with talking someone through a  over 1000 miles away.
|
|
#
?
Mar 17, 2009 03:04
|
|