Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?
New Posts  All Forums:Forum Nav:

How can I get rid of this nasty virus? - Page 8

post #71 of 85
Quote:
Originally Posted by ezveedub View Post
Mothers, daughters, GFs always seem to find those really unique malware files don't they?
Dear God, yes. I've fixed all of their computers more times than i can count. Its always the malware and rootkits that need to be removed by formatting, wiping, and reinstalling. Never easy.
post #72 of 85
Quote:
Originally Posted by ezveedub View Post
I have never been infected by adding a HHD to be scanned this way in years. Maybe if you start launching stuff from it or boot up with it connected, maybe, but I always connect them once the working/scanning PC is ready to scan the drive.
Quote:
Originally Posted by Monocog007 View Post
Dear God, yes. I've fixed all of their computers more times than i can count. Its always the malware and rootkits that need to be removed by formatting, wiping, and reinstalling. Never easy.
Because people dont close the holes first or try to remove them in safe mode when they dont load
post #73 of 85
Quote:
Originally Posted by Spooony View Post
Because people dont close the holes first or try to remove them in safe mode when they dont load
Safe mode is a joke for the nasty ones.
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
post #74 of 85
Quote:
Originally Posted by Ipwnnubletz View Post
Lolque? Norton IS the best. Anyone who says otherwise is just on the Norton hating bandwagon, and there's no basis for that.

Anyway, run a boot time scan so it scans before the OS completely loads.
Trololololol.
post #75 of 85
Personally? I'd nuke the site from orbit.

(read: Wipe everything and reinstall from recovery media, then lock it down and apply security updates)
4690K System
(12 items)
 
HTPC
(9 items)
 
HP dv6 laptop
(13 items)
 
CPUMotherboardGraphicsRAM
Core i5 4690K ASRock Z97 Extreme4 XFX Radeon 7950 32 GB DDR3-2133 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO SSD Samsung DVD/CD-writer Corsair Hydro H60 Windows 7 
MonitorMonitorPowerCase
ASUS PA248Q Dell U2412M XFX 850W Black Edition XXX Fractal Design Arc Midi 2 
CPUMotherboardGraphicsRAM
Pentium Dual Core E6700 MSI G41M-P33 Combo ATI HD4350 Kingston ValueRAM DDR3-1333 
RAMHard DriveOSMonitor
Kingston ValueRAM DDR3-1333 WD Caviar Blue Windows 7 64-bit Sony 32" TV set 
Case
Apex TX-381 
CPUGraphicsRAMHard Drive
Core i5 430M GT230M (1 Gb dedicated) 8 GB DDR3-1066 640 GB 
OSMonitor
Windows 7 Home Premium (64-bit) 15.6" 
  hide details  
Reply
4690K System
(12 items)
 
HTPC
(9 items)
 
HP dv6 laptop
(13 items)
 
CPUMotherboardGraphicsRAM
Core i5 4690K ASRock Z97 Extreme4 XFX Radeon 7950 32 GB DDR3-2133 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO SSD Samsung DVD/CD-writer Corsair Hydro H60 Windows 7 
MonitorMonitorPowerCase
ASUS PA248Q Dell U2412M XFX 850W Black Edition XXX Fractal Design Arc Midi 2 
CPUMotherboardGraphicsRAM
Pentium Dual Core E6700 MSI G41M-P33 Combo ATI HD4350 Kingston ValueRAM DDR3-1333 
RAMHard DriveOSMonitor
Kingston ValueRAM DDR3-1333 WD Caviar Blue Windows 7 64-bit Sony 32" TV set 
Case
Apex TX-381 
CPUGraphicsRAMHard Drive
Core i5 430M GT230M (1 Gb dedicated) 8 GB DDR3-1066 640 GB 
OSMonitor
Windows 7 Home Premium (64-bit) 15.6" 
  hide details  
Reply
post #76 of 85
Quote:
Originally Posted by Quantum Reality View Post
Personally? I'd nuke the site from orbit.

(read: Wipe everything and reinstall from recovery media, then lock it down and apply security updates)
What happens if its a worm running on your network?
Quote:
Originally Posted by Drobomb View Post
Safe mode is a joke for the nasty ones.
So True
post #77 of 85
Assuming this is likely a home network with one or two computers as opposed to a corporate IT issue, the remedy of scorched earth is easier.
4690K System
(12 items)
 
HTPC
(9 items)
 
HP dv6 laptop
(13 items)
 
CPUMotherboardGraphicsRAM
Core i5 4690K ASRock Z97 Extreme4 XFX Radeon 7950 32 GB DDR3-2133 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO SSD Samsung DVD/CD-writer Corsair Hydro H60 Windows 7 
MonitorMonitorPowerCase
ASUS PA248Q Dell U2412M XFX 850W Black Edition XXX Fractal Design Arc Midi 2 
CPUMotherboardGraphicsRAM
Pentium Dual Core E6700 MSI G41M-P33 Combo ATI HD4350 Kingston ValueRAM DDR3-1333 
RAMHard DriveOSMonitor
Kingston ValueRAM DDR3-1333 WD Caviar Blue Windows 7 64-bit Sony 32" TV set 
Case
Apex TX-381 
CPUGraphicsRAMHard Drive
Core i5 430M GT230M (1 Gb dedicated) 8 GB DDR3-1066 640 GB 
OSMonitor
Windows 7 Home Premium (64-bit) 15.6" 
  hide details  
Reply
4690K System
(12 items)
 
HTPC
(9 items)
 
HP dv6 laptop
(13 items)
 
CPUMotherboardGraphicsRAM
Core i5 4690K ASRock Z97 Extreme4 XFX Radeon 7950 32 GB DDR3-2133 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO SSD Samsung DVD/CD-writer Corsair Hydro H60 Windows 7 
MonitorMonitorPowerCase
ASUS PA248Q Dell U2412M XFX 850W Black Edition XXX Fractal Design Arc Midi 2 
CPUMotherboardGraphicsRAM
Pentium Dual Core E6700 MSI G41M-P33 Combo ATI HD4350 Kingston ValueRAM DDR3-1333 
RAMHard DriveOSMonitor
Kingston ValueRAM DDR3-1333 WD Caviar Blue Windows 7 64-bit Sony 32" TV set 
Case
Apex TX-381 
CPUGraphicsRAMHard Drive
Core i5 430M GT230M (1 Gb dedicated) 8 GB DDR3-1066 640 GB 
OSMonitor
Windows 7 Home Premium (64-bit) 15.6" 
  hide details  
Reply
post #78 of 85
Quote:
Originally Posted by Quantum Reality View Post
Assuming this is likely a home network with one or two computers as opposed to a corporate IT issue, the remedy of scorched earth is easier.
So you are going to nuke both pc's?
post #79 of 85
Quote:
Originally Posted by Spooony View Post
Zeus is a bot.
Ive got the Zeus source code. You can get it for free now


Malware use vulnerabilities to bypass securities. A link or autorun file on the disk means it will be run. Never scan such a infected drive from a normal windows boot. Rather use another system and make use of a boot cd. Flash drives malware can copy itself over.
Yes it has been used to add clones to DoS bots. But it incorporates a rootkit.
"The DIY “exe builder” for the Zeus Trojan can be bought online for just $4,000. Each Zeus Trojan it builds incorporates a kernel level rootkit, which means it can hide from even the most advanced security"
Yes, the Zeus package is not the most complex rootkit but it is widely distributed.
I know it is available for free, but it really doesn't help to publish that information. Being Readily available may persuade "Nefarious users" into incorporating some of it features. This is far from ideal. A prudent security posture would indicate the facts but leave out enough details so it can not be incorporated by less skilfull individuals. There is enough problems with malware already
Edited by Kmon - 8/6/11 at 9:20am
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #80 of 85
Quote:
Originally Posted by Kmon View Post
Yes it has been used to add clones to DoS bots. But it incorporates a rootkit.
"The DIY “exe builder†for the Zeus Trojan can be bought online for just $4,000. Each Zeus Trojan it builds incorporates a kernel level rootkit, which means it can hide from even the most advanced security"
Yes, the Zeus package is not the most complex rootkit but it is widely distributed.
I know it is available for free, but it really doesn't help to publish that information. Being Readily available may persuade "Nefarious users" into incorporating some of it features. This is far from ideal. A prudent security posture would indicate the facts but leave out enough details so it can not be incorporated by less skilfull individuals. There is enough problems with malware already
Those that don’t want to sell malware sell themeans to help build malware:

• ZoPack
• El‐Fiesta
• IcePack
• Neosploit
• AdPack
• Zeus
Few examples

55% of Zeus‐infected systems had up‐to‐date AV
• User‐friendly
• Attacker can search collected data for cookies, files, contents of HTTP requests, FTP logons, etc.
• The files collected by Zeus were typically stored on compromised servers
• Sold for as low as $250 (with support!)
• One variant ran on Amazon’s EC2 cloud

How do they get by us?
Golden‐ball syndrome – Prey on our weaknesses!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?