Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Virus from obscure program.
New Posts  All Forums:Forum Nav:

Virus from obscure program. - Page 2

post #11 of 19
Quote:
Originally Posted by FattyMcFatFatFatty View Post

Ermmm.... Like I said I'm pretty noob still at security. I just blocked outgoing connections and it took down my internet haha, any advice on how to set up my firewall properly? I'm on win7 just using the default windows firewall

Windows firewall with advanced security is where you can go to open or close ports but I wouldn't mess with that unless your familiar with it, you have to create a rule etc.

If you were using internet explorer I would beef up your settings such as enabling TLS, enable do not track, and beefing up your security zones. You could always use tor if you wanted to be real security conscious along with a VPN.
post #12 of 19
Thread Starter 
Quote:
Originally Posted by pcmonky View Post

Windows firewall with advanced security is where you can go to open or close ports but I wouldn't mess with that unless your familiar with it, you have to create a rule etc.

If you were using internet explorer I would beef up your settings such as enabling TLS, enable do not track, and beefing up your security zones. You could always use tor if you wanted to be real security conscious along with a VPN.

Alright so I blocked outbound connections for my publlc profile, and my internet seems to be working fine now. So I think I should be good thumb.gif. Thanks for all the help guys!
Beatrix
(13 items)
 
  
CPUMotherboardGraphicsRAM
I5 3570k ASUS P8Z77-V AMD HD 7950 Samsung "Wonder ram" 
Hard DriveOptical DriveCoolingOS
WD Blue 1TB lol Hyper 212 EVO Win 7 Ult 64 bit 
MonitorPowerCaseMouse
Crossover 27Q Corsair HX750 Phantom 410 (red) DeathAdder 
Audio
MagnePlanar MMG/A700 
  hide details  
Reply
Beatrix
(13 items)
 
  
CPUMotherboardGraphicsRAM
I5 3570k ASUS P8Z77-V AMD HD 7950 Samsung "Wonder ram" 
Hard DriveOptical DriveCoolingOS
WD Blue 1TB lol Hyper 212 EVO Win 7 Ult 64 bit 
MonitorPowerCaseMouse
Crossover 27Q Corsair HX750 Phantom 410 (red) DeathAdder 
Audio
MagnePlanar MMG/A700 
  hide details  
Reply
post #13 of 19
Quote:
Originally Posted by FattyMcFatFatFatty View Post

Ermmm.... Like I said I'm pretty noob still at security. I just blocked outgoing connections and it took down my internet haha, any advice on how to set up my firewall properly? I'm on win7 just using the default windows firewall

Isn't the built-in windows firewall an incoming firewall? It prevents outside systems from initiating connections to your system.

With an outgoing firewall, it catches programs that are on your system that are trying to initiate connections to the outside world. So if you had a keylogger, for example, then an outgoing firewall would catch the outgoing request and ask you if you want to authorize it. An incoming firewall wouldn't block this because your system would initiate that request.

I'm not sure what outgoing firewalls are available for windows because I don't use it. I've heard of Zone Alarm, but I'm not sure how good it is.

By the way, is this keygen that you were trying to download ~600MB? I'm trying to get a sample so that I can see what it does.
post #14 of 19
Thread Starter 
Quote:
Originally Posted by The Hundred Gunner View Post

Isn't the built-in windows firewall an incoming firewall? It prevents outside systems from initiating connections to your system.

With an outgoing firewall, it catches programs that are on your system that are trying to initiate connections to the outside world. So if you had a keylogger, for example, then an outgoing firewall would catch the outgoing request and ask you if you want to authorize it. An incoming firewall wouldn't block this because your system would initiate that request.

I'm not sure what outgoing firewalls are available for windows because I don't use it. I've heard of Zone Alarm, but I'm not sure how good it is.

By the way, is this keygen that you were trying to download ~600MB? I'm trying to get a sample so that I can see what it does.

The keygen was inside of a ~600-700mb .iso, I linked it in the OP if you're interested in trying it in a sandbox
Beatrix
(13 items)
 
  
CPUMotherboardGraphicsRAM
I5 3570k ASUS P8Z77-V AMD HD 7950 Samsung "Wonder ram" 
Hard DriveOptical DriveCoolingOS
WD Blue 1TB lol Hyper 212 EVO Win 7 Ult 64 bit 
MonitorPowerCaseMouse
Crossover 27Q Corsair HX750 Phantom 410 (red) DeathAdder 
Audio
MagnePlanar MMG/A700 
  hide details  
Reply
Beatrix
(13 items)
 
  
CPUMotherboardGraphicsRAM
I5 3570k ASUS P8Z77-V AMD HD 7950 Samsung "Wonder ram" 
Hard DriveOptical DriveCoolingOS
WD Blue 1TB lol Hyper 212 EVO Win 7 Ult 64 bit 
MonitorPowerCaseMouse
Crossover 27Q Corsair HX750 Phantom 410 (red) DeathAdder 
Audio
MagnePlanar MMG/A700 
  hide details  
Reply
post #15 of 19
Are you sure this keygen was really a bad file? Most malware does not proclaim itself to be such, with lines like "Program cannot execute because this file is a virus."

Sounds more like your AV tried to stop the execution of the program, most likely a false positive.
SBD:
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte ga-z77x-up4 tb EVGA GTX 980 SC 32GB G.SKILL Trident X F3-1600C7Q-32GTX  
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro 256GB SSD Western Digtal 2TB RE4 Plextor 24x DL Burner ThermalTake Water 2.0 Extreme 
OSMonitorMonitorKeyboard
Windows 7 Pro 64-bit Acer XB270HU 2560x1440, IPS-type panel, 144hz, ... EIZO FG2421 1920x1080 VA 120Hz QuickFire Cherry Blue 
PowerCaseMouseMouse Pad
Lepa G1000 1kw Corsair 550D Logitech G400 Roccat Taito 
AudioAudio
Xonar Essence ST Niles SI-275 Amplifier 
  hide details  
Reply
SBD:
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte ga-z77x-up4 tb EVGA GTX 980 SC 32GB G.SKILL Trident X F3-1600C7Q-32GTX  
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro 256GB SSD Western Digtal 2TB RE4 Plextor 24x DL Burner ThermalTake Water 2.0 Extreme 
OSMonitorMonitorKeyboard
Windows 7 Pro 64-bit Acer XB270HU 2560x1440, IPS-type panel, 144hz, ... EIZO FG2421 1920x1080 VA 120Hz QuickFire Cherry Blue 
PowerCaseMouseMouse Pad
Lepa G1000 1kw Corsair 550D Logitech G400 Roccat Taito 
AudioAudio
Xonar Essence ST Niles SI-275 Amplifier 
  hide details  
Reply
post #16 of 19
Quote:
Originally Posted by FattyMcFatFatFatty View Post

The keygen was inside of a ~600-700mb .iso, I linked it in the OP if you're interested in trying it in a sandbox

A keygen doesn't sound like it should be ~600-700MB... That's why I wonder if this is actually a virus or a patched program.
Quote:
Originally Posted by Mygaffer View Post

Sounds more like your AV tried to stop the execution of the program, most likely a false positive.

That's what I was thinking. I think some patches/keygens behave like malware, so they get blocked by AV.
post #17 of 19
Quote:
Originally Posted by The Hundred Gunner View Post

A keygen doesn't sound like it should be ~600-700MB... That's why I wonder if this is actually a virus or a patched program.
That's what I was thinking. I think some patches/keygens behave like malware, so they get blocked by AV.

Speaking from experience, AV does treat key gens as malware, at least for one instance it did for me.
post #18 of 19
Quote:
Originally Posted by pcmonky View Post

Speaking from experience, AV does treat key gens as malware, at least for one instance it did for me.

Yes, I've also seen it from somebody downloading MATLAB bundled with a keygen.
post #19 of 19
Thread Starter 
They keygen is built into the iso, which contains the program that I was trying to install as well as the keygen. thats why its 700mbs, the keygen itself is probably less than a meg. The reason I believe it is a virus was because I couldn't delete the executable once I had run it, neither could avast.
Beatrix
(13 items)
 
  
CPUMotherboardGraphicsRAM
I5 3570k ASUS P8Z77-V AMD HD 7950 Samsung "Wonder ram" 
Hard DriveOptical DriveCoolingOS
WD Blue 1TB lol Hyper 212 EVO Win 7 Ult 64 bit 
MonitorPowerCaseMouse
Crossover 27Q Corsair HX750 Phantom 410 (red) DeathAdder 
Audio
MagnePlanar MMG/A700 
  hide details  
Reply
Beatrix
(13 items)
 
  
CPUMotherboardGraphicsRAM
I5 3570k ASUS P8Z77-V AMD HD 7950 Samsung "Wonder ram" 
Hard DriveOptical DriveCoolingOS
WD Blue 1TB lol Hyper 212 EVO Win 7 Ult 64 bit 
MonitorPowerCaseMouse
Crossover 27Q Corsair HX750 Phantom 410 (red) DeathAdder 
Audio
MagnePlanar MMG/A700 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Virus from obscure program.