Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Spoof anti-virus software
New Posts  All Forums:Forum Nav:

Spoof anti-virus software - Page 9

post #81 of 92
Quote:
Originally Posted by Deegan;13257234 
when i inspect customers computers i also ask them to bring any and all thumbsticks and usb storage devices they use on their pc's. i have found several of my customers were being reinfected within a week or so because their usb sticks were infected and as soon as they used them the problem would start over again. some of those fake scanners would install hidden crap onto their external devices and just reinstall or initiate once the stick was plugged in. just a suggestion on how it might come back for some folks. i have also found rkill to be a super usefull tool in combating these fake scanners. once it is ran i usually have little or no problem cleaning up the remnants.

do you just use MBA/anti-virus to scan the flash drives and external storage? or do you have an alternative tool?
 
MacBook Pro 6.1
(16 items)
 
Server
(19 items)
 
CPUMotherboardGraphicsRAM
Core i7 Q720 Asus ATI Mobility Radeon HD 5870 1GB DDR5 12 GB DDR3 
Hard DriveOSMonitorKeyboard
Seagate Momentus XT 500GB 7200RPM & Seagate 750... Windows 7 Ultimate x64 17.3" LED LCD Factory 
PowerCaseMouseMouse Pad
Factory Factory Logitech G9X Mine 
CPUMotherboardGraphicsGraphics
Intel Core i5 MacBook Pro 6.1 17" Intel HD Graphics NVIDIA GeForce GT 330M 
RAMHard DriveOptical DriveCooling
4 GB DDR3 1067 MHz Hitachi HTS545050B9SA02 HL-DT-ST DVDRW GS23N Factory 
OSMonitorKeyboardPower
Mac OS X 10.6.8 17" LED Factory Factory 
CaseMouseMouse PadAudio
Factory Factory None Factory 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q9550 Abit IP35 Pro PNY VCQ290NVS-PCIEX16-PB Quadro NVS 290 256MB 64-b G.Skill F2-8000CL5D-4GBPQ 
Hard DriveHard DriveHard DriveHard Drive
Dell Perc5/i Samsung HD204UI Seagate Constellation ES SAS Drive Model: ST310... Hitachi Deskstar 
Hard DriveHard DriveOptical DriveCooling
Western Digital WD1002FAEX Black Western Digital Black 2 x ASUS DRW-2014L1T Corsair H50 
OSMonitorKeyboardPower
Windows Server 2008 R2 Standard x64 ASUS VK222U Black 22" 2ms Logitech G15 (Original) - U.S. Dvorak Layout Enermax INFINITI EIN720AWT 720w 
CaseMouseMouse Pad
LIAN LI V SERIES PC-V2100A Silver Aluminum ATX ... Logitech G9x Steven's Computer Service 
  hide details  
Reply
 
MacBook Pro 6.1
(16 items)
 
Server
(19 items)
 
CPUMotherboardGraphicsRAM
Core i7 Q720 Asus ATI Mobility Radeon HD 5870 1GB DDR5 12 GB DDR3 
Hard DriveOSMonitorKeyboard
Seagate Momentus XT 500GB 7200RPM & Seagate 750... Windows 7 Ultimate x64 17.3" LED LCD Factory 
PowerCaseMouseMouse Pad
Factory Factory Logitech G9X Mine 
CPUMotherboardGraphicsGraphics
Intel Core i5 MacBook Pro 6.1 17" Intel HD Graphics NVIDIA GeForce GT 330M 
RAMHard DriveOptical DriveCooling
4 GB DDR3 1067 MHz Hitachi HTS545050B9SA02 HL-DT-ST DVDRW GS23N Factory 
OSMonitorKeyboardPower
Mac OS X 10.6.8 17" LED Factory Factory 
CaseMouseMouse PadAudio
Factory Factory None Factory 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q9550 Abit IP35 Pro PNY VCQ290NVS-PCIEX16-PB Quadro NVS 290 256MB 64-b G.Skill F2-8000CL5D-4GBPQ 
Hard DriveHard DriveHard DriveHard Drive
Dell Perc5/i Samsung HD204UI Seagate Constellation ES SAS Drive Model: ST310... Hitachi Deskstar 
Hard DriveHard DriveOptical DriveCooling
Western Digital WD1002FAEX Black Western Digital Black 2 x ASUS DRW-2014L1T Corsair H50 
OSMonitorKeyboardPower
Windows Server 2008 R2 Standard x64 ASUS VK222U Black 22" 2ms Logitech G15 (Original) - U.S. Dvorak Layout Enermax INFINITI EIN720AWT 720w 
CaseMouseMouse Pad
LIAN LI V SERIES PC-V2100A Silver Aluminum ATX ... Logitech G9x Steven's Computer Service 
  hide details  
Reply
post #82 of 92
Quote:
Originally Posted by Tempest_Inc;13333125 
do you just use MBA/anti-virus to scan the flash drives and external storage? or do you have an alternative tool?

i just use a live os, then manually check flash drives. generally autoruns will be of most concern, followed by .exe's, and any other scripts.

generally people carry documents/music on their flashdrive.
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
post #83 of 92
i run several scanners in combination. malwarebytes misses stuff so i use spybot s&d after a full scan with mbam and i usually have spywareblaster always installed and updated. i see few problems with windows 7 and vista if they are properly updated. i see this stuff on mostly xp. and i rarely see people getting these things who have basic computer skills. another helpful bit of software is rootrepeal. i have had it get me out of a jam more than once when poeple were infected with rootkits. i also have most of my customers put all the things they want saved into one folder on their desktop labled SAVE or something along those lines just in case nothing works and its reformat time. i drag their stuff onto one of my drives and reformat. then i scan their folder with a couple things and return it to their pc.
    
CPUMotherboardGraphicsRAM
i5 6600k ASUS Maximus viii hero gtx 1070 16 gb Crucial Ballistix Sport 
Hard DriveCoolingOSMonitor
3 240 gb ssds + 2 2tb hdd for storage Corsair h100i Windows 10 64 bit 42" led lcd 
KeyboardPowerCase
logitech Corsair 850w DiyPC D480-BK 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5 6600k ASUS Maximus viii hero gtx 1070 16 gb Crucial Ballistix Sport 
Hard DriveCoolingOSMonitor
3 240 gb ssds + 2 2tb hdd for storage Corsair h100i Windows 10 64 bit 42" led lcd 
KeyboardPowerCase
logitech Corsair 850w DiyPC D480-BK 
  hide details  
Reply
post #84 of 92
Dr web live cd the best. Especially for file viruses. But if its something like Virut the longer the user used his pc with Virut on it you can kiss the data goodbye there's no disinfecting it. Its all corrupted.

For Usb there's a application which a Autorun.ini folder on the flashdrive itself and stop it from running automatically. Don't know exactly what its called but its called Stop Autorun on Usb devices in Hiron bootcd.

For rootkits there's only 1. That gmner. Nothing has withstand against its power. No av no malware nothing.

But most infections and spread of malware can be contained by not running your system in a single/user admin account.
If you look at major threats to computers, they are from user interaction with the Web through tools like browsers and email clients. If you are logged on with administrative privileges and are attacked, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, etc. Some malware works only because the user browsing the Web is an administrator. When logged on with administrative privileges, there is much less protection against modifications being made by intruders to system setup and configurations on your local system.

Always secure your own system by setting all daily use accounts to run with least privileges. The key is to log in as Administrator only when you need to install software or perform various other administrative tasks. This practice helps to minimize the risk of someone maliciously damaging a system’s configuration or infecting the machine with a virus or Trojan horse.

Always rename the administrator and the guest account and remove the Domain Account from the Local Administrators Group.
Don't assume you deleted a account and created a new limited users account the deleted account is gone. Anyone one or malware can still use the deleted account and run with its security tokens and its credentials.
Edited by Spooony - 5/1/11 at 3:39pm
post #85 of 92
My parents got one of these on their xp system. It was a real pain to get rid of.
    
CPUMotherboardGraphicsRAM
i5 2500k @4.0 Gigabyte GA-P67X-ud3 HIS 6950 2gb, unlocked to 6970 2x4gb Gskill Sniper 
Hard DriveOSMonitorKeyboard
60gb Vertex 2, 2x1tb f3 raid0 Win 7 64 Hannspree 23 inch IBM Model M 
PowerCaseMouse
xfx 650w Haf 912 Logitech g400 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5 2500k @4.0 Gigabyte GA-P67X-ud3 HIS 6950 2gb, unlocked to 6970 2x4gb Gskill Sniper 
Hard DriveOSMonitorKeyboard
60gb Vertex 2, 2x1tb f3 raid0 Win 7 64 Hannspree 23 inch IBM Model M 
PowerCaseMouse
xfx 650w Haf 912 Logitech g400 
  hide details  
Reply
post #86 of 92
Avast.
    
CPUMotherboardGraphicsRAM
Xeon w3680 Gigabyte X58A-UD3R GTX 295 Engineering Samples 2X Corsair XMS3 
Hard DriveHard DriveCoolingOS
Sandisk SSD Seagate Corsair H50 W7 Ult 
MonitorMonitorKeyboardCase
Viewsonic VA1912wb Viewsonic VA912b K350 CM HAF 
Mouse
Logitech M570 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Xeon w3680 Gigabyte X58A-UD3R GTX 295 Engineering Samples 2X Corsair XMS3 
Hard DriveHard DriveCoolingOS
Sandisk SSD Seagate Corsair H50 W7 Ult 
MonitorMonitorKeyboardCase
Viewsonic VA1912wb Viewsonic VA912b K350 CM HAF 
Mouse
Logitech M570 
  hide details  
Reply
post #87 of 92
got a new one for you kids biggrin.gif

password: ocn

OBVIOUSLY DO NOT DL THIS UNLESS YOU KNOW WHAT YOU ARE DOING. THIS IS FOR TESTING PURPOSES ONLY. THIS IS IN NO WAY ASSOCIATED WITH OCN MORE THEN SIMPLY HAVING AN OCN PASSWORD AS IT PLEDGES MY ALLEGIANCE TO THE ALL MIGHTY OCN.

edit: This is a vundo variant..
Edited by Greensystemsgo - 5/21/11 at 10:27pm
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
post #88 of 92
Quote:
Originally Posted by Greensystemsgo;13591437 
got a new one for you kids biggrin.gif

password: ocn

OBVIOUSLY DO NOT DL THIS UNLESS YOU KNOW WHAT YOU ARE DOING. THIS IS FOR TESTING PURPOSES ONLY. THIS IS IN NO WAY ASSOCIATED WITH OCN MORE THEN SIMPLY HAVING AN OCN PASSWORD AS IT PLEDGES MY ALLEGIANCE TO THE ALL MIGHTY OCN.

edit: This is a vundo variant..

You dont have stuxnet there? Still waiting for them to add it to metasploit.


Any malware removal starts with cleaning your temps folders and other garbage folders. It reduces scan and troubleshooting time. Uninstallation of older java versions as well and starting up your pc in normal start mode is important. Also uninstalling BHO like ask toolbar etc etc aswell before starting any cleaning
post #89 of 92
Quote:
Originally Posted by Greensystemsgo;13591437 
got a new one for you kids biggrin.gif

password: ocn

OBVIOUSLY DO NOT DL THIS UNLESS YOU KNOW WHAT YOU ARE DOING. THIS IS FOR TESTING PURPOSES ONLY. THIS IS IN NO WAY ASSOCIATED WITH OCN MORE THEN SIMPLY HAVING AN OCN PASSWORD AS IT PLEDGES MY ALLEGIANCE TO THE ALL MIGHTY OCN.

edit: This is a vundo variant..

I can't get it to work frown.gif It just crashes. Stupid virus...
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
post #90 of 92
Quote:
Originally Posted by .:hybrid:.;13593130 
I can't get it to work frown.gif It just crashes. Stupid virus...

Use Metasploit. Exploid
> Select your payload and off you go. I attack my own pc from inside a virtual machine with it its fun to play with
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Spoof anti-virus software