Pages:
Author

Topic: Are you a worm/trojan/virus expert? (Read 4964 times)

sr. member
Activity: 350
Merit: 250
April 29, 2012, 11:11:26 PM
#43
Download this .iso http://thepiratebay.se/torrent/7180951/Windows_XP_Professional_SP3_32-bit_-_Black_Edition_2012.4.12

Install virtualbox
Create VM, install XP black edition .iso in it, then save it as a snapshot.
Now feel free to play around with sketchy xbox pirate code generators and other malware because who cares, just reload from snapshot if something happens. Or use RollbackRX if the system doesn't have enough memory to run a vm stable.



sr. member
Activity: 410
Merit: 250
April 28, 2012, 11:41:08 PM
#42
No problem.  At work I am much more security minded, not so much for my personal stuff.  I have a couple systems that I'm running currently that were once infected, however none of those systems contain anything very sensitive.  If you do banking or have bitcoins on an infected computer I'd recommend wiping it to be sure.  If you aren't too paranoid about it I think you'll be fine installing Microsoft Security Essentials, Malwarebytes and a rootkit scanner (GMER or sophos? haven't looked at it in awhile).  If they all come up clean make sure you scan periodically and it's unlikely you'll have any issues in my opinion.

Also after a malwarebytes scan be sure to read what it found.  Often times it'll find some adware that isn't nearly as concerning as finding trojans/keyloggers etc.
member
Activity: 105
Merit: 10
Always follow the Road Less Traveled
April 28, 2012, 09:52:36 AM
#41
Thanks Amencon.  What happened was, I was setting up one of my towers for my son in-law, he got excited when I was at work thinking the system was complete and starting trying to download code generators thru utorrent.  When I got home he was in the middle of two downloads, I killed them but too late.  I found 7 malware with malwarebytes.   Angry

I eradicated them, as far as I can tell, but I have 3 drives on this comp.  c, d and a mirror back up.  I really don't want to wipe it out.  I have windows 7.  Do you guys think I'm ok?

I have heard of piratebay Smiley .  I just don't usually get my programs this way, that is why I had to ask.

EDIT:  4 of the infections were found in the registry
sr. member
Activity: 410
Merit: 250
April 28, 2012, 04:28:36 AM
#40
Hmm forgot to check back on this.

Tiptop I assume your issue has been long resolved however for the symptoms you described (BSOD and the error message) I'd try running cmd prompt as administrator, putting XP OS CD in drive and run command "sfc /scannow".  If it finds any system files that appear to have compromised integrity it will replace them with the original versions.

After that reboot and load off the XP CD, on the first screen choose "R" to bring up the recovery console and from the command prompt run "CHKDSK C: /R" (assuming you use C as primary drive).

As others have said it's sometimes best to just nuke it from orbit (wipe/reload XP) but with these issues I hate doing it as it feels like admitting defeat.  There are a few other things you can try if the above don't help.

Bitcoin113: Very interesting that ComboFix deleted bitcoin related stuff and good to know for the future.  Glad you didn't lose more than a fraction of a coin.

Freeway: uTorrent is as safe as the files you download with it.  Since all the files you get are shared P2P there are no guarantees that they aren't infected.  A way to mitigate the risk is only download torrents from thepiratebay.org from "trusted" users (they'll have a skull icon near their name ironically).  Another thing that will help is after every download prior to launching the downloaded file scan it with malwarebytes.  You can do this easily by browsing to it and right clicking the folder or file and the option should show up in the menu options.  
member
Activity: 105
Merit: 10
Always follow the Road Less Traveled
April 27, 2012, 10:34:10 AM
#39
If you only need the code generator, run it in a VM.  If you need to patch your app, well,.. buy it. Or find a free alternative.
Thanks. 
hero member
Activity: 518
Merit: 500
April 27, 2012, 10:20:34 AM
#38
EDIT:  Is there a safe way to obtain a code generator or are they always a virus?

code generators and activation 'patches' are almost always identified as viruses, particularly if you enable heuristics in the AV. And yet often they arent, but how can one know? 

If you only need the code generator, run it in a VM.  If you need to patch your app, well,.. buy it. Or find a free alternative.
member
Activity: 105
Merit: 10
Always follow the Road Less Traveled
April 27, 2012, 10:02:14 AM
#37
If you running windows no reason you can't be running a rollback software like RollbackRX or some such similar.
SandboxIE for your browser.
WinMHR to scan for non rootkit files, kicks any individual AV's arse.
Delete/Remove Java, Flash, anything Adobe.
Create a new profile in Firefox.

Thank you.  I had never heard of Rollback Rx.  I know this is prob a silly question.  Malwarebytes removed 7 infections.  Should I still do these other procedures?

I know.  Prob yes.  Just trying to save a few hours.   Undecided

EDIT:  Is there a safe way to obtain a code generator or are they always a virus?
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
April 27, 2012, 04:01:56 AM
#36
If you running windows no reason you can't be running a rollback software like RollbackRX or some such similar.
SandboxIE for your browser.
WinMHR to scan for non rootkit files, kicks any individual AV's arse.
Delete/Remove Java, Flash, anything Adobe.
Create a new profile in Firefox.
member
Activity: 105
Merit: 10
Always follow the Road Less Traveled
April 27, 2012, 01:00:09 AM
#35
Malwarebytes
MSE
CCleaner

Clear all your webbrowsers (chrome, IE, firefox, all of them) of cookies, history, and everything! Then run all three programs.

Okay.  Malwarebytes is running now.  So far 7 infections just on Chrome.  Guess it will be a long night.
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
April 27, 2012, 12:37:36 AM
#34
Malwarebytes
MSE
CCleaner

Clear all your webbrowsers (chrome, IE, firefox, all of them) of cookies, history, and everything! Then run all three programs.
member
Activity: 105
Merit: 10
Always follow the Road Less Traveled
April 27, 2012, 12:13:21 AM
#33
And what is emule???  I found it and deleted it, but???
member
Activity: 105
Merit: 10
Always follow the Road Less Traveled
April 27, 2012, 12:12:07 AM
#32
Reinstall windows dude. Its the only way to be sure.
Just noticed that he has XP... Unfortunately, I must agree with this statement.
So if you are running Windows 7, would you have to re-install?  Or no?  I am curious because my son-in-law started playing/downloading stuff for x-box gold and micro-soft points, attempting to get "free codes" on one of my computers that is not partitioned nor protected, using utorrent.   

I am running scans now, (517 errors Sad ), was awesome to find the malwarebytes link, thank you, I will run that next.

I guess my question is, is utorrent safe?  Is bittorrent better?  What about freenet or darknet?  Or should I tell him just stay the f... off of there and go to? .... He is trying to find codes for free or discounted.  Is this even legal?  If not, and he continues to use my computer, if I partitioned of an area off the hard drive just for him, would it affect me?

Any info is appreciated.  Thank you
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
January 22, 2012, 10:31:27 PM
#31
Seriously, fuck XP - it is slow as dog shit and just as insecure. Uses admin accounts with full privs by default, which is likely how you got infected to start with.

Windows 7 is leaps and bounds better than XP, even if only from a security perspective.
sr. member
Activity: 266
Merit: 250
The king and the pawn go in the same box @ endgame
January 22, 2012, 05:51:57 PM
#30
I'm just going to answer the first part of the OP:

Are you a worm/trojan/virus

Yes.

you a L33tHackers.com forum member by chance?
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
January 22, 2012, 03:26:05 AM
#29
I'm just going to answer the first part of the OP:

Are you a worm/trojan/virus

Yes.
sr. member
Activity: 266
Merit: 250
The king and the pawn go in the same box @ endgame
January 22, 2012, 02:54:10 AM
#28
Haha, I wouldn't worry about it but it would be my first donation. Send here if you like:

19x2RUBSXzgBsD5HVsW5HZHiGvMzjuReF7

kicked .02 your way. now i can say I put my 2 cents in! Cheesy
hero member
Activity: 728
Merit: 500
January 22, 2012, 02:49:11 AM
#27
Haha, I wouldn't worry about it but it would be my first donation. Send here if you like:

19x2RUBSXzgBsD5HVsW5HZHiGvMzjuReF7
sr. member
Activity: 266
Merit: 250
The king and the pawn go in the same box @ endgame
January 22, 2012, 02:41:06 AM
#26
Combofix deleted everything related to bitcoin for me. I lost .01 BTC.

Does anyone know why it would do this?

no idea, but if it makes you feel better, ill kick a bitcent your way!
hero member
Activity: 728
Merit: 500
January 22, 2012, 12:13:37 AM
#25
Combofix deleted everything related to bitcoin for me. I lost .01 BTC.

Does anyone know why it would do this?
sr. member
Activity: 266
Merit: 250
The king and the pawn go in the same box @ endgame
January 21, 2012, 08:58:37 PM
#24
any one want to bet that the file share program (emule) is being used as a bot communication relay to communicate with the botmaster hijacking his computer
Pages:
Jump to: