Oh my god! I was surfing the peopleofwalmart website and my system got infected with this Vista Antivirus Pro 2010 malware crap! I didn't click on anything, I was scrolling down the page by dragging the scroll bar on the right side when all of a sudden Internet Explorer closed and the stupid fake scan thing came up. I did my best to get rid of it but I couldn't, I ended up using the System Restore to restore to a point from earlier today.

But how does that damn Anti Virus Pro 2010 program install itself with no interaction from me? How can I stop it from happening again?

First: You use Internet Explorer. Download either Firefox/Opera/Safari/Chrome. They are all much better and safer than IE.


Second, download Avast http://www.avast.com/index. It's free and works wonders.

eesh Wrote:
-------------------------------------------------------
> First: You use Internet Explorer. Download either
> Firefox/Opera/Safari/Chrome. They are all much
> better and safer than IE.
>
>
> Second, download Avast http://www.avast.com/index.
> It's free and works wonders.


clearly you need to get the facts!

Quote
Windows Internet Explorer 8: Get the facts
Internet Explorer 8 takes the cake with better phishing and malware protection, as well as protection from emerging threats.

i mean, microsoft wouldnt lie to people, so IE is clearly the safest.

then again...

Quote
Windows Internet Explorer 8: Get the facts STRAIT
Here are even more ways Microsoft is clutching straws like a retarded monkey:

Internet Explorer 8 takes the cake when it comes to insecurity. I mean. ActiveX, in 2009? WTF people??

windows is also the safest operating system which is why so many people use it.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."



Edited 1 time(s). Last edit at 02/21/2010 08:18PM by Gravis.

I just got that crap, too, and I use Firefox exclusively. AVG, Adaware, etc. all failed to even detect it.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

Gravis, thank you for expanding on eesh's points.

MSDN Wrote:
-------------------------------------------------------
> Gravis, thank you for expanding on eesh's points.


yeah eesh is a real dummy. eesh said to download another browser but gravis just told us that internet explorer is the best and safest one to use. i thought gravis was a lunix fan but now he says windows is still the safest operating system. windows for the win!

I have seen this infect corporate computers behind a firewall have current antivirus definitions (good ol' Symnatec....ehhh) and that use content filtering. It's pretty insidious. I agree with the Firefox recommendation, unfortunately a lot of corporations still insist on using Microsloth.

Here's a guide on removing it:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-pro-2010

Which recommends Maelwarebytes, which is a great free program. I've heard mixed results about it being able to remove it however:
http://www.malwarebytes.org/

Windows 7 ftw.

trogdor! Wrote:
-------------------------------------------------------
> I agree with
> the Firefox recommendation, unfortunately a lot of
> corporations still insist on using Microsloth.

I use Firefox, and I still got it.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

Spybot Search and Destroy is also very good for this crap. I use it pretty extensively as I have a number of folks that get their computers infected from time to time.

http://www.spybotupdates.com/files/spybotsd162.exe

This is a link directly to the real download for the installer from the publisher. I have used this for years.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

MrMephisto Wrote:
-------------------------------------------------------
> trogdor! Wrote:
> --------------------------------------------------
> -----
> > I agree with
> > the Firefox recommendation, unfortunately a lot
> of
> > corporations still insist on using Microsloth.
>
> I use Firefox, and I still got it.

Do you have NoScript add-on installed? That is one of the only ways to be sure even with Firefox.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

I don't, but I'd like to know more.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

For whatever reason this add-on has become harder to find in the search results from Firefox. This is how I can test sites that install BS crap when I need to verify a bad web site.

https://addons.mozilla.org/en-US/firefox/addon/722

Anyway, when you first go to a site, it will not allow any scripting to run - period. Then you click on the options, or there will be a little graphic in the status bar that looks like a NO sign. You can then allow selected sites to run scripts, but not all.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University



Edited 2 time(s). Last edit at 02/23/2010 06:16AM by Registered Voter.

I had to laugh - in looking over the download page (over 62 million downloaded) the reviewers all give it 4-5 stars except for douchebags like this guy:

Quote

JS scripts are perfectly harmless, they can only read/edit dom, move windows, perform network calls, get pointer coord, and THAT'S ALL.
Therefore, this addon is completely useless, and is only based on a placebo of threat.
Don't download it, and don't get ads every week because of some supposed update.

Rated 1 out of 5 stars by Antwan86 on February 20, 2010

I have noticed on a couple of sites (it was interesting to see) they actually have checks now to see if NoScript is running, and if it is they modify the behavior of their web ads. So far it has not caused me any problems - but the folks that put this out update it fairly regularly and corrected for it once they noticed it.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University



Edited 1 time(s). Last edit at 02/22/2010 09:25AM by Registered Voter.

No ones ever gonna convince me that RV and Gravis dont share the same asshole.

Registered Voter...a Big talking coward..big man on FFXU...little man in life.

Vince:
-------------------------------------------------------
> No ones ever gonna convince me that RV and Gravis
> dont share the same asshole.


LOL!!

No ones ever gonna convince me that WTL and Meeper dont share Vince(1)'s asshole.

Thanks for the advice and pointers everyone! I use Kaspersky for my antivirus protection, but of course AV software doesn't do much against malware. Of course once this Vista Antivirus crap was on my system, MalwareBytes Antispyware wouldn't launch, I even tried renaming the executable, no go. In the end I was forced to use Windows System Restore, all good now and no data loss.

I'm so used to using IE with IE7Pro as an ad blocker, and it's worked well for a long time, but no more I guess. I do use an Ubuntu virtual machine for any dangerous web browsing, but I didn't think a site like PeopleofWalmart would be dangerous.

Oh well! At any rate, I just installed the netbook version of Ubuntu in VMWare, it looks nice, gonna go do some browsing with it now!

F You malware!

Registered Voter Wrote:
-------------------------------------------------------
> Anyway, when you first go to a site, it will not
> allow any scripting to run - period. Then you
> click on the options, or there will be a little
> graphic in the status bar that looks like a NOT
> sign.

the red slashed circle is "No" symbol, not a "Not" sign.

check it: http://en.wikipedia.org/wiki/No_symbol


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."



Edited 1 time(s). Last edit at 02/23/2010 12:00AM by Gravis.

Gravis Wrote:
-------------------------------------------------------
> Registered Voter Wrote:
> --------------------------------------------------
> -----
> > Anyway, when you first go to a site, it will
> not
> > allow any scripting to run - period. Then you
> > click on the options, or there will be a little
> > graphic in the status bar that looks like a NOT
> > sign.
>
> the red slashed circle is the international "No"
> sign, not a "Not" sign.
>
>

Did you understand what I posted? Exactly.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

i've always hated vista, xp all the way

Registered Voter Wrote:
-------------------------------------------------------
> Gravis Wrote:
> --------------------------------------------------
> > Registered Voter Wrote:
> > --------------------------------------------------
> > > Anyway, when you first go to a site, it will not
> > > allow any scripting to run - period. Then you
> > > click on the options, or there will be a little
> > > graphic in the status bar that looks like a NOT
> > > sign.
> >
> > the red slashed circle is the international "No"
> > sign, not a "Not" sign.
>
> Did you understand what I posted? Exactly.

yes i do understand what you posted.

you specifically referred to the the symbol in the status bar as a not sign when it's clearly a no symbol.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."
Attachments:

Here's a response for ya....

Wah!!

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

Win 7, IE8, my shit is virus, spyware, adware free. Why? Because I actually keep my shit patched.

And if you really want to surf porn, dude, use windows xp mode for your surfing. Who gives a fuck if a VM gets contaminated to hell and back. When it gets annoying, just copy the base image back over and voila, problem solved.

boredom Wrote:
-------------------------------------------------------
> Win 7, IE8, my shit is virus, spyware, adware
> free. Why? Because I actually keep my shit
> patched.
>
> And if you really want to surf porn, dude, use
> windows xp mode for your surfing. Who gives a
> fuck if a VM gets contaminated to hell and back.
> When it gets annoying, just copy the base image
> back over and voila, problem solved.


Well...Microsoft has a record of not releasing patches until the problem has gotten out of hand, like the recent patch after the Chinese hacks.

As far as IE8, even the recent patch doesn't make it as secure as Firefox or Opera IMHO.

eesh Wrote:
-------------------------------------------------------
> As far as IE8, even the recent patch doesn't make
> it as secure as Firefox or Opera IMHO.

This is still shitty advice, because Firefox does not protect against this particular piece of rogueware. Maybe installing the add-on RV suggested will help, but the base Firefox installation won't do anything.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

Well, since I use Firefox and Vista and yes, I go to some shady sites, I've never gotten serious malware, especially this particular Antivirus Pro.

I used to run ESET, but I switched to Avast and have never had any problems. I also run CCleaner every couple of days. I'm sure that helps a great deal.



It could be Mephisto, that it has to do with the operator of your computer. Computers with chickenshit douchebags that worry 24/7 about their internet honor tend to fry out. Bad things happen to bad people. :-(

Huh??

Registered Voter Wrote:
-------------------------------------------------------
> Here's a response for ya....
>
> Wah!!

eesh Wrote:
-------------------------------------------------------
> It could be Mephisto, that it has to do with the
> operator of your computer. Computers with
> chickenshit douchebags that worry 24/7 about their
> internet honor tend to fry out. Bad things happen
> to bad people. :-(

"Internet honor?" You spouted a bunch of blatant bullshit about me after your feelings got hurt, and I pointed out that you're lying.

"Chickenshit douchebag?" Dude, you've pulled the "I'm done with this site, goodbye" routine on three separate occasions, but you always come back under a different name. You edited out all of your Prada Denim posts so you couldn't be held accountable for them anymore, and used the CSS script to hide the rest of them. In case you don't remember, that was after you lied about going to the Middle East as Furfur.

Like I've said a billion times to you in the past, I'm more than ready to play nice as soon as you apologize for accusing me of revealing your personal info, then revealing my info in a misguided attempt at retaliation.

It's the easiest thing in the world. Just admit you were wrong, and we can move on.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

MrMephisto Wrote:
-------------------------------------------------------


> "Chickenshit douchebag?" Dude, you've pulled the
> "I'm done with this site, goodbye" routine on
> three separate occasions, but you always come back
> under a different name. You edited out all of
> your Prada Denim posts so you couldn't be held
> accountable for them anymore, and used the CSS
> script to hide the rest of them. In case you
> don't remember, that was after you lied about
> going to the Middle East as Furfur.
>
> Like I've said a billion times to you in the past,
> I'm more than ready to play nice as soon as you
> apologize for accusing me of revealing your
> personal info, then revealing my info in a
> misguided attempt at retaliation.
>
> It's the easiest thing in the world. Just admit
> you were wrong, and we can move on.


Oh Christ....

I see my little comment is going to derail an interesting and legitimate thread....I'll leave it at this; someone that uses inkahootz as a proxy to release my personal info is a fucking chickenshit douchebag.

You were the only one I revealed my name too, as I didn't trust anyone else on this site. My name gets revealed to the forum, it was, it still is, a legitimate suspicion. I came to you with the suspicion, you replied with "Kiss my balls, you deserve it." Suspicion confirmed.

Now get back to posting PMs and sending inkahootz more private info.

eesh Wrote:
-------------------------------------------------------
> You were the only one I revealed my name too, as I
> didn't trust anyone else on this site. My name
> gets revealed to the forum, it was, it still is, a
> legitimate suspicion. I came to you with the
> suspicion, you replied with "Kiss my balls, you
> deserve it." Suspicion confirmed.

Chickenshit, chickenshit, chickenshit.

eesh Wrote:
-------------------------------------------------------
> MrMephisto Wrote:
>
> >
> > So how much of what he's saying is true? Is
> > your
> > name really [redacted], and what other
> > aliases have you posted under?
>
> Yeah, I'm going to go on and say you are
> responsible for this. The original thread with my
> info said "looks like I trusted the wrong person."
>
> Glad to see you find it hilarious. I'm sure if
> someone was doing this to you, you would be
> bitchin left and right to Cary.

I only told you to kiss my balls after you continued to say I was responsible, after the many attempts to tell you otherwise.

I'm sorry I told you to kiss my balls. See? I'm even willing to take the first step here.

> Now get back to posting PMs and sending inkahootz
> more private info.

I don't reveal people's personal info, because I think that's completely without class. I'm only posting PMs because you insist on re-imagining what happened.

Come on, buddy. Let's be friends. It's easier on everyone that way.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

Great, posting more PMs, and you got so pissed off at inka when he did it to you. What a fucking hypocrite. It's cute how you don't post the PMs you sent me when you were obviously drunk, like "I'm not going to let you walk over me." Cry me a river tough guy.

It looks like you admit to revealing my name, as I said, you were the only one I gave it too. Thanks; it feels good to own up like a man, doesn't it?

It would be easier to imagine I was talking to a kid, maybe someone in their late teens. But you are as old as inkahootz, it's really sad and hilarious at the same time.



Edited 1 time(s). Last edit at 02/23/2010 01:41PM by eesh.

I have all the browsers on my test computers. All the browsers can be infected at the same rate. More people write viruses for Windows and IE than any other browser because IE is the most popular and installed all windows PCs.

The problem is also that popular Anti-virus programs are the anti-virus programs that most hackers will test with. No system is hack proof and anybody telling you that is full of BS.

IE works better on Windows systems because IE integrates better the windows operating system. If you don't want to run windows media player or other windows apps than the second best if Firefox. Firefox has some problems with sites that use media player. Firefox sometimes cannot recognize the mime types correctly, where IE adapts to the mime type.

It's best to have both IE and Firefox loaded; if you have problems in one, switch to the other.

FYI - Secure Government sites usually are running on a bastardized version of IE 6.



Edited 1 time(s). Last edit at 02/23/2010 01:52PM by Lurker..

eesh Wrote:
-------------------------------------------------------
> Great, posting more PMs, and you got so pissed off
> at inka when he did it to you. What a fucking
> hypocrite. It's cute how you don't post the PMs
> you sent me when you were obviously drunk, like
> "I'm not going to let you walk over me." Cry me a
> river tough guy.
>
> It looks like you admit to revealing my name, as I
> said, you were the only one I gave it too. Thanks;
> it feels good to own up like a man, doesn't it?
>
> It would be easier to imagine I was talking to a
> kid, maybe someone in their late teens. But you
> are as old as inkahootz, it's really sad and
> hilarious at the same time.

Wow.

Edit:

1. Since you asked, the full exchange was:

>I don't like fighting, but I'm
> not going to let you walk all over me

I do walk over you. Matter of fact, if I ever saw you, I would spit on you. I'm sure one jab to your back would send you into the fetal position. LOL

Tough guy, indeed.

2. How the hell could I have told inkahootz your real name when I had to ask you if that information was even true? That doesn't even make any sense.

3. You fucking met him in person during the whole Prada Denim thing. Why would I even need to tell him anything?

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.



Edited 1 time(s). Last edit at 02/23/2010 05:37PM by MrMephisto.

Lurker. Wrote:
-------------------------------------------------------
> I have all the browsers on my test computers. All
> the browsers can be infected at the same rate.
> More people write viruses for Windows and IE than
> any other browser because IE is the most popular
> and installed all windows PCs.


Gravis gave me a great link, the acid tests. IE failed big time, Firefox got 93/100 and Opera, Chrome, and Safari got 100.




> It's best to have both IE and Firefox loaded; if
> you have problems in one, switch to the other.

Safari and Chrome can handle any media player issues that Firefox can't. Anything is better the IE.

Lucy Wrote:
-------------------------------------------------------
> Oh my god! I was surfing the peopleofwalmart
> website and my system got infected with this Vista
> Antivirus Pro 2010 malware crap!

The People of Wal-Mart will do that to you.

---------------------------------------------------------------------------------
http://bible.cc/1_corinthians/13-11.htm

eesh Wrote:
-------------------------------------------------------
> Lurker. Wrote:
> --------------------------------------------------
> -----
> > I have all the browsers on my test computers.
> All
> > the browsers can be infected at the same rate.
> > More people write viruses for Windows and IE
> than
> > any other browser because IE is the most
> popular
> > and installed all windows PCs.
>
>
> Gravis gave me a great link, the acid tests. IE
> failed big time, Firefox got 93/100 and Opera,
> Chrome, and Safari got 100.

Safari is the best browser???? LMAO!

Lurker. Wrote:
-------------------------------------------------------

>
> Safari is the best browser???? LMAO!


No, I didn't say that. I personally hate its layout.

However, it runs circles around IE in security.

eesh Wrote:
-------------------------------------------------------
> Lurker. Wrote:
> --------------------------------------------------
> -----
>
> >
> > Safari is the best browser???? LMAO!
>
>
> No, I didn't say that. I personally hate its
> layout.
>
> However, it runs circles around IE in security.

Don't believe BS links. By the way, post this mysterious link that Gravis secretly sent you.



Edited 1 time(s). Last edit at 02/23/2010 03:23PM by Lurker..

http://www.acidtests.org/

eesh Wrote:
-------------------------------------------------------
> http://www.acidtests.org/

Funny.

I haven't run the acid test on IE 8 since the latest patch, but it never got past 70 when I tried it.

Like I said, Firefox got 93 and the other browsers got 100.

EDIT: Assuming the latest and greatest patches make it as safe as Firefox etc., it doesn't excuse Microsoft for waiting months to release patches, versus less than a day for the alternative browsers.



Edited 1 time(s). Last edit at 02/23/2010 03:42PM by eesh.

What a crock of rotten green fly-infested cowdung festering in the asscrack of Ted Kennedy's corpse.

Ian Hickson, who developed the test, works for Google http://ian.hixie.ch/career/resume.html, obviously a Microsoft loving company, which coincidentally use Webkit (the Safari engine) in Chrome.

The "acid test" is the equivalent of the rigged CRU computer code, which produces a "hockey stick" result regardless of the data that is input. In the case of the acid test, the predetermined outcome is: Microsoft Fail.

As Steve Jobs correctly pointed out, Google's "don't be evil" mantra is bullshit.

Hmmm... Wrote:
-------------------------------------------------------
> The "acid test" is the equivalent of the rigged
> CRU computer code, which produces a "hockey stick"
> result regardless of the data that is input. In
> the case of the acid test, the predetermined
> outcome is: Microsoft Fail.

Is this fact or personal theory?

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

acidtest.org is a bunch of javascripts that check the positioning of fonts and test recursive nodes. The code is probably test code from some Safari programmer. It does no testing for security holes. Who ever said it tests security was full of BS.

In general, acidtest is rigged to make Safari graphics and speed look good. My guess is the gay technical writer probably stole the code from some programmers at his Safari job or perhaps his two cats wrote it.

According to the webstats, by far, the highest group that visits the acidtest.org site are males 13-17. Do you think males 13-17 are the biggest group of computer professionals?

Lurker. Wrote:
-------------------------------------------------------

>
> According to the webstats, by far, the highest
> group that visits the acidtest.org site are males
> 13-17. Do you think males 13-17 are the biggest
> group of computer professionals?


LOL! According to "webstats", 50% of Fairfax Underground users are female, 38% are aged 35-49 http://www.fairfaxunderground.com/forum/read/40/219054/219064.html

LOL, all the stay at home Mom's lurking from the redistricting and Litsa PTA thread.

there has been a huge spike lately.



most of the people just pass by though.

"most of the people just pass by though"

With all the douchebaggery lately, can you imagine why?

496 Wrote:
-------------------------------------------------------
> "most of the people just pass by though"
>
> With all the douchebaggery lately, can you imagine
> why?


no joke, it truly is annoying and i apologize for being part of the problem in the past and not part of the solution.

bloody blisters Wrote:
-------------------------------------------------------
> i apologize for
> being part of the problem in the past and not part
> of the solution.


Buy a hybrid.




\
Attachments:

THheeeeeeanks

download AVG free addition (yes its free), firefox/google chrome (i prefer chrome), spy ware blaster, search and destroy spy bot remover, and CCleaner (crapcleaner). Install these programs, keep them updated and run them when you're done using your computer, you'll be very surprised how many gigs of shit they will clean out of your system. you can get them all from www.filehippo.com , theres also a bunch of other free cool shit there to download.



Edited 1 time(s). Last edit at 02/24/2010 05:35AM by Kenny_Powers.

*bump*


Using Firefox and Avast, I still got this Vista Antivirus 2010 a couple of nights ago. This is not some little virus, it seriously fucks up Windows.

If it wasn't for iTunes, I would make all my computers Ubuntu.

It looks like Malwarebytes will get rid of it. But you probably have to take some steps before this.

http://forums.malwarebytes.org/index.php?act=Search&CODE=simpleresults&sid=2f2da5d391610aa289f91b4ce2caffb6&highlite=antiviruspro

I had this issue with a PC that had XP Antiviruspro which is essentially the same thing. I had to use HijackThis to kill the process thread (repeatedly) and some other tools but it is kill-able. When it is running it does fire off some trojan downloader, but mainly it just pops up a stupid security center type of notice whenever a program runs, and it pre-empts being able to go into task manager to kill it. Primary suggestion, get rid of any toolbars/toolbar helpers you are using as I believe these are the method being used to get on to your systems. If you use Firefox, make sure to have noscript installed as an add-on.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

Thanks, the trojan downloader has been a bitch to get rid of.

eesh Wrote:
-------------------------------------------------------
> If it wasn't for iTunes, I would make all my
> computers Ubuntu.

say what?! http://www.ehow.com/how_5197743_download-itunes-linux-ubuntu.html

:)


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."

Thanks, but I want to be completely sure that this works. It sounds like it doesn't work for everyone. I have the Karmic Koala distro, I will read further if anybody has had problems with Koala and itunes.

eesh Wrote:
-------------------------------------------------------
> Thanks, but I want to be completely sure that this
> works. It sounds like it doesn't work for
> everyone. I have the Karmic Koala distro, I will
> read further if anybody has had problems with
> Koala and itunes.


just a question, why do you need itunes? is it just for data transfer or are you one of those suckers that buys from their online store?


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."

Gravis Wrote:
-------------------------------------------------------

>
> just a question, why do you need itunes? is it
> just for data transfer or are you one of those
> suckers that buys from their online store?




The latter, I was thinking about using Mp3Panda but I'm not too crazy about giving my CC info to a Russian site.

I had a version of XP Antivirus on my computer, and after trying AVG, SpyBot, and Malwarebytes with no luck, I was able to get rid of it using Hitman Pro.

hoocoodanode Wrote:
-------------------------------------------------------
> I had a version of XP Antivirus on my computer,
> and after trying AVG, SpyBot, and Malwarebytes
> with no luck, I was able to get rid of it using
> Hitman Pro.


It was disappointing, I thought Avast caught everything. I downloaded Malwarebytes tonight and it found a couple of browser hijackers for Firefox. :-(

eesh Wrote:
-------------------------------------------------------
> hoocoodanode Wrote:
> --------------------------------------------------
> -----
> > I had a version of XP Antivirus on my computer,
> > and after trying AVG, SpyBot, and Malwarebytes
> > with no luck, I was able to get rid of it using
> > Hitman Pro.
>
>
> It was disappointing, I thought Avast caught
> everything. I downloaded Malwarebytes tonight and
> it found a couple of browser hijackers for
> Firefox. :-(


browser hijackers are nothing, they're just as bad as the cookies that most of these spyware scanners detect. Mostly they are things like toolbars and other stupid useless resource hoggers that anyone who pays attention to their system settings should find on their own, anyway.

Virus scanners and spyware scanners and all that stuff can only protect you so much.

The best protection is to keep an image of your system drive, generally updated every time you make a major change to the system, and all of your critical applications, drivers and tools archived on an external drive (NAS or USB)

I had a computer with Avast Pro, Spybot S&D, Peerguardian, an enormous hosts file filled with blacklisted trojan/spyware/malware host names, used Firefox exclusively, and I still got hosed by a trojan about 2 months ago.

I popped in the acronis rescue CD, booted up, copied the backup partition from a NAS drive to the computer's primary partition, rebooted about 2 hours later and it was like nothing had ever happened. All of my settings, all of my documents, apps, etc, just like they were before the infection. Even things like download filters set up in bittorrent, and bookmarks, etc, all like they were when I made the partition image.

One other trick I've learned over the years...

anytime I install an OS on a computer, and get everything installed to a base set up, I open up Task Manager, click on the Processes tab, pull the window down so that all processes are visible, and press alt+print screen, then paste the task manager window screenshot into paint and save it to My Documents as "Base process list and CPU/Memory usage at Boot up.txt".

That way, if I'm ever suspicious that something is infecting my computer or something else might be wrong, I can always compare the process list after a reboot, to this image. Or if it's for a client or friend's computer, I can tell them how to open task manager and this image to compare the two.

I don't think people understand what this particular virus does.

What makes it so difficult to remove is, it inserts something in your registry that makes it run every time you try to run an executable. So, when you click Avast, AVG, etc., the virus says the file you're trying to run is infected. If you click, "No, run it anyway," it just doesn't run the program 99% of the time.

The last time I got it, I wasn't even doing anything. I was working on my non-network-connected laptop, and it just popped up out of nowhere on my desktop. It wouldn't even let me open the task manager to kill the process so I could manually remove it.

It's a complete pain in the ass.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

MrMephisto Wrote:
-------------------------------------------------------
> I don't think people understand what this
> particular virus does.
>
> What makes it so difficult to remove is, it
> inserts something in your registry that makes it
> run every time you try to run an executable. So,
> when you click Avast, AVG, etc., the virus says
> the file you're trying to run is infected. If you
> click, "No, run it anyway," it just doesn't run
> the program 99% of the time.
>
> The last time I got it, I wasn't even doing
> anything. I was working on my
> non-network-connected laptop, and it just popped
> up out of nowhere on my desktop. It wouldn't even
> let me open the task manager to kill the process
> so I could manually remove it.
>
> It's a complete pain in the ass.

Yeah, I usually get hijackthis, load up into safe mode and then delete any suspicious references from the startup listings. The one good thing about the virus is that it leaves an easy to follow trail of "Last Modified" times in the system folders. The bad part is, it places files in your profile that are "hidden" by using a naming convention that cannot be seen via the normal windows explorer views or by using a hack that will not allow it to show certain file names. Even revealing hidden files will not allow you to see them. In any case once I get the worst of the visible startup hacks removed, then I reload and run hijackthis again to see if I can find where the bad processes are running from in the process view - I have found that if I start hijackthis right away, the virus is unable to stop me from loading it, and using the process manager in it to kill the virus until I get things settled down.

Here is an article I ran across that might help:

http://techiezone.in/windows/windows-xp/hidden-filesfolders-do-not-show-in-windows-explorer/

Quote

...
Then I started searching the virus manually but would not be able to see the hidden files/folder in Windows Explorer, even if I changed the setting in the folder options. It will not show the hidden files. After working a couple of hours on his laptop, I found some steps to resolve the problem. Here are the steps it may be helpful.

1. Click Start > Run > Regedit
2. Registry Windows will open.
3. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\

Explorer\Advanced\Folder\Hidden\SHOWALL

1.You will find a key called CheckedValue. Double Click CheckedValue key and modify it to 1. This is to show all the hidden files. Now you should be able to view all the hidden files, and also to alter its status from folder options.

NOTE: Please back up your registry before editing anything in it.
...

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University



Edited 1 time(s). Last edit at 04/28/2010 03:38PM by Registered Voter.

i feel left out, you know, not being able to get computer viruses and all. ;)

linux ftw!


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."

Gravis Wrote:
-------------------------------------------------------
> i feel left out, you know, not being able to get
> computer viruses and all. ;)
>
> linux ftw!

Without a proper firewall you would just be another bot in the grand scheme of things Gravis, admit it. I have seen my share of hacked linux boxes - it happens a lot more then you would let on. They just don't do viruses the same way - but they get hacked quite regularly.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

Registered Voter Wrote:
-------------------------------------------------------
> Gravis Wrote:
> --------------------------------------------------
> -----
> > i feel left out, you know, not being able to
> get
> > computer viruses and all. ;)
> >
> > linux ftw!
>
> Without a proper firewall you would just be
> another bot in the grand scheme of things Gravis,
> admit it. I have seen my share of hacked linux
> boxes - it happens a lot more then you would let
> on. They just don't do viruses the same way - but
> they get hacked quite regularly.


no, servers get hacked and it's usually be something dumb like an SQL injection. your average joe isnt going to get hacked or infected in his lifetime.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."

So for instance - we shouldn't be concerned then with sites like these that discuss hacking linux?

http://www.darknet.org.uk/category/linux-hacking/

I mean, if you couldn't do it - then why have sites like this? As far as your average joe - all I can say is if you have cable internet and you hook up your linux box directly to the cable modem, you better have your firewall running. I can almost guarantee that some kid is in your neighborhood running port scans on the available machines in his hub, seeing if he can crack into them. Linux or Windows.

Hell, I have fios, and I put a box in my DMZ with a firewall, and only opened a few ports - one of which was VNC - and when I came back my computer was hung and the logs showed that someone was attempting to hack the VNC port when whatever they did locked the machine up. In the past I had a linux box hooked up and it was constantly being probed with folks attempting to attach and attack ftp and other ports. I had them either turned off, or blocked - but it was amazing to see the number of attempts being made.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

Why didn't you mention my sweaty balls?

==================================================================================
"Why don't you LOSERS just pack your flower print DOUCHE BAGS
and get your stoopid @$$#$ THE FUCK OFF MY INTERNETZ!"

- 'philscamms' (the YT Watchdog) ; internet & YouTube® extraordinaire.

Registered Voter Wrote:
-------------------------------------------------------
> So for instance - we shouldn't be concerned then
> with sites like these that discuss hacking linux?
>
> http://www.darknet.org.uk/category/linux-hacking/

no, you shouldnt. that site isnt about hacking linux, it's about how to preventing linux from getting hacked. read closer and you will see there are a lot of security audit tools there so that you can secure your box.


> I mean, if you couldn't do it - then why have
> sites like this? As far as your average joe - all
> I can say is if you have cable internet and you
> hook up your linux box directly to the cable
> modem, you better have your firewall running.

well... i'll be sure to tell that to the first person i see that doesnt use a router. honestly, who doesnt use a router?!

> I can almost guarantee that some kid is in your
> neighborhood running port scans on the available
> machines in his hub, seeing if he can crack into
> them. Linux or Windows.

yeah, that's a good way for you to get the attention of your ISP.


> Hell, I have fios, and I put a box in my DMZ with
> a firewall, and only opened a few ports - one of
> which was VNC - and when I came back my computer
> was hung and the logs showed that someone was
> attempting to hack the VNC port when whatever they
> did locked the machine up.

you should use VNC using an SSH tunnel.


> In the past I had a
> linux box hooked up and it was constantly being
> probed with folks attempting to attach and attack
> ftp and other ports. I had them either turned off,
> or blocked - but it was amazing to see the number
> of attempts being made.

and how many succeeded? seriously, it that was a windows box, you would have been pwn3d.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."

Gravis Wrote:
-------------------------------------------------------
> Registered Voter Wrote:
> --------------------------------------------------
> -----
> > Gravis Wrote:
> >
> --------------------------------------------------
>
> > -----
> > > i feel left out, you know, not being able to
> > get
> > > computer viruses and all. ;)
> > >
> > > linux ftw!
> >
> > Without a proper firewall you would just be
> > another bot in the grand scheme of things
> Gravis,
> > admit it. I have seen my share of hacked linux
> > boxes - it happens a lot more then you would
> let
> > on. They just don't do viruses the same way -
> but
> > they get hacked quite regularly.
>
>
> no, servers get hacked and it's usually be
> something dumb like an SQL injection. your
> average joe isnt going to get hacked or infected
> in his lifetime.

Sorry Gravis, but your average joe IS going to get infected in his lifetime.

If you manage a linux system, you have been hacked. If you don't know that, it just means you are happy and ignorant and nothing is wrong as far as you know.

I've managed so many linux and windows and mixed environment networks over the years that I will never be so glib as to say "the average jow isn't going to get hacked or infected".

I might be glib enough to say that the average joe will probably go through his entire adult life and might never realize he was infected, but I'd never say that joe never got hacked. That would be stupid.

If you own a linux system, and you are convinced that you've never been hacked, I'll try not to shatter your reality, but it's safe to say that all computers have been hacked at least once.

The great thing about linux boxes, if you're a government like China or whatever, is that 99% of the time you'll sneak in, leave your illicit code sitting there like a time bomb, and no alerts, triggers or alarms will go off.

With most windows xp or vista computers, some cheap ineffective anti-virus software will alert to the code and start doing destructive things to the system files, rendering the machine unbootable.

With a linux box, you hack lpr or something, and nobody knows the difference. The box keeps running, untouched, unfixed, for years. Nobody has a clue. The sysadmin gloats about never having any downtime, having a 3647 hour uptime, etc. but his box is STILL INFECTED.

but yeah, it's linux, they can't hack it because all 13 year old script kiddies focuse on windows xp.

Gravis Wrote:
-------------------------------------------------------
> Registered Voter Wrote:
> --------------------------------------------------
> -----
> > So for instance - we shouldn't be concerned
> then
> > with sites like these that discuss hacking
> linux?
> >
> >
> http://www.darknet.org.uk/category/linux-hacking/
>
>
> no, you shouldnt. that site isnt about hacking
> linux, it's about how to preventing linux from
> getting hacked. read closer and you will see
> there are a lot of security audit tools there so
> that you can secure your box.
>

But hold on. Is the argument that linux cannot be hacked, or is the argument that linux has better tools to manage against being hacked?

It appears that you are claiming that you can't hack into linux. I know from both sides of the equation that it is possible to "hack" into linux. Slackware, Debian, RH, Ubuntu, I've managed them all on an enterprise level, and I've seen all of them hacked into during my consulting years. We were able to take simple tools found online, and were able to compromise most of the systems, even after we applied many security measures and patches, both well published as well as obscure measures passed around among sysadmins and other linux professionals in the DC/Balt area.


>
> > I mean, if you couldn't do it - then why have
> > sites like this? As far as your average joe -
> all
> > I can say is if you have cable internet and you
> > hook up your linux box directly to the cable
> > modem, you better have your firewall running.
>
> well... i'll be sure to tell that to the first
> person i see that doesnt use a router. honestly,
> who doesnt use a router?!


I've run linux boxes in all kinds of environments. I've run them directly connected to a frame-relay, an ISDN, an ethernet port right off the main hub at CAIS, behind NAT, BigIP, VPNs, and some really crazy proprietary BGP/Bastion setups. I've used IP packet filtering gateways, blacklists, black holes, and all kinds of expensive packet filtering and intrusion detection filters, and my linux boxes have always been probed, fingered, tested, and always shows thousands of attempts an hour.

I just never had the audacity or arrogance to ever claim to any of my clients that any of their machines were completely hack proof.

The only thing i've ever sold my customers is the knowledge that a hacker or virus would not cause them significant downtime. I actually promise my corporate clients that they will get hacked or infected by a virus, because it happens to everyone. I just promise them that we can prevent most, resolve all the ones that get through, and prevent anything more than about a 30 minute downtime in the absolute worst case scenario.

Linux boxes can be hacked. Every daemon, every configuration setting in apache (even though it's the safest httpd daemon available), every port you leave open for MySQL, SCP, RCP or SSH can be a potential hole that some hacker can exploit.

DO YOU KNOW IF YOUR SCP or SSH was exploited? Can you tell me that it HAS NOT BEEN EXPLOITED?

The only way to make a 100% hack-proof computer is to install your own self-made OS, with your own drivers for video, memory and storage access, and to never connect it to the internet. Other than that, you're an ass if you even attempt to claim you have a hack-proof operating system or computing environment.

In fact, often just making that claim will produce the 5 kids that know how to turn your carefully planned and implemented system inside-out.

>
> > I can almost guarantee that some kid is in your
> > neighborhood running port scans on the
> available
> > machines in his hub, seeing if he can crack
> into
> > them. Linux or Windows.
>
> yeah, that's a good way for you to get the
> attention of your ISP.
>

Well, that's just a silly threat by someone who gets his technical knowledge by watching the nightly news. Not you, Gravis, I think that was Registered Voter's idea.

Some kid in my neighborhood, even if he knows how to set his NIC to promiscuous mode, he's only going to be able to packet sniff inside his own network, on the private side of his cable modem. It takes a really sophisticated person with knowledge of the cable modem architecture, and an ability to get beyond the security of the cable modem, in order to packet sniff the "local segement" of that neighborhood's cable head-end. I mean, it doesn't even resemble an ethernet topology anymore, you can't packet sniff your neighborhood because even cox is using fiber from each segment, and they've so entirely locked down each tree/hub/head so that they can immediately shut off a non-paying customer or restrict packets for folks playing WOW or using torrents (Thank you for shooting down net-neutrality, Supreme Court).



>
> > Hell, I have fios, and I put a box in my DMZ
> with
> > a firewall, and only opened a few ports - one
> of
> > which was VNC - and when I came back my
> computer
> > was hung and the logs showed that someone was
> > attempting to hack the VNC port when whatever
> they
> > did locked the machine up.
>
> you should use VNC using an SSH tunnel.
>

He should have closed ports and shut down services that were unnecessary. Beginner Linux admins always leave lpr running. None of them have a printer attached to their rack-mounted server, yet every once in a while, someone gets in through the listening lpr port, and does a simple buffer overflow and gains root access. Or whatever it is they do. They get into some of the most secure linux machines, and 70% of the time, the admin of that system doesn't even know the system was compromised. If the vandals are smart, he'll never know. If they do something stupid, the admin finds out that he was compromised.

I helped a guy about 2 years ago who had a system he'd been maintaining for about 2 years. It got hacked, but he couldn't find any foreign or unknown IP addresses, and had no idea how it got hacked. It turned out to be an intrusion that actually occurred 3 years before, and remained undetected. TWO different system administrators, as well as one security audit failed to detect the intrusion.


>
> > In the past I had a
> > linux box hooked up and it was constantly being
> > probed with folks attempting to attach and
> attack
> > ftp and other ports. I had them either turned
> off,
> > or blocked - but it was amazing to see the
> number
> > of attempts being made.
>
> and how many succeeded? seriously, it that was a
> windows box, you would have been pwn3d.


I've seen public boxes get higher levels of bogus traffic in relation to legitimate traffic.

At one site, they had 26 boxes. RH and debian. They were serving up 20,000 page views a day, so there were something like 5 or 6 million TCP connections per day. 10% were "probe" connections, or otherwise questionable port requests. At least that's what their intrusion detection hardware was reporting, after the packets got through all of the Intrusion Detection and Firewall filters, and past their intelligent load balancers and virus filters. Any device connected to the internet is getting "hacked", or at least attempted hacks, all the time, all day, every day. To imagine that your linux box isn't subject to the same forces just because it's not made by microsoft, well that's delusional.

I have a NAS that I put outside my firewall, as a kind of "bastion". I love ssh'ing into it and watching all kinds of network connections attempt to gain access to it.

BUt i have no self-delusional notions that my NAS will never be broken into. Hell, I really don't know for sure if it hasn't already been broken into. It might have been. It is linux based, but this is what I get when I type uname -a ............... "Linux NAS001 2.6.24.4 #1 Tue Feb 10 11:00:22 GMT 2009 armv5tejl unknown"

It is linux. Has it been hacked? I really can't say.


But I'm cool, I've never been hacked, cuz I noz my shit. yeah, beleeveses me. I'se cool nerd. I never gots hacked.

yeah, right. Try to sell that one to the nurses. That's like trying to eat the skin of the cat. It's like being the elephant that wants more water. If I could lead donkeys to Whip Cream I'd make a fortune. That's like trying to convince an ape that he needs to shave. I can't remember how many dogs you need to skin before you make the rabbits bark.

^------The above post was very entertaining.

The last paragraph was the cherry on top.

Gotta love a strong finish. Thanks, dude.

former ubuntu sys@dm1n Wrote:
-------------------------------------------------------
> If you manage a linux system, you have been
> hacked. If you don't know that, it just means you
> are happy and ignorant and nothing is wrong as far
> as you know.

wow, talk about FUD!

have i been hacked by...



Edited 1 time(s). Last edit at 04/30/2010 02:21PM by Gravis.
Attachments: