Register - Login
Views: 95137861
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies
09-18-18 05:32:31 PM

Jul - Computers and Technology - OH CRAP I THINK I BROKED IT! New poll - New thread - New reply
Pages: 1 2Next newer thread | Next older thread
Mistral

Blue Yoshi
Level: 111


Posts: 1802/3784
EXP: 14805403
For next: 62957

Since: 08-22-07

From: Jazzy NYC

Since last post: 6.0 years
Last activity: 6.0 years

Posted on 01-11-10 10:53:12 PM Link | Quote
Originally posted by HyperHacker
Back up any files you want to keep to an external drive. Nuke all internal hard drives from orbit. Reinstall. Grab all updates and patches and a good antivirus from another, fully trusted machine on a trusted connection before you ever reconnect this one to a network. Install those. Disable autorun. Connect the external drive. Deep scan it. Restore files. Never use IE again. Skipping any of these steps means you're going to be infected again within minutes. It takes literally about one minute for an unpatched XP install to be compromised upon connecting to the Internet.
Yes, a virus can infect your photos (there have been many JPEG exploits) and potentially videos, music, etc. Scan everything. Ideally, scan with multiple antiviruses - but never install more than one on the same OS install. Use other machines for the other scans.

Alternatively, switch to Ubuntu, but make sure your hardware is compatible before actually installing.

If nuclear bombs are not available, formatting the drive can suffice, but wear gloves when handling it.
What he said, especially since you have Vundo. Vundo roots into EVERYTHING, and I do mean EVERYTHING. It will get back to you in ANY WAY POSSIBLE once you have it. Also, basically kiss any executable files goodbye, because Vundo gets into THOSE in a way that makes them practically irreparable. Believe me, you do not want to get Vundo more than once, because you will have to reinstall Windows again.

You may want to find a computer from which you can do an Nlite setup with as much as you can have intergrated into it from the start: Service Pack 3, the latest hotfixes, Firefox or the browser of your choice's installer, anti-spyware, firewall and anti-virus of your choice's installer, so on and so forth.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 163


Posts: 2146/9860
EXP: 56469470
For next: 18174

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 6 days
Last activity: 18 hours

Posted on 01-12-10 12:40:20 AM (last edited by GabuChickenleg at 01-12-10 12:40 AM) Link | Quote
Even if I scanned 100 times with three different programs specializing in different forms of malware, nothing is being pulled up and the computer appears to be free of Vundo? (ZoneAlarm, MalwareBytes, and Spybot: S&D)
Rena

Star Mario
Fennel
Level: 128


Posts: 2809/5255
EXP: 24321506
For next: 60194

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 6 days
Last activity: 5 days

Posted on 01-12-10 04:01:19 AM Link | Quote
An infected OS cannot reliably scan itself. Virus gets into the kernel, patches file/directory listing routines to exclude itself from all listings, patches kernel integrity checks to return false positives, and seals up the hole it came in through plus any others the author knows about. Any other program now has absolutely no reliable way to detect its presence. They like to get into the bootloader and hypervisor too, so they're loaded in memory and have full control before the OS even loads.
Lyskar
12210
-The Chaos within trumps the Chaos without-
Level: 185


Posts: 4042/12211
EXP: 86352986
For next: 1406749

Since: 07-03-07

From: 52-2-88-7

Since last post: 3.0 years
Last activity: 3.0 years

Posted on 01-12-10 04:18:28 AM Link | Quote
Using another OS loaded by boot CD to scan it would probably ensure if it was truly gone.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 163


Posts: 2148/9860
EXP: 56469470
For next: 18174

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 6 days
Last activity: 18 hours

Posted on 01-12-10 11:32:34 PM (last edited by GabuChickenleg at 01-13-10 01:30 AM) Link | Quote
I really would try to scan with a boot CD if I could just get programs to work under whatever OS that particular boot CD runs under AND be able to update definitions, but I can't for the moment.

It seems that the computer is acting much better than last week, though. I did install and run Comodo and discover that the Jack the Ripper zip file I downloaded a month ago might have been logic bombed or something (john-386.exe in particular, w/ the name Trojware.Win32.HackTool.John@NAA101111) and could be the cause of the attack. I also checked on Bleepingcomputer.com and got some instructions on removing Vundo, and it seems as though the computer has in fact been wiped (at least) of Vundo given that I've run things through and got nothing.

Also, another very peculiar thing is whenever I use a search engine and click on a result, I usually end up on gewebsearch and then redirected to another site. I'm quite certain that this is adware, so I've reinstalled Adaware on my system and will check it out with that once I've restarted the computer. (I'm not sure how the computer will handle starting up with ZoneAlarm, Comodo, and Adaware now that I think about it, but I'm sure it won't be too bad).

E: I rooted around on MalwareBytes and saw someone having the exact same redirecting problem, and someone suggested that it was Viewpoint and related Viewpoint "foistware", as they call it. Just did a file search and, whuddya know, they're all there.
Dialga
Member
lol
Level: 27


Posts: 82/149
EXP: 106185
For next: 9974

Since: 05-20-09


Since last post: 8.0 years
Last activity: 6.0 years

Posted on 01-14-10 08:56:45 AM Link | Quote
Try booting into an Ubuntu live CD or something...
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 163


Posts: 2154/9860
EXP: 56469470
For next: 18174

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 6 days
Last activity: 18 hours

Posted on 01-14-10 04:46:20 PM Link | Quote
Would a Debian CD suffice? I have one of those and I really don't want to download another image if my Debian CD can do exactly the same thing?

In fact, would Puppy Linux work as well? Just wondering.
Dialga
Member
lol
Level: 27


Posts: 87/149
EXP: 106185
For next: 9974

Since: 05-20-09


Since last post: 8.0 years
Last activity: 6.0 years

Posted on 01-15-10 01:49:38 AM Link | Quote
I think it would work as long as it can read NTFS.
Hiryuu
Banned (again) for basically trolling and stirring up shit (again)

Level: NaN


Posts: 12599/-14435
EXP: NaN
For next: 0

Since: 07-06-07


Since last post: 8.0 years
Last activity: 8.0 years

Posted on 01-15-10 03:52:22 PM Link | Quote
HackTool, eh? That was probably one of the worst one's I've had the pleasure of dealing with in the last few months (mostly because it was one that, if removed improperly, can bomb side-by-side configurations to hell).

I'd run ComboFix, MalwareBytes and SuperAntiSpyware on it if you haven't already. Those three, from what I pretty much read off MG was what saved the systems it was infected with.

Additionally, I sure as heck hope you DID NOT attach any external drives or USB drives. Hacktool floats. I found this out first hand after having one fixed and then finding several other machines also infected with the same damned thing.
Keitaro

Fire Snake
LOVELY ARRANGEMENT. VOLCANO BAKEMEAT
Level: 67


Posts: 270/1191
EXP: 2486910
For next: 105962

Since: 09-09-08

From: California

Since last post: 189 days
Last activity: 74 days

Posted on 01-15-10 06:07:45 PM Link | Quote
oh yes, ComboFix is amazing for killing a large number of nasty things you may otherwise not know are there. I recommend it too.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 163


Posts: 2167/9860
EXP: 56469470
For next: 18174

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 6 days
Last activity: 18 hours

Posted on 01-15-10 08:42:43 PM (last edited by GabuChickenleg at 01-15-10 11:08 PM) Link | Quote
I try running Combofix, but I get a shitton of error messages that the file, folder, etc. cannot be accessed (ex: C:\32788R22FWJFW\iexplore.exe), then two instances of "Cannot open file nircmd.cfxxe". And whenever I try to run SuperAntiSpyware on the boot CD, I get blue-screened or totally unable to open the program.

E- I think I should mention that I've researched John the Ripper, and have discovered that it is a legit program that is blacklisted by scanning programs since it COULD be used in malicious ways. From what I understand, it is considered a Hacking Tool, and therefore something that is bad. I do not necessarily have HackTool, maybe. I cannot be 100% certain on this.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 163


Posts: 2214/9860
EXP: 56469470
For next: 18174

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 6 days
Last activity: 18 hours

Posted on 01-23-10 07:51:27 PM Link | Quote
I guess I should update one more time to say that things were resolved. I eventually figured that these things were getting through via certain ports, so I looked up a guide with ports that are used for virus/malware attacks and ZoneAlarm, totally closed incoming connections to certain ports, and have not gotten a single positive in several days.
Pages: 1 2Next newer thread | Next older thread
Jul - Computers and Technology - OH CRAP I THINK I BROKED IT! New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 5d36857 [2018-03-03]
©2000-2018 Acmlm, Xkeeper, Inuyasha, et al.

30 database queries, 5 query cache hits.
Query execution time: 0.182761 seconds
Script execution time: 0.019402 seconds
Total render time: 0.202163 seconds
Memory used: 1310720