Register - Login
Views: 99801361
 Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies 		05-03-22 06:50:47 AM
Jul - Computers and Technology - OH CRAP I THINK I BROKED IT! New poll - New thread - New reply
Pages: 1 2Next newer thread | Next older thread
plushifoxed

King Yoshi
la chica dijo...

Mood: The current mood of roxiemika at www.imood.com
Level: 119


Posts: 1802/3990
EXP: 18465809
For next: 463482

Since: 08-22-07

Pronouns: it/its or she/her
From: kamihama city

Since last post: 2 days
Last activity: 1 day
Posted on 01-12-10 01:53:12 AM Link | Quote
Supakitsune's post
Originally posted by HyperHacker
Back up any files you want to keep to an external drive. Nuke all internal hard drives from orbit. Reinstall. Grab all updates and patches and a good antivirus from another, fully trusted machine on a trusted connection before you ever reconnect this one to a network. Install those. Disable autorun. Connect the external drive. Deep scan it. Restore files. Never use IE again. Skipping any of these steps means you're going to be infected again within minutes. It takes literally about one minute for an unpatched XP install to be compromised upon connecting to the Internet.
Yes, a virus can infect your photos (there have been many JPEG exploits) and potentially videos, music, etc. Scan everything. Ideally, scan with multiple antiviruses - but never install more than one on the same OS install. Use other machines for the other scans.

Alternatively, switch to Ubuntu, but make sure your hardware is compatible before actually installing.

If nuclear bombs are not available, formatting the drive can suffice, but wear gloves when handling it.
What he said, especially since you have Vundo. Vundo roots into EVERYTHING, and I do mean EVERYTHING. It will get back to you in ANY WAY POSSIBLE once you have it. Also, basically kiss any executable files goodbye, because Vundo gets into THOSE in a way that makes them practically irreparable. Believe me, you do not want to get Vundo more than once, because you will have to reinstall Windows again.

You may want to find a computer from which you can do an Nlite setup with as much as you can have intergrated into it from the start: Service Pack 3, the latest hotfixes, Firefox or the browser of your choice's installer, anti-spyware, firewall and anti-virus of your choice's installer, so on and so forth.

____________________
Originally posted by Katelynn
Next thing I know, I'm in Paris, reading a newspaper about a girl who was killed in a diving accident off the Bahamas. Oh, and Tweaker was sitting across the table with a croissant in one hand and his cock in the other.

Hey! YOU! Yeah, you, with the face! Come fold some proteins with us! For SCIENCE!
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 172


Posts: 2146/9981
EXP: 67989340
For next: 112894

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 56 days
Last activity: 4 days
Posted on 01-12-10 03:40:20 AM (last edited by GabuChickenleg at 01-12-10 12:40 AM) Link | Quote
Even if I scanned 100 times with three different programs specializing in different forms of malware, nothing is being pulled up and the computer appears to be free of Vundo? (ZoneAlarm, MalwareBytes, and Spybot: S&D)

____________________
Rena
I had one (1) message in Discord deleted and proceeded to make a huge, huge mess about how it was a violation of free speech and how moderators are supposed to be spam janitors and nobody should have the right to tell me not to talk about school shootings
Level: 135


Posts: 2809/5390
EXP: 29075531
For next: 259474

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 342 days
Last activity: 342 days
Posted on 01-12-10 07:01:19 AM Link | Quote
01-12-10 02:01:19 AM
Post #2809
An infected OS cannot reliably scan itself. Virus gets into the kernel, patches file/directory listing routines to exclude itself from all listings, patches kernel integrity checks to return false positives, and seals up the hole it came in through plus any others the author knows about. Any other program now has absolutely no reliable way to detect its presence. They like to get into the bootloader and hypervisor too, so they're loaded in memory and have full control before the OS even loads.

____________________


witty comment
why not?
Lyskar
12210
-The Chaos within trumps the Chaos without-
Level: 192


Posts: 4042/12211
EXP: 99321045
For next: 552526

Since: 07-03-07

From: 52-2-88-7

Since last post: 7.4 years
Last activity: 7.3 years
Posted on 01-12-10 07:18:28 AM Link | Quote

Time/Date

01-12-10 01:18:28 AM

Posts

4042

Days Here

923

Level

93
Metal_Man88
Local Moderator
Using another OS loaded by boot CD to scan it would probably ensure if it was truly gone.

____________________
Original Layout © Tobias Kelmandia
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 172


Posts: 2148/9981
EXP: 67989340
For next: 112894

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 56 days
Last activity: 4 days
Posted on 01-13-10 02:32:34 AM (last edited by GabuChickenleg at 01-13-10 01:30 AM) Link | Quote
I really would try to scan with a boot CD if I could just get programs to work under whatever OS that particular boot CD runs under AND be able to update definitions, but I can't for the moment.

It seems that the computer is acting much better than last week, though. I did install and run Comodo and discover that the Jack the Ripper zip file I downloaded a month ago might have been logic bombed or something (john-386.exe in particular, w/ the name Trojware.Win32.HackTool.John@NAA101111) and could be the cause of the attack. I also checked on Bleepingcomputer.com and got some instructions on removing Vundo, and it seems as though the computer has in fact been wiped (at least) of Vundo given that I've run things through and got nothing.

Also, another very peculiar thing is whenever I use a search engine and click on a result, I usually end up on gewebsearch and then redirected to another site. I'm quite certain that this is adware, so I've reinstalled Adaware on my system and will check it out with that once I've restarted the computer. (I'm not sure how the computer will handle starting up with ZoneAlarm, Comodo, and Adaware now that I think about it, but I'm sure it won't be too bad).

E: I rooted around on MalwareBytes and saw someone having the exact same redirecting problem, and someone suggested that it was Viewpoint and related Viewpoint "foistware", as they call it. Just did a file search and, whuddya know, they're all there.

____________________
Dialga
Member
lol
Level: 28


Posts: 82/149
EXP: 125099
For next: 6239

Since: 05-20-09


Since last post: 12.3 years
Last activity: 10.4 years
Posted on 01-14-10 11:56:45 AM Link | Quote
Try booting into an Ubuntu live CD or something...
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 172


Posts: 2154/9981
EXP: 67989340
For next: 112894

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 56 days
Last activity: 4 days
Posted on 01-14-10 07:46:20 PM Link | Quote
Would a Debian CD suffice? I have one of those and I really don't want to download another image if my Debian CD can do exactly the same thing?

In fact, would Puppy Linux work as well? Just wondering.

____________________
Dialga
Member
lol
Level: 28


Posts: 87/149
EXP: 125099
For next: 6239

Since: 05-20-09


Since last post: 12.3 years
Last activity: 10.4 years
Posted on 01-15-10 04:49:38 AM Link | Quote
I think it would work as long as it can read NTFS.
Hiryuu

Level: 207


Posts: 12599/14435
EXP: 127621942
For next: 2162212

Since: 07-06-07


Since last post: 11.8 years
Last activity: 11.7 years
Posted on 01-15-10 06:52:22 PM Link | Quote
HackTool, eh? That was probably one of the worst one's I've had the pleasure of dealing with in the last few months (mostly because it was one that, if removed improperly, can bomb side-by-side configurations to hell).

I'd run ComboFix, MalwareBytes and SuperAntiSpyware on it if you haven't already. Those three, from what I pretty much read off MG was what saved the systems it was infected with.

Additionally, I sure as heck hope you DID NOT attach any external drives or USB drives. Hacktool floats. I found this out first hand after having one fixed and then finding several other machines also infected with the same damned thing.
Keitaro

Fire Snake
LOVELY ARRANGEMENT. VOLCANO BAKEMEAT
Level: 70


Posts: 270/1191
EXP: 2901525
For next: 114286

Since: 09-09-08

From: California

Since last post: 4.1 years
Last activity: 3.8 years
Posted on 01-15-10 09:07:45 PM Link | Quote
oh yes, ComboFix is amazing for killing a large number of nasty things you may otherwise not know are there. I recommend it too.
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 172


Posts: 2167/9981
EXP: 67989340
For next: 112894

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 56 days
Last activity: 4 days
Posted on 01-15-10 11:42:43 PM (last edited by GabuChickenleg at 01-15-10 11:08 PM) Link | Quote
I try running Combofix, but I get a shitton of error messages that the file, folder, etc. cannot be accessed (ex: C:\32788R22FWJFW\iexplore.exe), then two instances of "Cannot open file nircmd.cfxxe". And whenever I try to run SuperAntiSpyware on the boot CD, I get blue-screened or totally unable to open the program.

E- I think I should mention that I've researched John the Ripper, and have discovered that it is a legit program that is blacklisted by scanning programs since it COULD be used in malicious ways. From what I understand, it is considered a Hacking Tool, and therefore something that is bad. I do not necessarily have HackTool, maybe. I cannot be 100% certain on this.

____________________
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 172


Posts: 2214/9981
EXP: 67989340
For next: 112894

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 56 days
Last activity: 4 days
Posted on 01-23-10 10:51:27 PM Link | Quote
I guess I should update one more time to say that things were resolved. I eventually figured that these things were getting through via certain ports, so I looked up a guide with ports that are used for virus/malware attacks and ZoneAlarm, totally closed incoming connections to certain ports, and have not gotten a single positive in several days.

____________________
Pages: 1 2Next newer thread | Next older thread
Jul - Computers and Technology - OH CRAP I THINK I BROKED IT! New poll - New thread - New reply


Rusted Logic

Acmlmboard - commit 47be4dc [2021-08-23]
©2000-2022 Acmlm, Xkeeper, Kaito Sinclaire, et al.

31 database queries, 5 query cache hits.
Query execution time: 0.116762 seconds
Script execution time: 0.028888 seconds
Total render time: 0.145650 seconds