The PW Viruses, Spyware, and Scams Thread

Have you tried turning it off and on again?
User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

The PW Viruses, Spyware, and Scams Thread

Postby Nethlyn » Fri Jul 22, 2005 8:38 am

Well, given the spate of viruses and Trojans which hit at least three forumites in the same week I'm going ahead with this whatever happens, it was the best part of the now-defunct PL forums and people need to be warned. Specially since I was sent one by email today. Any changes to protection methods I will steal and place in the first thread

Protecting Against Viruses on Reinstallation

When you have installed XP:

Go up to SP2 straight away (and quit crying all you MS bashers) and use just its firewall or install your usual one and have it ready to activate the minute reconnection is confirmed. (dunno about other ISPs but with NTL you only have to reinstall your modem driver and you

EDIT - Noooooooooo my beautiful guide!!!!!!!! :cry:
Last edited by Nethlyn on Fri Oct 23, 2009 10:36 am, edited 14 times in total.

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Fri Jul 22, 2005 8:50 am

Next up, the Trojans which hit Master_Chief and which were killed off by Antivir:

javainstaller.jar-3c936701-33c2266e.zip - interesting thread on this on another forum here.

install22949.exe tr/dldr.istbar.it - though this is disputed by some as a false positive, it's too much of a coincidence that the same person on the DivX forums was using the same antivirus...

lucomserver_2_6.exe - Basically part of Norton's LiveUpdate, but various websites report that it can be easily spoofed or messed up, so it would be a question of totally reinstalling Norton after whatever infection you had was cleared up, for it to function again OR if you moved from SP1 to SP2 according to another forum I found.

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Fri Jul 22, 2005 9:03 am

To read all about Banapaulo's troubles check out his own thread on the forum he pimped...

http://gladiator-antivirus.com/forum/in ... opic=27762

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Fri Jul 22, 2005 11:06 am

http://www.fireav.com/virusinfo/library/cih.htm

is the only info I've found so far about BIOS-killing viruses, since it happened to me twice and Master_Chief once I might as well throw them into the mix. Mind you CIH-style attacks have been around since before Norton purchased its rival Dr Solomon, but only recently have they resurfaced.

User avatar
banapaulo
 
Posts: 11138
Joined: Fri Sep 19, 2003 10:38 pm
Location: The Great Gig in the Sky

Postby banapaulo » Fri Jul 22, 2005 11:22 am

Great idea Neth.
katarn wrote:Oh yeah! I agree with Banapaulo. 8)

Chickenboy
 
Posts: 6173
Joined: Sat Oct 04, 2003 8:07 pm
Location: Chelmsford

Postby Chickenboy » Fri Jul 22, 2005 11:32 am

I reformatted yesterday, and was immediately hit with a smorgasbord of viruses as soon as I connected to the internet to do Windows Update. The nastiest one was something to do with Rdriv.sys. I scoured a few forums (obviously quite a few people have been hit with this) and followed a fairly long list of instructions, and I *think* I'm rid of it. It hides other viruses, and was a bitch to get rid of, as neither Norton Antivirus or AVG consistently detected it, and they could only delete it (it reappeared seconds later), not heal it.

Even deleting lots of dodgy registry keys didn't help too much, but a few hours of rebooting in safe mode la and running various programs seem to have cured it. My internet browser seems suspiciously slow though, despite Norton and AVG not turning up any viruses anymore. Time to break out Adaware I think.

I know that a fresh install of Windows XP (minus SP2) is extremely vulnerable, but how can you protect yourself the first time you connect to the internet?
Image

User avatar
Hyssy
 
Posts: 7386
Joined: Sat Oct 04, 2003 11:32 pm

Postby Hyssy » Fri Jul 22, 2005 11:41 am

Get an install prog of any free firewall that you prefer and install that before you connect to the net. Have it burnt on cd ready to use.

User avatar
Tichinde
 
Posts: 4605
Joined: Sun Sep 21, 2003 2:30 pm
Location: No longer a WoW player

Postby Tichinde » Fri Jul 22, 2005 11:55 am

Download SP2.

You can grab the network install .exe from the MS site and install it immediately after you have installed XP before heading for the web.

Plus install the firewall and av of choice as H&U mentioned.
eVoL wrote:Tichinde - Like the technical version of (a slightly geekier) the fonz.

Heeeeeeeey
:D


"Religion, shit it" - Stephen Fry

Guest
 

Postby Guest » Fri Jul 22, 2005 12:41 pm

Get a hardware firewall. Spend

User avatar
banapaulo
 
Posts: 11138
Joined: Fri Sep 19, 2003 10:38 pm
Location: The Great Gig in the Sky

Postby banapaulo » Fri Jul 22, 2005 12:47 pm

I'm pretty much the same CZero, it's only after installing Anit-Virus software I realised I had some trojans, but none were damaging my computer, at least not noticeably. Plus I've not been using a Firewall lately, so it is my own fault.
katarn wrote:Oh yeah! I agree with Banapaulo. 8)

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Fri Jul 22, 2005 1:32 pm

Someone stated they had none at all (AV or firewall- EDIT not you Bana), and one of my friends doesn't bother with it for either of his laptops even though he banks online and he's on Ebay, and I had someone try more than once to nick my Ebay password. Some people just think it's sad to know how to look after their computers and othes think it'll never happen to them when they're on illegal music websites, where any bastard will upload whatever they want for a laugh. I've had one person who worked for an Antivirus company complain to me that they've got viruses in this way - and he had so many ( I stopped counting after 13) that his HDD's controller went and the hard disk churn killed it. Can't make this stuff up.

And I've also see a whole net cafe of AVG installs detect viruses and refuse to tackle them, over the space of nearly three months. That's why I keep saying it's shite. The one I caught last year was the first for five years, I'd had Anti-EXE.A before that, prehistoric. Determined not to catch another one again.
Last edited by Nethlyn on Fri Jul 22, 2005 1:42 pm, edited 1 time in total.

Chickenboy
 
Posts: 6173
Joined: Sat Oct 04, 2003 8:07 pm
Location: Chelmsford

Postby Chickenboy » Fri Jul 22, 2005 1:36 pm

I haven't had a virus for 5 years or so, and this has been the worst one yet. Hmm. I think my PC's finding its feet now, things are starting to speed up again.
Image

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Wed Jul 27, 2005 9:22 am

The about:blank family

There's a whole army of these bastards out there, clogging up IE and taking over your homepage. All the programs in the first sticky will attack and kill them off and it's best to run them in safe mode, but Avast refers to them as

Win32:Startpage-XXX- Trojan, XXX being the number/generation. My mate caught the 076 variety, when i checked Avast's historical tables it's up to around 130 or so now. At least modern Avast has a good chance of killing it off where the other programs might not. The Antivir prog would probably quite happily kill it as well.
Last edited by Nethlyn on Fri Jul 29, 2005 2:05 pm, edited 1 time in total.

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Fri Jul 29, 2005 2:05 pm

Yahoo has redesigned its security centre, even if you don't have a yahoo account it may still have some useful info...

http://uk.security.yahoo.com/

User avatar
Nethlyn
 
Posts: 13645
Joined: Sat Oct 04, 2003 10:44 pm
Location: 2072; still installing Windows 10

Postby Nethlyn » Mon Aug 15, 2005 1:02 pm

Very Long Link Re the new Zotob Worm

It's all there, but just the highlights in case the page gets moved:

Reuters wrote:The ZOTOB virus appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer.

The latest worm exploits security holes in Microsoft's Windows 95, 98, ME, NE, 2000 and XP platforms and can give computer attackers remote access to affected systems, said Trend Micro Inc. (4704.T: Quote, Profile, Research).

"Hundreds of infection reports were sighted in the United States and Germany," Tokyo-based Trend Micro said in a statement released late last week.

"Since most users may not be aware of this newly announced security hole so as to install the necessary patch during last weekend, we can foresee more infections from WORM_ZOTOB," it said.

The latest virus drops a copy of itself into the Windows system folder as BOTZOR.EXE and modifies the system's host file in the infected user's computer to prevent the user getting online assistance from antivirus web sites, Trend Micro added.

It can also connect to a specific Internet relay chat server and give hackers remote control over affected systems, which can be used to infect other unpatched machines in a network and slow down the network performance.


So...get your OS updated with the 9/8 Critical updates and check for an auto-update to your AV or get the definitions yourself if you're driving on manual.

[EDIT]Hit google news and Sci Tech for all the breaking news on this one...looks like the annual MS-targeted late summer virus will be around for a while.

Next

Return to Technology & Hardware

Who is online

Users browsing this forum: No registered users and 3 guests