This is what happens, folks. [Archive] - Glock Talk

PDA

View Full Version : This is what happens, folks.


SamBuca
01-21-2005, 03:51
Set a new record today. All-time high for viruses and spyware. 316 instances of the same virus (different variants) from replication. 78 spyware programs (as in, programs...not files and not cookies). The TCP stack was destroyed from the viruses and spyware so I had to completely redo that (symptom is "limited connectivity" listed for the network device with no net access).

Took roughly 6 hours to completely fix the system...most of which was spent figuring out how to rebuild the TCP stack (the online suggestions didn't work for beans), how to stop the processes from regenerating, and the ever-popular "wait for 10 virus scans and 10 spyware scans to finish". I feel bad since I quoted him so low, so I'm only charging him for 2 hours. At the very least, his work order gets a frame on the wall for the most infected system ever ;)

REAL WORLD SCENARIO (this is not opinion):

1) AVG failed to detect a bunch of viruses hidden within the java jar files. Each time they were loaded, they would replicate and cause havoc again. McAfee found them within the jar files.

2) Ad-Aware, SpyBot, Pest Patrol, etc etc all failed to completely clean the system. MS Anti-Spyware removed the offending software COMPLETELY and SAFELY, as well as actually restoring the hijacked browser. The other programs also failed to stop active processes...they were replicating and regenerating too fast for them to kill them off.

3) Service Pack 2 FIXED a lot of the security related problems...not cause more or degrade security.

All in a day's work ;j

Dyno
01-21-2005, 07:06
This is a great post Sam , many thanks as I am a noob and all the help I can get is greatly appreciated .

Dyno

HerrGlock
01-21-2005, 10:54
Step One: Remove all Microsoft products from your computer...



:cool:
DanH

ToyotaMan
01-21-2005, 13:12
Originally posted by HerrGlock
Step One: Remove all Microsoft products from your computer...



:cool:
DanH


Apple (http://www.apple.com)

NetNinja
01-21-2005, 13:16
There are so me people here who highly recommend AVG.

I stay away from it.

Real world scenario. condensed version

Built win2k server box

installed AVG

Computer assoicates sends out virus update warrning.

I install on all servers.

AVG took one day to release an update

Guess what happened to Win2k machine

removed AVG and installed Computers Associates Etrust antivirus.

fastvfr
01-21-2005, 17:05
AVG removes some viruses, and finds more. I haven't used it since the 7.0 "Upgrade" FUBARed it, personally...

Lately, AVAST! has done a superlative job for me.

BTW, Sam, I hate to upstage you, but I removed over 2470 viruses from a client's PC a few days ago!!;Q

Sinister Angel
01-21-2005, 17:21
Christ, in 6 hours time I would have backed up any needed data, and re-os'd.

SamBuca
01-21-2005, 20:22
Originally posted by Sinister Angel
Christ, in 6 hours time I would have backed up any needed data, and re-os'd.
If it was my own machine, I would have...but I can't just arbitrarily decide what is important and what isn't on someone else's PC.

David_G17
01-21-2005, 22:18
Originally posted by ToyotaMan
Apple (http://www.apple.com)

Free (http://linuxiso.org/)

Washington,D.C.
01-21-2005, 22:30
Originally posted by David_G17
Free (http://linuxiso.org/) http://www.distrowatch.com

Sinister Angel
01-21-2005, 22:41
Originally posted by SamBuca
If it was my own machine, I would have...but I can't just arbitrarily decide what is important and what isn't on someone else's PC.

That is true and why I hate dealing with FUBAR'd machines. I generally ask them if they are willing to do it an explain the reasoning, and I have them tell me exactly what they need saved. It saves ALOT of hassle.

SamBuca
01-22-2005, 00:08
Originally posted by Sinister Angel
That is true and why I hate dealing with FUBAR'd machines. I generally ask them if they are willing to do it an explain the reasoning, and I have them tell me exactly what they need saved. It saves ALOT of hassle.

I enjoy the challenge. I get off on the fact something is impossible, stressful and there's an easier way.

I guess I should be married ;)

Sinister Angel
01-22-2005, 04:48
Originally posted by SamBuca
I enjoy the challenge. I get off on the fact something is impossible, stressful and there's an easier way.

I guess I should be married ;) ;z ;z

Clyde in CO
01-23-2005, 05:24
Originally posted by fastvfr


BTW, Sam, I hate to upstage you, but I removed over 2470 viruses from a client's PC a few days ago!!;Q


yeah, I was working on the machine of a co-worker's daughter.... had around 2700 viruses and lots more spyware than that.

I would have just wiped it and started over, but they didn't have an xp disk.

used avg and ad-aware, got it running but couldn't get it totally clean.

kevfan
01-23-2005, 09:01
Don't know if you guys have seen this, but Microsoft has a new spyware scanner that looks promising:

Link Here (http://www.microsoft.com/athome/security/spyware/software/default.mspx)

Edited: Thanks Sam...

SamBuca
01-23-2005, 14:06
Originally posted by kevfan
Don't know if you guys have seen this, but it's not a bad Spyware program from Microsoft. It's currently in Beta.

Link Here (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
I think you might want to re-read the post :)

LadyG23
01-23-2005, 19:40
Originally posted by Clyde in CO
I would have just wiped it and started over, but they didn't have an xp disk.

I have XP at home and in office - there is NO disk (at least not in the HP's.) Instead of a disk, somehow it's stored on a part of the HD that's protected.

DanH's "Step 1" is sounding better and better, but I have to stay "compatible" with other people. ;Q

Clyde in CO
01-25-2005, 01:34
Originally posted by LadyG23
I have XP at home and in office - there is NO disk (at least not in the HP's.) Instead of a disk, somehow it's stored on a part of the HD that's protected.

DanH's "Step 1" is sounding better and better, but I have to stay "compatible" with other people. ;Q


this was an old old old gateway, didn't have anything like that on it.