Holy Viri ridden boxes batman! [Archive] - Glock Talk

PDA

View Full Version : Holy Viri ridden boxes batman!


Toyman
12-20-2005, 10:28
So I've just spent 8 hrs yesterday, and 4 hours today cleaning a friends laptop of 34 Viri and Trojans. This being a Windows ME laptop made it even more of a pain.

Lessons learned:

1) AVG anti-virus did not detect the viri that was giving me the worst problem. Avast did, and in memory too.

2) A lot of these viri probably came from online gambling sites, since that's about all they use it for.

3) The culprit of the startup lockups was avpe32.dll (win32.haxdoor-u), which did not show up in any hijacthis, or any other spyware / startup scanners. I still don't know how it was starting up.

4) If a Windows ME machine hasn't ever been updated, run away as fast as you can.

5) A trojan that includes pe.dll can load via a windows hook even in safe mode, making it very hard to remove.

Washington,D.C.
12-20-2005, 10:59
For Windows 98 and ME try these,


http://majorgeeks.com/a-squared_a%B2_Free_edition_d4281.html(download updates)


http://majorgeeks.com/Disspy_LITE_d4519.html(needs update after first run,and run again)


Best virus detection

http://majorgeeks.com/AntiVir_Personal_Edition_d955.html


Yahoo toolbar and spyware/trogan remover(good for 98/ME)

http://majorgeeks.com/Yahoo_Toolbar_d4325.html

Adaware and Spybot also find things in Win 98/ME but not as much or as strong aas above.

http://majorgeeks.com/Ad-Aware_SE_Personal_d506.html


http://majorgeeks.com/SpyBot-Search_&_Destroy_d2471.html


Win 98/ME should always get CCleaner

http://majorgeeks.com/CCleaner_d4191.html


SpywareBaster is good protection

http://majorgeeks.com/SpywareBlaster_d2859.html



Needed in Win 98 can save time in ME

http://majorgeeks.com/Diskeeper_Lite_d1207.html

funbob
12-21-2005, 00:52
It's scary the amount of crap that's on the computers of people who don't know how to protect them. I've pulled similar amounts of viri, trojans, and other goodies off of friends computers. And I can't believe how many people have completely unpatched 98/ME installations. It's scary. Even an old box will run Win2k just fine and that's a huge improvement.

mitchshrader
12-21-2005, 05:13
if you run 3rd party security.

and that's the truth.

anybody still running ANY 9x version of windows is due to upgrade last year.

Toyman
12-21-2005, 06:51
As a programmer, I know how Windows works pretty well, and a lot of how things happen in the background. But lately these viri and spyware are getting downright visious in their infiltration of systems.

It has changed my view of who should have a computer. People with no knowledge of computers are going to get infected by just surfing the web. No amount of anti-virus software, anti-spyware, or security updates will completely fix the real problem - people are ignorant and gullable.

When they visit a website, they'll believe any message that the site pops up. ActiveX controls? Yeah, they'll install them. Those cute cursor programs, install. Browser toolbars, sure!

Both with people surfing and people using software, I've seen them click yes or ok WITHOUT ever reading the dialog. When I ask them what the _-_- they did that for, they usually reply with something like "I don't know, it makes it (the dialog) go away." Ok, well, what did it say? Their reply "I don't know, I didn't read it."

The state of malware is becoming an epidemic, more than ever before. Installations with multiple resuscitators, kernel level hooks, and hidden rootkits, it's only a matter of time before they take down a whole bunch of computers - even the experienced users will get hit through a security hole, much like the MSBlaster worm.

Hailstorm
12-21-2005, 07:17
As a Tech. When its so bad there is nothing you can do. Some how its your fault. I love when there no protection on the pc at all. And its still your fault. Or, they have software, but NEVER ran it. The most commonly said phrase is " it updates by itself" . Makes me feel sorry for some people because they have no clue. Like they turn off the active X stuff and think that will keep there PC safe. Or how about Using Firefox. Yea, that will keep out problems. Even using a MAC isn't fool proof any more. Some of the virii is also damaging hardware.

Helpfull hints:
Back up your data
Have protection for Both Virii and Spyware
Run these programs once a week after updating them
Don't down load program from Bearshare, Kazza or limewire
Be aware when it says down load for free, its not
Keep your OS updated


I also love it when you say your harddrive is bad. They say how did that happen. Then you have to explain, normal use, power surges and virii to name a few. And yes, this is your fault too.

epsylum
12-21-2005, 20:17
Originally posted by Toyman
As a programmer, I know how Windows works pretty well, and a lot of how things happen in the background. But lately these viri and spyware are getting downright visious in their infiltration of systems.

It has changed my view of who should have a computer. People with no knowledge of computers are going to get infected by just surfing the web. No amount of anti-virus software, anti-spyware, or security updates will completely fix the real problem - people are ignorant and gullable.

When they visit a website, they'll believe any message that the site pops up. ActiveX controls? Yeah, they'll install them. Those cute cursor programs, install. Browser toolbars, sure!

Both with people surfing and people using software, I've seen them click yes or ok WITHOUT ever reading the dialog. When I ask them what the _-_- they did that for, they usually reply with something like "I don't know, it makes it (the dialog) go away." Ok, well, what did it say? Their reply "I don't know, I didn't read it."

The state of malware is becoming an epidemic, more than ever before. Installations with multiple resuscitators, kernel level hooks, and hidden rootkits, it's only a matter of time before they take down a whole bunch of computers - even the experienced users will get hit through a security hole, much like the MSBlaster worm.

AMEN!

I admit to having my own share of virus issues and such, but I do whatever I can to fix them myself, even if it means a good ole' format. But, i have given (yes flat out given) my brother 2 computers in about 2 years. He some how manages to infect them in a matter of weeks with literally hundreds of spyware and viri. He then expects me to fix it or wants to use my computer. I finally break down and fix it to the best of my ability and literally next week we will be back a square one with it loaded with crap. The last one was my old computer I bought about 3 years ago that I gave him when i got a new one. I did a format to clean it out. I put everything he needed to keep it running fine for years to come. It worked for about two weeks. Now it's worthless and I finally told him I am not fixing it any more. If he wants it fixed he can do it himself or pay to have someone do it.

I tell him every time to not just click on things or to be positively sure he knows he is going to safe sites on the net, but I guess it just doesn't sink in. Of course, every time it's "not his fault". ;Q

Glock Bob
12-22-2005, 22:35
I work IT for a school system with about 900 machines. Earlier this year we had an outbreak of hacktool.rootkit and w32.spybot worm. Some systems run Win98 (which we'll hopefully slowly start to replace), some XP Pro, a few XP Home (how they got there we don't know, probably ordered behind our backs), but most run Win2kPro. We have Symantec set up on the server and clients are supposed to run on every system. However, not every computer is set up properly and some were set up and Symantec never installed (ie not set up by me, my coworker, or my boss). So many systems were infected and transmitting packets that we had to shut off all but port 80 as the phones use the same wireless system and they were shutting down completely. It's amazing how determined these viri are. I had one machine that had 95,383 in quarantine. Alot are way on up there as well, somewhere in the 20,000 to 60,000 mark. It got so bad that we've started going to every single machine and making sure Symantec is installed and up-to-date as well as running Windows Update.

RaiderRodney
12-23-2005, 08:48
I agree with you all. I tell people all the time how sorry I feel for those that go and buy a computer from Bestbuy or Circuit City. They deal with people that don't really know their stuff and just want to sell. Then they get home and get it setup...go online...and in a matter of minutes are probably infected. All we can do is try to inform them a little I guess :(

epsylum
12-23-2005, 17:11
Originally posted by Glock Bob
I work IT for a school system with about 900 machines. Earlier this year we had an outbreak of hacktool.rootkit and w32.spybot worm. Some systems run Win98 (which we'll hopefully slowly start to replace), some XP Pro, a few XP Home (how they got there we don't know, probably ordered behind our backs), but most run Win2kPro. We have Symantec set up on the server and clients are supposed to run on every system. However, not every computer is set up properly and some were set up and Symantec never installed (ie not set up by me, my coworker, or my boss). So many systems were infected and transmitting packets that we had to shut off all but port 80 as the phones use the same wireless system and they were shutting down completely. It's amazing how determined these viri are. I had one machine that had 95,383 in quarantine. Alot are way on up there as well, somewhere in the 20,000 to 60,000 mark. It got so bad that we've started going to every single machine and making sure Symantec is installed and up-to-date as well as running Windows Update.

The college I go to has a program (not sure what it's called), that basically has a default setting for the whole computer. You can do anything you want to it, but as soon as you restart it, it goes right back to the default setting and everything that was there before is gone and back the way it was orginally. Kinda pain since you can't save you work to the HD, but I guess that's why they make USB flash drives.

Becasue of this setup they don't have any real security settings on thier browsers, which I like. So I can go to any site that I want without having to fear it blocking me for some reason (mainly gun sites ;))

I think that setup may help you and your school out. Just wish I could remember what it's called.

Bronson7
12-24-2005, 09:50
My brothers routinely surf with no FW, no AV!!!!!!!!!
Naturally, their computers are constantly being infected. I've refused to help them anymore. The big thing nowadays for a pc owner is you have to be PRO-ACTIVE. many just won't take the time to update their pc's nor are they willing to learn. I think that's why a lot of folks get sucked in to the whole AOHell thing (junk).
Bronson7