GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 12-20-2005, 10:28   #1
Toyman
Senior Member
 
Toyman's Avatar
 
Join Date: May 2003
Location: West Michigan
Posts: 3,867
Holy Viri ridden boxes batman!

So I've just spent 8 hrs yesterday, and 4 hours today cleaning a friends laptop of 34 Viri and Trojans. This being a Windows ME laptop made it even more of a pain.

Lessons learned:

1) AVG anti-virus did not detect the viri that was giving me the worst problem. Avast did, and in memory too.

2) A lot of these viri probably came from online gambling sites, since that's about all they use it for.

3) The culprit of the startup lockups was avpe32.dll (win32.haxdoor-u), which did not show up in any hijacthis, or any other spyware / startup scanners. I still don't know how it was starting up.

4) If a Windows ME machine hasn't ever been updated, run away as fast as you can.

5) A trojan that includes pe.dll can load via a windows hook even in safe mode, making it very hard to remove.
__________________
Mike - A forum post should be like a skirt. Long enough to cover the subject material, but short enough to keep things interesting.
"It's not about the odds, it's about the stakes." -
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Toyman is offline   Reply With Quote
Old 12-20-2005, 10:59   #2
Washington,D.C.
Senior Member
 
Washington,D.C.'s Avatar
 
Join Date: Oct 2003
Location: Woestyn Kusdorp
Posts: 14,180
For Windows 98 and ME try these,


http://majorgeeks.com/a-squared_a%B2...ion_d4281.html(download updates)


http://majorgeeks.com/Disspy_LITE_d4519.html(needs update after first run,and run again)


Best virus detection

http://majorgeeks.com/AntiVir_Person...tion_d955.html


Yahoo toolbar and spyware/trogan remover(good for 98/ME)

http://majorgeeks.com/Yahoo_Toolbar_d4325.html

Adaware and Spybot also find things in Win 98/ME but not as much or as strong aas above.

http://majorgeeks.com/Ad-Aware_SE_Personal_d506.html


http://majorgeeks.com/SpyBot-Search_...roy_d2471.html


Win 98/ME should always get CCleaner

http://majorgeeks.com/CCleaner_d4191.html


SpywareBaster is good protection

http://majorgeeks.com/SpywareBlaster_d2859.html



Needed in Win 98 can save time in ME

http://majorgeeks.com/Diskeeper_Lite_d1207.html
Washington,D.C. is offline   Reply With Quote
Old 12-21-2005, 00:52   #3
funbob
do a lil' dance
 
funbob's Avatar
 
Join Date: Dec 2002
Location: ABQ, NM
Posts: 985
Send a message via ICQ to funbob
It's scary the amount of crap that's on the computers of people who don't know how to protect them. I've pulled similar amounts of viri, trojans, and other goodies off of friends computers. And I can't believe how many people have completely unpatched 98/ME installations. It's scary. Even an old box will run Win2k just fine and that's a huge improvement.
funbob is offline   Reply With Quote
Old 12-21-2005, 05:13   #4
mitchshrader
Deceased
 
Join Date: Jun 2005
Location: Tulsa
Posts: 26,577
2k is the most improvement you can get

if you run 3rd party security.

and that's the truth.

anybody still running ANY 9x version of windows is due to upgrade last year.
__________________
OFFICIAL DISCLAIMER "This guy is a flake, listen at your own risk"
mitchshrader is offline   Reply With Quote
Old 12-21-2005, 06:51   #5
Toyman
Senior Member
 
Toyman's Avatar
 
Join Date: May 2003
Location: West Michigan
Posts: 3,867
As a programmer, I know how Windows works pretty well, and a lot of how things happen in the background. But lately these viri and spyware are getting downright visious in their infiltration of systems.

It has changed my view of who should have a computer. People with no knowledge of computers are going to get infected by just surfing the web. No amount of anti-virus software, anti-spyware, or security updates will completely fix the real problem - people are ignorant and gullable.

When they visit a website, they'll believe any message that the site pops up. ActiveX controls? Yeah, they'll install them. Those cute cursor programs, install. Browser toolbars, sure!

Both with people surfing and people using software, I've seen them click yes or ok WITHOUT ever reading the dialog. When I ask them what the _-_- they did that for, they usually reply with something like "I don't know, it makes it (the dialog) go away." Ok, well, what did it say? Their reply "I don't know, I didn't read it."

The state of malware is becoming an epidemic, more than ever before. Installations with multiple resuscitators, kernel level hooks, and hidden rootkits, it's only a matter of time before they take down a whole bunch of computers - even the experienced users will get hit through a security hole, much like the MSBlaster worm.
__________________
Mike - A forum post should be like a skirt. Long enough to cover the subject material, but short enough to keep things interesting.
"It's not about the odds, it's about the stakes." -
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Toyman is offline   Reply With Quote
Old 12-21-2005, 07:17   #6
Hailstorm
Boom Shacka
 
Hailstorm's Avatar
 
Join Date: Jan 2002
Location: Canton Mi
Posts: 5,578


As a Tech. When its so bad there is nothing you can do. Some how its your fault. I love when there no protection on the pc at all. And its still your fault. Or, they have software, but NEVER ran it. The most commonly said phrase is " it updates by itself" . Makes me feel sorry for some people because they have no clue. Like they turn off the active X stuff and think that will keep there PC safe. Or how about Using Firefox. Yea, that will keep out problems. Even using a MAC isn't fool proof any more. Some of the virii is also damaging hardware.

Helpfull hints:
Back up your data
Have protection for Both Virii and Spyware
Run these programs once a week after updating them
Don't down load program from Bearshare, Kazza or limewire
Be aware when it says down load for free, its not
Keep your OS updated


I also love it when you say your harddrive is bad. They say how did that happen. Then you have to explain, normal use, power surges and virii to name a few. And yes, this is your fault too.
__________________
Practice Random acts of Kindness
Hailstorm is offline   Reply With Quote
Old 12-21-2005, 20:17   #7
epsylum
Boolit Hoze
 
epsylum's Avatar
 
Join Date: Sep 2004
Location: Racing Capital, USA
Posts: 14,373


Quote:
Originally posted by Toyman
As a programmer, I know how Windows works pretty well, and a lot of how things happen in the background. But lately these viri and spyware are getting downright visious in their infiltration of systems.

It has changed my view of who should have a computer. People with no knowledge of computers are going to get infected by just surfing the web. No amount of anti-virus software, anti-spyware, or security updates will completely fix the real problem - people are ignorant and gullable.

When they visit a website, they'll believe any message that the site pops up. ActiveX controls? Yeah, they'll install them. Those cute cursor programs, install. Browser toolbars, sure!

Both with people surfing and people using software, I've seen them click yes or ok WITHOUT ever reading the dialog. When I ask them what the _-_- they did that for, they usually reply with something like "I don't know, it makes it (the dialog) go away." Ok, well, what did it say? Their reply "I don't know, I didn't read it."

The state of malware is becoming an epidemic, more than ever before. Installations with multiple resuscitators, kernel level hooks, and hidden rootkits, it's only a matter of time before they take down a whole bunch of computers - even the experienced users will get hit through a security hole, much like the MSBlaster worm.
AMEN!

I admit to having my own share of virus issues and such, but I do whatever I can to fix them myself, even if it means a good ole' format. But, i have given (yes flat out given) my brother 2 computers in about 2 years. He some how manages to infect them in a matter of weeks with literally hundreds of spyware and viri. He then expects me to fix it or wants to use my computer. I finally break down and fix it to the best of my ability and literally next week we will be back a square one with it loaded with crap. The last one was my old computer I bought about 3 years ago that I gave him when i got a new one. I did a format to clean it out. I put everything he needed to keep it running fine for years to come. It worked for about two weeks. Now it's worthless and I finally told him I am not fixing it any more. If he wants it fixed he can do it himself or pay to have someone do it.

I tell him every time to not just click on things or to be positively sure he knows he is going to safe sites on the net, but I guess it just doesn't sink in. Of course, every time it's "not his fault". ;Q
__________________
Quote:
What are you having trouble with? I'll teach it some respect.
Epsylum (EE-SAI-LUM)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
epsylum is offline   Reply With Quote
Old 12-22-2005, 22:35   #8
Glock Bob
Snack Attack!!!
 
Glock Bob's Avatar
 
Join Date: Aug 2004
Location: Alabama
Posts: 1,076
I work IT for a school system with about 900 machines. Earlier this year we had an outbreak of hacktool.rootkit and w32.spybot worm. Some systems run Win98 (which we'll hopefully slowly start to replace), some XP Pro, a few XP Home (how they got there we don't know, probably ordered behind our backs), but most run Win2kPro. We have Symantec set up on the server and clients are supposed to run on every system. However, not every computer is set up properly and some were set up and Symantec never installed (ie not set up by me, my coworker, or my boss). So many systems were infected and transmitting packets that we had to shut off all but port 80 as the phones use the same wireless system and they were shutting down completely. It's amazing how determined these viri are. I had one machine that had 95,383 in quarantine. Alot are way on up there as well, somewhere in the 20,000 to 60,000 mark. It got so bad that we've started going to every single machine and making sure Symantec is installed and up-to-date as well as running Windows Update.
__________________
In memory of Christopher James Roy, killed in action, November 28, 2005, and Eric Harless, taken by cancer April 29, 2006. We hardly knew you. May you each rest in peace.
Glock Bob is offline   Reply With Quote
Old 12-23-2005, 08:48   #9
RaiderRodney
Just Win Baby
 
RaiderRodney's Avatar
 
Join Date: May 2003
Location: North Carolina
Posts: 660
I agree with you all. I tell people all the time how sorry I feel for those that go and buy a computer from Bestbuy or Circuit City. They deal with people that don't really know their stuff and just want to sell. Then they get home and get it setup...go online...and in a matter of minutes are probably infected. All we can do is try to inform them a little I guess :(
RaiderRodney is offline   Reply With Quote
Old 12-23-2005, 17:11   #10
epsylum
Boolit Hoze
 
epsylum's Avatar
 
Join Date: Sep 2004
Location: Racing Capital, USA
Posts: 14,373


Quote:
Originally posted by Glock Bob
I work IT for a school system with about 900 machines. Earlier this year we had an outbreak of hacktool.rootkit and w32.spybot worm. Some systems run Win98 (which we'll hopefully slowly start to replace), some XP Pro, a few XP Home (how they got there we don't know, probably ordered behind our backs), but most run Win2kPro. We have Symantec set up on the server and clients are supposed to run on every system. However, not every computer is set up properly and some were set up and Symantec never installed (ie not set up by me, my coworker, or my boss). So many systems were infected and transmitting packets that we had to shut off all but port 80 as the phones use the same wireless system and they were shutting down completely. It's amazing how determined these viri are. I had one machine that had 95,383 in quarantine. Alot are way on up there as well, somewhere in the 20,000 to 60,000 mark. It got so bad that we've started going to every single machine and making sure Symantec is installed and up-to-date as well as running Windows Update.
The college I go to has a program (not sure what it's called), that basically has a default setting for the whole computer. You can do anything you want to it, but as soon as you restart it, it goes right back to the default setting and everything that was there before is gone and back the way it was orginally. Kinda pain since you can't save you work to the HD, but I guess that's why they make USB flash drives.

Becasue of this setup they don't have any real security settings on thier browsers, which I like. So I can go to any site that I want without having to fear it blocking me for some reason (mainly gun sites )

I think that setup may help you and your school out. Just wish I could remember what it's called.
__________________
Quote:
What are you having trouble with? I'll teach it some respect.
Epsylum (EE-SAI-LUM)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
epsylum is offline   Reply With Quote
Old 12-24-2005, 09:50   #11
Bronson7
Senior Member
 
Join Date: May 2002
Location: Murray,Kentucky
Posts: 1,205
My brothers routinely surf with no FW, no AV!!!!!!!!!
Naturally, their computers are constantly being infected. I've refused to help them anymore. The big thing nowadays for a pc owner is you have to be PRO-ACTIVE. many just won't take the time to update their pc's nor are they willing to learn. I think that's why a lot of folks get sucked in to the whole AOHell thing (junk).
Bronson7
Bronson7 is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 17:40.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 1,078
279 Members
799 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31