Debate, and discuss, just dont Bore me.
But still not perfect
Published on April 22, 2011 By Dr Guy In Personal Computing

Those damn malware writers are getting better,.   I had the unfortunate opportunity to run into the latest.  You know the ones - "Your computer is infected!!!" and the infection is the warning.  This one defied all tricks that I have learned and even some picked up from here!

1, It infected the "all user" profile, so no booting with a different account.

2. It polluted the registry with tons of launch points and actually replaced windows launch points so simple deletion would not work (then windows would not).

3.It also prevented access to USB devices!  That one was clever (I Thought at first my memory stick was bad - nope!  It just said it was). 

4. It disabled System restore

It seemed to have all the bases covered!  But again it forgot one.  I was able to extract all data from it (even though it kept infecting any USB device I installed on it - but I do not allow autorun period.

The one thing it forgot is the same one another one forgot - the command line.  I am not going to try to repair the computer (it is one of mine, but a friend's son was using it).  Once I got my data off of it, reformat and re-install!  So no new tips on getting rid of this one.  just the details of what it was doing.  Nasty bastards!  I hope there is a special place in hell for these jerks.

 


Comments (Page 2)
2 Pages1 2 
on Apr 27, 2011

Which site did you get this malware? The witcher wiki? I guess it's one of those fan made ones, isnt it?

on Apr 27, 2011

hang 'em from a very long rope off the Golden Gate bridge

Stay ugly....go with the brooklyn bridge.

on Apr 28, 2011

Thoumsin
For a Linux live disk, related to security, i use Knoppix STD for repair ( kubuntu/Win xp pro x64/opensolaris for normal use )... a list of the tools can be found at http://s-t-d.org/tools.html ... if you don't like Knoppix STD, take a look at http://www.knoppix.net/wiki/Security_Live_CD , you have several choice... Helix3 pro is very good but at 239$ by year, it is more a tool for people in the security business...

Usual Linux live disk have not always the needed tools for repair... only a security live CD/DVD can maybe have all the tools you need...

I'll take a look at them.  I am not a Linux Snob, so will use any one that does the job (I am also not a power user, so have not gotten into the super secrets of each distro).  Thanks for the suggestion.

coreimpulse
Which site did you get this malware? The witcher wiki? I guess it's one of those fan made ones, isnt it?

The one poster got it from there - I have no clue where the kid got the one that infected my computer.

on Apr 28, 2011

There appears to be no end as to how many times I have to repeat this.

 

Decide what is more important.... money or time.

If it's time: http://www.acronis.com/homecomputing/products/trueimage/

If it's money....well... than carry on...............

on Apr 28, 2011

My father-in-law had a really nasty virus. Dam thing had completely locked down the computer to prevent anyone from killing it. Couldn't access CMD, install anti-vorus, bring up the task manager, hell, couldn't even browse to websites that checked for viruses.

The only reason I was able to beat it without reinstalling Windows was that my father in law's PC was so slow because it only had 512 MBs of memory for Windows Vista that the virus program actually crashed and then i was able to whip the dam thing off the PC by installing an antivirus on it since the other one got screwed by the virus.

Amazing how the lack on memory was the deciding factor in the defeat of this virus. LOL.

on Apr 28, 2011

Dr Guy
I'll take a look at them.  I am not a Linux Snob, so will use any one that does the job (I am also not a power user, so have not gotten into the super secrets of each distro).  Thanks for the suggestion.

Well, the problem is that the best tools are command line tools... so a young guy who have always work with a GUI system will have some difficulty... but older guy who have experience with command line ( like old MS-DOS ) will feel a little more confort... if you know how to call man pages in command line mode, there will be no big problem...

 

@ CharlesCS

My father-in-law had a really nasty virus. Dam thing had completely locked down the computer to prevent anyone from killing it. Couldn't access CMD, install anti-vorus, bring up the task manager, hell, couldn't even browse to websites that checked for viruses.

The only reason I was able to beat it without reinstalling Windows was that my father in law's PC was...

It is the point of a live CD/DVD... the OS is on the CD/DVD... so, the infected OS is not running when we try to heal it...

Anyway, for these with windows XP, or server 2003... and who are not confortable with Linux, take a look at http://www.nu2.nu/pebuilder/ ... Microsoft have a PE version who is command line ( only for OEM and Enterprise customers ) but the BartPE version have a GUI ( everybody can have it and use it )... if you have a legit windows version, you can build your own windows life CD/DVD and use it for repair in case of problem with your harddrive OS... Since windows PE and the non official BartPE can connect to the internet, it can be used for download virus definition and scan infected hard drive... 

For windows 7, look at http://www.youtube.com/watch?v=NmxLNa6UlmA or http://www.youtube.com/watch?v=o_uNn7ItLes ...

For these with more experience, it is possible to make a DVD/USB with a bootloader and various OS on it ( XP, Win 7, Knoppix, and more... )... http://www.youtube.com/watch?v=W_O1aL_sPig ... have made one with opensolaris, knoppix, Vista, Win xp pro x64 on a USB drive of 16 gb...

on Apr 29, 2011

There appears to be no end as to how many times I have to repeat this.

 

Decide what is more important.... money or time.

If it's time: http://www.acronis.com/homecomputing/products/trueimage/

If it's money....well... than carry on...............

There is a 3rd point as well.  While inconvenient, I do not use that for most of my computers so that when I do get infected, I have a very controlled and totally owned environment to check it out and figure out how to fight it.  So that when a computer I have no control over (mother's Aunt's, etc.) gets infected, I then know what to do as I know they will not have spent the money.

on Apr 29, 2011

Thoumsin
Well, the problem is that the best tools are command line tools... so a young guy who have always work with a GUI system will have some difficulty... but older guy who have experience with command line ( like old MS-DOS ) will feel a little more confort... if you know how to call man pages in command line mode, there will be no big problem...

I once told an "engineer" that if he did not know the command line, he would not be a computer engineer for long!  That has saved me more than once, and while I never expect my wife or mother to use it, I sure as hell expect another engineer to know how to use it!

2 Pages1 2