Pennock's Fiero Forum
  General Fiero Chat - Archive
  Virus issues on PFF?

T H I S   I S   A N   A R C H I V E D   T O P I C
  

Email This Page to Someone! | Printable Version


Virus issues on PFF? by DLCLK87GT
Started on: 05-22-2011 10:25 AM
Replies: 37
Last post by: aaronkoch on 05-26-2011 01:01 PM
DLCLK87GT
Member
Posts: 2684
From: South Jersey, USA
Registered: Feb 2009


Feedback score:    (9)
Leave feedback

Rate this member

Report this Post05-22-2011 10:25 AM Click Here to See the Profile for DLCLK87GTSend a Private Message to DLCLK87GTDirect Link to This Post
Recently my work and home computers were infected with one of those damn computer viruses that pose as virus scan programs. This one was actually saying it was McCafee Anti Virus 2011 and looked really legit. I’m wondering if anybody else has seen this? I don’t do much with my work PC other than work but occasional will go to PFF and CL to see what’s up. I wonder if it came from PFF? I don’t post to CL so it would be harder to get something from there where PFF I sign in and post to topics.

For those of you unaware these hijack programs will pop up a window that says “this is such and such Anti Virus Removal Tool” and “your computer is infected and it needs to run a scan”. If you fall for it and hit the “scan now” button you will actually download all sorts of crap that can really screw up your PC. Knowing that I do not have McCafee (Norton) I didn’t hit the button and ran several real anti-virus programs to get rid of it. FYI Malwarebytes is a great free program for getting rid of these things.
IP: Logged
PFF
System Bot
datacop
Member
Posts: 1426
From: Indianapolis, IN, USA
Registered: Jan 2004


Feedback score: (5)
Leave feedback





Total ratings: 52
Rate this member

Report this Post05-22-2011 10:28 AM Click Here to See the Profile for datacopClick Here to visit datacop's HomePageClick Here to Email datacopSend a Private Message to datacopDirect Link to This Post
Never seen anything like that happening here on PFF...
IP: Logged
87antuzzi
Member
Posts: 11151
From: Surrounded by corn.
Registered: Feb 2009


Feedback score:    (9)
Leave feedback





Total ratings: 227
Rate this member

Report this Post05-22-2011 10:32 AM Click Here to See the Profile for 87antuzziClick Here to Email 87antuzziSend a Private Message to 87antuzziDirect Link to This Post
Yes PFF has viruses.....Its called fieros. They get into your wallet and really do a number. They also attack the registry is your head making you think that other car parts were made for the fiero. Only thing that can remove it is a Ferrari.
IP: Logged
ALJR
Member
Posts: 3765
From: Massachusetts
Registered: Jul 2009


Feedback score:    (18)
Leave feedback

Rate this member

Report this Post05-22-2011 12:16 PM Click Here to See the Profile for ALJRClick Here to Email ALJRSend a Private Message to ALJRDirect Link to This Post
I havent goten anything from PFF, but I did get hit ones from somewhere else. It was a legit looking Windows Defender anti-virus pop-up... I used Malwarebytes to remove it...

[This message has been edited by ALJR (edited 05-22-2011).]

IP: Logged
86_fiero_gt_92
Member
Posts: 452
From: toronto, ontario, canada
Registered: Nov 2007


Feedback score: (1)
Leave feedback

Rate this member

Report this Post05-22-2011 04:23 PM Click Here to See the Profile for 86_fiero_gt_92Click Here to Email 86_fiero_gt_92Send a Private Message to 86_fiero_gt_92Direct Link to This Post
ya i got the one that looked like it was a windows anti-virus did a system restore and now its fine
IP: Logged
dratts
Member
Posts: 8373
From: Coeur d' alene Idaho USA
Registered: Apr 2001


Feedback score: N/A
Leave feedback





Total ratings: 119
Rate this member

Report this Post05-22-2011 09:03 PM Click Here to See the Profile for drattsClick Here to Email drattsSend a Private Message to drattsDirect Link to This Post
I've been duped by those twice now. The last time it said "windows web security and had a multicolor icon that I didn't spot the different shape til I had started the scan etc. I didn't realize my mistake until they asked for money. Why can't they be prosecuted for all the damage they cause? The first time it happened it took a computer expert an hour to get rid of it. He is a friend but he charges $200 an hour.
IP: Logged
ALJR
Member
Posts: 3765
From: Massachusetts
Registered: Jul 2009


Feedback score:    (18)
Leave feedback

Rate this member

Report this Post05-22-2011 09:30 PM Click Here to See the Profile for ALJRClick Here to Email ALJRSend a Private Message to ALJRDirect Link to This Post
Use Malwarebytes, its free... Run the full scan and it catches and removes all the files the virus stores on your computer... Unlike some of those other scans that only find and list the viruses, then make you pay for the full version to remove them, Malwarebytes does it all for free...
IP: Logged
blackrams
Member
Posts: 28675
From: Hattiesburg, MS, USA
Registered: Feb 2003


Feedback score:    (7)
Leave feedback





Total ratings: 223
Rate this member

Report this Post05-22-2011 09:47 PM Click Here to See the Profile for blackramsClick Here to Email blackramsSend a Private Message to blackramsDirect Link to This Post
OK, a question for you smart guys. I used goggle to search for malwarebytes and came up with a bunch of options. Which one do I need to download and which ones are a trap?

------------------
Ron

IP: Logged
wikid_one
Member
Posts: 2838
From: Ocean City, MD
Registered: Dec 2003


Feedback score:    (8)
Leave feedback





Total ratings: 59
Rate this member

Report this Post05-22-2011 11:47 PM Click Here to See the Profile for wikid_oneClick Here to Email wikid_oneSend a Private Message to wikid_oneDirect Link to This Post
IP: Logged
IMSA GT
Member
Posts: 8725
From: Smogfornia
Registered: Aug 2007


Feedback score: (5)
Leave feedback





Total ratings: 241
Rate this member

Report this Post05-22-2011 11:54 PM Click Here to See the Profile for IMSA GTClick Here to Email IMSA GTSend a Private Message to IMSA GTDirect Link to This Post
 
quote
Originally posted by blackrams:

OK, a question for you smart guys. I used goggle to search for malwarebytes and came up with a bunch of options. Which one do I need to download and which ones are a trap?



For the new guys to computers, one of the big things to know is that if your computer is infected with some of the more powerful viruses out there, you may not be able to even load the antivirus/spyware program. It may fail during the installation. With that said, I have only encountered 1 attempted virus with Pennock's and that was through a link in the O/T. I reloaded the page and the attempted virus did not link again so I was able to view the web page. I think Cliff has this all figured out since I have NEVER gotten a virus from here.
IP: Logged
ALJR
Member
Posts: 3765
From: Massachusetts
Registered: Jul 2009


Feedback score:    (18)
Leave feedback

Rate this member

Report this Post05-23-2011 12:06 AM Click Here to See the Profile for ALJRClick Here to Email ALJRSend a Private Message to ALJRDirect Link to This Post
 
quote
Originally posted by IMSA GT:


For the new guys to computers, one of the big things to know is that if your computer is infected with some of the more powerful viruses out there, you may not be able to even load the antivirus/spyware program. It may fail during the installation.


True, they also give you instructions on how to bypass the virus booting up; thus allowing you to run the antivirus software. You "may" need to use another PC to obtain the information because depending on the virus, it may not allow you to even open your internet browser (like the virus I got)...
IP: Logged
PFF
System Bot
Khw
Member
Posts: 11131
From: South Weber, UT. U.S.A.
Registered: Jun 2008


Feedback score: (1)
Leave feedback





Total ratings: 134
Rate this member

Report this Post05-23-2011 01:50 AM Click Here to See the Profile for KhwClick Here to Email KhwSend a Private Message to KhwDirect Link to This Post
 
quote
Originally posted by ALJR:


True, they also give you instructions on how to bypass the virus booting up; thus allowing you to run the antivirus software. You "may" need to use another PC to obtain the information because depending on the virus, it may not allow you to even open your internet browser (like the virus I got)...


Ctrl, alt, del end task internet. Then run a scan.

So many of them lately have it done in such a way if you hit cancel it returns you to the download and if you hit continue it returns you tot he download.

[This message has been edited by Khw (edited 05-23-2011).]

IP: Logged
Genopsyde
Member
Posts: 774
From: Willoughby, Ohio USA
Registered: Dec 2007


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 01:51 AM Click Here to See the Profile for GenopsydeClick Here to visit Genopsyde's HomePageSend a Private Message to GenopsydeDirect Link to This Post
I've had that fake popup many times, saying that my windows c: drive is infected. I just shake my head and close it...

I run Linux btw...
IP: Logged
DLCLK87GT
Member
Posts: 2684
From: South Jersey, USA
Registered: Feb 2009


Feedback score:    (9)
Leave feedback

Rate this member

Report this Post05-23-2011 10:40 AM Click Here to See the Profile for DLCLK87GTSend a Private Message to DLCLK87GTDirect Link to This Post
http://download.cnet.com/Ma...572.html?tag=mncol;1

 
quote
Originally posted by IMSA GT:
For the new guys to computers, one of the big things to know is that if your computer is infected with some of the more powerful viruses out there, you may not be able to even load the antivirus/spyware program. It may fail during the installation.


That's exactly what happened to me here at work. I didn’t have Malwarebytes already installed and this virus was trying to prevent me from installing it. Luckily I know computers and was able to deactivate the virus enough to get it installed. That’s why I was saying if you don’t have it, you should get it now. Those not good with PC programming would have been SOL and probably paying somebody to fix it.
IP: Logged
weloveour86se
Member
Posts: 4289
From: maine
Registered: Feb 2011


Feedback score:    (115)
Leave feedback





Total ratings: 75
Rate this member

Report this Post05-23-2011 11:19 AM Click Here to See the Profile for weloveour86seSend a Private Message to weloveour86seDirect Link to This Post
would my Nortons protect me?
IP: Logged
DLCLK87GT
Member
Posts: 2684
From: South Jersey, USA
Registered: Feb 2009


Feedback score:    (9)
Leave feedback

Rate this member

Report this Post05-23-2011 12:25 PM Click Here to See the Profile for DLCLK87GTSend a Private Message to DLCLK87GTDirect Link to This Post
 
quote
Originally posted by weloveour86se:

would my Nortons protect me?


Yes and no. I have Norton 360 at home and this still got onto my machine. That Malware software is what you need in addition to a good antivirus. Can't have too much protection.
IP: Logged
dobey
Member
Posts: 11572
From:
Registered: Sep 2001


Feedback score: N/A
Leave feedback





Total ratings: 371
User Banned

Report this Post05-23-2011 12:46 PM Click Here to See the Profile for dobeySend a Private Message to dobeyDirect Link to This Post
 
quote
Originally posted by DLCLK87GT:
That's exactly what happened to me here at work. I didn’t have Malwarebytes already installed and this virus was trying to prevent me from installing it. Luckily I know computers and was able to deactivate the virus enough to get it installed. That’s why I was saying if you don’t have it, you should get it now. Those not good with PC programming would have been SOL and probably paying somebody to fix it.


It has absolutely nothing to do with programming.

It is so degrading to associate simple things like "installing a random app" and "killing running programs at random in task manager" as programming. It's an insult to anyone who actually does write software for a living.
IP: Logged
elusivedotone
Member
Posts: 231
From: Capital City, MI
Registered: Feb 2011


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:09 PM Click Here to See the Profile for elusivedotoneClick Here to Email elusivedotoneSend a Private Message to elusivedotoneDirect Link to This Post
Thought I would shed some light onto this. As my norton's subscription went out a weeks back, and I accidentally got specifically the MS Removal Tool "Rogue Anti-Spyware" which will block your systems spyware/virus/trojan ect protection programs. Also I had System Tools 2011 which looks familar to AGV if I remember correctly. I'm usually good about not getting rogue anti-spyware, but somehow I got it or my roommate got it on my computer as I have gone almost 15 years without any serious virus'/trojans/spyware.

If for some reason anyone happens to get these

http://www.bleepingcomputer...move-ms-removal-tool to remove MS Removal Tool

http://www.bleepingcomputer...l/remove-system-tool system tool removal

the main thing to do so when you reboot from safe mode it doesnt manifest itself back into your system, is to follow the directions and make sure you delete the associated registry paths associated to them while in safe mode before you reboot in normal mode. Also you could also try a system restore from a previous state first to see if that works but most likely it wont.

For those these days that arnt super computer savvy I would recommend buying the full version of Malware Btyes for the realtime protection. My other recommendations in my opinion that I use are also SUPERantispyware, Registry Mechanic, and either BitDefender Antivirus or Kapersky Antivirus. Just my 2 cents.
IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:13 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
Preface to below: Install and run Linux if you can. If you want to run windows, read on:

As an IT manager, I have 4 humble suggestions for the masses, and if you've got windows 7 already, they're free.

Suggestion 1)
Run windows 7, make sure it's up to date. The 64 bit version of Windows 7 is safer. Setup automatic updates to run daily. Install updates, restart, repeat until no more updates available. Make sure your firewall is enabled. (Firewall is on by default)

Suggestion 2)
Create 1 administrator account on your machine, and name it something goofy / funny, like "master" or "god". Give it a long password. Then, create other "user" accounts that AREN'T administrators for you to use on a daily basis. Then, you can't accidentally break windows or install crapware without windows 7 prompting you for the admin password. PAY ATTENTION: make DAMN sure you know why windows is asking you for that password before typing it in when using your machine. If you don't know, hit cancel.
This only works if a) you NEVER log on as the administrator account, and b) you only type in that admin password for known items ("I'm installing Office, and it asks me for my password to install office.")

suggestion 3)
Download and run microsoft security essentials. If you're running some other malware / AV software, uninstall it first. I don't care if you paid $50 for it. MSE's good, works well, won't slow your machine down, and it's free (and updates along with windows).

Suggestion 4)
Download Google Chrome, or Firefox (I prefer Chrome), and run only that. 99% of the web crapware out there is Active-X based, which only affects internet explorer.
If you're one of those people who insists on using Internet explorer, or need to for a certain site/app, then download IE9 (actually, it would have been installed if you followed suggestion 1) and "Use recommended settings" on first run.


If you follow all 4 of the above suggestions, that will prevent 99.999999999% of all possible attacks while surfing the web.


Some other tidbits:
- You never "need to download a plugin" to view normal web content (the only exception to this is flash for internet explorer, but get it from adobe directly).
- You will not be prompted for your windows admin account password unless you are trying to make a global windows change, or install software that affects all users or the windows installation.
- File sharing sites, downloading music / video, torrent sites are ALL inherently dangerous. There is no safe way to get something for free that isn't free for everybody. This is true for all facets of life.
- All of the fake AntiVirus thingies I've seen to date only work on Internet Explorer. If you DO happen to get that first pop-up, before you click ANYTHING yank the power cord out of the PC. Yes, this is slightly dangerous for any open files, but far less dangerous that clicking anything on that popup (including the little 'x' to close the window).

Do these 4 things. Every IT person that supports your machine will thank you. You can rebuild a relationship with IT people in your lives without them cringing every time you call them.


------------------


Currently in the middle of my 88 + 3800NA swap

[This message has been edited by aaronkoch (edited 05-23-2011).]

IP: Logged
elusivedotone
Member
Posts: 231
From: Capital City, MI
Registered: Feb 2011


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:20 PM Click Here to See the Profile for elusivedotoneClick Here to Email elusivedotoneSend a Private Message to elusivedotoneDirect Link to This Post
 
quote
Originally posted by aaronkoch:

As an IT manager, I have 4 humble suggestions for the masses, and if you've got windows 7 already, they're free.

Suggestion 1)
Run windows 7, make sure it's up to date. The 64 bit version of Windows 7 is safer. Setup automatic updates to run daily. Install updates, restart, repeat until no more updates available. Make sure your firewall is enabled. (Firewall is on by default)

Suggestion 2)
Create 1 administrator account on your machine, and name it something goofy / funny, like "master" or "god". Give it a long password. Then, create other "user" accounts that AREN'T administrators for you to use on a daily basis. Then, you can't accidentally break windows or install crapware without windows 7 prompting you for the admin password. PAY ATTENTION: make DAMN sure you know why windows is asking you for that password before typing it in when using your machine. If you don't know, hit cancel.
This only works if a) you NEVER log on as the administrator account, and b) you only type in that admin password for known items ("I'm installing Office, and it asks me for my password to install office.")

suggestion 3)
Download and run microsoft security essentials. If you're running some other malware / AV software, uninstall it first. I don't care if you paid $50 for it. MSE's good, works well, won't slow your machine down, and it's free (and updates along with windows).

Suggestion 4)
Download Google Chrome, or Firefox (I prefer Chrome), and run only that. 99% of the web crapware out there is Active-X based, which only affects internet explorer.
If you're one of those people who insists on using Internet explorer, or need to for a certain site/app, then download IE9 (actually, it would have been installed if you followed suggestion 1) and "Use recommended settings" on first run.


If you follow all 4 of the above suggestions, that will prevent 99.999999999% of all possible attacks while surfing the web.


Some other tidbits:
- You never "need to download a plugin" to view normal web content (the only exception to this is flash for internet explorer, but get it from adobe directly).
- You will not be prompted for your windows admin account password unless you are trying to make a global windows change, or install software that affects all users or the windows installation.


Do these 4 things. Every IT person that supports your machine will thank you. You can rebuild a relationship with IT people in your lives without them cringing every time you call them.



Great advice. Only thing with me was for some reason my MSE did not catch the MS Removal Tool rogue antivirus for some reason? Any idea's why? But again great advice. Also a note of caution if a "Scanner" of any type loads within any Browser and starts to "scan" and say you have such and such virus. Dont download whatever they want you to download to "fix" it.
IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:28 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
 
quote
Originally posted by elusivedotone:


Great advice. Only thing with me was for some reason my MSE did not catch the MS Removal Tool rogue antivirus for some reason? Any idea's why? But again great advice. Also a note of caution if a "Scanner" of any type loads within any Browser and starts to "scan" and say you have such and such virus. Dont download whatever they want you to download to "fix" it.


It doesn't catch it, because it presents as a normal download and run program. If you have UAC on by default (windows 7 or vista), it pops up asking you if you're sure you want to run it.

MSE will NOT protect you from wanting to run unknown .exe files, nothing will. Your due diligence is knowing what's running before hitting allow.

The whole reason I suggest running as a non-admin is to slow you down and make you sure of what you're installing BEFORE typing in an admin password. With the fake / rogue AV's, the FIRST thing they do is kill all processes having to do with MSE, norton, mcafee, avg, etc., which it has the authority to do, since you hit "Yes" when it asked you to run it.
IP: Logged
PFF
System Bot
elusivedotone
Member
Posts: 231
From: Capital City, MI
Registered: Feb 2011


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:30 PM Click Here to See the Profile for elusivedotoneClick Here to Email elusivedotoneSend a Private Message to elusivedotoneDirect Link to This Post
 
quote
Originally posted by aaronkoch:


It doesn't catch it, because it presents as a normal download and run program. If you have UAC on by default (windows 7 or vista), it pops up asking you if you're sure you want to run it.

MSE will NOT protect you from wanting to run unknown .exe files, nothing will. Your due diligence is knowing what's running before hitting allow.

The whole reason I suggest running as a non-admin is to slow you down and make you sure of what you're installing BEFORE typing in an admin password. With the fake / rogue AV's, the FIRST thing they do is kill all processes having to do with MSE, norton, mcafee, avg, etc., which it has the authority to do, since you hit "Yes" when it asked you to run it.


That would be it... haha I turned UAC off. Im guessing it was my roommate who got it on my computer trying to look at **** =/
IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:36 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
With UAC off, browsing even "safe" sites in internet explorer is like sleeping around in the slums of Tijuana unprotected. You're lucky you made it that long.
IP: Logged
elusivedotone
Member
Posts: 231
From: Capital City, MI
Registered: Feb 2011


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 04:43 PM Click Here to See the Profile for elusivedotoneClick Here to Email elusivedotoneSend a Private Message to elusivedotoneDirect Link to This Post
 
quote
Originally posted by aaronkoch:

With UAC off, browsing even "safe" sites in internet explorer is like sleeping around in the slums of Tijuana unprotected. You're lucky you made it that long.


I havnt used IE since prob 1998. I stick to chrome these days.
IP: Logged
timgray
Member
Posts: 2461
From: Muskegon,MI,USA
Registered: Jul 2006


Feedback score: (4)
Leave feedback





Total ratings: 59
Rate this member

Report this Post05-23-2011 04:51 PM Click Here to See the Profile for timgrayClick Here to visit timgray's HomePageClick Here to Email timgraySend a Private Message to timgrayDirect Link to This Post
 
quote
Originally posted by dratts:

I've been duped by those twice now. The last time it said "windows web security and had a multicolor icon that I didn't spot the different shape til I had started the scan etc. I didn't realize my mistake until they asked for money. Why can't they be prosecuted for all the damage they cause? The first time it happened it took a computer expert an hour to get rid of it. He is a friend but he charges $200 an hour.


Because they are in Russia and China and Organized crime. Welcome to the new Mob. Extortion on the internet with the "we broke your computer, give us money to "fix" it...."

This stuff is exactly why I run a MAC and Linux.. you cant launch those programs without getting past the "this program wants to INSTALL, please type the administrator password to allow it"

Oh and the little thing that they wont run on a Mac or Linux.... and yes, I know there is a SINGLE piece of malware out there for the MAC... compared to the 98,000,000,000,000 for windows.


------------------



Get your copy of the Fiero 25th Anniv book at http://www.blurb.com/bookstore/detail/349809

Best RV, Camper, and Trailer dealer in West Michigan. http://www.cliffstrailersales.com and he's a fiero owner too!

[This message has been edited by timgray (edited 05-23-2011).]

IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 05:29 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
Perhaps you missed the several unpatched OS X vulnerabilities: http://secunia.com/advisori.../96/?task=statistics


Also, what you said about OS X and Linux holds true with Windows 7 as well, nothing can run without express consent, and the principals of least privilege can be implemented quite easily, giving you a system just as secure.
IP: Logged
timgray
Member
Posts: 2461
From: Muskegon,MI,USA
Registered: Jul 2006


Feedback score: (4)
Leave feedback





Total ratings: 59
Rate this member

Report this Post05-23-2011 05:45 PM Click Here to See the Profile for timgrayClick Here to visit timgray's HomePageClick Here to Email timgraySend a Private Message to timgrayDirect Link to This Post
 
quote
Originally posted by aaronkoch:

Perhaps you missed the several unpatched OS X vulnerabilities: http://secunia.com/advisori.../96/?task=statistics


Also, what you said about OS X and Linux holds true with Windows 7 as well, nothing can run without express consent, and the principals of least privilege can be implemented quite easily, giving you a system just as secure.


http://secunia.com/advisori...task=advisories_2011 right back at ya... except the OSX one is skewed as it goes back to 2003 while windows 7 does not go back that far but you have to add in Vista and XP into it's list to be fair. There is still a lot of XP and vista in windows 7.

Those dont magically create malware, they can be used by malware. and when compared to Windows list it's a short one. I'm still far far safer than any windows machine. Plus NONE of the OSX exploits blast past it's version of UAC without effort or warning.

As for Windows 7... not true. guy at work just got a nasty one, and he does not have admin privileges OR knows the admin password. It got right past UAC. in fact it's been that way for a while.. I remember a lot of reports from ZDnet of plenty of malware and viruses that will get right past UAC and infect a machine without admin privileges.

http://www.computerworld.co..._IE9_says_researcher All setting you want on your windows box and this will own it in seconds.

I've been in IT and CS over 20 years, Anything windows based I can do in my sleep... Mostly nightmares...

Safest thing to do? Disable Flash, Disable Java, Disable Javascript and never EVER run Internet Explorer, Uninstall Adobe reader. Also install adblock plus on firefox or chrome. This eliminates 99.99786% of all websurfing based threats.

And pray to god they dont find another jpeg, gif, or png rendering exploit...

[This message has been edited by timgray (edited 05-23-2011).]

IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 06:36 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
 
quote
Originally posted by timgray:


[
As for Windows 7... not true. guy at work just got a nasty one, and he does not have admin privileges OR knows the admin password. It got right past UAC. in fact it's been that way for a while.. I remember a lot of reports from ZDnet of plenty of malware and viruses that will get right past UAC and infect a machine without admin privileges.

http://www.computerworld.co..._IE9_says_researcher All setting you want on your windows box and this will own it in seconds.




I'd love to know how that was pulled off, but I've got money that says he wasn't current on patches and/or was using IE. That, or the threat was spawned from behind a firewall from a process on a machine that had domain admin access.


That link you provide about the DLL cross-swapping is pretty hard to pull off in the wild, it requires the user to have an unpatched office install, download and open a file, be using IE, etc.

I'll stand by my assertion that if you do my 4 suggestions, the average user will not ever be infected again. ESPECIALLY if they're behind a NAT (home router) or decent firewall.

Granted, OS X is good, and so is linux from a security point of view, but Windows has come a LONG way since XP/Vista, and there are almost no leftovers in 7 (especially SP1) from the previous OS's. Hell, not even Linux or OS X is free from kernel mode drivers yet..
IP: Logged
dobey
Member
Posts: 11572
From:
Registered: Sep 2001


Feedback score: N/A
Leave feedback





Total ratings: 371
User Banned

Report this Post05-23-2011 06:49 PM Click Here to See the Profile for dobeySend a Private Message to dobeyDirect Link to This Post
 
quote
Originally posted by timgray:
Oh and the little thing that they wont run on a Mac or Linux....


Not exactly true. http://winehq.com
IP: Logged
timgray
Member
Posts: 2461
From: Muskegon,MI,USA
Registered: Jul 2006


Feedback score: (4)
Leave feedback





Total ratings: 59
Rate this member

Report this Post05-23-2011 07:07 PM Click Here to See the Profile for timgrayClick Here to visit timgray's HomePageClick Here to Email timgraySend a Private Message to timgrayDirect Link to This Post
 
quote
Originally posted by dobey:


Not exactly true. http://winehq.com


You are right, if I download that virus or malware and set up everything it needs to run and then intentionally launch it so that I knowingly run it it can run and infect the sandbox that that wine runs in as wine has no access outside of the user directory it was allocated to have. Because it can't launch the wine environment on it's own and you need to configure that wine environment before it is even used to begin with.

so technically, yes... It takes about 12 steps to do so and about 15 minutes of effort.

IP: Logged
timgray
Member
Posts: 2461
From: Muskegon,MI,USA
Registered: Jul 2006


Feedback score: (4)
Leave feedback





Total ratings: 59
Rate this member

Report this Post05-23-2011 07:13 PM Click Here to See the Profile for timgrayClick Here to visit timgray's HomePageClick Here to Email timgraySend a Private Message to timgrayDirect Link to This Post
 
quote
Originally posted by aaronkoch:

I'd love to know how that was pulled off, but I've got money that says he wasn't current on patches and/or was using IE.


That's the problem most home machines FIT that description. And it is a major flaw in windows.

Luckily the early reports from the Windows 8 alpha testers is that windows 8 has NO software backwards compatibility. and this will eliminate a LOT of problems. If the software was not written for windows 7 64 with UAC then it will not run on Windows 8. They should have done this years ago. Let's hope they also remove any ability to run as administrator or admin right and you can not turn off UAC ever. If I had my way the entire Windows system directory would be also READ ONLY when the system is not in safe mode.
IP: Logged
PFF
System Bot
dobey
Member
Posts: 11572
From:
Registered: Sep 2001


Feedback score: N/A
Leave feedback





Total ratings: 371
User Banned

Report this Post05-23-2011 07:15 PM Click Here to See the Profile for dobeySend a Private Message to dobeyDirect Link to This Post
 
quote
Originally posted by timgray:
so technically, yes... It takes about 12 steps to do so and about 15 minutes of effort.


Unless you're in a firm where IT has rolled it out on all the machines with the migration to Linux, to be able to run some old custom software made for Windows, that they still need to run. In which case, it's pretty easy to run stupid things. Though, there's a lot less damage to be done when running under wine, some of them can still accomplish some pretty nasty stuff.

And yes, I've seen this happen before. So don't go roll your eyes at me.
IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 07:16 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
Yeah, it's been sorely overdue (the break from old-school compatibility).

Here's hoping I can talk my software vendors into recompiling our pharmacy software.. (still use vb6, and 1998 ocx's.. shudder)
IP: Logged
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-23-2011 11:17 PM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post
 
quote
Originally posted by aaronkoch:

Preface to below: Install and run Linux if you can. If you want to run windows, read on:

As an IT manager, I have 4 humble suggestions for the masses, and if you've got windows 7 already, they're free.

Suggestion 1)
Run windows 7, make sure it's up to date. The 64 bit version of Windows 7 is safer. Setup automatic updates to run daily. Install updates, restart, repeat until no more updates available. Make sure your firewall is enabled. (Firewall is on by default)

Suggestion 2)
Create 1 administrator account on your machine, and name it something goofy / funny, like "master" or "god". Give it a long password. Then, create other "user" accounts that AREN'T administrators for you to use on a daily basis. Then, you can't accidentally break windows or install crapware without windows 7 prompting you for the admin password. PAY ATTENTION: make DAMN sure you know why windows is asking you for that password before typing it in when using your machine. If you don't know, hit cancel.
This only works if a) you NEVER log on as the administrator account, and b) you only type in that admin password for known items ("I'm installing Office, and it asks me for my password to install office.")

suggestion 3)
Download and run microsoft security essentials. If you're running some other malware / AV software, uninstall it first. I don't care if you paid $50 for it. MSE's good, works well, won't slow your machine down, and it's free (and updates along with windows).

Suggestion 4)
Download Google Chrome, or Firefox (I prefer Chrome), and run only that. 99% of the web crapware out there is Active-X based, which only affects internet explorer.
If you're one of those people who insists on using Internet explorer, or need to for a certain site/app, then download IE9 (actually, it would have been installed if you followed suggestion 1) and "Use recommended settings" on first run.


If you follow all 4 of the above suggestions, that will prevent 99.999999999% of all possible attacks while surfing the web.


Some other tidbits:
- You never "need to download a plugin" to view normal web content (the only exception to this is flash for internet explorer, but get it from adobe directly).
- You will not be prompted for your windows admin account password unless you are trying to make a global windows change, or install software that affects all users or the windows installation.
- File sharing sites, downloading music / video, torrent sites are ALL inherently dangerous. There is no safe way to get something for free that isn't free for everybody. This is true for all facets of life.
- All of the fake AntiVirus thingies I've seen to date only work on Internet Explorer. If you DO happen to get that first pop-up, before you click ANYTHING yank the power cord out of the PC. Yes, this is slightly dangerous for any open files, but far less dangerous that clicking anything on that popup (including the little 'x' to close the window).

Do these 4 things. Every IT person that supports your machine will thank you. You can rebuild a relationship with IT people in your lives without them cringing every time you call them.



I recommend AdBlock for chrome, or AdBlock Plus for firefox. Will get rid of any embedded ads that appear to be antivirus/computer cleanup tools. Also makes for a nice clean experience without any distractions. Not sure if it stops the ads from loading on the page, or if it just hides it, either way, you are less likely to accidentally click somethign you didn't want.
IP: Logged
KraigG
Member
Posts: 140
From: Park City, IL USA
Registered: Mar 2011


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-24-2011 12:59 AM Click Here to See the Profile for KraigGSend a Private Message to KraigGDirect Link to This Post
Thank God for my Mac.
IP: Logged
timgray
Member
Posts: 2461
From: Muskegon,MI,USA
Registered: Jul 2006


Feedback score: (4)
Leave feedback





Total ratings: 59
Rate this member

Report this Post05-24-2011 06:43 AM Click Here to See the Profile for timgrayClick Here to visit timgray's HomePageClick Here to Email timgraySend a Private Message to timgrayDirect Link to This Post
 
quote
Originally posted by Shill:


I recommend AdBlock for chrome, or AdBlock Plus for firefox. Will get rid of any embedded ads that appear to be antivirus/computer cleanup tools. Also makes for a nice clean experience without any distractions. Not sure if it stops the ads from loading on the page, or if it just hides it, either way, you are less likely to accidentally click somethign you didn't want.


Yes! advertisements are a big virus and trojan horse vector. It's best to block all advertisements and gain the side effect of a faster Internet connection. Flash based ad's will make any computer grind to a halt.
IP: Logged
ALJR
Member
Posts: 3765
From: Massachusetts
Registered: Jul 2009


Feedback score:    (18)
Leave feedback

Rate this member

Report this Post05-24-2011 10:24 AM Click Here to See the Profile for ALJRClick Here to Email ALJRSend a Private Message to ALJRDirect Link to This Post
Any one have problems visiting PFF? Seems I occasionally have problems visiting the PFF forum. The page will not load and I get that generic IE login failed type screen. It only happens when visiting PFF, as any other site I visit loads just fine. I also checked using one of those "is ????? website down" websites and it says it is up and active; so it has to be something funky going on w/ my computer. It only happens when visiting PFF. This usually only happens once a week or once every other week. But since I upgraded to IE9, it happens every morning now...

The only way I have been able to get in is to reset my router and then all is back to normal...

Any suggestions?
IP: Logged
aaronkoch
Member
Posts: 1643
From: Spokane, WA
Registered: Aug 2003


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-26-2011 01:01 PM Click Here to See the Profile for aaronkochClick Here to Email aaronkochSend a Private Message to aaronkochDirect Link to This Post
Just an FYI to all the Mac lovers out there:
http://arstechnica.com/appl...word-requirement.ars



NOBODY's safe anymore except linux-*bsd users.
IP: Logged



All times are ET (US)

T H I S   I S   A N   A R C H I V E D   T O P I C
  

Contact Us | Back To Main Page

Advertizing on PFF | Fiero Parts Vendors
PFF Merchandise | Fiero Gallery | Ogre's Cave
Real-Time Chat | Fiero Related Auctions on eBay



Copyright (c) 1999, C. Pennock