Well im having fun tonight.

[Lunas]

Well tonight i tripped over a website that had the active scripting exploit on it and i got exploited. My pc slowed way down and all this crap came up on my screen sukoden installs and all sorts of shit command prompts auto running batch files to install more crap and viruses were found too. Well ill post a final battle score... when i finish destorying stuff if i dont resort to what i should do to be sure being nuke my install and rebuild on the ruins of my data.

 

[YeOldeStonecat]

What antivirus were you running?

 

[Lunas]

What antivirus were you running?

unfortunately none...I usialy do monthy online scans with various online scanners. Rather than use a "free" virus scanner.


"free" <- this was in refrence to the fact that the most of the free scanners are not full functioned scanners.

 

[Lunas]

It disabled my windows firewall too... Not that that is a hard thing...

 

[YeOldeStonecat]

unfortunately none...

Uhm... Heh....err..... "That'll learn ya. Maybe".





I'd even consider Antivir, Avast, or even AVG..better than nothing. Or the freebie of CA's eTrust from Microsoft.

However...consider the costs of computing. A good antivirus program these days, like NOD32, BitDefender, or Kapersky...a 1 year subscription, it comes down to about 78 cents per day. 78 cents!!!! After the first year, renewal is even cheaper...so you're down to about 50 cents per day.

Your PC uses more electricity than that!

And when visiting "questionable" sites...use a safer browser, like FF or Opera.

 

[Dennis Gordon]

Ummm... 78 cents a day? Might be cheaper to buy an E-machine every year...;-)
I bought NOD32 for my 64 bit machine. It was $33.95/year, and does work great.

AVG is still a pretty decent program, especially for the price. It catches almost everything and doesn't nag you about upgrading like certain programs that I remove from every Dell that comes into the office...

 

[darktiger]

NO AVS, you deserve what you got. Well atleast hopefully this was a learning experiance for you..

 

[YeOldeStonecat]

Ummm... 78 cents a day? Might be cheaper to buy an E-machine every year...;-)
I bought NOD32 for my 64 bit machine. It was $33.95/year, and does work great.

AVG is still a pretty decent program, especially for the price. It catches almost everything and doesn't nag you about upgrading like certain programs that I remove from every Dell that comes into the office...

//sips more coffee

Wow...LOL...quickly divided by 52..did weeks instead. //smacks head

Even better..it's down to a dime!

 

[Asgorath]

I know a few people that refuse to let me install antivirus programs on their computer. They say antivirus programs just screw up their computer. But they don't download viruses so they're ok. If they see a virus they won't download it.

God I hate people's mix of ignorance mixed with too much self confidence. I earn my living workin on these stupid boxes and see everything everyday. And they think they know better than me just because some idiot at Comp USA tells them antivirus isn't really needed.

I want to laugh when they tell me their machine isn't working right and is always crashing. But instead I take it, repair it, and send them an invoice. Keeps my bills paid.

Stupid people.

 

[ChingChang]

unfortunately none...I usialy do monthy online scans with various online scanners. Rather than use a "free" virus scanner.


"free" <- this was in refrence to the fact that the most of the free scanners are not full functioned scanners.

It's still better than nothing.
AVG and Avast are pretty good for free scanners.

NOD32 is only $35 if you get it from icedigger, $0.10 per day as someone else already mentioned

 

[Mister Natural]

What antivirus were you running?

First question that came to my mind too. Those saying they don't need anti-virus in the "Do you use anti virus thread" should see this.

 

[ZoT]

I got owned too last night by that sudoken & associated BS , my first personal encouter with spyware (after laughing at my end users for years I guess karma caught up to me

I'm damn careful with everything but this thing pwned me like its own little bitch, I ended up using Adaware/Spybot/Windows Defender and HiJackThis from safemode to get rid of it all.

 

[ZoT]

For the record, latest & updated Symantec Client security 10.0 (corp. antivirus) did not catch it and neither did Windows Defender with active protection running (or whatever MS calls it).

As it was late at night I didn't bother looking into it, but this was something new coming from a somewhat reputable website (www.break.com , obviously it has some questionable content, but it's not the sort of site that you should worry about).


I'll look into it and try to replicate the problem with NOD this weekend, if I get around to it I'll post some results.

 

[ZoT]

One last thing, Lunas, don't give up and nuke your install. It wasn't that hard to get rid of.

Update your adaware, update your spybot, make sure your windows defender is up to date (free from microsoft.com) , reboot into safe mode, run them all, clean up what you can then run hijackthis and take out anything that seems fishy (post the log if you need a hand with it).

That effectively got me back into good shape, I"ve had that home XP pro system for 5 years now, never had to redo the XP and it has been through hardware upgrades , 1,000,000 app installs and I'd still put it up against any out of the box PC that I buy at work.

 

[Lunas]

well i use avg free on every other pc i use the only one i never put one on is my personal one...I really dont know why i didnt either.

Well i think ill test out nod32 since avast wouldnt let me submit thier anti bot check it would just send me back after i put in the correct 3 letters...

 

[Boscoh]

Antivirus software is like a condom. If you dont use it, eventually you're gonna get something you might not want.

 

[Lunas]

well i think i got most of it cleaned up avast is up and running i finaly got through

all i need to do is fix windows firewall then get a better one

 

[YeOldeStonecat]

well i think i got most of it cleaned up avast is up and running i finaly got through

all i need to do is fix windows firewall then get a better one

Just get behind a NAT router.

 

[/dev/null]

Actually, allowing activex to run is bad bad practice.

Disable that and your problems should go away.

 

[QwertyJuan]

AVG, MSAntispyware along with Firefox here.... NO spyware in the last 7 months(since last format)

QJ

 

[Wolf-R1]

Just get behind a NAT router.

At a bare minimum. I wouldn't trust NAT alone to stop someone from actively getting into your network. Need SPI to truly combat that.

 

[ZoT]

Actually, allowing activex to run is bad bad practice.

Disable that and your problems should go away.

And so is being on the internet to begin with... yet we still go on there.

I need it for certain things, not to mention it's an inconvenience.

That's just not a good solution, that's like saying switch to linux because you got spyware, sure it's a solution but really... maybe there is a better one.

 

[ZoT]

Just get behind a NAT router.

I was behind two of them, didn't do jack .... what the originator of this thread ended up with was spyware that made it through due to a software bug, no NAT would help him in that.

 

[ZoT]

At a bare minimum. I wouldn't trust NAT alone to stop someone from actively getting into your network. Need SPI to truly combat that.

your e-penis is the biggest!

what does that have to do with this thread? lol

All too often do threads here end up in a pissing match or totally off-topic.

Not flaming, just pondering why people do it

 

[YeOldeStonecat]

At a bare minimum. I wouldn't trust NAT alone to stop someone from actively getting into your network. Need SPI to truly combat that.

Most of the newer routers today run SPI.

 

[Lunas]

well im behind a wrt54g and now avast and zonealarm are now up

 

[ZoT]

update: NOD32 doesn't see it either, and my previous clean up didn't remove it completely either

Adaware/SPybot/Hijackthis/spy cleaner/trend micro anti spyware/spy sweeper/spy cleaner/ccleaner all failed to clean it

What seemed to have done the trick is a little know malware removal utility called EWIDO, check it out everyone, it works great!

Lunas, check for lundb.exe running process, nsjah.exe in your startup and elsewhere, also look for q.exe , k.exe, keyboard7.exe , mouse7.exe and similar files in your documents and settings\profile\temp , if they are there remove them.

This thing was a bastard, few of the above mentioned programs would temporarily stop it, but would not remove it, I ended up doing packet captures with etherreal to see what's going on

 

[QwertyJuan]

I can personally say that I NEVER use another firewall besides the one included in SP2, and the one in the router.

QJ

 

[WoodiE]

unfortunately none...I usialy do monthy online scans with various online scanners. Rather than use a "free" virus scanner.


"free" <- this was in refrence to the fact that the most of the free scanners are not full functioned scanners.

LMFAO - You were doing nothing but asking for it, have fun!



-Michael

 

[ZoT]

Michael, thanks for your help in resolving Lunas's problem

 

[Asgorath]

and those 'free' scanners out there ARE fully functional.

AVG Free, or Avast Home Edition (amongst others)

Both fully functional very good AV. AVG > Avast , IMO

 

[YeOldeStonecat]

Both fully functional very good AV. AVG > Avast , IMO

Avast has been beating AVG in ondemand and realtime tests for a while now, av-comparatives.org

Stronger "ad/spyware" protection too. More frequent updates. Although it comes with a bigger performance hit than AVG.

If Anti-Vir would beef up their online updaters....since it's such a light package with great detection rates...they'd have a winner.

 

[QwertyJuan]

I personally prefer AVG.....

QJ

 

[Lunas]

yeah my pc didnt like the hit avast gave it atfirst but now it is pretty good ie 7 gave it a big hit too...

And i have avg on my mom's pc as well as sygate firewall before symantec bought it...

I think in a few days maybe weeks or if i can get a new hard drive to replace my deathstar 46 gig ill format and go fresh. Till i make a decision ill just try to clean it up.

So far all i have left on my pc is 2 registry entries for cmd service. I cant get it to go away either...

 

[PopeKevinI]

It disabled my windows firewall too... Not that that is a hard thing...

Yeah, I've noticed some trojans doing that when they try to install lately.

I say "try" because AVG ate them before the trojan itself could execute. The installer (dummy installer pretending to be any given program) stopped WF so that it could launch the trojan and connect undetected.

 

[/dev/null]

What most people don't understand is that many stateful/pf firewalls do NOTHING to keep you from getting infected from jacked website that has drive-by activex installers on it.

IMHO, here are the top 12 things to do to keep yourself safe (assuming you run windows):

1) Have a hardware firewall that does ingress & egress firewalling. Don't let trojans/viruses/scripts "phone home" if they get in through an "allowed" port (e.g.: 80)

2) Run real-time AV & Antispyware

3) Use other checks at least once a week with alternative trusted AV & anti-spyware.

4) Run as a non priveledged user (Make yourself a "normal" user in XP and quick-user-switch to admin user to run other things)

5) Run some kind of traffic monitor and check it from time to time for weird traffic patterns

6) Disable unused services in windows, enable the firewall, and lock down the box, period. There are books at your library and online reading in order to do this.

7) Keep good backups. RAID IS NOT A BACKUP.

8) Run windows update regularly. Install patches as needed.

9) Keep an eye on security websites for vulns at least once per day.

10) check windows event viewer for weird events. Know what the mean.

11) Disable all client side scripting by default. Enable as needed and ONLY when needed.

12) Google for some good "hosts" files that have known spyware/adware/etc addresses in them. If you have a flexible hardware firewall add the sites to it also.
Who else can add to the list?

 

[YeOldeStonecat]

What most people don't understand is that many stateful/pf firewalls do NOTHING to keep you from getting infected from jacked website that has drive-by activex installers on it.

I don't expect firewall to prevent end user stupidity like surfing bad websites or opening bad files that come in strange e-mail, or opening up some warez game (you thought it was just a game...surprise suprise) you just downloaded from the latest torrent. That's what your antivirus, windows updates, and other anti-malware programs are for...not to mention...using your head. And if you must hit those questionable sites...use a browser like Opera.

Important points..
*Windows updates
*Common sense
*Not leaving your local Administrator account blank
*Use your head
*Use a quality antivirus
*Be smart
*Use some quality ant-spyware apps
*Use your head, common sense