20 replies to this topic

[Yovaneth]

I just got hit by a driveby attack (not sure which webpage was infected because I was following links on motorcycles) and in the space of a few seconds the bloody place dropped three rootkits and four damn bots onto my system. Three rootkits and four f***ing bots!!!!!!!!! It's no good me ranting and raving about McAfee because no internet security package can do a damn thing about any link you click on that causes a download - it's seen as a legit action. What caught it? - Trend Micro RUBotted when the first one tried to phone home. It's proving to be a bitch of a job to clean them out.

I really want to punch somebody very hard on the nose - so hard that the nose disappears deep into the frontal lobe.

-Y-

[Miloch]

Bleh, that sucks. I wish there were programs that didn't just block malware and spam, but actually reflected it back on the originator .

It's no good me ranting and raving about McAfee because no internet security package can do a damn thing about any link you click on that causes a download - it's seen as a legit action.

No antivirus perhaps, but PC Tools Firewall Plus (free edition) will, if you run it as an "Expert" user and turn off "Automatically allow known applications" and set it to "Ask" firewall mode. That way any website or other behaviour you didn't specifically authorise will be blocked. It won't help if the rootkits came from the site you explicitly went to, but it sounds like they came from a different site. The pop-ups asking for your permission can get cumbersome if you're not used to them, but they're a damn sight better than spyware and rootkits. Works great for blocking ads and other website crap before it even makes it to your browser to slow it down.

And yes, McAfee *does* suck - for a lightweight antivirus I use ClamWin, but I rarely actually use it, because the firewall should block a virus before it even makes it to your computer.

Unfortunately, it might be impossible the make sure your machine hasn't been compromised. You can try using stuff like Spybot-Search&Destroy and Ad-Aware, but your best bet is to backup your data to an external drive (then run the antimalware scans on *that* to make sure it hasn't been compromised) then reformat your machine. Happened to my girlfriend's computer and that's what I had to do because nothing else worked .

[Yovaneth]

RUBotted, HouseCall, SpyBot and McAfee are all coming up clean now. HouseCall is reporting a bot wrapped up in a system restore point but I don't care about that; it's inactive and I never use system restore. It's more trouble than it's worth.

It's get off my @r$e time and start building those virtual machines I keep promising myself I'll do. This is not going to happen again - not if I can help it.

-Y-

[Miloch]

I wish there were programs that didn't just block malware and spam, but actually reflected it back on the originator

I think SHS needs to invest in some technology like this. The next botter who thinks Aurora is a forum for selling Chinese shoes (or skimpy wedding dresses or virtual sex or Russian who-knows-what) is going to get the equivalent of an armoured orcish boot reflected back at their IP if I had my way.

[Jarno Mikkola]

Three rootkits and four f***ing bots!

What are those ?
Näh, never mind that, just tell the best ways you use to get rid of them.
I think I might have a bot on my computer or somethink, as the browser is slow, way too slow as of late... so how do I get rid of it ? Free programs, thanks.
I have Avast and superanti-spyware to scan the computer and neither finds a thing, if that helps.

[Miloch]

Browser being slow is usually either your provider or accumulated junk in temp files etc. Trash all that rubbish (called "personal records," "browser objects" or other things depending on your browser). Also your Windows temp files. Glary Utilities, AdAware and ClamWin can get rid of most cruft. SuperAntiSpyware is ok, but by the time you need something like that, your OS is usually hosed and needs a full reinstall anyway.

Edit: Dontcha like it when the latest forum topics look like this?

красавиц...
порно виде

Помогите ...
Как разобр

смотреть ...
Yut, фильмы онл

I suppose I should be glad it isn't in a language I can read, but still...

Edited by Miloch, 20 April 2011 - 10:32 PM.

[K'aeloree]

All it needs is a software upgrade--unfortunately that requires working on the skin. On it.

[RavenSW]

Three rootkits and four f***ing bots!

What are those ?
Näh, never mind that, just tell the best ways you use to get rid of them.
I think I might have a bot on my computer or somethink, as the browser is slow, way too slow as of late... so how do I get rid of it ? Free programs, thanks.
I have Avast and superanti-spyware to scan the computer and neither finds a thing, if that helps.

The best Anti-Virus I have come across is AVG Grisoft, it has an excellent Free Version and they have trials of their better stuff. Their internet Security package has on more then one occasion booted something out before it had a chance to do ANYTHING to my computer. On a "drive-by" site, top notch and you can shut it off when you need to, it also doesn't freak out if you try to un-install it and acct like a virus like McAfee and Norton. I would give it a try

Oh one more thing, i installed it on someone's computer that had an updated version of Norton, it killed 172 various viruses that Norton didnt even acknowledge. Including one really nasty bugger that the AVG rebooted the computer froze everything killed the virus and reloaded the computer. Needless to say, the computer ran MUCH faster after that. Other things that can slow a computer down are memory usage, fragmented hard-drives, cookies, and more. Full version of AVG (and I heard McAfee) have a nifty little computer cleaning component that will check everything for you.

Edited by RavenSW, 26 April 2011 - 10:31 AM.

[GeN1e]

Edit: Dontcha like it when the latest forum topics look like this?

красавиц...
порно виде

Помогите ...
Как разобр

смотреть ...
Yut, фильмы онл

I suppose I should be glad it isn't in a language I can read, but still...

Poor sods are clearly oblivious to the fact this is an international (read English) forum, so only a hapless few like me could understand their writing

[Jarno Mikkola]

Edit: Dontcha like it when the latest forum topics look like this?

beautiful ...
porn videos

Help ...
How razobr

Watch ...
Yut, movies SHC

I suppose I should be glad it isn't in a language I can read, but still...

Poor sods are clearly oblivious to the fact this is an international (read English) forum, so only a hapless few like me could understand their writing

Yeah, as if the Google Translate doesn't exist !

[berelinde]

I'm in the same boat you were, Yovanneth. And I don't have anything like your computer smarts to sort it out. No idea how the computer became infected. Might have been through dragonagenexus, though, since that and the various gaming forums are about all I ever view, and gaming forums don't have ads.

I'm trying some recommendations through bleepingcomputer.com. If I have to manually edit my registry, I'm going to cry.

(I just had this incredible urge to say "I picked the wrong week to quit drinking." You get a gold star if you know the reference.)

[Neane]

(I just had this incredible urge to say "I picked the wrong week to quit drinking." You get a gold star if you know the reference.)

I believe that reference is from the movie Airplane!.

While we are on the topic of Online Gaming Sites that give you some wee b*st*rds: I have wanted to get back to Fallout Modding and pretty much all the Atomic Gamer Downloads are jammed full of Trojan Horses, Back-Doors, and Spyware. I have currently MicroSoft Security Essentials and Acronis Security 2010 and when I tried to download the Fallout 1 Modding Materials from AtomicGamer: A total of 45 Trojan Horses, 12 Back-Door Viruses, and 50 Cookies tried to attack me.

The Good Thing is that Acronis does not allow the Download to take place, and it deals with the ones that do make it to your computer. It also stops the DownLoad from going onto your computer if we click on the Link. But then again, I have it on "Aggressive" settings.

One thing that has helped a lot with me dealing with Gaming Forum Junk is disabling your Third-Party Cookies and deleting all Cookies on your Computer every 13 minutes.

Edited by Neane, 06 June 2011 - 09:58 AM.

[berelinde]

Heh. I don't even own Fallout or anything like it. My tastes are pretty boring, I'm afraid. Hmmm... what are the odds that it came from someplace like ImageShack or tinyurl or something? Gah, that's got to be it. RapidShare used to be notorious for that, IIRC. As it happened, I was clicking on some character screenshots at BSN, and not everyone who posts an image does so safely.

Edit: And you get a gold star!

Edited by berelinde, 06 June 2011 - 10:16 AM.

[Miloch]

Static images can't give you a virus AFAIK. But I never click on stuff like tiny URLs or URLs in general unless I've a fairly good idea of where it's going. Then some websites will trigger 7 or 8 other sites, sometimes just annoying and bandwidth-choking, sometimes harmful. Try some of the stuff I suggested above.

Browser being slow is usually either your provider or accumulated junk in temp files etc. Trash all that rubbish (called "personal records," "browser objects" or other things depending on your browser). Also your Windows temp files. Glary Utilities, AdAware and ClamWin can get rid of most cruft. SuperAntiSpyware is ok, but by the time you need something like that, your OS is usually hosed and needs a full reinstall anyway.

If you get a specific anti-virus report you can take more action sometimes, but other times it comes down to the last suggestion to be on the safe side.

Back in the day, most viruses came from good old Word documents, due to exploitation of the VB macro code therein. Still happens, but I think most anti-virus programs can catch that these days, and viruses, trojans etc. are more insidious and take the form of browser-triggered spyware, malware, crapware etc. A decent firewall (such as PC Tools) can block most websites except ones you know and specify.

[berelinde]

It probably came from a presentation my boss recommended. His computer is infected, too, and I doubt our browsing habits are all that similar.

I've been able to restore some function, enough to view and access the file folders and shortcuts. The computer is still infected, so I won't be posting any videos (as if I even knew how), but at least it can be used for something other than a really expensive doorstop in the interim between now and the time it goes in for service.

[Yovaneth]

Try this: Trend Micro RU Botted. Make sure you select a custom scan for the latter, select all drives and leave it running overnight. If you've got McAfee installed you may find they start squabbling over who's going to kill the baddie - funny but harmless. You can also try Housecall from the same link.

-Y-

[Edit] The link might throw a fit for you as it's pointing to the UK site.

Edited by Yovaneth, 08 June 2011 - 04:11 AM.

[berelinde]

Thanks, I'll keep that in mind if there is a next time, but it's unfortunately too late. After spending all night (literally) backing up documents, mods-in-progress, and the like, I scheduled an OS reinstallation. Hmm, maybe I'll try it anyway. I can always cancel it.

I have lost all faith in Dell AV support, by the way. (sigh) The agent I spoke to tried one thing and went "Oops, can't get Macaffee to stay turned on; time to reinstall the OS." To which I said "There are several tools for ending processes and removing malware. Don't you think we should try some of them before nuking the computer?" I only wish I had time to try one of the safe-mode registry editing routines a friend of mine suggested. Risky, yes, but if I'm going to be reinstalling the OS anyway...

Let's give your way a try.

Edit: Thanks anyway, but it didn't work. Probably too far gone, after all.

Edited by berelinde, 08 June 2011 - 04:55 AM.

[Yovaneth]

Damn. I hate O/S reinstalls. I'm currently updating to Windows 7-64 while keeping the XP installation intact. It goes like this:

Disconnect the XP boot drive.
Connect the Win7-64 boot drive.
Boot.
Do some more installations.
Shutdown.
Disconnect the Win 7-64 boot drive.
Connect the XP boot drive.
Boot.
Have some fun.
Shutdown.
Rinse and repeat.... as infinitum - or at least, until finished. And it does beat being without the PC for a few days.

-Y-

[berelinde]

Turns out that Dell puts a "Factory Condition" restore point on there somewhere that "formats" the HD and ratchets everything back to "as shipped". The whole thing took 5 minutes, start to finish. Of course, I still have to download and unzip all the files I put on my server to prevent destruction, and I still have to reinstsall all the software that isn't system-related, like GAMES(!), but it could have been worse.

[Yovaneth]

Well, there's *some* good news. Except that you're now facing all those bl**dy Windows updates....

-Y-