Painkiller667
-
Posts
135 -
Joined
-
Last visited
Posts posted by Painkiller667
-
-
We'll the other part of the argument is, if you simply just re-install every time you have a problem, you'll never learn what it is that's making you vulnerable in the first place. If you don't bother to learn about the malware infecting you, then how can you better protect your assets.
If you keep reinstalling the same image, with the same vulnerabilities, you keep getting infected. A little time spent actually identifying vulnerabilities can pay off huge in the future, even if you decide to do a fresh install afterwards, which sometimes you must. Therefore, you may not need to spend 3hrs x so many re installs per month (3hrs x 10 per month? = 30hrs a month x 12 months? == 360hrs? That's 9 days of work lost. In a large organization, it may be much more than that. That's productive time lost. Why do that when you can simply clean and inspect the users system while they are at lunch, and have no down time.
As an example, an AT&T dial up RAS server was recently infected with Conficker. Each time our users would connect, our Enterprise AV would warn that it found conficker. We had to alert AT&T to their infected system. This lasted for a few days until it finally stopped. Now how is it that this giant corporation would allow themselves to be infected (no patching obviously), for three days with conficker, which was talked about damn near everyday on every tech blog in the world. They obviously weren't bothering with trying to find out why they were vulnerable, not just specific vulnerabilities, but the environment that allowed it.
A lot can be learned from analyzing an infection. Reinstalling is not the only solution, and its not always the right one. But sometimes it is. Just my opinion, of course :)
That's my opinion too, and I agree with you. And now I'm proud that someone "from the industry" has confirmed that you don't need to reformat at every POS spyware that you get. If you're using your XP disk like a whore and use your computer only for surfing then ok. But my pc has a lot of shit on it from many years which I wouldn't want to transfer back and forth.
-
If you wish to believe that an infected system can be trusted again this is your personal risk. Reinstalling Windows mitigates said risk. You have had fair warning.
Any computing professional will tell you the only way you can possibly trust a known infected computer again is to reinstall.
Your only evidence to counteract this established fact of modern computing is "Google works again". What about the back door it left in your system? What about the patches your computer now silently blocks? What about a million other things that Windows could now be doing that isn't at the user experience level? I guess I'll leave that for you to decide since you obviously know better than me.
Of course it's safer to do a reinstall but when a known malware was found, which is known to cause only a certain kind of problem, and is deleted, it's safe to use the OS again. No backdoors were created as I have a firewall and it never gave me any alerts about that kind of stuff.
Not sure what caused it, must have been some website I visited.
-
Yes indeed, established fact that I did get rid of it entirely. Why argue, I told you already that every symptom of the problem that was observed is gone now, and the file that caused it was deleted by hijackthis upon reboot, when it wasn't being used by the system yet.
-
Thanks Zimmer, I can access the link now without a problem, because as I have said and as Sparda does not believe, I COMPLETELY got rid of the malware.
-
Dranfu, you only have 2 posts. Did you register just so you could help me out? Awww... how sweet..
-
I did get rid of it Sparda. Now my google search results in all browsers go directly to the links I click and Opera no longer crashes. CMD and Regedit open once again. You are extremely unprofessional for your rank on this forum.
Dranfu, yes I know there is no such thing, I just named it that to draw attention. I agree the livecd scan would be the last method before reformatting but whatever you're scanning with, if the malware was only recently created, either from scratch, or by slightly modifying the code, no scanner will pick it up. It was a very specific problem. If only you could look at that link I mentioned in my previous post, dranfu, maybe you would be able to tell whether that problem would have been scannable or not. Seems like something only a manual job would be able to get rid of.
-
This particular malware didn't cause my stuff to "potentially been monitored." That link that I referred to in my previous post actually DID fix it. It is pretty new and unheard of, something that you either know or you don't, but it took just a few clicks and it actually fixed my problem. No need to reformat once again. I didn't fail, I won by finding the quickest and easiest way to fix my problem. You failed by telling me three times to format and not suggesting much else other than standard procedure. digip, thanks for helping, at least you honestly tried, but I knew there's got to be an easier way.
As the girl in that forum who posted the solution determined, it was a new variant of the Win32:Daonol. Here's the whole thread once again http://www.bleepingcomputer.com/forums/topic208323.html
-
You fail. Reformatting at every single quirk goes against every single ethic of a proper hacker. I always try to find what caused the problem, isolate it, and get rid of the cause instead of just blindly reformatting every week. I almost resolved the issue without having to reformat already.
Yes perhaps a reformat does take 40 minutes, but how long does it take to back up all of the settings and files on an operating system that has been used without formatting for 4 years? Obviously you wouldn't understand if all you do is format and format again. That's probably why you have so many posts. You just keep telling people "Format."
-
Sorry for the triple post, but I got something interesting. After getting more symptoms of the problem, I was able to find a google result that shows another person had the exact same problem as me: LINK
I noticed also that the following link that is on that page closes all my browsers. If I click on it, browser closes right away. Chrome, Opera, and Firefox all close INSTANTLY when I go to that url. So I can't even access it..
http://miekiemoes.blogspot.com/2008/10/fak...archengine.html
-
Just noticed that regedit and cmd no longer work when typed in Run menu. "command" still works.
-
Are you too lazy to explain why you gave me that link? I'm not using beta Firefox and I don't think I have that problem at all.
-
Check your hosts file and see if anything is in there. Clear all you temp folders and empty Recycling Bin and see what happens.
Yeah I said I did all that.
-
Reinstall. Some thing is on your system, can't trust it. It will lie to you at every turn.
Yep there's something on my system but I'm not going to give up that easily. Any other suggestions? I also don't feel like doing the whole boot up in safe mode or with live cd and full scan..etc. Would there be any other simpler alternatives before that kind of serious work? You guys want to see my hijack this scan? ;)
-
Maybe your DNS has been rerouted? Check your TCP/IP settings for yoru DNS server. Also check yoru HOSTS file, and if you have a router, login and make sure nothing has been changed, like alternate DNS, etc. I would also suggest running a live disc with an updated virus scanner, check out what is loaded to start with the pc in the registry. UBCD4WIN has some good tools for this and lets you mount the registry in a live disc environment to make changes before rebooting in case something is in there that shouldn't be, you can remove it this way.
All else fails, backup, format, reinstall, restore files.
Yeah, I know that the last resort is a reformat but I've had this OS installed for several years already and have always been able to avoid the reformat. I just tried to check my router's IP address by going to cmd in the run menu, and noticed that every time I type in CMD and click enter, it is as if my explorer.exe process gets restarted momentarily. No icons or taskbar on the screen for several seconds and then back to normal. In other words, CMD does NOT open! Automatic DNS is set up in properties of TCP/IP settings, but to access my router, which isn't wireless btw, I cannot. Tried typing 192.168.1.1 and .0.1 but couldn't get it. Probably not the problem anyway.
My hosts file is fine, it has no entries other than the ones made by spybot SD.
-
I've got a browser hijacker I believe. I've been able to get rid of any problems like this on all of my and my friends'/relatives' computers until this problem that I have now. I'm have AVG Free, MalwareBytes, Spybot SD, Spyware Doctor, CCleaner. All are updated. They have each found something, but everything was deleted and the problem still persists.
My primary browser is Opera and it's acting up the most right now. Whenever I do a search on any of my browsers (opera, firefox, IE, chrome) in almost any search engine (google, live.com), it redirects me almost everytime to some BS website when I click on a result. Opera even crashes every once in a while because of this. When I try to use the Chrome browser, it also redirects, but doesn't crash like opera. Good thing opera saves my previous sessions so I never lose anything after the crashes.
Any help?
-
Sorry for the confusion, this turned out to be a broken off 3.5mm plug. You can close the topic now.
-
Oh so you put the female socket on the end yourself?
I fused the unknown male connector seen in the picture to one end of a phone cable, and the female 3.5mm to the other end of the phone cable. So basically I need a 10 foot male (something) to 3.5mm female cable.
-
Just get a 3.5mm extension cable (Male > female), easiest option id say.
You don't understand my problem. The extension cable that I'm using now is made by me, hence it sucks. I need a new one that wasn't soldered together and wrapped with duct tape.
-
You could just take the laptop with you to an audio eqip. shop and just start plugging in everything they have to see what fits and works...
I usually leave that as my last resort.
-
Whats on the other end of the cable? a 3.5mm female socket?
On the other end is a female 3.5mm socket, into which a male is plugged in and that cable has a Red and White plug on it's end.
-
A little googling goes a long way :).
The item number of such a cable seems to be L1716A.
//hmm or not... i wonder why they would list that as a part number for that laptop, weird.
seems to be just a regular male > male RCA cable.
Whats on the other end of the cable? Could you not just use an extension?
I did google for about half an hour and it seems pretty silly that I couldn't find this simple audio plug. However L1716A does not tell me which cable to buy. My problem is that I need the name of the plug like "3.5mm" so that I can buy the long version of it. I had this one with just a foot of cable so I extended it myself through soldering, but I need a more reliable extension now, so I need to buy a 10' cable with this plug at the end.
-
Is a regular 3.5mm too long/short/fat/thin?
What brand laptop/audio?
The 3.5mm male seems to be too long. I got an HP 530. Thanks.
-
I've been using it for a while and now I need a longer one, but I noticed that a regular 3.5mm doesn't fit into my laptop's audio-out jack. Here is a pic of the one that does fit. I need to identify it to buy a longer cable. Thanks.
-
Im pretty sure im just not coding it right. I've tried it on xp sp2 and x64 and school computer, all same issues. Here's t3h c0d3z0rz:
TrueCryptTrueCrypt.exe /q background /lO /m /rm /c n /v TrueCryptencryptedvolume.ass
o:pstart.exe
exit
I've read somewhere about using vbscript to make the cmd invisible, and i find the vbs file in the switchblade packages, but it still doesnt work for me, the autorun doesnt notice my code at all. perhaps someone of greater wisdom can enlighten me on this issue....
basically when i insert the usb, i want the autorun prompt to either Open Encrypted Drive or Browse the flash drive, where if i select the encrypted, it will silently ask me for the password like it was demonstrated in the episode, and I need truecrypt to stay minimized in the taskbar because i like to hotkey dismount all and exit. Sooo... if anyone could help.. :?
Undeletable browser hijack
in Questions
Posted
You sound to be very cool, and the ESXi and iSCSI, whatever that is, also sounds really cool... espesically with the X and the "i's" that aren't capitalized. Those things all sound very cool. Contrary to what you say, I did watch the sites I visited, do keep a firewall and updated AVG running, and somehow still got that problem.