Jump to content

Your Best Anti-virus Moment(s)?


General Grievous
 Share

Recommended Posts

While I slowly decided to learn how to hack, (other than the obvious "hacking" of unprotected WiFi routers which still have default passwords...), I was wondering perhaps if anti-virus skill was in any way directly related to "hacker skill" OR "speed of learning". (Yes, that was a Google search reference.)

My best accomplishment to date has not been finding and deleting viruses in the CLI, but in the GUI... (Which was surprising.)

I had happened for months to suspect that a virus, if crappily made, will show up in your processes in the Task Manager...

Now to the average user, they cannot read it and try and remember or discern which ones are what. However, I have (brain) memory that does well when I attempt to visualize such information, and so I in general remember which ones I've seen before problems, or whether they seem to have abbreviated versions of a name of antivirus programs (Mc for McAffee for instance).

Anyhow, one day I was in a classroom full of persons whom had warned me constantly of a new virus that infected Malwarebytes. Even better, the man that teaches the class was a 2000 (or was it 98...) Beta Tester, and a Chief Petty Officer, he used to hack but was getting older. (50's.) So while he still brings out his hex editor on occasion, he hasn't done much more than crack a game to run without a CD, or modify a W2k printer driver to work on Vista... (Which was astonishingly creep and amazing at the same time...)

I had been told that getting rid of the virus, according to the teacher took several steps including Safe Mode, CLI, and quite a few reboots. You know one of those "crazy hard to kill" viruses. The virus would also act like Malwarebytes and do false "scans" amounting to hundreds of viruses it was "scanning and killing", but was obviously not the good ole Malwarebytes.

I however offered to solve the problem, and solved it within seconds. Without crashing windows or explorer.exe, et cetera, by the second try I killed the virus process, I found it out by opening Malwarebytes, and this time it wasn't a weirder GUI than normal.

I know what your probably thinking. "Well when you reboot it, it will be back genius."

Well yes... but who said I HAD to reboot it yet?

So I ran MWbytes, updated it (why would the company NOT want to update or enable their scanners to kill viruses that infect their own designed AV-scanner, I thought), and set it to scan and confidently walked away.

I by tommorow, after it scanned for some hours, was pleased to learn that not only was the problem solved, but I beat a former hacker and former naval officer at getting rid of a virus. (Not to be arrogant, but considering how much I looked up to him it was a nice part of my life.) While it took him maybe an hour or two or more to solve the problem on his wife's computer (same virus), it took me probably less than 5 minutes of actual labor to get this done. I just told the computer to do the rest.

So what was YOUR best moment in anti-virus? (with your AV for some reason failing other than not using what they call the UPDATE feature....) And how good of a hacker would you say you are in comparison to that skill. (Or simply state your belief on the correlation between hacking and antivirus. And yes I know hackers may write viruses, worms, trojans, phishing websites, et cetera.)

Edited by General Grievous
Link to comment
Share on other sites

Nice one, but may I suggest that you were perhaps dealing with a crappy virus/worm as you have mentioned.

What if it was a stealth virus, that uses rootkit to make its presence unknown to the user. Wouldn't that have taken you more than just 5 minutes to figure that out.

Just throwing something ideas to consider.

Link to comment
Share on other sites

Nice one, but may I suggest that you were perhaps dealing with a crappy virus/worm as you have mentioned.

What if it was a stealth virus, that uses rootkit to make its presence unknown to the user. Wouldn't that have taken you more than just 5 minutes to figure that out.

Just throwing something ideas to consider.

I knew that. If an AV program would spot said stealth virus path/directory, almost anyone with CLI skills would do it.

Otherwise it would be more tricky. Although I have done the process of elimination OR googling "******** is a virus" sort of thing, it is generally inadequate for viruses/wroms, as they are usually in more than one place, or hiding amongst your system32 or temp files, et cetera.

Link to comment
Share on other sites

Say your system has been infected with a stealth virus or worm, and your AV is up to dated but its unable to detect it. Since its a stealth virus, it has the ability to masquerade itself as any other operating system file.

So in this circumstance how would you go about differentiating it from the real operating system file and the infected file.

Link to comment
Share on other sites

Say your system has been infected with a stealth virus or worm, and your AV is up to dated but its unable to detect it. Since its a stealth virus, it has the ability to masquerade itself as any other operating system file.

So in this circumstance how would you go about differentiating it from the real operating system file and the infected file.

First, some files of the operating system or other thing such as this stealth virus are hidden, so obviously you should make sure your folder settings have "View hidden folders" or what have you enabled.

Then, well finding that type of virus can be a pain... Several times I have found suspected viruses with weird names that no one else has encountered or reported on much online. Artemis########## (those are numbers I can't remember) for instance.

Obviously however, if a virus is stupid enough to start chipping away at your computer the very day you got it, the chances are if some hacker programmed it to only use the default date creation/modification date, that may be a major clue. If it is in Temporary files, or System32, you can only imagine the nightmare finding the virus would still be... unless you know how to program your own AV of sorts. Basically it is crazy hard and trial and error to get rid of such viruses for me , assuming there are no guides to the virus I have, or there are too many types of the same "Artemis" or what-have-you. OR atleast that was the me of the past.

[Oh, and by the way, I am always using Ccleaner to kill old cookies, (clean registries and save registries quickly also, in the same place :) , and spyware and other such things may have a habit of hiding in such locations. There are also free anti-virus programs, and things like Windows Defender, Windows Malicious Software Remover, and other things which probably won't work, but sometimes it's worth it.]

Assuming something is hiding from your task manager, I would eventually if possible get an advanced or improved task manager, possibly by flash drive if I must. Also something that gives a better description of services (perhaps a part of the improved task manager)... and perhaps where they are originating from..., and the same thing with processes. This would at least allow me to chip away at the virus, and once I find it I may have to CLI it to keep it from

preventing the delete command.

The problem with 3rd part service and process monitors/file path location devices ( and surely file path location devices DO exist...), is that they may not find a viruses other locations, and so you may only be getting the... violent part of the virus, rather than the reproducing, blithering virus... Spewing out it's data everywhere. So unless you wish to run in safe mode all the time (which imo, OS programmers should have invented a "gamer" version of safe mode eons ago...), your going to have to go further than that, and I can't think immediately of how to do that now.

Link to comment
Share on other sites

I've always been a huge fan of virus writers, its very interesting and amazing to see, all the length they go to design a virus. It can take weeks or even months of preparation and planning to design a virus.

And then comes the fun part, hiding their tracks, encoding the virus and driving all the virus examiners insane.

Apart from Security, Virus analysing its also another area the interests me in IT. Do you know any website you would recommend for reading.

Edited by Infiltrator
Link to comment
Share on other sites

i get a computer about once a month from someone i know that has a virus on it. i tackle the virus however i have to. if i can use the GUI to remove it then then more power to me. (because then i can just run the programs and walk away for a while.) if that doesn't work then i do into the CLI and remove it. either way never had to reformat and i am always able to make it 100% clean. each and everyone of them is a accomplished.

Edited by ParMan
Link to comment
Share on other sites

"Best Anti-Virus moments"

Once my anti virus message screen popped up where normally it would say I need to update on the bottom right, but instead it said "You should never use your pc as root user" I was hax0red hahaha and thinking.. how the *&^%!? (sometimes AV's do not catch them all.) No PC is completely secure.

Link to comment
Share on other sites

Unless you isolate it from the network and the power, and place it inside a safe than it will be 100% secured.

Link to comment
Share on other sites

Guest Deleted_Account

You know I have been running Windows for years with an up-to-date anti-virus (Avast!), Anti-spyware (Spybot search and destroy)and Malwarebytes, and Commodo for HIDS/HIPS, Firewall and Back up anti-virus. In the last 10+ years I have never had a virus/worm/etc. that hasn't been picked up. Worse case was it being picked up after but none-the-less it was nothing more then MSN Plus's adware crap (Took 45 minuets to get rid of it all including a rootkit). I don't thing "stealth" malware is that big of an issue for 4 reasons: 1) 99% of virus writers don't take the time to do this. 2) Most modern AV's can detect attacks even if sig's aren't available Though not always 100% reliable it works most of the time. 3) Any virus that gets even 200 victims pretty much has a Sig and they keep up pretty well 4) Any good HIPS/HIDS will also prevent attack.

Although these of course don't 100% protect you it is good enough for anyone who knows what they are doing.

Link to comment
Share on other sites

Unless you isolate it from the network and the power, and place it inside a safe than it will be 100% secured.

Have you not seen Mission Impossible :P

Link to comment
Share on other sites

Have you not seen Mission Impossible :P

I think I did, but it was ages ago, so I can't remember which scene you are referring to.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...