Up to date Malware Removal

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
What jumps out at me is since when does an internet provider scan your computer for viruses?
Most ISPs where I live give their users free Norton Internet Security or Mcafee-whatever in the New Customer install disc that includes their support software. I think Comcast subscribers just get NIS free regardless. I can very easily see someone being confused about this.

I've also seen Comcast shut off someone's cable modem for being a massive spam relay.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,646
Yes, my ISP, Cox, offers some kind of free internet security product. The ISP doesn't actively scan your computer, they just offer the CRAP software to do it. We don't have or use it.

I believe it's fairly easy to determine who your ISP is simply by IP address or last hop in a TRACERT. Adding that little fact give the phisher/scammer some "inside" information so their scam seems believable. One the other hand, if something has broken/obviously bad english/writing skills, you know for sure it's a scam. Typical conversation:

Mom: Something is on the screen.
Me: It's bullshit.
Mom: But is says "X".
Me: It's bullshit.
Mom: It's from Cox.
Me: It's bullshit.
Mom: It's also says "Y".
Me: It's bullshit.
Mom: Are you sure?
Me: It's bullshit.
Mom: Can I turn computer off?
Me: Yes, It's bullshit.

/facepalm
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
I think that I don't like uMatrix as well. It's really neat for showing what's running and what it does, but Noscript is ironically less of a hassle because I'm having to go back and sort out script and object dependencies again, something I already did when I started using Noscript. I also find that I forget to save my policy settings about half the time when I do finally get around to changing them.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,646
I got a call from "Microsoft" today. Well, at least that's who the caller-ID said called. The number was 914-465-0874. I was sleeping at the time so didn't answer call. I hope it wasn't something important. Maybe something is wrong with my computer on the "back end" as they like to call it. LOL.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
High-severity bugs in 25 Symantec/Norton products imperil millions

Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it - the victim does not need to open the file or interact with it in anyway. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.
An attacker could easily compromise an entire enterprise fleet using a vulnerability like this. Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, it’s a significant tradeoff in terms of increasing attack surface.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
It is better (as it has been for at least 15 years) to not use any products by Norton/Symantec or McAfee. There are decent products still out there, but these haven't been them for a long, long time. I'm still confident in NOD32, though I don't bother on my own systems. Just the built-in Microsoft stuff for me, but that only applies if you run their latest OS with updates; I wouldn't trust them to keep their old stuff patched.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
What Dave said.

What's sad here is that their enterprise products are shot. They tout themselves as a premier enterprise products company. That's what's significant about this news.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
FWIW, from an enterprise perspective they had a product update available 7/28, the server update took a couple of hours, and the push notifications to clients went out before the end of the day. Another 24 hours and this crisis should be all wrapped up.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
This is the most effective thing I've found for killing sites that try to prevent use with AntiAdblocking scripts. Basically, you use Greasemonkey for Palemoon/Firefox/Chrome or Tampermonkey if you're using some truly shitty browser. You install their filter list and then Greasemonkey script. I've tried a few things that work through the Adblocker, but those things seem to be stymied a lot more often, probably because the hostile scripts are much more likely to do enough before the blocker can catch them.

It's terrible that it's come to this, but this is a case where the shitheads responsible for monetizing content on the internet can't be allowed to win. If that means a scripting arms race, I think I'm OK with it.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
Getting it to work with Pale Moon was little more involved since the official builds of Greasemonkey don't work with it, but I got it working. Thanks!

Admittedly it wasn't a huge problem for me since my use of NoScript keeps sites from running wild.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
3,860
Location
Flushing, New York
This is the most effective thing I've found for killing sites that try to prevent use with AntiAdblocking scripts. Basically, you use Greasemonkey for Palemoon/Firefox/Chrome or Tampermonkey if you're using some truly shitty browser. You install their filter list and then Greasemonkey script. I've tried a few things that work through the Adblocker, but those things seem to be stymied a lot more often, probably because the hostile scripts are much more likely to do enough before the blocker can catch them.

It's terrible that it's come to this, but this is a case where the shitheads responsible for monetizing content on the internet can't be allowed to win. If that means a scripting arms race, I think I'm OK with it.
Does any of that work with Yahoo? While Yahoo doesn't explicitly block people who disable ads, it seems they keep trying to load junk which pegs the CPU at 100% and more or less makes the computer unresponsive for a while. I've manually killed the process in Task Manager each time it occurs but that's not a real solution. Often they'll try to load something else a minute later.

It's terrible that it's come to this, but this is a case where the shitheads responsible for monetizing content on the internet can't be allowed to win. If that means a scripting arms race, I think I'm OK with it.

I continue to be amazed these same shitheads don't realize that people are so overexposed to ads at this point they just mentally filter them out. What's the point? I wish we would move to a new paradigm of advertising where people actually looking to buy something might be the only ones subjected to advertising for that product. Pushing ads on people who are trying to look at something else just isn't the way to go. Making the advertising more and more intrusive doesn't work. It just pisses people off, perhaps to the point they decide NOT to buy whatever is being advertised even if they had intended to before. It's much the same with charities who hire telemarketers. My mom had given to some of them back when they just solicited via mail. When they started calling I told them in no uncertain terms that we would no longer be giving to them, and the reason why was the stupid, constant, annoying phone calls.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
Looks like MalwareBytes bought Adwcleaner. I've been advocating use of both for some time, with adwcleaner as a quick clean-up/check up prior to a full scan with MBAM. I'm a bit troubled that having the detection engines come from the same people will mean that using both will be less useful than running two distinct products, but I'm sure it's OK for the near term at least.
 

CougTek

Serial computer killer
Joined
Jan 21, 2002
Messages
8,692
Location
Québec, Québec
Don't know where to post it, so it will here.

We've been hit by a cryptoware today at the office. Over 140,000 encrypted files. We've been quite lucky since only the Ms Office files were lost. The other files were left unarmed. No one will lose their job because the president is patient zero. I've warned them about this so many times in the past without obtaining a budget to solidify our protection. Most of the day have been lost at the office. I'm restoring files from yesterday's backup and will be doing so most of the night.

Tomorrow will be the "I told you so" festival, with written proof to top it all. I feel I'll finally have a budget for this.

The cause was an infected e-mail. It flew right thru our firewall's spam filter and Eset Endpoint antivirus. I'm moving to Bitdefender and I plan to purchase external, specialized, spam filtering and upgraded firewall services.
 

CougTek

Serial computer killer
Joined
Jan 21, 2002
Messages
8,692
Location
Québec, Québec
:(

Is Bitdefender better than Eset?
According to AV-Test and AV Comparatives, its detection rate is higher, without impacting much the system performances.

And I realized during the night that a second server was hit. The total infected files amount is now close to 230,000. I should finish restoring the files around noon today.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
I feel I'll finally have a budget for this.
Don't be so certain...

Besides, throwing money at a problem doesn't always fix it. User training might be more effective, but you're working with executives, so that's probably futile.
 

CougTek

Serial computer killer
Joined
Jan 21, 2002
Messages
8,692
Location
Québec, Québec
Holy trap! I hope it doesn't reflect badly on you.
The president and two directors congratulated me today for recovering the files. Two young ladies working for the company offered me a cake at dinner time. I don't think I've sank myself too much.

Honestly, it's not gifts and pat on the back that I'm after. I wan't money to fix the ramping security issues we have. In another company, it shouldn't be such an issue since I've spent a quarter of a million less than my predecessors did last year, so the money should be there for the important stuff. Convincing them to spend it on what matters is still a struggle though.

And if someone writes that maybe I shouldn't have saved over 250,000$ this year compared to the last, I'll add that my spending on the infra was superior to 4 of the past 5 years. I cut on the fat and non-essential (bigger monitors for fashion reason, laptop/desktop change while the older one was still quite potent and not due for replacement, gadgets, etc), not the core stuff.
 

CougTek

Serial computer killer
Joined
Jan 21, 2002
Messages
8,692
Location
Québec, Québec
User training might be more effective, ...
If there's one thing I've learn in the many decades I've worked in IT is that you can't defeat human stupidity. And in a way, it's normal. The great majority of the staff isn't working in an IT-related field. They don't have the skills and even interest in learning good security practices. We regularly send e-mails internally to warn people to be careful and use some judgement (that they obviously lack), but the number of people taking the bait remains stable.

It's far less costly and more effective, in my experience, to add well-thought safety layers, transparent to the employees, than dreaming that we can educate them up to a level where they can actively protect themselves. The latter is an uphill battle on a never-ending slope. It is bound for failure. The only places it can have a chance to succeed is in very small companies. When you reach a certain size (probably anything over 30 employees), education no longer suffice because the probability of having some computer-illiterate staff becomes an almost certainty.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
The president and two directors congratulated me today for recovering the files. Two young ladies working for the company offered me a cake at dinner time. I don't think I've sank myself too much.

Honestly, it's not gifts and pat on the back that I'm after. I wan't money to fix the ramping security issues we have. In another company, it shouldn't be such an issue since I've spent a quarter of a million less than my predecessors did last year, so the money should be there for the important stuff. Convincing them to spend it on what matters is still a struggle though.

And if someone writes that maybe I shouldn't have saved over 250,000$ this year compared to the last, I'll add that my spending on the infra was superior to 4 of the past 5 years. I cut on the fat and non-essential (bigger monitors for fashion reason, laptop/desktop change while the older one was still quite potent and not due for replacement, gadgets, etc), not the core stuff.
Great news for you. :)
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
Don't be so certain...

Besides, throwing money at a problem doesn't always fix it. User training might be more effective, but you're working with executives, so that's probably futile.
It depends on the situation, but in the US and EU many types of sensitive data must be secured per regulations, not to mention business contracts.
Of course in the real world systems may be hacked or breached in rare circumstances, but there better have been a substantial effort to ensure due diligence.
 
Top