[win2kpro]

Viruses today are just a small part of the problem. Here is an article I saved from about a year or so ago that has 3 sections and a short video. Today one of the very biggest problems is "bots".

http://redtape.msnbc.com/2007/03/bots_story.html

I also thought I had saved a story involving a 15 or 16 year old boy whose home was raided one morning by the police, and his machine seized for sending out "kiddie porn" but I can't locate the article right at the moment.

His machine was being used in a "bot net" to deliver the porn. Fortunately, his family was able to get a hard drive expert to examine his drive and determine that is was being used in a "bot net". His family had to suffer quite a bit of expense to hire a lawyer, and the hard drive expert to testify that the youngster had no idea that his machine was being remotely controlled.

Had this child's family not had resources to prove their case, the child may very well have had to serve some time in jail, and worse that that he would have had to register as a sexual predator which would have followed him the rest of his life.

I have absolutely no sympathy for the people who write this malicious software. I have seen too many cases of the anxiety, and grief this "junk" causes, not to mention the cost involved to clean up their systems.

[valis]

nor do I have any sympathy for those that write it. Remember the substitute teacher case where she was canned; pretty sure she was part of a bot-net as well.

But the bottom line, if you don't know how to make it, chances are you don't know what you are fighting. I work in malware removal, and see a wide variety of viruses/malware come down the pipe. By the people who produce such applications as combofix, the only way to arrange for a satisfactory fix is to know how it was written. That's it.

I condemn the people who release this into the wild as much as you do. But what I deplore is ignorance about a subject that could affect your pc. If by writing viruses this will help people better combat them, then I am all for it.

[MikeSwim07]

Where do you help at? Why don't you have a gold shield?

[valis]

I do help at another forum.....as to why I don't have a gold shield here, never really got properly trained; sort learned by the seat of my pants, as it were....no big.

I got drilled about 4 years ago with 110k trojans, that's what brought me to this site, and that's what got me into malware removal. I also have done some work for my company on that front, and at least 30-40 people I work with I've gone to their houses and cleaned up their machines.

[new tech guy]

I remember reading on malwareremoval.org, the site admin had claimed that the best way to wipe malicous software off of a pc, is just to wipe the entire drive and start over. Which is one of the reasons why i do that when i get virus infected machines. Sure, i could spend hours of work disinfecting them, but if somthing is still there and comes back, then does some type of damage to the owner, im the one taken to court over it. I would rather this not happen. Therefore i beleive that statement. It is truely the only foolproof, safe way to disinfect a machine from these things. Why when i get a virus infected computer, i just wipe. Only exception to this is a very and i mean VERY minor case of just some type of adware, which can be cleaned out. However, these things dig themselves so deep nowadays that is almost impossible.

[valis]

problem with that is that a lot of people get infected, and don't want to lose their data. So you have to be able to use certain tools, up to and including registry fixes, to be able to rid their machine completely of the infestation and restore it to where it was prior TO the infestation.

If it's a work machine, I just reimage it. Anything personal on there isn't supposed to be there anyhow (work machine) and it takes about 12 minutes. But for the average home user, they generally want to keep their data.

Have you taken a look at some of the wait times in the security forum recently? Those gold shields are WAY overworked; this is probably the biggest free site on the planet for that type of assistance. And the skills that they have are quite interesting; I'd recommend reading a few of the threads, the ones that have 50, 60, 70 replies; it's a learning experience.

[new tech guy]

To that, i have an easy solution to make sure i get EVERYTHING. For my house, i use acronis trueimage to image the pcs in it. Therefore because of the problems with the acronis boot cd on some machines, i have added it to my BARTPE disc. I simply run acronis off of that disk by booting the client machine to it and imaging its hd to an external hard disk. Then after that i know i have the entire system canned (also if someone is unhappy this lets me undo the settings) and i go ahead and wipe. After that, i sit down with acronis (because all pcs have it installed it will let me browse the image. And i check the usual places where users keep stuff and will copy that data out of the image onto a folder in the external. After that i dump the data onto the clients cleaned pc. (of course too i do run a virus scan on the data before handing it back to the client pc). And the new pc after being finished with the wipe is fully patched with all windows updates, has antivirus, firewall, an antimalware scanner, and some background protection. After this i would hand the pc back but i keep the image on the external drive for a short time and leave a note in a text file on the pc alerting the owner to notify me of anything missing as i can pull it from the backup. Usually the time i give is a month to get back to me.

[JStergis]

Quote:

Originally Posted by new tech guy

I remember reading on malwareremoval.org, the site admin had claimed that the best way to wipe malicous software off of a pc, is just to wipe the entire drive and start over. Which is one of the reasons why i do that when i get virus infected machines. Sure, i could spend hours of work disinfecting them, but if somthing is still there and comes back, then does some type of damage to the owner, im the one taken to court over it. I would rather this not happen. Therefore i beleive that statement. It is truely the only foolproof, safe way to disinfect a machine from these things. Why when i get a virus infected computer, i just wipe. Only exception to this is a very and i mean VERY minor case of just some type of adware, which can be cleaned out. However, these things dig themselves so deep nowadays that is almost impossible.

I only do that if someone doesn't want anything saved or if they only want a folder of music saved, AND if I'm very short of time.

I can clean a machine, it just takes me a long time, because unlike Karen and the other really knowledgeable people here, I have to look EVERYTHING up in order to get anywhere.

I got a laptop yesterday, instructed with "I don't care what you do with anything else, just save the music I have." Considering I had only an hour to work with until he needed it the next day, I copied the music over to my server, nuked the partition, and ran HPs recovery app off the other partition. I put on AVG, ITunes, AIM, and whatever else I knew he used, then copied his music back over and it was all set to go.

I'll agree that it is the foolproof way, but I like to avoid it. If I have time, I spend a few hours at it and don't have to format. I'll also agree that's my weakness, or at least one of them, while I can do it, it takes me way too long. Here, if I ever got a nasty I'd just reimage the machine, all the important stuff is on the server, and backed up nightly so I've got nothing to lose.

Actually, this makes me realize I should make a new image of the server, I guess I'll do that tomorrow or the next day while everyone's gone so it's not missed.

I really wonder how people get all these nasties so quick, I've only had one virus and never a piece of adware/spyware, and that was years and years ago...I guess they don't watch where they go.

But then, I've never used IE either. Before Firefox I used Netscape, never could stand IE.

[new tech guy]

Quote:

Originally Posted by JStergis

I only do that if someone doesn't want anything saved or if they only want a folder of music saved, AND if I'm very short of time.

I can clean a machine, it just takes me a long time, because unlike Karen and the other really knowledgeable people here, I have to look EVERYTHING up in order to get anywhere.

I got a laptop yesterday, instructed with "I don't care what you do with anything else, just save the music I have." Considering I had only an hour to work with until he needed it the next day, I copied the music over to my server, nuked the partition, and ran HPs recovery app off the other partition. I put on AVG, ITunes, AIM, and whatever else I knew he used, then copied his music back over and it was all set to go.

I'll agree that it is the foolproof way, but I like to avoid it. If I have time, I spend a few hours at it and don't have to format. I'll also agree that's my weakness, or at least one of them, while I can do it, it takes me way too long. Here, if I ever got a nasty I'd just reimage the machine, all the important stuff is on the server, and backed up nightly so I've got nothing to lose.

Actually, this makes me realize I should make a new image of the server, I guess I'll do that tomorrow or the next day while everyone's gone so it's not missed.

I really wonder how people get all these nasties so quick, I've only had one virus and never a piece of adware/spyware, and that was years and years ago...I guess they don't watch where they go.

But then, I've never used IE either. Before Firefox I used Netscape, never could stand IE.

I dont know how to remove them either which is the other reason i format. If it cannot be cleaned up by some sort of a scanner, i blow the hd away and start over. The main way people i find pick up this crap is by using some type of illeagal p2p service like limewire and are not carefull what they click on. You are correct as well as the last time i had a virus issue was years ago too. Also what happens is that they get one peice of malware and either A, that is a dialer trojan that calls in its buddies and has a fiesta, or B, they get one peice of malware and the list grows with them not dealing with the problem while its small and basically wait for the pc to grind to a halt before doing something about it.

Funny that also just made me realize somthing i hear technicians now do to remove malware without extensive know-how. I have heard that they basically keep an old machine around that would run windows or some other operating system and load it with some more powerfull antivirus scanner (and it could be a commercial on demand like symantec securityscan or stinger...etc) and they would take the hd out of the clients computer, connect it to their machine as a secondary and run those scanners (after updating of course) and they have had good disinfection results. This is because the malware wont hide if the drive is not being used as primary. The os just sees it as data.

[JStergis]

Quote:

Originally Posted by new tech guy

The main way people i find pick up this crap is by using some type of illeagal p2p service like limewire and are not carefull what they click on. You are correct as well as the last time i had a virus issue was years ago too. Also what happens is that they get one peice of malware and either A, that is a dialer trojan that calls in its buddies and has a fiesta, or B, they get one peice of malware and the list grows with them not dealing with the problem while its small and basically wait for the pc to grind to a halt before doing something about it.

This last guy seemed to do just that, when I logged onto his account, it just gave me a stop error, but when I logged onto admin it acted decent, but very sluggish with over 100 running processes. I didn't even play with scanning because I knew I was working with very limited time, and he understood that. I copied over his music and documents and wiped it.

I noticed he had a limewire icon, that's probably a lot of it right there, and I noticed his music folder was kinda an odd size, 30 GB for 2000 files, which I didn't have time to copy back and forth. About 100 of the files were er...inappropriate videos. I deleted them (honestly, I don't think I'd save them even if he specifically asked, I'm so against anything like that if I see it, it goes away--too bad for them). Going looking for that content probably got him even more malware on top of the P2P activities.

Maybe I get nothing because I don't run any P2P apps, and really watch what sites I go to. Actually, to tell the truth I don't surf around much. I'm either here, at Caedes, or reading a couple articles on the New York Times or Boston Globe...that's about it most of the time.

Gotta run off to bed for now, rest of the family's leaving for a few days so I gotta help them pack and whatnot. I don't mind, only downside is I'm constantly spending money on food out at various restaurants instead of eating home. I wish the pizza places would deliver up here, but none are willing to go 15+ miles.

Hey NTG, how about you drive up here and meet me for lunch tomorrow , it'll only take you about 4-5 hours to get here from New Joysey, and the taco salad bowls the local restaurant makes are worth going across the country for.

[new tech guy]

Quote:

Originally Posted by JStergis

This last guy seemed to do just that, when I logged onto his account, it just gave me a stop error, but when I logged onto admin it acted decent, but very sluggish with over 100 running processes. I didn't even play with scanning because I knew I was working with very limited time, and he understood that. I copied over his music and documents and wiped it.

I noticed he had a limewire icon, that's probably a lot of it right there, and I noticed his music folder was kinda an odd size, 30 GB for 2000 files, which I didn't have time to copy back and forth. About 100 of the files were er...inappropriate videos. I deleted them (honestly, I don't think I'd save them even if he specifically asked, I'm so against anything like that if I see it, it goes away--too bad for them). Going looking for that content probably got him even more malware on top of the P2P activities.

Maybe I get nothing because I don't run any P2P apps, and really watch what sites I go to. Actually, to tell the truth I don't surf around much. I'm either here, at Caedes, or reading a couple articles on the New York Times or Boston Globe...that's about it most of the time.

Gotta run off to bed for now, rest of the family's leaving for a few days so I gotta help them pack and whatnot. I don't mind, only downside is I'm constantly spending money on food out at various restaurants instead of eating home. I wish the pizza places would deliver up here, but none are willing to go 15+ miles.

Hey NTG, how about you drive up here and meet me for lunch tomorrow , it'll only take you about 4-5 hours to get here from New Joysey, and the taco salad bowls the local restaurant makes are worth going across the country for.

Ok i see your point. Uncle used to do stuff around here before he moved. Told me he had quite a few virus cases cause ppl were hitting the sites, frankly, id be afraid to touch the keyboard, god only knows what he did around that thing... . But that is probably majority. Had a person up the street who did that to theirs. Big limewire phenatic, downloaded everything from there. His sister used it too and unleashed viruses on the system. I remember the first time i wiped and cleaned it out. Then he called me back asking me to install office 03 and also picked up another virus. So i figured it would be best to disinfect as sp3 had just come out on xp, and office would require its own updates. Therefore i set to work and previously i had to do somthing silly for him (take off backup software from an external hd he purchased) and had installed true image for him as a way to back up his system and imaged it). When i looked in the system, sure enough avg had a bunch of hits in virus vault, all coming from the shared folder of either he or his sister's account. Therefore i figured instead of wasting time scanning since i had office to do, he hooked up his hd, moved his stuff, and i restored the image. Then proceeded to load office.

I would love to take you up on that offer . Wait...you want ME to pay dont ya?! I paid about 30 bucks in gas to drive there, then you want another 50 outta me for food ?! . But in any event tomorrow morning i plan on making bacon cheese omlettes if you wanna come by for that . Just bike on over, dunno how you would get here, maybe get to philly, then take the train to Ashland station and then give me a call .

[ckphilli]

Quote:

Originally Posted by valis

but the bottom line, by knowing how it works, you are better equipped in knowing how to fix it.

Have to agree with you here. The part that irks me a little is the absence of any kind of non disclosure agreement or ethical practices in the guy's class. I don't have a problem with teaching it, but there has to be some kind of deterrent to practicing on an open network. And a deterrent may be present, but not reported in the article.

[ckphilli]

Think this is the class:

"340 Computer Security (3)
Current methods for increasing security, protecting privacy, and guaranteeing degrees of confidentiality of computer records; ensuring computer installation safety; protecting software products; preventing and dealing with crime; value systems, ethics, and human factors affecting use and misuse of computers. Discussion of recent technical, legal, and sociopolitical issues influencing computer security problems. Prerequisites: CS 215, 250 and 251, or consent of instructor."
http://www.sonoma.edu/catalog/02-04/...rscience.shtml

George: http://ledin.cs.sonoma.edu/

[valis]

Quote:

Originally Posted by ckphilli

Have to agree with you here. The part that irks me a little is the absence of any kind of non disclosure agreement or ethical practices in the guy's class. I don't have a problem with teaching it, but there has to be some kind of deterrent to practicing on an open network. And a deterrent may be present, but not reported in the article.

agreed. And legally, it could land some kids in trouble, if they take their knowledge and decide to see what they can do with it, not to mention what could happen to the instructor and the university. Sorta opening themselves up for a lawsuit or 4 there.

[tomdkat]

Quote:

Originally Posted by win2kpro

I will add one thing as a final thought that is strictly my opinion. In the article Professor Ledin is credited with making this statement. "If college students can beat these antivirus programs, he argues, what good are they for the people and businesses spending nearly $5 billion a year on them?"

I would like to ask Professor Ledin this question. If you are so smart, and good at teaching your students how to beat these antivirus programs, why don't you start your own antivirus company?

Great point but I think Professor Ledin's question is misdirected. I don't think the "problem" really lies with the antivirus apps and how good or not they are. I think the problem lies with Windows itself. Microsoft has really painted themselves into corner with their "too late to the game" approach to security, especially since they want EVERYONE to use Windows as their primary computing platform.

Peace...