New malware freezes computer until ransom is paid
- Thread starter Shawn Knight
- Start date
G
Guest
If only people didn't browse the internet and did pretty much anything on an administrator's account... I haven't had any serious issues with malware and viruses for years, the only crap I ever got was in the porn account [restricted, of course], which I had to wipe once, and problem sorted. And I download a lot of porn... [LOL]
A) System Restore is the preferred backup method of viruses and malware, B) most really well-written malware will still load in safe mode by creating a virtual device driver to allow at least some basic functionality when running in safe mode, as well as to shield a portion of it's code from antivirus and anti-malware software.
MBAM isn't nearly as effective in safe mode, as many of the malware infection's components won't be loaded in memory, which is where most well-written exploits take place - in memory. Also, scanning a your drive in another (non-infected) computer (known as offline scanning) is almost completely useless.
MBAM is a great tool, but it's not 100 % effective, and even when it is remediation needs to take place to really clean the system and to close any holes created.
the best methods to protect yourself are:
A) Don't be stupid. Exercise some critical thinking skills before forking over your credit info.
B) frequent backups. Don't really on System Restore. It creates a perfect, encrypted place for viruses and malware to back themselves up, and the OS graciously re-infects itself.
C) Good anti-virus. And by good, I mean good. As in Avast! Free, or Kapersky.
D) Secure your browser...it is the number one infection point.
E) Sandbox, popup blockers, script blockers, flash blockers, etc.
F) Don't be stupid.
If you aren't in the IT field, you probably shouldn't hand out computer security advice, any more than I would ask a mechanic for medical advice. Most of the advice given here is just wrong, with a few exceptions.
I didn't cover every good, basic, common sense security tactic in my comments...but then you can use Google just as effectively as I can.
Google for example - "anti-virus real world protection scores" - it might be eye-opening. You could also try Googling "how can I protect my computer from malware"? Or, "how can I recover from a malware exploit"?
If you do get infected, you can usually head over to bleepingcomputer.com for some very good, very specific advice on how to remove a virus/malware infection the right way, and how to fix all of the traces left behind and problems created.
Finally, know your OS. Know ever executable that should be running on your computer. Learn how to use the task manager to kill processes that shouldn't be running. Learn how to disable things from starting up that shouldn't be starting up.
Most importantly, get a BartPE or WinPE boot disc (mini WIndows on a CD), and download a free copy of SysInternals Suite of tools, every tool of which will run in WIndows PE Autoruns will enable you to hack out almost any startup settings for nefarious programs, and prevent them from loading at startup, even mutating infections.
Nothing hides from Autoruns...not even malware/virus infections hidden as device drivers.
That advice is also nonsense. I've seen Norton Anti-virus ads used as droppers for malware infections.
MBAM isn't nearly as effective in safe mode, as many of the malware infection's components won't be loaded in memory, which is where most well-written exploits take place - in memory. Also, scanning a your drive in another (non-infected) computer (known as offline scanning) is almost completely useless.
MBAM is a great tool, but it's not 100 % effective, and even when it is remediation needs to take place to really clean the system and to close any holes created.
the best methods to protect yourself are:
A) Don't be stupid. Exercise some critical thinking skills before forking over your credit info.
B) frequent backups. Don't really on System Restore. It creates a perfect, encrypted place for viruses and malware to back themselves up, and the OS graciously re-infects itself.
C) Good anti-virus. And by good, I mean good. As in Avast! Free, or Kapersky.
D) Secure your browser...it is the number one infection point.
E) Sandbox, popup blockers, script blockers, flash blockers, etc.
F) Don't be stupid.
If you aren't in the IT field, you probably shouldn't hand out computer security advice, any more than I would ask a mechanic for medical advice. Most of the advice given here is just wrong, with a few exceptions.
I didn't cover every good, basic, common sense security tactic in my comments...but then you can use Google just as effectively as I can.
Google for example - "anti-virus real world protection scores" - it might be eye-opening. You could also try Googling "how can I protect my computer from malware"? Or, "how can I recover from a malware exploit"?
If you do get infected, you can usually head over to bleepingcomputer.com for some very good, very specific advice on how to remove a virus/malware infection the right way, and how to fix all of the traces left behind and problems created.
Finally, know your OS. Know ever executable that should be running on your computer. Learn how to use the task manager to kill processes that shouldn't be running. Learn how to disable things from starting up that shouldn't be starting up.
Most importantly, get a BartPE or WinPE boot disc (mini WIndows on a CD), and download a free copy of SysInternals Suite of tools, every tool of which will run in WIndows PE Autoruns will enable you to hack out almost any startup settings for nefarious programs, and prevent them from loading at startup, even mutating infections.
Nothing hides from Autoruns...not even malware/virus infections hidden as device drivers.
That advice is also nonsense. I've seen Norton Anti-virus ads used as droppers for malware infections.
SNGX1275
Posts: 10,615 +467
captaincranky
Posts: 19,684 +8,825
So, does this mean I should turn off my anti-virus (AVG), BEFORE I surf for porn.....?
G
Guest
Found this rather nasty little ploy attached to one of the many porn sites I frequent...
It pretends to be an INTERPOL announcement that you have been a very bad boy...
It locks up your computer and displays a page that demands a $ 300 payment to unlock it, with voice!
Not really easy to get rid of. Here's how I did...
I installed a second copy of windowsXP and booted to it.
Navigated to the locked up copy then dropped a shortcut to MSConfig.exe into the
my users startup folder. I then backed out and booted to the locked system. When MSConfig started, I then
SET "Selective Startup' and unclicked 'Load Startup Items', hit 'APPLY', 'OK'. Then it locked up.
(it took me more than one try...)
Once successful, it rebooted normally.
Found this item where it should NOT have been...
C:\Documents and Settings\<your user name>\Local Settings\Application Data\build.exe
This was the main workhorse for this pest.
other entries for it can be found here...
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Deleting this registry entry (the whole folder) will remove it from the 'Startup Items' list.
hklm\software\Microsoft\Windows\CurrentVersion\Shared Tools\MSConfig\startupreg\xA2oxSonRUjbG
Deleting 'Build.exe' will work, but I might try renaming an empty text file and setting the 'readonly/system' flags and
replacing the original.
Checking the properties if 'Build.exe' gave a clue to the origin.... "From Russia, with Love...."
characters, not these words.
(sigh)
It pretends to be an INTERPOL announcement that you have been a very bad boy...
It locks up your computer and displays a page that demands a $ 300 payment to unlock it, with voice!
Not really easy to get rid of. Here's how I did...
I installed a second copy of windowsXP and booted to it.
Navigated to the locked up copy then dropped a shortcut to MSConfig.exe into the
my users startup folder. I then backed out and booted to the locked system. When MSConfig started, I then
SET "Selective Startup' and unclicked 'Load Startup Items', hit 'APPLY', 'OK'. Then it locked up.
(it took me more than one try...)
Once successful, it rebooted normally.
Found this item where it should NOT have been...
C:\Documents and Settings\<your user name>\Local Settings\Application Data\build.exe
This was the main workhorse for this pest.
other entries for it can be found here...
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Deleting this registry entry (the whole folder) will remove it from the 'Startup Items' list.
hklm\software\Microsoft\Windows\CurrentVersion\Shared Tools\MSConfig\startupreg\xA2oxSonRUjbG
Deleting 'Build.exe' will work, but I might try renaming an empty text file and setting the 'readonly/system' flags and
replacing the original.
Checking the properties if 'Build.exe' gave a clue to the origin.... "From Russia, with Love...."
characters, not these words.
(sigh)
Similar threads
Latest posts
-
The Best Handheld Gaming Consoles- MarkHughes replied
