Announcement

Collapse
No announcement yet.

Heads UP ^^ guys and gals

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Heads UP ^^ guys and gals

    Just thought I'd drop a line to let you guys know a lil sum sumpthin.

    As you all may or may not know, I run my own computer business and here lately it has been slack until the middle of last week.

    Be careful! There is some new spyware out there and I have been able to remove it. It has different names but just to give you an idea, as of Wednesday of last week, I had all of a sudden found myself neck deep in pc repairs due to spyware activity. If I find something to get a fingerprint I'll post but as for now, the business just jumped about 200% within a day or two. So for all you limewire and/or filesharing nutz, keep your stuff up to date.

    Your Friend,

    ~~mike~~

    P.S. 16 desktops and 7 laptops came through the door Wednesday evening and Thursday. All have same symptoms. I've gotta call it a night but I might squeeze in a round or two of COD4.

    #2
    Wow, I'll keep my ears open if I hear anything from LM's IT department I'll post it.
    [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
    Like the community? Donate here:
    [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

    Comment


      #3
      I found my comeputer was seriously bogged down lately.

      I assumed it was because I had 3 gigs left on my windows harddrive.

      I might've had a cluster of crap. Who knows, either way, it's gone now

      Comment


        #4
        I'll be making sure i update spybot a lot over the next few days. Thanks for the heads up Mike.

        Comment


          #5
          FYI, every PC that I work on with Limewire installed is compromised.

          I miss the good old days when it took two programs MAX to clean a PC. I've used up to SIX programs to clean them these days, and my flat rate fee of $40 for whatever time it takes is putting a strain on my gaming/spare time.

          Eight hours on one PC is 6 hours of wasted effort when a wipe/reinstall would have done the proper job. Mike, lemme know what you recommend on these jobs, as it will eventually show up at my door too.

          Right now, I use Ultimate Boot CD for the initial removal work, then Threatfire and HiJackThis for the second system scan. Spybot 1.52 goes on last, as well as a WinsockFix and VundoFix set to search for DNS hijackers. I use Sophos for my antivirus as it is free to use for employees, and all I work on are teacher PCs from co-workers.
          Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

          Comment


            #6
            two words "job security"

            Comment


              #7
              LoL .. chef, I tell myself that every time I pick up another PC to work on. At least my 2nd job pays well enough to feed my hardware addiction !
              Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

              Comment


                #8
                I'll tell you. I am to the point anymore that I don't even boot the machine to see what it does WT.

                Download SmitFraud and Combofix and put them on a flash drive. Boot the suspected machine directly into safe mode and run those along with Ccleaner. Run a disk cleanup afterwards and then a defrag in safe mode and in regular mode.

                After toying with a few "kits" like in COD4, this has proven to be most effective lately. Afterwards, you then boot regularly and run whatever you normally would to give you that comfortable feeling that you have done the job successfully.

                Comment


                  #9
                  Here's a plug for an automated script scanner that employs five different scanner tools to hunt down the pesky crapware. I read this guys thread a few months back but never felt it was necessary to give it a try.
                  After reading up on the latest crapware, and spurred by Mike's post, I went back and gave it a more thorough read .. and I like what I saw !

                  http://forums.anandtech.com/messagev...readid=2084960

                  Snipped for a brief rundown of what it does:
                  Once you have setup the kit (via the instructions in the readme file), you should be able to take it around to many different computers. It will copy itself over from your removable storage medium onto the client computer first off and after the first scanner window appears, it will be safe to move the removal storage medium to another PC. Several notepad popups will appear at the end with the logs of the various scanners. It should not require any user intervention for the scans / removal process once you start it.

                  Script uses the command line versions of:

                  * CCleaner - does not run with scanonly
                  * A-Squared
                  * Mcafee (latest public beta definitions)
                  * Panda (generates false positive with antivir, see readme.html file for details)
                  * Trend Micro (select viruses)

                  The thread and script are updated frequently, and I like the fact that it runs multiple scans of multiple programs, so you can start it and let it run overnight. I'll give it a try on the next PC that I work on and see how things go. If anyone else wants to try it out, be sure and post the results, either positive or negative, in this thread.
                  Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

                  Comment


                    #10
                    I have used that one or something similar. The one I tried was something similar and used it quite a few times. It just felt funny using it because once you activate the program your mouse pointer moves and clicks stuff automatically and it is like someone else is controlling your machine. It worked but I just get that eerie feeling and here's why:

                    Don't take this the wrong way and you may think less of me for it, but after being infected a long time ago with a RAT (remote access trojan) I took it upon myself to figure these things out. I got deeply involved in learning about these things and learned the ease of hiding a RAT via stubbing it as well as other various methods.

                    If I am gonna be removing the damned things I may as well figure out how they work, right? And I did...I mastered the skill you might say.

                    At this point in my life I was involved with yahoo chat rooms and such and participated in them for hours upon hours and tis where I learned a lot about programs, good and bad guys who use them, and the story continues.

                    During yahoo chat sessions, as you all may know, people from pakistan (pakkis we called them) would come into the room and stomp on the microphone with their little program thingies that lock the mic and ignore all other users so they have more power. This was quite annoying at any given time and happened a LOT. As much as everyone hated it, I thought it to be the golden opportunity and I took it. I built a website with these little chat tools that boot people out of the rooms and lock the mic and such and placed them all on a professionally presented website and went into the pakki rooms where they'd be laughing about what they'd done in OUR rooms and I freely advertised these programs for their use... and these programs worked. The only thing was, the programs I had were the actual programs but were STUBBED with my own RATs.

                    I remotely controlled a couple hundred pc's (maybe not that many at once) and at any given moment could open the CD Rom and pop up on their screens "Here's a drink holder for you asshole" or something like that and they'd scramble to reboot. I could watch their desktop through a whole "Restore your PC to an earlier time" process and afterwards. At the touch of a button I could wipe the drive, copy anything to my own pc and so forth.

                    With cyber crimes on the rise as well as the possibility of ruining my reputation, I got out of it before a trace and I successfully uninstalled every RAT that I had planted with the touch of a button and it was done.

                    Having a program that moves my mouse pointer for me is a little bit uncomfortable since I KNOW what can be done and no virus scanner can detect it... or they couldn't detect mine at the time. That is why I am uncomfortable with the program that I used. This program may not be the same one but it sounds like something similar.

                    I just want to say that it has been some 10 years since and I have dedicated myself to assisting others with the removal of spyware, malware, bloatware, RATS, and anything in between. In the process I have opened my own business to assist others. I can say that I am the best virus scanner that I know of since I learned to remove just about everything thrown at Windows via using the registry and that is where I feel most comfortable. I do NOT recommend this practice to anyone since I'd guess I have reformatted a million machines in the learning process. (Usually 35+ computers on my lan infected at one time with different stuff I'd try to figure out..call me a nerd.)

                    What the machines don't pick up with the assistance of Virus Scanners and Trojan removal tools, I can usually pick through and find in the registry. The programs do make work a lot easier now a-days, but nothing works 100% of the time.

                    I DO charge out the ass for this kind of manual removal and usually it is big business when I get a customer who REALLY needs their data to be safely relieved of infection...Which is how I got involved with the NRA, Hornady, and a couple hunting magazine companies. Sadly, I kill my own business by doing it right the first time and then protecting their machines...and usually I don't have any return customers.

                    Just wanted you guys to know that I am not out to infect anyone or be manipulative.

                    Comment


                      #11
                      Mike, I appreciate the reply, and ... you officially scare me now a bit. I have never dabbled in the black hat arts, so I go on record as saying its way above my head other than I completely follow your terminology .. its my job to know what is out there that can screw up a customer PC, but at some point a format is obviously the safest choice.

                      I always value your opinion on this stuff, so I'd love to chat some day about this stuff, but we'll save it for a better day for both of us.
                      Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

                      Comment


                        #12
                        To "dabble in the black hat arts" is very much the opposite of any "White Hatter's" intention. You must first learn the strategy of the enemy before you can overcome his threat. I feel like I succeeded without harm (other than the very few who had to simply reformat their machine).

                        On your second note,(reformatting being the only way) I am just the opposite. I always .. ALWAYS set forth in my work to do everything in my power to work without reformat/reinstall. On a rare occasion I find the need and usually it is after the end user has already done it and again is infected, or the machine is brand new and it'd be quicker/cheaper to rid them of the bloatware that NEW machines come with these days.

                        I do not intend to scare you.. it was a path I would inevitably have to take if I wanted to get where I am and learn the things I did. I do, however, appreciate your reply. My intention was never in a "black-hat" frame of mind. I don't mind telling what I've done to a civilized crowd and explaining my theory, but I do mind people thinking that I can "hack some dude's account" type of crap for them. It was never hacking... I don't hack.. wouldn't know where to start.

                        I can say I have never cheated on ANY game,.. never downloaded a cheat due to the simple fact that they are loaded with stuff like Keyloggers and the devil and will give you the same reputation that I feared gaining by my actions.

                        Comment


                          #13
                          My Family is all IT related. My father was a CIO at a Fortune 50 company most of my life, and he would always tell me this when I asked him about hacking and etc: (in my own words)

                          "Dont do it. If you get caught you will ruin my life as well as yours. But I will tell you this:

                          I have yet to find someone capable, that is, worthy of hiring, whose sole responsibility would be to keep my network secure for the employees of our company, that has not been a hacker themselves at one time or another.

                          I cannot trust someone that does not understand, or does not possess the ability, to think and take action like the kind of person we need to protect ourselves from."

                          I'd also like to point at my cousin, who got 2 years of probation when he was 15 for doing something very very bad to something I wont reference, online. He is now 1 year out of college and making more than $200k a year at a silicon valley company that provides security software. His entire role is to lead teams of people in finding new viruses, exploits and etc.

                          In fact, he is like Mike. His teams pose as hackers and pick up the latest l33t methods by posing as criminals themselves. They set up drone computers around the country, that are basically 'fake' exploit boxes that they hope people will hack so that they can document the latest information and build security against them.

                          It's freakin amazing stuff.

                          Comment


                            #14
                            hahaha, mike, back in the olden days, that was one of the MOST fun things i did. i too once dabled in the Black arts. i still have 5 3.5" disks stored in my basement in a lock box with some of the nastiest viruses ever created in the old Dos, windows 3.x, and win98 days. i'd be curious to see if they even worked anymore. my all time favorite was an unsuspecting VERY small TSR/boot sector/AMI Bios virus that once injected, basically made the PC a new boat anchor. its goal was but one malicious purpose. destroy the PC. it did so by actually destroying the hard drive, a sector at a time. as time went on, the hard drive was slowly mad smaller, by constantly read/writing to sectors until the sector failed, making the PC think the drive was just not as big. replaceing the drive, or backing it up was not really an option, as once a new drive was inserted, it was immeadiatly 'infected'. to date, i have not seen anything i would deem as malicious.

                            My stint ended just before schools started prosecuting kids for PC crimes @ school. i got booted from one High school for "suspected" pc crimes. later that year, after i layed low, some poor kid actually got sued for doing far less devious and destructive things.

                            Its true though. you MUST know the enemy before you know how to handle it. programs like 7thsphere, portscanner, and the ilk, as well as Black Orothos, Skilk, and various other trojans & hacks could make someone's life a pain if they pissed you off. injecting them into unsuspecting PC's was easy, as was using their ignorance against them. but, they also helped to determine what you needed to do to protect yourself. i used to pride myself on it. but since have gotten lax, taking up the addage, if its broke i can fix it, and just don't go there. lol

                            Considering the usage of bittorrent's as a delivery system for malicious code, since i got my 2 letters from comcast & the MPIAA and RIAA, i just quit using them, unless i needed something i knew to be secure.

                            Thanks for the heads up.

                            Comment


                              #15
                              If the crap ever hits the fan I want you guys on my side.
                              [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


                              Killed by CLRs since 2004. WOOT!
                              Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

                              Comment

                              Cain's Lair Forums Statistics

                              Collapse

                              Topics: 26,187   Posts: 269,849   Members: 6,183   Active Members: 7
                              Welcome to our newest member, Fermin13Q.

                              Today's Birthdays

                              Collapse

                              There are no members with birthdays today.

                              Top Active Users

                              Collapse

                              There are no top active users.

                              More Posts

                              Collapse

                              • Reply to Hope your all OK over there
                                by Apache Warrior
                                We had 17 inches of rain from the storm on November 7, 2024.
                                Apache
                                Yesterday, 07:55 AM
                              • Reply to Hope your all OK over there
                                by Sirex
                                Aye, I'm inclined to agree with that lmao
                                Gone are the days of warm summers and snow filled winters here, nothing but rain and wind for 8mths of...
                                10 Nov 2024, 08:53 PM
                              • Reply to Hope your all OK over there
                                by Apache Warrior
                                Now we have had a lot of flooding in this area and there are still a lot of houses that have not been repaired. Must be the apocalypse.
                                ...
                                8 Nov 2024, 09:23 AM
                              • Reply to Hope your all OK over there
                                by Sirex
                                Thats the start of our storm season here began, ours dont get as bad as the ones you all get but in relation to our normal weather its bad enough....
                                21 Oct 2024, 05:29 AM
                              • Delta Force is amazing
                                by Evil_T0NY {CLR}
                                Hello peeps, long time no see! This is ET!

                                I've been playing the Alpha of this game, and this past week, the free play week. And this game...
                                20 Oct 2024, 08:48 PM
                              • Reply to Hi guys!
                                by SantaClaws
                                Wow, it has been 10 years since I was last here. Time really sucks! Miss Cains UT days. I am still playing World of Warcraft going on 20 years....
                                15 Oct 2024, 12:04 AM
                              • Reply to Hi guys!
                                by Sirex
                                Got that right!
                                Always time for games on Cain's!...
                                13 Oct 2024, 07:24 PM
                              • Reply to Hi guys!
                                by Apache Warrior
                                I have been too busy to play any games. I would make time for CainsLair games though.
                                Apache
                                13 Oct 2024, 06:47 PM
                              Working...
                              X