Fully updated system with up-to-date AV now hacked!
in [Anti-Virus]
|
Prev: Avira 10 Bug
Next: Avira 10 On Windows 7
From: Leythos on 29 Mar 2010 08:31 In article <op.vabo3vpma3w0dxdave(a)hodgins.homeip.net>, dwhodgins(a)nomail.afraid.org says... > I'll be going back over to his place on Tuesday. I expect the next > step will be to pull the hard drive out of his computer, and put it > in mine, as a slave, so I can scan it without whatever rootkits are > running. > > Luckily he doesn't use if for online banking, or shopping! > > I HATE Microsoft. I expect this friend will become another linux > convert very soon! > And yet, in my 30+ years of using computers, thousands of them with MS Operating sytems, I've had exactly one malware on all of those machines that I've used. If the system is that old, that it takes hours to do a scan, which is normal for many computers, wipe it and reinstall clean, the system will most likely run faster and it will be easier for you to do the updates and make sure that everything is applied. I have never seen a machine where the user was always using a Limited account that was compromised, but I've seen a lot of machine where the user had a limited account and wasn't using that one, where they were using the Admin account after being warned not to, and they were compromised while using the admin account. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: David H. Lipman on 29 Mar 2010 10:35 From: "Leythos" <spam999free(a)rrohio.com> | I have never seen a machine where the user was always using a Limited | account that was compromised, but I've seen a lot of machine where the | user had a limited account and wasn't using that one, where they were | using the Admin account after being warned not to, and they were | compromised while using the admin account. I have. They were infected through malware that took advantage of Buffer Overflow conditions and the subsequent elevation of privileges. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Dave Cohen on 29 Mar 2010 12:59 On 3/29/2010 5:39 AM, David W. Hodgins wrote: > Spent the last 4 hours or so, at a friends place. I'd previously > done everything I could to lock down the system, but he managed > to get some sort of malware installed. > > Neither avast or superantispyware find any problems. It's an old, > slow computer, so the scans took hours. > > The admin account is no longer accessible from the login screen, > even in safe mode. Only the limited user account is accessible. > GMER will not run, apparently due to lack of permissions. > > The fire wall service is not running, and can't be started due > to lack of permission. > The security center service is not running. > > This old computer has an lcd tv used as the monitor. The tv does > not display text mode, so the bios setup screen cannot be seen. > > The bios is set to boot from the hard drive first, so booting from > a cd is out. > > I'll be going back over to his place on Tuesday. I expect the next > step will be to pull the hard drive out of his computer, and put it > in mine, as a slave, so I can scan it without whatever rootkits are > running. > > Luckily he doesn't use if for online banking, or shopping! > > I HATE Microsoft. I expect this friend will become another linux > convert very soon! > > Regards, Dave Hodgins > > I've never had a virus and I've used MS for years. I'm not going to get into a back and forth MS vs Linux and I wouldn't waste much time defending MS, but I've used both and if your user can't handle MS he won't get very far with Linux unless all he wants to do is email and surf the net. It is not a system ready for the non technical user, and if you friend requires you to set things up for him, I have to assume he fits that description.
From: David W. Hodgins on 29 Mar 2010 14:27 On Mon, 29 Mar 2010 12:59:02 -0400, Dave Cohen <user(a)example.net> wrote: > surf the net. It is not a system ready for the non technical user, and > if you friend requires you to set things up for him, I have to assume he > fits that description. He's one of those users who thinks he knows a lot more than he does. At least with linux, I can lock down the privileges to control what he can do. For example, I can set it up so that he can install updates from the distributions repositories, but can't install new programs, or stuff from third parties, without my involvement. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: David W. Hodgins on 29 Mar 2010 14:23
On Mon, 29 Mar 2010 08:31:57 -0400, Leythos <spam999free(a)rrohio.com> wrote: > If the system is that old, that it takes hours to do a scan, which is > normal for many computers, wipe it and reinstall clean, the system will > most likely run faster and it will be easier for you to do the updates > and make sure that everything is applied. Agreed. Means I'll have to hook up a real monitor, so I can see the post/bios setup messages, in order to be able to change the boot order, so I can boot from an install cd. > I have never seen a machine where the user was always using a Limited > account that was compromised, but I've seen a lot of machine where the > user had a limited account and wasn't using that one, where they were > using the Admin account after being warned not to, and they were > compromised while using the admin account. I'm pretty sure that's what happened here. I'd like to figure out exactly what he did, and what malware was involved, but I think that may just be a waste of time, at this point. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.) |