Virus / Malware creators need to die
I had my XP pro install for 4 and a half years. Rock solid. No problem. Firewalled. Always kept my antivirus up to date. Stealthed ports etc. Unfortunately I was pretty lax on backing things up.
Everything was wiped out by just clicking one link from google to another website. An invisible iframe opened and about 70 smtp ports opened up sending out who knows what to some russian sites before I could yank the power cord out of my modem (and just as one of my svchost.exe crashed). Changed admin privs, services, added software, changed drivers, changed registry keys and the master boot record, eliminated windows updates etc. all within a few seconds.
After trying to recover for a week I finally had to do a format/reinstall. I'm usually very careful but damn, this thing kicked my ass. Be careful out there. I lost years worth of conversations that I had with friends and other things that are impossible to replace. If you don't backup regularly, start now.
18 Comments
Freaky! Sucks balls too. Weird that it could pull that off, your antivirus ought to have intercepted it.
I really want to blame the antivirus, but there is so much crap released every day and I was getting signature updates every 4 hours. The whole thing comes down to Java permissions that can't be set natively in Firefox imo. I had the NoScript addon at one point but got rid of it because it was just too much work. Iframes suck. That's why they aren't allowed here at VS. Firefox should have an option to deny them. The way this virus works is brutal, it was 2 days before I found out that it changed admin privs for BITS and other services by changing some registry keys from "system" to "fystem" .. which is sorta funny in retrospect.
WOW..MAJOR SUCKAGE.
i got tagged a few years ago,so i hear ya..
thats why i got dual hard drives baby!
cheap and easy..
kinda like me../grins
4.5 years on one XP install? Whats your RAM consumption sitting on a fresh reboot? I go about 1 year max before XP performance is too much to suffer any longer.
This is a KILLER free product
http://www.malwarebytes.org/mbam.php
I just finished an "annual" rebuild yesterday. I set up three bootable XP installs in paralell, one for work, one for games, and one just in case. These have saved my ass in the past when something went tragic and I could not afford downtime.
I've got the rebuilds down fast this time, its sweet having a USB thumb drive preconfigured with your chipset drivers, audio drivers, video drivers, service pack 3, all your work-ware and all your serial numbers before you begin the rebuild.
I had Malwarebytes (among other things). It's good stuff. It did help remove some of the infected drivers after the fact but didn't stop them from installing or doing the damage. I just got unlucky. I wound up containing everything in safe mode later and uploaded the individual files to virustotal.com and each time only 2 or 3 picked it up and it was rarely the same engine that did.
I don't have any benchmarks to show (anymore) but my XP performance was good.
I had UBCD4Win on a usb key but couldn't get it to repair my drive (it got to the point where the BIOS wouldn't even recognize the drive). I think I will just ghost this install now sort of like you're saying so I can re-install easier next time. I was overdue for an install anyway I guess, just sucks all the stuff I lost
Damn, this sucks I feel your pain, something similar happened to me once - I lost 50+ pages of an urgent document that I had do redo.
Incidentally, can you warn us what the website that caused this was?
It was at torrentreactor. I suggest not visiting .. lol.
I don't use torrents or any p2p (not saying I don't ever pirate, but I use altbinz and astraweb for that sort of thing). Anyway, I forget what the hell I was even searching google for, I've been following the goings on with the pirate bay situation and I guess I saw a link that looked interesting at torrentreactor and bang! Firefox crashed to desktop without even an error. 70ish smtp ports opened. Svchost crashed. Unplugged the modem. Rest is history.
malbytes is pretty good.
also try bit defender and spybot.
panda is decent but you have to register blaaaaa.
and adaware live is ok,as long as you have the ram to spare.
and thanks deathcow,never thought of having that all on a thumbdrive.
waaaay better than individually installing.
Ouch, sorry to hear that. One big problem with Windows is that apps aren't consistent with where they store data/config data. Some little apps I have use ini files as well. I backup one key file but everything else is on external drives. If the laptop died I could carry on.
Still I need to do a new Windows image which I would use to start the recovery.
Title is correct. The problem is our governments aren't interested in protecting us. There shouldn't be any need for antivirus or firewalls, you don't walk around in a helmet in case someone hits you in the head. We should crucify these people and televise it.
Well, they do manage to keep me employed fixing these things. Just about every week I get a machine from a friend that requires attention for the low price of free... at least they hope.
The combination we use these days for free stuff is malwarebytes/super antispyware/avira anti-virus together, and that usually clears up most things.
Personally I have had the misfortune of getting conficker on a laptop, however it is pretty easy to remove (and spot) apart from having the nasty habit of attempting to infect usb flash drives placing a binary autorun.inf on the things.
Unfortunately, this will likely never end as most malware is developed outside the US and its exceptionally easy to hide ones tracks these days with botnets that are traded like commodities.
I often wonder if some of the anti-virus vendors cook up some of this crap since there is the occasional "BEWARE OF (virus/malware)" scare and it always is fronted by companies who want you to buy their software, which likely would not protect you againt most of this crap anyways. There is no software that can fix PEBKAC.
These days I solve "questionable website" problems by visiting them in a VM. You would be amazed at how much you can fuck one up and then when you reboot you snapshot it back to how it was before. VirtualBox is free and *really* good these days and with 1TB disks becoming the norm one can easily afford the 10-20GB of a virtual install of XP.
That's a pretty dirty little bug you got there. It seems things are getting harder and harder to get rid of.
The key to good antivirus/spyware programs is finding the new guy in town. Before the malicious spyware catches on to them and keeps them from working.
Great Thread plus-5 AA-PLUS would do business again, thanks
Lol, there shouldn't be the need for police either, but here we are.
>> ^gorillaman:
Title is correct. The problem is our governments aren't interested in protecting us. There shouldn't be any need for antivirus or firewalls, you don't walk around in a helmet in case someone hits you in the head. We should crucify these people and televise it.
Which browser were you using? Did you have ActiveX / Javascript / Java disabled? (They should all be completely disabled unless you really trust the website you're on). It's not even safe to enable any Javascript on some trusted websites that have unreliable screening for advertisers (like TPB, which had some browser-hijacking javascript in ads lately). Never had problems with google ads though. Java opens up even more vulnerabilities than Javascript.
Videosift works fine with Java disabled and the most restrictive Javascript options you can select in Firefox without completely disabling javascript. That setup works fine for most of my browsing. Then if I go to any domain I haven't been to before and completely trust, I make sure to disable Javascript first.
Java should not enabled under ANY circumstances except when you have a specific need to use it on a very trusted site, and it should be disabled as soon as you're done.
Anyway, surfing with Java enabled is like leaving the front door open, and AV is like a bouncer who checks if your name is on a blacklist, and lets you in if you're not on the blacklist yet. Closing the front door is more effective than any AV alone. Every bit of executable code or script your computer runs is a potential trojan horse whether or not your AV says so. You just have to trust the source you get it from.
ahem.
www.ubuntu.com
I run Ubuntu in a VM
Discuss...
Enable JavaScript to submit a comment.