Announcement

Collapse
No announcement yet.

An interesting couple of days....

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    An interesting couple of days....

    Hi all...

    I spent the last two days with my parents (who live about 50 miles away from me) helping my mother with her laptop (HP Pavilion dv5000.) She had mentioned to me previously that her system was acting strange with a couple things, however, for some reason, I didn't connect the issue(s) with malware until I got up there to see the system for myself. She runs Windows XP SP3.

    Somehow, she had gotten a hold of the MyWebSearch toolbar, which, as you can all well imagine, put a lot more on the system than just the toolbar. If I remember correctly, MalwareBytes caught something like 292 (or more) pieces of malware, which consisted primarily of spyware and trojans. MB and ComboFix took care of that problem.

    However, something else developed that put a major kink in things....

    I had asked my mother if I could install a copy of SuperTuxKart on her system so I could play it while using her system and having received her permission, I opened up Opera and tried downloading the game from two different sites that seemed halfway reputable but when I found out they were wanting to add a toolbar of their own, I stopped the download/install process for both of them. The third time, I went directly to STK's site and downloaded the game from there...as I was looking for a certain version, 0.7.1b.

    While trying to download from there, the next thing I know, MSE (Microsoft Security Essentials) is coming up with a detection warning....something that I can't remember the name of other than the threat level was "severe." MSE had found it in Opera's cache. The first time, I told MSE to quarantine it. I went back to try downloading the game again...same detection warning. For some reason, I decided to cancel or ignore the notice (thinking that MSE was messing up in some way.)

    THAT, dear readers, turned out to be a BIG mistake!!

    After a few seconds, this program, "HDD" something, comes up and starts running a scan. I knew immediately that it was a rogue and tried to shut it down. Of course, it wouldn't, at least not easily and while running this fake scan, catching all kinds of hard drive errors, I'm watching it as it proceeds to eliminate all of the desktop icons, toolbar icons, start menu entries and almost everything else that would give me access to the system! The only thing it left was Internet Explorer. Uninstalling the rogue didn't help and I didn't figure it would. Did I mention all this happened on April 1st? This rogue effectively either encrypted or hid all of the data and access points to the system. It successfully blocked my attempts to take it out with ComboFix, in safe mode as well! :eek:

    Rather than spend a lot of time I didn't have researching the problem and a possible fix, I decided it would be quicker and easier just to reinstall the entire OS. So that's what I did. Fortunately, my mother did have a lot on the system and what she did have was mostly backed up. I was able to retrieve everything else, like the access code for one of the games she paid for. This process went well overall except the second thing I ran into: There is a problem with the .net framework 4 software that delays the system's network, either cable or wireless, for about a minute to a minute and a half. I didn't immediately attribute this problem to the .net software until I began thinking about when the network problem began to appear. I was able to find this page concerning the problem. I went ahead and just uninstalled .net 4, which took care of the problem.

    I didn't see the solution offered by FM-190 until after I uninstalled it.

    The Lord really blessed me working through this entire process, it could have been a LOT worse than what it actually was. Examples include: The restore partition or CD's not working leaving my mother's computer completely unusable.

    My mother and I did talk briefly about installing Ubuntu/Kubuntu on her system but decided against it because of her older ATI graphics chipset and the games that she wants to be able to play, some of which are only available in Windows.

    And the moral of the story is (or what I learned was):

    1. Some of the malware out there is NASTY! Always try to get software from the actual vendor, not from third party sites, if possible. Don't be too dismissive when you think your security software is giving you false information.

    2. Don't install .net framework 4 for any reason, at least until that particular bug is worked out or the software that requires it is absolutely needed.

    One of the delights of running Linux is that you get to avoid all of the malware and garbage that folks using Windows risk "contracting" every day.

    I would certainly welcome your comments...

    Regards...
    Last edited by ardvark71; Apr 05, 2012, 04:05 AM. Reason: Corrections
    Our Lord and Savior Jesus Christ loves and cares about you most of all! http://peacewithgod.jesus.net/
    How do I know this personally? Please read here: https://www.linuxquestions.org/quest...hn-8-12-36442/
    PLEASE LISTEN TO THIS PODCAST! You don't have to end up here: https://soulchoiceministries.org/pod...i-see-in-hell/

    #2
    If desktop Linux were so popular as Windows, we'd likely face the same primary threats. In your case, a purposefully-infected installer obtained from a dubious web site.

    Browser caches provide utility to attackers, and other exploits have taken advantage of this. One minor way to reduce a computer's attack surface is to disable these caches, which I've been doing on all my computers lately. I haven't noticed any performance degradation, but then again, I've got a 30mbps Internet connection at home...

    Comment


      #3
      Originally posted by SteveRiley View Post
      Browser caches provide utility to attackers, and other exploits have taken advantage of this. One minor way to reduce a computer's attack surface is to disable these caches, which I've been doing on all my computers lately. I haven't noticed any performance degradation, but then again, I've got a 30mbps Internet connection at home...
      Hi Steve...

      Thank you for this advice, is it possible to disable the cache in Internet Explorer 8 as well?

      Regards...
      Our Lord and Savior Jesus Christ loves and cares about you most of all! http://peacewithgod.jesus.net/
      How do I know this personally? Please read here: https://www.linuxquestions.org/quest...hn-8-12-36442/
      PLEASE LISTEN TO THIS PODCAST! You don't have to end up here: https://soulchoiceministries.org/pod...i-see-in-hell/

      Comment


        #4
        Originally posted by ardvark71 View Post
        Thank you for this advice, is it possible to disable the cache in Internet Explorer 8 as well?
        Unfortunately, there's no simple way to do this with IE. It uses the "Temporary Internet Files" folder for not only the cache but also for favicons, cookies, and other bits. You can reduce the size and the likelihood of malware sticking around by following these steps:

        * Internet Options | General | Browsing History
        * Click Delete to get rid of what's in the cache now
        * Click Settings
        * Change the disk space to the minimum amount allowed (don't recall the exact number for IE 8; in 9, it's 8M)
        * Change Check for newer versions to Every time I visit the webpage

        * Internet Options | Advanced | Security
        * Select Empty Temporary Files folder when browser is closed
        * Deselect Enable DOM Storage

        Comment


          #5
          Thank you, Steve, much appreciated.

          Regards...
          Our Lord and Savior Jesus Christ loves and cares about you most of all! http://peacewithgod.jesus.net/
          How do I know this personally? Please read here: https://www.linuxquestions.org/quest...hn-8-12-36442/
          PLEASE LISTEN TO THIS PODCAST! You don't have to end up here: https://soulchoiceministries.org/pod...i-see-in-hell/

          Comment

          Working...
          X