llamaenterhear
Username: Password:

Author Topic: My computer has a virus!  (Read 1712 times)

0 Members and 1 Lonely Barbarian are spying on this topic.

Offline Cheka Man

  • Strolenati
  • Grand Master
  • *
  • Posts: 689
  • Awards Society Guild Locations Guild Item Guild Lifeforms Guild NPC Guild Hall of Heroes 10
    • Awards
My computer has a virus!
« on: April 12, 2009, 06:33:09 PM »
The Winshow Virus, a Trojan. How do I get rid of it? And what is the best antivirus & firewall to stop it coming back? ZoneAlarm? something else? Help!!!

Offline Dozus

  • the Windward
  • Strolenati
  • Emperor
  • *
  • Posts: 1315
  • Cephalopod
  • Awards Questor 2012 Society of the Year Golden Creator Elite Item Guild Hall of Heroes 10 2010 Society of the Year
    • Awards
Re: My computer has a virus!
« Reply #1 on: April 12, 2009, 07:46:53 PM »
Oh noes!  :(  I found this link, perhaps it can help you.  I've never heard of the virus itself, so I couldn't tell you what would work to prevent further attacks.  I personally use A2 and Avast!, and have never suffered any infestations.  Good luck!

Dozus the Windward
Swashbuckler
LEVEL 1
Cartography Guild Minor Minion
STR: 4 | END: 2 | CON: 4 | DEX: 3 | CHA: 3 | INT: 4

Offline Cheka Man

  • Strolenati
  • Grand Master
  • *
  • Posts: 689
  • Awards Society Guild Locations Guild Item Guild Lifeforms Guild NPC Guild Hall of Heroes 10
    • Awards
Re: My computer has a virus!
« Reply #2 on: April 18, 2009, 01:03:33 PM »
My computer has now been cleaned of the virus, has new protection, and has had it's fans cleaned out as dust was making the computer shut down.

Offline Chaosmark

  • Harbringer of Segfaults
  • Strolenati
  • Emperor
  • *
  • Posts: 1258
  • Awards Master Questor Item Guild Hall of Heroes 10
    • The Sleepless Hacker
    • Awards
Re: My computer has a virus!
« Reply #3 on: April 18, 2009, 04:43:07 PM »
Now you just need to get rid of the AOL and move to a slightly less insane IP.
P(A|B) = P(B|A)*P(A)/P(B)

By the power of Bayes!

Acolyte Lithil Darkheart – Level 1 Necromancer
STR: 1 | END: 2 | CON: 3 | DEX: 3 | CHA: 3 | INT: 3

Current guild quest: --

Offline dark_dragon

  • Strolenati
  • Lord
  • *
  • Posts: 401
  • Awards Hall of Heroes 5 2011 Sub of the Year
    • Awards
Re: My computer has a virus!
« Reply #4 on: April 23, 2009, 11:35:19 AM »
In the words of Our BDFL "Reformat. Reinstall windows."
"Reality is that which, when you stop believing in it, doesn't go away."-Philip K. Dick

Offline Ancient Gamer

  • Hammer of the Citadel
  • Emperor
  • ****
  • Posts: 3892
  • Enough about you, let's talk about me!
  • Awards 2013 Best Play By Post Game Elite Plot Guild Golden Creator Hall of Heroes 10 Elite Systems Guild Elite Item Guild
    • Coldforged Home
    • Awards
Re: My computer has a virus!
« Reply #5 on: April 27, 2009, 03:02:23 AM »
Skilled hackers can install root kits on your drivers, which would remain even after a complete format and reinstall. In short: If the wrong person (meaning a really good hacker) wants into your PC, you cannot hope to stop him. But you can make it hard and try to convince them to find an easier mark.

Of course, if you get infected by the skilled guys you will never notice them in the first place.

Hehe, I once installed a root kit removal tool. As it turned out the tool was an actual root kit itself. 0_o
Authentic Strolenite™©®

"Secretly a Squirrel"
Guild Master of the Squirrelati
Scourge of Nutanuns!
Harbinger of Acorns!


Offline Strolen

  • Ignorance Incarnate
  • Guild Leader
  • Emperor
  • *
  • Posts: 7995
  • All your base are belong to us.
  • Awards Locations Guild Questor Locations Guild Elite Item Guild Hall of Heroes 10 Plot Guild
    • Strolen's Citadel
    • Awards
Re: My computer has a virus!
« Reply #6 on: April 27, 2009, 06:20:21 AM »
Trojans suck! I use Comodo Firewall and AVG since they are both free. I keep my system in such a state that it only takes me about 3 hours for a full restore. Plus, I use "Windows XP Ultimate Edition by Johnny" so it probably comes preinstalled with a ton of virus and trojan goodies....I simply don't care. :)

Moved to unbuntu a few days ago and this time it is simply gorgeous, easy to update, has everything I need except easy DVD ripping and photoshop so left the dual boot. I am moving to unbuntu as my primary system!

Flying Squirrel – Strolenati Guild
Grothar Rockfury - Dwarvish Guild
Minor Minion - Cartographer's Guild
Level 3
STR: 5 | END: 2 | CON: 3 | DEX: 2 | CHA: 2 | INT: 6
Authentic Strolenite™©® | Llama is as Llama does.


Offline valadaar

  • Lord Ascendant of Typos
  • Emperor
  • ****
  • Posts: 3165
  • Awards Hall of Heroes 10 Lifeforms Guild Elite Elite NPC Guild Golden Creator Locations Guild Elite Master Questor
    • Awards
Re: My computer has a virus!
« Reply #7 on: April 27, 2009, 07:07:34 AM »
Using a router will also help a little.  At least its worked for me thus far...

   
         Human Strolenati
         Strolenati Guild
         DwarvenGuild - Dorak Stonehammer
         Weavers Guild
         Level 3
         STR: 4| END: 4| CON: 4| DEX: 4 | CHA: 3 | INT: 7
         Authentic Strolenite™©®
      
   
            
         
                
         

Offline dark_dragon

  • Strolenati
  • Lord
  • *
  • Posts: 401
  • Awards Hall of Heroes 5 2011 Sub of the Year
    • Awards
Re: My computer has a virus!
« Reply #8 on: April 27, 2009, 11:21:30 AM »
Skilled hackers can install root kits on your drivers, which would remain even after a complete format and reinstall.


Nope. Formatting a drive shouldn't leave anything behind. Not formatting the partition, mind you, but the drive itself. MBR and all.

No drivers, no MBR, no operating system, just zeros on the HD. Ergo no rootkit.

I guess that you might not call that a formatting. You're probably right. It's what I call formatting a drive. As you would if you were selling it on ebay, say.

Quote
WARNING: THE FOLLOWING WILL IRRETRIEVABLY ERASE ALL DATA ON YOUR HARD DRIVE

Derik's boot and nuke will do it: http://www.dban.org/, or if you feel a little more adventurous,  boot http://gparted.sourceforge.net/ and run 'dd if=/dev/urandom of=/dev/sda; dd if=/dev/zero of=/dev/sda' in the shell. (or whatever is appropriate instead of /dev/sda)

Both will nuke anything on your hard drive. Data recovery now pretty much requires an atomic force microscope.

To clear only the MBR do 'dd if=/dev/zero of=/dev/hda bs=512 count=1'




As for installing a virus in the BIOS: it is nigh on impossible. Virii can clear the flash, corrupt it, but to actually 'infect' the BIOS would be a very difficult task. Usually, you'll be able to reflash to a manufacturer's BIOS. (Having recently suffered from a corrupted BIOS, I know it is possible to get your mobo back. In a desperate case, you can always re-order BIOS chip.)

I mean, it is possible, but my (black)hat off to anybody who can do it successfully in-the-wild. You'd have to be exceptional.

if you're interested in how it is possible:
https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
"Reality is that which, when you stop believing in it, doesn't go away."-Philip K. Dick

Offline Ancient Gamer

  • Hammer of the Citadel
  • Emperor
  • ****
  • Posts: 3892
  • Enough about you, let's talk about me!
  • Awards 2013 Best Play By Post Game Elite Plot Guild Golden Creator Hall of Heroes 10 Elite Systems Guild Elite Item Guild
    • Coldforged Home
    • Awards
Re: My computer has a virus!
« Reply #9 on: April 28, 2009, 08:44:31 AM »
Peripheral devices have their own storage dark_dragon. :) Sorry, but you are wrong.

Not just the BIOS, but other peripherals as well. They have software, they can be written to. Read Hoglund and Butler's "Rootkits" book, okay? ;)
Authentic Strolenite™©®

"Secretly a Squirrel"
Guild Master of the Squirrelati
Scourge of Nutanuns!
Harbinger of Acorns!


Offline dark_dragon

  • Strolenati
  • Lord
  • *
  • Posts: 401
  • Awards Hall of Heroes 5 2011 Sub of the Year
    • Awards
Re: My computer has a virus!
« Reply #10 on: April 28, 2009, 04:09:38 PM »
Peripheral devices have their own storage dark_dragon. :) Sorry, but you are wrong.

Not just the BIOS, but other peripherals as well. They have software, they can be written to. Read Hoglund and Butler's "Rootkits" book, okay? ;)


Ok, I think I see what you mean.

Something like this?

Firmware rootkits et al. Theoretically, you could even have a virus in your laptop's battery that would make your machine overheat dangerously. (Mind you, sony's batteries don't need a virus to explode)

However, I remain extremely sceptical. They're at the proof of concept stage in security labs. To have such a beast running around in a home computer would be... extremely surprising.

I would give good money if you could show me a virulent firmware virus/rootkit. In fact, I expect that the first exploits of this kind will be sold for very significant sums. The development costs would be insane compared to the usual "click here for more pron" approach. It would take a concentrated effort from some very skilled hackers. The crazy firmware diversity is one thing too. There would be no One OS to bind them here. Your Exploit would have to run on a particular chip of a particular manufacturer which is installed in a subset of a particular device. You'd have to circumvent firmware authentication (which requires intimate knowledge of the particular chip you're working with, knowledge not exactly easy to come by.). Then you'd have to know the system features inside out to do anything at all besides corrupting the firmware. Hell, lots of genuine firmware update fail (I am a case in point.). Those are updates using the manufacturer's own tools, rather than reverse engineered ones too. And you would have to get system-level access in the first place (compared to the rest this seems easy.).

It would be masochistically hard to do. Especially if to do all this you've already gained complete access.

I expect that the kind of people capable of writing virulent firmware rootkits are not going to want to get family pics from a home pc. They'd be running targeted attacks against hardened targets with specific goals in mind. Getting credit card details would be trivial if you can do all this.
"Reality is that which, when you stop believing in it, doesn't go away."-Philip K. Dick

Offline Ancient Gamer

  • Hammer of the Citadel
  • Emperor
  • ****
  • Posts: 3892
  • Enough about you, let's talk about me!
  • Awards 2013 Best Play By Post Game Elite Plot Guild Golden Creator Hall of Heroes 10 Elite Systems Guild Elite Item Guild
    • Coldforged Home
    • Awards
Re: My computer has a virus!
« Reply #11 on: April 29, 2009, 03:11:45 AM »
Hoglund and Butler were among the extreme elite of their kind, so I tend to agree. This is not your garden variety hackers we are talking about. I was talking about the best.

The hackers you usually encounter install malicious apps to access your banking accounts, financial systems, or just to abuse your system for their own sinister purposes. Besides, most users are clueless about the presence of a rootkit or trojan unless their anti-virus tells them otherwise, and some have no or outdated anti-virus.

My point was that it is possible, your point is that such rootkits are rare (ok, you phrased it differently).

But believe me, rootkits can be installed wherever there is software, and wherever there is a CPU software can be run.

And no, I will not show you example code. But you could visit rootkit dot com if you are interested in learning.

I hope that didn't come across as patronizing or arrogant. Internet communication can be difficult, with the absence of body language and all (not to mention communicating across cultural boundaries).

I just wanted to tell you the future is here, and it is mean.
« Last Edit: April 29, 2009, 03:13:37 AM by Ancient Gamer »
Authentic Strolenite™©®

"Secretly a Squirrel"
Guild Master of the Squirrelati
Scourge of Nutanuns!
Harbinger of Acorns!