Spike Brewing 12.5 Conical Fermenter Giveaway - Enter Now!

Home Brew Forums > Home Brewing Community > General Chit Chat > Computer woes- yech!

Reply
 
LinkBack Thread Tools
Old 08-14-2008, 06:05 PM   #21
Chriso
Broken Robot Brewing Co.
HBT_LIFETIMESUPPORTER.png
Feedback Score: 0 reviews
 
Chriso's Avatar
Recipes 
 
Join Date: Oct 2007
Location: Someplace, Nebraska
Posts: 4,714
Liked 72 Times on 63 Posts
Likes Given: 127

Default

I'm a repair tech, and I refuse to "fix" spyware. Others in the office do it, I don't. When an infection occurs, the ONLY option I offer people is to backup files, zero-level format, reinstall Windows and antivirus and all security updates, and then to manually put back all of the user's data.

I'd either buy a new HD and put the old one in an enclosure (but go scan it for viruses on a coworker's protected computer BEFORE accidentally infecting your nice new clean one) or I'd buy an external HD to copy the drive to.

You can use the "Ultimate Boot CD for Windows" often called UBCD, to use a Ghost-like program to make a clone image of the drive.

Good luck to ya. Spyware sucks. It's making me consider a different career. I hate fixing this sh!t every day.

__________________
BROKEN ROBOT BREWING CO.

Chriso || SMaSH Brewers, Unite! || Nebraska Brewers! || Lincoln Lagers Brew Club
"You have just experienced the paradigm shift that is....all grain brewing." - BierMuncher
Chriso is offline
 
Reply With Quote Quick reply to this message
Old 08-14-2008, 11:47 PM   #22
bad coffee
HBT_LIFETIMESUPPORTER.png
Feedback Score: 0 reviews
 
bad coffee's Avatar
Recipes 
 
Join Date: Jun 2008
Location: NYC
Posts: 4,344
Liked 422 Times on 419 Posts
Likes Given: 47

Default

prevention, prevention, prevention.

make sure you're running

spybot search and distroy
ad-aware
avg

then hold F8 while you boot. boot into 'safe mode' and run all scans. when you're done reboot and enjoy the clean living.

option two: Quit downloading porn.

B

__________________
Quote:
Originally Posted by GilaMinumBeer
Why do you think they choose that path? (.)(.) = $$$$$$$$$
Quote:
Originally Posted by Zuljin View Post
Wtf was chasing you for an hour? Buy a gun already.
Quote:
Originally Posted by AZ_IPA View Post
I'm a meat hunter. PKU.
bad coffee is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 01:50 AM   #23
Philip1993
Feedback Score: 0 reviews
Recipes 
 
Join Date: Jul 2007
Posts: 1,658
Liked 7 Times on 7 Posts
Likes Given: 4

Default

Quote:
Originally Posted by bad coffee View Post
option two: Quit downloading porn.
If only it were that simple. A recent google analysis shows that approx 1:10 websites today are hosting malware. I'll grant you that 90% of those are "free porn", and "warez", and "cheat codes", but there are a good many sites that have been hacked to push malware and the owners are clueless because the site isn't "broken"
__________________
Philip1993 is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 02:07 AM   #24
McCall St. Brewer
Feedback Score: 0 reviews
Recipes 
 
Join Date: Sep 2005
Location: West Monroe, Louisiana
Posts: 1,182
Liked 2 Times on 2 Posts

Default

Ok, here's the plan, then. I have a brand new hard drive and an XP cd. I'm going to put the new HD in the computer and install Windows on it. Then I'll put the old HD in a enclosure and scan it on another computer.

After that, try to figure out how to manually get as much of my non-backed-up data over to the new drive.

Then... and I think this is perhaps the most important thing, I'm going to put Linnux on a partition on the new drive so that I can boot either to it or Windows. I'll use Linnux for most of my time on the internet. I did that on a laptop a couple of months ago and it is amazingly stable. Some of the websites I frequent, such as a photography forum, aren't rendered perfectly by Firefox on Linnux, but at least I don't worry there about picking up all sorts of crud every time I go on the internet.

__________________

Last edited by McCall St. Brewer; 08-15-2008 at 02:12 AM.
McCall St. Brewer is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 02:14 AM   #25
Short Drive
Brewer Baseball!
HBT_LIFETIMESUPPORTER.png
Feedback Score: 0 reviews
 
Short Drive's Avatar
Recipes 
 
Join Date: Oct 2006
Location: Racine WI
Posts: 1,788
Liked 1 Times on 1 Posts
Likes Given: 3

Default

Quote:
Originally Posted by bad coffee View Post
prevention, prevention, prevention.

option two: Quit downloading porn.

B
I wish that were the case for me. I got it from a file in an ISO of a Lance Armstrong book I downloaded. AVG missed it when I scanned the ISO.
__________________

Al

Magic Bus Brewery

Short Drive is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 08:50 AM   #26
Kauai_Kahuna
Feedback Score: 0 reviews
Recipes 
 
Join Date: May 2008
Location: Hawaii
Posts: 2,280
Liked 7 Times on 7 Posts

Default

I'm a UNIX admin in real life, and have used linux at home for over 10 years. I am FORCED to use M$ at work on a workstation and I am very concerned with some of the new attacks and mal-ware coming out.
There are some that can be scanned 4 times by different tools and show up on the 5th. As the everyday tools we use become more complex, the security holes just exponentially grow.
I truly believe there are two types of computer users, those that have lost data, and those who will. AV, Intrusion detection, mirrored systems with hashed comparisions do not really prevent. They let you know when your screwed. Backups on a rotated basis will help, recover data after you wipe the drive and re-install, but it does not fix the problem that allowed you to be taken over. Have no doubt about it, on a networked system, if a file can be installed on your system and run, you no longer own that system, and all of your data now belongs to someone else.
Encryption is the answer to everything except the users bad habits, there is no cure for that. You know you just can't fix stupid, ignorant, etc.
With DNS cache poisoning, you may think your going to www.whitehouse.gov and end up anywhere. Personally, yea I think it might be nicer doing construction work if I could find it.

__________________

---
In Primary: Belgium Chimay clones.
In Secondary: Braggot, pale ale, end of the world white.
Conditioning: Mead, Cider, braggot, Belgium Wheat.
On Tap: Clones, Chimay Blue, Red, Porter, malted cider.
Bottles: Far, far, too many to list.

Kauai_Kahuna is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 10:38 AM   #27
budbo
Beer is good
HBT_LIFETIMESUPPORTER.png
Feedback Score: 0 reviews
 
budbo's Avatar
Recipes 
 
Join Date: Feb 2006
Location: La Plata, MD
Posts: 2,249
Liked 6 Times on 4 Posts
Likes Given: 8

Default

Quote:
Word of warning: MS restore points only rewind your configuration files. Any infected programs/scripts/etc remain and will reactivate upon use. It's handy when you installed a new app and windows gets unstable, but it should never be used to combat a virus/malware/spyware infection.
Actually it can be used to combat the virus if it puts you back to the point before the virus/malware installed itself, allowing you to actually boot and hunt it down...
Depending on the value of the data, there is no malware or virus that can't be stopped or cleaned, it depends on how much time you are willing to spend on it.

Once you get it up and running, you might want to back everything up, partition the HD (or get another one) and only run the OS on one small partition and store all your files on the other (as well as a thumb drive) Partition Magic lets you create a new partition without needing to reload the OS

Then get a non intrusive real time virus program (I use PREVX http://www.prevx.com ) to prevent future instances
__________________
budbo is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 04:57 PM   #28
Philip1993
Feedback Score: 0 reviews
Recipes 
 
Join Date: Jul 2007
Posts: 1,658
Liked 7 Times on 7 Posts
Likes Given: 4

Default

Quote:
Originally Posted by budbo View Post
Actually it can be used to combat the virus if it puts you back to the point before the virus/malware installed itself, allowing you to actually boot and hunt it down...
No, because the viruses don't always create new/altered entries in the config files. The can/will replace legitimate system files with infected copies and since executable files are not replaced by a restore point, any calls to those files will perpetuate the virus.

Furthermore, since many viruses install hooks to hide themselves from virus detection tools (or modify the tools themselves), you could restore to a point where the system would boot again and then scan clean despite being infected.

The best way to eradicate a virus in situ is to boot from another media and scan/clean the system without executing ANY of the code present on the system itself. Even that isn't 100% certain, so I keep my data backed up and just "nuke & pave" it.
__________________
Philip1993 is offline
 
Reply With Quote Quick reply to this message
Old 08-15-2008, 08:42 PM   #29
budbo
Beer is good
HBT_LIFETIMESUPPORTER.png
Feedback Score: 0 reviews
 
budbo's Avatar
Recipes 
 
Join Date: Feb 2006
Location: La Plata, MD
Posts: 2,249
Liked 6 Times on 4 Posts
Likes Given: 8

Default

Quote:
I keep my data backed up and just "nuke & pave" it.
That's the way we get back into systems after being caught during security assesments.. inevitably the same exploit or vulnerability can be used after the "re-paved" box comes back on line.

I approach it from the standpoint of a security engineer (by trade) if we just "nuke & pave" we lose valuable information on the code, its source, and signature. Nuke and pave is the easy way to recover, but keeping the crap off your box in the first place is the goal. If you don't know where it came from and how you got it, nothing to stop you from putting it right back unless you slick all your files (then you would cry if it came from the web and you go back to that site).

By going to a roll back, if it lets you boot, you can track down the virus with a full system scan, or the process of elimination, a virus can hide anywhere it wants, but they can't remain hidden forever, so unless you know where it came from, slicking and reloading may or may not work, since it could be hiding in one of the files you backed up. even successfully installed root kits can be found if you know how to look for them.

Quote:
you could restore to a point where the system would boot again and then scan clean despite being infected.
Not likely for a virus that causes the system to constantly reboot during start up.

If the roll back didn't allow me in I'd boot off a Linux CD and scan from there.

Either way it's faster than reloading everything.
__________________
budbo is offline
 
Reply With Quote Quick reply to this message
Old 08-16-2008, 11:25 AM   #30
lustreking
Feedback Score: 0 reviews
Recipes 
 
Join Date: Aug 2006
Location: Bethlehem, PA
Posts: 750
Liked 18 Times on 17 Posts
Likes Given: 6

Default

Is it antivirusXP 2008? I just removed that from two users' computers at work this week. It's not too bad to get rid of, and doesn't permanently screw anything up.

If you can get into safe mode, download HijackThis

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Run a scan, and post your log file. I can tell you what you need to have it fix.

__________________

My brewing site:
http://brewing.lustreking.com

lustreking is offline
 
Reply With Quote Quick reply to this message
Reply


Quick Reply
Message:
Options
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restoring Computer speed for the computer illiterate? Sea General Chit Chat 21 11-30-2008 01:58 AM
Computer Help eschatz General Chit Chat 24 09-27-2008 08:42 PM
Computer woes, cont.- now what have I done? McCall St. Brewer General Chit Chat 7 08-18-2008 10:03 PM
I need computer help! Freezing Computer Kayos General Chit Chat 58 06-06-2008 01:47 PM