Forums | Albums | Social Groups

Go Back   UGL - We live the Unreal Life! > Main Forums > How To Fix It

How To Fix It Place to post how to fix

Reply
 
Thread Tools Display Modes
Old 06-24-2011, 04:51 PM   #1
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default Sites to help you remove Trojans and infections

I just helped a family member that had MS Removal Tool popup that would stop all programs from running. I had to use SAFE Mode.


Here are some sites I use to help my family and friends PC when they are infected. Seem to be weekly now with this crazy world.


Microsoft® Windows® Malicious Software Removal Tool
Updated Each Month

Download here and scan

http://www.microsoft.com/downloads/e...displaylang=en

------------------------------------------

Malwarebytes

Make sure to keep Updated and the Pro version is worth $24.95 for life.

http://www.malwarebytes.org/

------------------------------------------

If you do not have a Anti- Virus program and you think you might have a Virus. Then here are the FREE online links to help you

Each site has an Online Scanner.

http://kaspersky.com/virusscanner

http://microsoft.com/security/malwar...e/default.mspx

http://bitdefender.com/scan8/ie.html

http://housecall.trendmicro.com

Here's a Free Anti Virus that works

Avast Home 6

http://www.avast.com/free-antivirus-download

Vipre Anti Virus

http://www.vipreantivirus.com/ <<<<<<

Vipre Rescue

http://live.sunbeltsoftware.com/ <<<<<<

  1. Boot the computer in "Safe Mode " (press F8 when the computer starts to boot. When the boot screen appears, use the down arrow to highlight the selection).
  2. Download the VIPRE Rescue application. You can use a different computer to do this if needed.
  3. Save it to a USB drive or other portable media.
  4. Run the file called viprerescue18876.exe
  5. Click Yes to extract VIPRE Rescue.
  6. Click Unzip.
  7. Sit back and allow VIPRE to clean your machine.
VIPRE Rescue antivirus definitions change daily. Check the website to get the latest definitions.



-------------------------------------------

McAfee Stinger updates often. You will have to click on link each week and download the new version

http://www.mcafee.com/us/downloads/f...s/stinger.aspx

If you know what the Trojan is and need a Tool to remove it.

http://home.mcafee.com/VirusInfo/VirusRemovalTools.aspx

More Free Removal Tools

http://www.mcafee.com/us/downloads/f...ols/index.aspx


D7 Malware tool for PC Techs

http://www.majorgeeks.com/D7_d6954.html


Always looking out for my UGL Peeps
__________________
I am a USAF Veteran and LoveUSA


Last edited by Doz; 11-08-2011 at 05:19 PM. Reason: fixing post
Doz is offline   Reply With Quote
Old 06-28-2011, 08:58 PM   #2
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

I try to find good sites to help everyone for when you get a virus or trojan then its time to fight back
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 07-14-2011, 05:12 PM   #3
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Malwarebytes' Anti-Malware 1.51.2.1300

Issues Fixed:

1. Fixed minor updating issues.
2. Fixed issue with trials expiring too early.
3. Fixed GUI language bugs.
4. Fixed issue where Ignore List was not honored by the Protection Module.
5. Fixed issue where limited users were prompted to update an outdated database.


They made it even better
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 08-28-2011, 12:37 PM   #4
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft Security Bulletin MS11-065 - Important

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)

Published: August 09, 2011



http://www.microsoft.com/technet/sec.../ms11-065.mspx


Server Admins need to Read:
http://threatpost.com/en_us/blogs/ne...ows-pcs-082811

A new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows.

Info
outgoing TCP 3389 connections.

"Once you are connected to a remote system, you can access the drives of that server via Windows shares like \\tsclient\c and \\tsclient\d for drives C: and D:, respectively. Monto uses this feature to copy itself to the target machine. It does this by creating a temporary drive under letter A: and copying a file called a.dll to it. The infection will create several new files on the system including \windows\system32\sens32.dll and \windows\offline web pages\cache.txt. Morto can be controlled remotely. This is done via several alternative servers, including jaifr.com and qfsl.net."


Process Explorer v15.03

By Mark RussinovichPublished: August 18, 2011

http://technet.microsoft.com/en-us/s...rnals/bb896653

Introduction

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 10-06-2011, 11:15 AM   #5
Techman
Tech Toys
 
Techman's Avatar
 
Join Date: May 2011
Posts: 111
Default

This is how Windows get infected with malware

2011-09-27 10:28:11 | Peter Kruse

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java JRE, Adobe Reader/Acrobat and Adobe Flash. This is revealed by a survey conducted by CSIS Security Group A/S.

Basis of the study
CSIS has over a period of almost three months actively collected real time data from various so-called exploit kits. An exploit kit is a commercial hacker toolbox that is actively exploited by computer criminals who take advantage of vulnerabilities in popular software. Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits.

The purpose of this study is to reveal precisely how Microsoft Windows machines are infected with the virus/malware and which browsers, versions of Windows and third party software that are at risk.

We have monitored more than 50 different exploit kits on 44 unique servers / IP addresses. Our figures come from the underlying statistical modules, thereby ensuring an as precise overview of the threat landscape as possible.

The statistical material covers all in all more than half a million user exposures out of which as many as 31.3 % were infected with the virus/malware due to missing security updates.

The thousands of users who unknowingly have been exposed to drive-by attacks have used the following web browsers:

Info Here = http://www.csis.dk/en/csis/news/3321


Here a Link to download the New Spybot Search and Destroy 2.2
http://www.safer-networking.org/spybot2-own-mirror-1/

Last edited by Techman; 10-18-2013 at 06:21 PM.
Techman is offline   Reply With Quote
Old 10-14-2011, 12:27 PM   #6
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Thank you

I got your PM and fixed your name.

Nice Avatar

I made it so others can use it
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 10-23-2011, 08:56 PM   #7
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

World's most sophisticated rootkit is being overhauled

New variants don't make obvious modifications to the MBR


By Lucian Constantin, IDG News Service
October 21, 2011 10:05 AM ET
Sponsored by:

Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection.

"ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution," announced David Harley, the company's director of malware intelligence.

IN THE NEWS: Botnet army being assembled, awaiting orders

"Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in the previous versions," he noted.

Harley and his colleagues believe this suggests a major change within the TDL development team or the transition of its business model toward a crimeware toolkit that can be licensed to other cybercriminals.

TDL, also known as TDSS, is a family of rootkits characterized by complex and innovative detection evasion techniques. Back in July, malware analysts from Kaspersky Lab called TDL version 4 the most sophisticated threat in the world and estimated that the number of computers infected with it exceeds 4.5 million.

There are many things that make TDL4 stand out from the crowd of rootkits currently plaguing the Internet. Its ability to infect 64-bit Windows systems, its use of the public Kad peer-to-peer network for command purposes and its Master Boot Record (MBR) safeguard component are just some of them.

However, according to ESET's researchers, changes are now being made to the way TDL4 infects systems and ensures its hold on them. Instead of storing components within the MBR, the new variants create a hidden partition at the end of the hard disk and set it as active.

This ensures that malicious code stored on it, including a special boot loader, gets executed before the actual operating system, and that the MBR code checked by antivirus programs for unauthorized modifications remains untouched.

The TDL4 authors have also developed an advanced file system for the rogue partition, which allows the rootkit to check the integrity of components stored within.

"The malware is able to detect corruption of the files stored in the hidden file system by calculating its CRC32 checksum and comparing it with the value stored in the file header. In the event that a file is corrupted it is removed from the file system," the ESET researchers explain.

In April, Microsoft released a Windows update that modified systems to disrupt the TDL4 infection cycle. The rootkit's authors responded half a month later with an update of their own that bypassed the patch.

This kind of determination to keep the malware going suggests that its return on investment is significant. The code quality and the sophisticated techniques are certainly indicative of professional software development.

Several antivirus vendors like Kaspersky, BitDefender or AVAST, offer free stand-alone tools that can remove TDSS and similar rootkits. However, in order to avoid getting infected in the first place users should install an antivirus solution that provides advanced layers of protection, like those analyzing software behavior.

Source info = http://www.networkworld.com/news/201...2.html?hpg1=bn
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 12-02-2011, 08:23 PM   #8
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

For when you see SPAM or peeps trying to hack your site

Here a link to report and send info. Let Big brother go after them

http://www.ic3.gov/default.aspx
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -5. The time now is 03:04 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.