Go Back   Two Wheel Fix > General > Off Topic

Reply
 
Thread Tools Display Modes
Old 06-08-2011, 10:37 PM   #11
dubbs
Multistrada
 
dubbs's Avatar
 
Join Date: Mar 2008
Location: Manorville, NY
Posts: 652
Default

Quote:
Originally Posted by Papa_Complex View Post
Then you haven't seen a fraction of the stuff that i have. This thing has been coming down various forms, for the last year and a half. I've been doing no less than 4 of them, per week, over that time period and as many as a dozen. If you're cleaning it up in 20 minutes, then you're leaving some of it behind.

It lives in user temp, internet temp, windows temp, all users appdata, system32, recycle bin, system dir, it's own directory under system dir, windows restore, the Java applets store, HCCR\exefile, HCLM\Software\Microsoft\WindowsNT\Winlogon, and I've seen as many as 32 separate entries in the Tasks list all set to reinfect the system, on a schedule. None of that includes the rootkits that they've pushed up, after the system was infected.
Well all those ones I left behind. going back around that year and a half.. they still haven't been re-infected.. I would know about it too because they're on managed services plans so we know about everything..

Edit - Yes I check all of those folders and reg keys too.. how slow do you work? You remind me of my tier 1 tech.. Only reason I even see these is because he can't get it. lol
__________________
Sportbike - 2013 Ducati Multistrada S Touring - Red
Luxury Car - 2013 Cadillac ATS 2.0 Turbo - Black
Weekend Car - 2003 Honda S2000 - Black
Daily Driver - 2011 Toyota Prius - Black
Beater - 2005 Honda Civic Hybrid - Dust Colored

Last edited by dubbs; 06-08-2011 at 10:39 PM..
dubbs is offline   Reply With Quote
Old 06-08-2011, 10:44 PM   #12
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Quote:
Originally Posted by dubbs View Post
Well all those ones I left behind. going back around that year and a half.. they still haven't been re-infected.. I would know about it too because they're on managed services plans so we know about everything..

Edit - Yes I check all of those folders and reg keys too.. how slow do you work? You remind me of my tier 1 tech.. Only reason I even see these is because he can't get it. lol
I don't work slowly, I work thoroughly. Odds are that you're either working with locked down systems, if they haven't been reinfected, or they were never disinfected in the first place
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 06-08-2011, 10:49 PM   #13
dubbs
Multistrada
 
dubbs's Avatar
 
Join Date: Mar 2008
Location: Manorville, NY
Posts: 652
Default

Quote:
Originally Posted by Papa_Complex View Post
I don't work slowly, I work thoroughly. Odds are that you're either working with locked down systems, if they haven't been reinfected, or they were never disinfected in the first place
Last thing I'm going to say about this -

Never disinfected?

It's pretty simple.. You can see different tasks running while it's infected as well as icons in the taskbar and an annoying program that won't quit.. When I test if it's gone or not, you can see icons and files re-appearing.. When you actually get it all, there's no more fake AV or any files in all of those folders previously listed..

Yes, some are mandatory profiles as well as locked down with GP's. But even infections on home user laptops are stupid easy to get rid of. See I work fast and thoroughly, unique combo, I know...
__________________
Sportbike - 2013 Ducati Multistrada S Touring - Red
Luxury Car - 2013 Cadillac ATS 2.0 Turbo - Black
Weekend Car - 2003 Honda S2000 - Black
Daily Driver - 2011 Toyota Prius - Black
Beater - 2005 Honda Civic Hybrid - Dust Colored
dubbs is offline   Reply With Quote
Old 06-08-2011, 10:52 PM   #14
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Last thing I'm going to say about this

The fake virus warning isn't the only package delivered, in all cases. There are at least a dozen variants, with different packages and effects.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 06-09-2011, 12:35 AM   #15
dubbs
Multistrada
 
dubbs's Avatar
 
Join Date: Mar 2008
Location: Manorville, NY
Posts: 652
Default

I just love the dumb look on their face.. Well.. how did I get that?

I had one lady tell me she was lookin up porn.. She was pretty hot too..
__________________
Sportbike - 2013 Ducati Multistrada S Touring - Red
Luxury Car - 2013 Cadillac ATS 2.0 Turbo - Black
Weekend Car - 2003 Honda S2000 - Black
Daily Driver - 2011 Toyota Prius - Black
Beater - 2005 Honda Civic Hybrid - Dust Colored
dubbs is offline   Reply With Quote
Old 06-09-2011, 12:43 AM   #16
tallywacker
Virtual Machine
 
tallywacker's Avatar
 
Join Date: Mar 2008
Location: PA
Moto: 2010 Ducati Hypermotard
Posts: 1,698
Default

Yeah the google pics bullshit got me twice and neither time was porn. I'm done using that shit.
__________________
tallywacker is offline   Reply With Quote
Old 06-09-2011, 01:17 AM   #17
Porkchop
125GP Champion
 
Porkchop's Avatar
 
Join Date: Aug 2008
Location: Worthington, OH
Moto: Empty Garage
Posts: 3,418
Default

Quote:
Originally Posted by tallywacker View Post
Yeah the google pics bullshit got me twice and neither time was porn. I'm done using that shit.
This...
__________________
*Coming soon?
2010 Ducati Monster 696 - Sold
1984 Honda VF500F - Sold
1999 Yamaha R6 - Sold
Porkchop is offline   Reply With Quote
Old 06-17-2011, 10:02 AM   #18
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

And the latest little wrinkle; it takes all of your Start Menu icons and moves them to a hidden temporary folder. Bastards.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 01:31 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.