The Official Internet/Computer Security News Discussion Thread
#121
I Skydive, Therefore I Am
Join Date: Oct 2006
Location: At your right shoulder, no your left!
Age: 54
Posts: 781
Received 0 Likes
on
0 Posts
I prefer hirens. I used to use Ultimate boot CD but it is so slow to boot into it's XP. Hiren's takes 2-3 mins to boot into mini XP while UBCD is about 10 minutes.
I don't usually boot from CD to run AV scans, I prefer to remove the drive and connect it to my PC since it allows me to run much more scans on it. With the disc you can have programs that won't run in that environment and the programs aren't usually the latest versions or have the latest AV definitions, plus the hassle of making sure you have the latest version of the disc.
I don't usually boot from CD to run AV scans, I prefer to remove the drive and connect it to my PC since it allows me to run much more scans on it. With the disc you can have programs that won't run in that environment and the programs aren't usually the latest versions or have the latest AV definitions, plus the hassle of making sure you have the latest version of the disc.
As far as autoplay/autorun, I disable that function on any computer that I use for troubleshooting. Plus, I've never had an infected O/S drive launch anything when I plugged it in, even with AP/AR on. Doesn't mean it won't happen though, so you're right you do need to be careful when plugging in a known infected drive.
As far as what I boot into, generally Linux. DSL has always been trustworthy and tiny. Windows based CD's take forever and a day, as previously mentioned.
#122
Team Owner
Microsoft Warns of MHTML Bug in Windows
http://support.microsoft.com/kb/2501696
https://threatpost.com/en_us/blogs/m...windows-012811
"The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability," the company said in the advisory.
The FixIt workaround that Microsoft released for the MHTML vulnerability enables the Network Protocol Lockdown in Internet Explorer for all of the security zones. The side effects from enabling the FixIt workaround are minor, Microsoft officials said.
#123
Sanest Florida Man
Thread Starter
MHTML only?
#124
While fixing computers recently after numerous attempts troubleshooting, using cleaners etc i've just said fuck it and pulled the drive. Then run it as a slave and clean it from there which seems to work really well and saves a Lot of time trying to go through the normal BS stuff.
I know there's a chance it could infect the other drive/computer but I may just go this route all the time now. The computer I use is an older Dell I can just re-image if it does get fucked up.
Anyone else go this route?
I know there's a chance it could infect the other drive/computer but I may just go this route all the time now. The computer I use is an older Dell I can just re-image if it does get fucked up.
Anyone else go this route?
I have a set amount of time I will work on a PC before I just say F it and write the drive to zero and re-image. If I can recover the data great, if not I say sorry you're out of luck. If they say but it's really important stuff I tell them they can have it back and bring it somewhere else
Oh and I like booting Knoppix from a DVD to do all my writing/wiping/imaging/etc.
#125
Senior Moderator
As far as re-installing after wiping a computer clean does anybody use any of the following?
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference
I found them extremely effective and time saving after clean installs.
And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference
I found them extremely effective and time saving after clean installs.
And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html
Last edited by Jonesi; 02-01-2011 at 09:03 PM. Reason: for the slow like stogie
#126
Sanest Florida Man
Thread Starter
I've mentioned ninite many times. I use that shit all the time
#127
Needs more Lemon Pledge
As far as re-installing after wiping a computer clean does anybody use any of the following?
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference
I found them extremely effective and time saving after clean installs.
And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference
I found them extremely effective and time saving after clean installs.
And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html
OH MY GOD I LOVE YOU.... Is it easy to uninstall if necessary?
Last edited by Jonesi; 02-01-2011 at 09:03 PM. Reason: for the slow like stogie
#128
Senior Moderator
#129
Needs more Lemon Pledge
Been using ribbons for months and months and still cant find half the stuff I need...
#130
Needs more Lemon Pledge
Awwwww Pygmies...
I have Office 2007 and the free one only works on 2010...
I have Office 2007 and the free one only works on 2010...
#131
Senior Moderator
"Free Download Classic Menu for Office 2007 v6.01"
http://www.addintools.com/english/me...e/download.htm
works for me
#132
Needs more Lemon Pledge
I suck.
Thanks.
Thanks.
#133
^ Stupid noob!
Ninite was all we would use until we started manually making images of drives. But for any other stuff this is what we use.
And thanks for the classic menu link for Office! I figured they had to be out there somewhere but I never took the time to look
As far as re-installing after wiping a computer clean does anybody use any of the following?
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference
I found them extremely effective and time saving after clean installs.
And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference
I found them extremely effective and time saving after clean installs.
And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html
Ninite was all we would use until we started manually making images of drives. But for any other stuff this is what we use.
And thanks for the classic menu link for Office! I figured they had to be out there somewhere but I never took the time to look
#134
I am #76,361,211,935
"Free Download Classic Menu for Office 2007 v6.01"
http://www.addintools.com/english/me...e/download.htm
works for me
You are a great human being.
I've been swearing at the ribbon for months .. thanks!!!
#135
Drifting
iTrader: (1)
I have started using a little program called Desktop Restore as of late when reloading winxp machines. You can save the position of all desktop icons then restore them.
http://www.midiox.com/index.htm?http...toprestore.htm
http://www.midiox.com/index.htm?http...toprestore.htm
#136
Just a heads up that twice now in the past month ive run into a Java based trojan downloader.
Remember to keep java up to date and set the cache to clear itself & use a program such as ccleaner to wipe JRE files as well.
First a realitives computer i had to disinfect and ultimately restore, now just tonight, i was reading on google news linked site about the iPhone 4 Version launch when my "spidey senses tingled."
Haven't had a virus run in for a good 5-6 years.
I got the notification as soon as that site loaded - got suspicious as my java icon appeared in my taskbar - quickly jumped to my JRE log, then cahce, deleted cache, then MSE chirped in. Keeping JRE uninstalled until i need it next.
Remember to keep java up to date and set the cache to clear itself & use a program such as ccleaner to wipe JRE files as well.
First a realitives computer i had to disinfect and ultimately restore, now just tonight, i was reading on google news linked site about the iPhone 4 Version launch when my "spidey senses tingled."
Haven't had a virus run in for a good 5-6 years.
I got the notification as soon as that site loaded - got suspicious as my java icon appeared in my taskbar - quickly jumped to my JRE log, then cahce, deleted cache, then MSE chirped in. Keeping JRE uninstalled until i need it next.
#137
Go Giants
Don't download AVG 2011, its evil...
#138
Needs more Lemon Pledge
Just a heads up that twice now in the past month ive run into a Java based trojan downloader.
Remember to keep java up to date and set the cache to clear itself & use a program such as ccleaner to wipe JRE files as well.
First a realitives computer i had to disinfect and ultimately restore, now just tonight, i was reading on google news linked site about the iPhone 4 Version launch when my "spidey senses tingled."
Haven't had a virus run in for a good 5-6 years.
I got the notification as soon as that site loaded - got suspicious as my java icon appeared in my taskbar - quickly jumped to my JRE log, then cahce, deleted cache, then MSE chirped in. Keeping JRE uninstalled until i need it next.
Remember to keep java up to date and set the cache to clear itself & use a program such as ccleaner to wipe JRE files as well.
First a realitives computer i had to disinfect and ultimately restore, now just tonight, i was reading on google news linked site about the iPhone 4 Version launch when my "spidey senses tingled."
Haven't had a virus run in for a good 5-6 years.
I got the notification as soon as that site loaded - got suspicious as my java icon appeared in my taskbar - quickly jumped to my JRE log, then cahce, deleted cache, then MSE chirped in. Keeping JRE uninstalled until i need it next.
#139
MSE didn't for my aunt...
Before this, i understood that it had Advanced + rating from av comp. and could face threats already running prcss.
I guess the hureticus isnt the best ether? - no av is perfect
I had it set to automatically delete any "level" of threat.
It failed to detect the threat witch was a java based trojan downloader.
the downloaded virus removed MSE, SB S&D and comodo firewall
Because of business use, i switched her to Norton 360 (v5 is due soon).
I was over at the exact minute when she started it up, and the virus started to work.
It was on xmas day, and i noticed that "regedit.exe" wanted to connect to the net.
uh oh, denied it, went to delete it - as it was in the temp fldr, but too late.
Right now for extra protection i installed malware bytes anti malware and N360v5beta.
No horiffic loss in speed & @ boot up.
I was on a Goog news linked site too... wtf?
At lest i got java tuned off right away and cleared the cache.
at least MSE this time detected it - who knows, could have been a false p too.
Before this, i understood that it had Advanced + rating from av comp. and could face threats already running prcss.
I guess the hureticus isnt the best ether? - no av is perfect
I had it set to automatically delete any "level" of threat.
It failed to detect the threat witch was a java based trojan downloader.
the downloaded virus removed MSE, SB S&D and comodo firewall
Because of business use, i switched her to Norton 360 (v5 is due soon).
I was over at the exact minute when she started it up, and the virus started to work.
It was on xmas day, and i noticed that "regedit.exe" wanted to connect to the net.
uh oh, denied it, went to delete it - as it was in the temp fldr, but too late.
Right now for extra protection i installed malware bytes anti malware and N360v5beta.
No horiffic loss in speed & @ boot up.
I was on a Goog news linked site too... wtf?
At lest i got java tuned off right away and cleared the cache.
at least MSE this time detected it - who knows, could have been a false p too.
Last edited by thelastaspec; 02-09-2011 at 07:19 PM.
#140
Sanest Florida Man
Thread Starter
LOL and I just replaced Norton yesterday with MSE cause Norton sucked....
#141
#142
Sanest Florida Man
Thread Starter
I never go back to sub......
#143
#144
Sanest Florida Man
Thread Starter
How does it FORCE you to backup?
#145
Needs more Lemon Pledge
MSE didn't for my aunt...
Before this, i understood that it had Advanced + rating from av comp. and could face threats already running prcss.
I guess the hureticus isnt the best ether? - no av is perfect
I had it set to automatically delete any "level" of threat.
It failed to detect the threat witch was a java based trojan downloader.
the downloaded virus removed MSE, SB S&D and comodo firewall
Because of business use, i switched her to Norton 360 (v5 is due soon).
I was over at the exact minute when she started it up, and the virus started to work.
It was on xmas day, and i noticed that "regedit.exe" wanted to connect to the net.
uh oh, denied it, went to delete it - as it was in the temp fldr, but too late.
Right now for extra protection i installed malware bytes anti malware and N360v5beta.
No horiffic loss in speed & @ boot up.
I was on a Goog news linked site too... wtf?
At lest i got java tuned off right away and cleared the cache.
at least MSE this time detected it - who knows, could have been a false p too.
Before this, i understood that it had Advanced + rating from av comp. and could face threats already running prcss.
I guess the hureticus isnt the best ether? - no av is perfect
I had it set to automatically delete any "level" of threat.
It failed to detect the threat witch was a java based trojan downloader.
the downloaded virus removed MSE, SB S&D and comodo firewall
Because of business use, i switched her to Norton 360 (v5 is due soon).
I was over at the exact minute when she started it up, and the virus started to work.
It was on xmas day, and i noticed that "regedit.exe" wanted to connect to the net.
uh oh, denied it, went to delete it - as it was in the temp fldr, but too late.
Right now for extra protection i installed malware bytes anti malware and N360v5beta.
No horiffic loss in speed & @ boot up.
I was on a Goog news linked site too... wtf?
At lest i got java tuned off right away and cleared the cache.
at least MSE this time detected it - who knows, could have been a false p too.
#146
lol i know this is the typical response, but "it wasnt my fault"
haven't had a virus infection ever on my comps, and this was just a detection and MSE '11 stoped it.
on my last comp that a bit more HP, i ran 3 scanners and it would check anything coming into the network and check packets.
Im super ffing paranoid about infections on my fam's network.
I have my mom and sis on Ubuntu and only me and dad have windows for prog's that wont run on wine.
Im just confused as i had my cache turned off with jre disabled in ff (im assuming it re-enabled with an update).
I keep addons and extensions off on firefox, except for qtime alternative, flash, adblock and wot.
For my aunt, im still on the fence if it was her or if it was out of her control.
it was a nice xmas dday virus.
the comp difinativley does not get used for any purpose other than business (aka accounting ect.)use.
Keep JRE updated.
If you've got fam you dont see often and dont know sh*t about computers, N360 (or just take away the power cable) is a pre good way to go as it ensures scans and backups + "ccleaner" get taken care of.
On sale, you get 25gigs of backup online with symantec too witch is nice if you've got sensitive files and dont quite trust dropbox.
sure no media, but buisness stuff, outlook, archives ect. enough space.
haven't had a virus infection ever on my comps, and this was just a detection and MSE '11 stoped it.
on my last comp that a bit more HP, i ran 3 scanners and it would check anything coming into the network and check packets.
Im super ffing paranoid about infections on my fam's network.
I have my mom and sis on Ubuntu and only me and dad have windows for prog's that wont run on wine.
Im just confused as i had my cache turned off with jre disabled in ff (im assuming it re-enabled with an update).
I keep addons and extensions off on firefox, except for qtime alternative, flash, adblock and wot.
For my aunt, im still on the fence if it was her or if it was out of her control.
it was a nice xmas dday virus.
the comp difinativley does not get used for any purpose other than business (aka accounting ect.)use.
Keep JRE updated.
If you've got fam you dont see often and dont know sh*t about computers, N360 (or just take away the power cable) is a pre good way to go as it ensures scans and backups + "ccleaner" get taken care of.
On sale, you get 25gigs of backup online with symantec too witch is nice if you've got sensitive files and dont quite trust dropbox.
sure no media, but buisness stuff, outlook, archives ect. enough space.
Last edited by thelastaspec; 02-10-2011 at 01:41 AM.
#147
Sanest Florida Man
Thread Starter
There's so much wrong with your post I don't even want to bother.....
#148
How big is the hole ive dug for myself?
#149
Needs more Lemon Pledge
#151
Senior Moderator
recently had a guy at work that kept getting viruses. Fixed it the last time and left a note with free non malicious pr0n sites and he's been good ever since...
#152
Needs more Lemon Pledge
Thelastaspec, grandma ignored a warning...
#153
#154
Senior Moderator
#155
Needs more Lemon Pledge
@Jonesi
If Grandpa is stil alive, see if he is going through prescriptions for Viagra unusually fast. (Road Trip movie grandpa)
Thelastaspec, what is the update schedule like on her MSE?
If Grandpa is stil alive, see if he is going through prescriptions for Viagra unusually fast. (Road Trip movie grandpa)
Thelastaspec, what is the update schedule like on her MSE?
Last edited by stogie1020; 02-10-2011 at 12:17 PM.
#156
Win updt was set to run when she used it every day,
and mse was setup to remove everything and monitor real time.
Believe it or not, its not used for personal stuff
I'm guessing this came through an email, probs clicked the link and that's what happened.
The weird thing is once i got the comp home and started to work on it (correction, the vir did not remove mse, i remember now) even with mse fully updated in safe mode, it could not find the infection.
Combo fix found it and got rid of it right away.
It was also a virus that kaspersky made a tool for.
malware bytes found remnants in the registry and other places.
I dont know if she would cancel s'hed scans going on or something like that.
I took her off N360 to save some coin, but it didnt work out this time - luckily this infection didn't tamper with any of her documents.
N360 will do the tasks in the background for the lazy/clueless person.
#157
Sanest Florida Man
Thread Starter
Great story on Ars about the CEO of a computer security firm trying to troll Anonymous and find out their real identities and what happened when Anon found out.....
http://arstechnica.com/tech-policy/n...avy-price.ars/
http://arstechnica.com/tech-policy/n...avy-price.ars/
#158
I Skydive, Therefore I Am
Join Date: Oct 2006
Location: At your right shoulder, no your left!
Age: 54
Posts: 781
Received 0 Likes
on
0 Posts
^^ I read that earlier today. No two ways about it, Bar is an arrogant, yet clueless, dipsh#t who is going to pay a heavy price.
#159
Sanest Florida Man
Thread Starter
Ok this is a fantastic tip and should work very well. I've known to rename files when malware blocks you from running them but this one makes the most sense.
Also you can often rename .exe files to .com files and they'll run fine. I do that with regedit.exe often, if it's blocked then i rename it regedit.com and it opens fine. .com is from back in the day when com used to mean command and not commercial like in websites.
http://gizmodo.com/#!5757977/trick-v...to-explorerexe
Since most of the fake anti-virus malware needs you to be able to slightly use your PC, the one executable that it won't ever block is "explorer.exe", since they want you to be able to get online and go to their site and pay them-not so easy if you have no Start Menu.
So just rename your favorite anti-malware application to explorer.exe, and you should be able to use it.
So just rename your favorite anti-malware application to explorer.exe, and you should be able to use it.
http://gizmodo.com/#!5757977/trick-v...to-explorerexe
#160
Sanest Florida Man
Thread Starter
OMG this is just fantastic! Follow up to the other article posted above (which is a great read)
This article details everything Anonymous did to gain control of that guys website and database. It involves awesome social engineering and just an overall lack of security best practices across the board by a security consultant firm that "specializes" in vulnerability assessment.
This part made me laugh the most
Read the rest here, lots more good stuff!
http://arstechnica.com/tech-policy/n...bgary-hack.ars
This article details everything Anonymous did to gain control of that guys website and database. It involves awesome social engineering and just an overall lack of security best practices across the board by a security consultant firm that "specializes" in vulnerability assessment.
This part made me laugh the most
Although attackers could log on to this machine, the ability to look around and break stuff was curtailed: Ted was only a regular non-superuser. Being restricted to a user account can be enormously confining on a Linux machine. It spoils all your fun; you can't read other users' data, you can't delete files you don't own, you can't cover up the evidence of your own break-in. It's a total downer for hackers.
The only way they can have some fun is to elevate privileges through exploiting a privilege escalation vulnerability. These crop up from time to time and generally exploit flaws in the operating system kernel or its system libraries to trick it into giving the user more access to the system than should be allowed. By a stroke of luck, the HBGary system was vulnerable to just such a flaw. The error was published in October last year, conveniently with a full, working exploit. By November, most distributions had patches available, and there was no good reason to be running the exploitable code in February 2011.
Exploitation of this flaw gave the Anonymous attackers full access to HBGary's system. It was then that they discovered many gigabytes of backups and research data, which they duly purged from the system.
The only way they can have some fun is to elevate privileges through exploiting a privilege escalation vulnerability. These crop up from time to time and generally exploit flaws in the operating system kernel or its system libraries to trick it into giving the user more access to the system than should be allowed. By a stroke of luck, the HBGary system was vulnerable to just such a flaw. The error was published in October last year, conveniently with a full, working exploit. By November, most distributions had patches available, and there was no good reason to be running the exploitable code in February 2011.
Exploitation of this flaw gave the Anonymous attackers full access to HBGary's system. It was then that they discovered many gigabytes of backups and research data, which they duly purged from the system.
http://arstechnica.com/tech-policy/n...bgary-hack.ars
Last edited by #1 STUNNA; 02-15-2011 at 10:55 PM.