| Pi |
|
Allergic to life
|
|
|
|
|
Reged: 09/20/03
|
|
Posts: 6449
|
|
Loc: Room 101
|
|
|
|
Send PM
|
|
|
Nice virus
#239638 - 11/24/10 12:32 PM
|
|
|
This weekend I accidentally opened several dangerous ports in my router. Well, I opened ports on purpose, but it was an accident to open more than I intended. Thanks to it a virus called Parite entered my system and last night I saw about 1200 infected EXE and SCR. Most of the infected executables are damaged beyond repair, they simply stopped working. Even after "repair" by my antivirus, the programs and stuff just don't work. The only choice is reinstalling everything again from scratch.
Virus makers should be hanged by their nads.
|
Wound up, can't sleep, can't do anything right, little honey / Oh, since I set my eyes on you. / I tell you the truth.
I can't get it right / Get it right / Since I met you...
|
|
|
|
> Well, I
> opened ports on purpose, but it was an accident to open more than I intended.
http://www.grc.com/x/ne.dll?rh1dkyd2
ShieldsUp would have had a meltdown with what you did there.
Personally, I like to remain stealth 
[ATTACHED IMAGE]
|
|
|
| redk9258 |
|
Regular
|
|
|
|
|
Reged: 09/21/03
|
|
Posts: 3968
|
|
Loc: Troy, Illinois USA
|
|
|
|
Send PM
|
|
|
Re: Nice virus
[Re: Pi]
#239657 - 11/24/10 05:01 PM
|
|
|
In addition to MSE, my favorite defense is Norton Ghost. I can go back several months if I need to and do a complete restore. I start a new backup monthly with an incremental daily.
|
|
|
|
Re: Nice virus
[Re: twisty]
#239671 - 11/24/10 09:17 PM
|
|
|
> ShieldsUp would have had a meltdown with what you did there.
>
> Personally, I like to remain stealth
Virus' don't target Win 3.11 anymore.
|
|
|
|
|
> Virus' don't target Win 3.11 anymore.
I consider that a nice side-effect.
|
|
|
| Gor |
|
Giver of truth.
|
|
|
|
|
Reged: 09/21/03
|
|
Posts: 1925
|
|
Loc: The basement
|
|
|
|
Send PM
|
|
|
Re: Nice virus
[Re: Pi]
#239678 - 11/24/10 10:56 PM
|
|
|
> This weekend I accidentally opened several dangerous ports in my router. Well, I
> opened ports on purpose, but it was an accident to open more than I intended. Thanks
> to it a virus called Parite entered my system and last night I saw about 1200
> infected EXE and SCR. Most of the infected executables are damaged beyond repair,
> they simply stopped working. Even after "repair" by my antivirus, the programs and
> stuff just don't work. The only choice is reinstalling everything again from scratch.
>
> Virus makers should be hanged by their nads.
http://www.mameworld.info/ubbthreads/sho...part=1&vc=1
This reminds me of the time an incredulous coworker asked me what I would do in the event of a
hard drive failure when I told him I didn't make regular backups. Then my hard drive failed like three
weeks later and a data recovery service was unable to recover anything.
|
Oh for Pete's sake.
loser.com
|
|
| Pi |
|
Allergic to life
|
|
|
|
|
|
Reged: 09/20/03
|
|
Posts: 6449
|
|
Loc: Room 101
|
|
|
|
Send PM
|
|
|
Re: Nice virus
[Re: Gor]
#239683 - 11/24/10 11:59 PM
|
|
|
> This reminds me of the time an incredulous coworker asked me what I would do in the
> event of a
> hard drive failure when I told him I didn't make regular backups. Then my hard drive
> failed like three
> weeks later and a data recovery service was unable to recover anything.
I do frequent backups, just not of the whole system as I don't find it worth it. However this virus did not only corrupt the executables to the point of making a reinstall the obvious solution; it infected all the tools I use to make such reinstallation a more quick and comfortable process.
Not to mention the 2TB of data I must scan until I am sure I got rid of that thingy.
|
Wound up, can't sleep, can't do anything right, little honey / Oh, since I set my eyes on you. / I tell you the truth.
I can't get it right / Get it right / Since I met you...
|
|
| redk9258 |
|
Regular
|
|
|
|
|
|
Reged: 09/21/03
|
|
Posts: 3968
|
|
Loc: Troy, Illinois USA
|
|
|
|
Send PM
|
|
|
Re: Nice virus
[Re: Pi]
#239685 - 11/25/10 12:13 AM
|
|
|
> I do frequent backups, just not of the whole system as I don't find it worth it.
> However this virus did not only corrupt the executables to the point of making a
> reinstall the obvious solution; it infected all the tools I use to make such
> reinstallation a more quick and comfortable process.
>
> Not to mention the 2TB of data I must scan until I am sure I got rid of that thingy.
I think it is well worth backing up everything, OS and all. You can be up and running in minutes instead of many hours or days trying to reinstall everything and getting the settings back the way you like them. 
|
|
|
|
Re: Nice virus
[Re: twisty]
#239690 - 11/25/10 01:24 AM
|
|
|
|
|
|
Re: Nice virus
[Re: Pi]
#239692 - 11/25/10 01:34 AM
|
|
|
|
|
| Sune |
|
Connected
|
|
|
|
|
Reged: 09/21/03
|
|
Posts: 5648
|
|
Loc: Lagoa Santa, Brasil
|
|
|
|
Send PM
|
|
|
Re: Nice virus
[Re: Pi]
#239693 - 11/25/10 01:41 AM
|
|
|
> Not to mention the 2TB of data I must scan until I am sure I got rid of that thingy.
oh damn, that's going to take time especially if you use several tools to scan with.
This is why I want an external drive enclosure. And only plug in the drive when I want to uh...watch some films. 
S
|
|
|
| Moose |
|
Don't make me assume my ultimate form!
|
|
|
|
|
Reged: 05/03/04
|
|
Posts: 1483
|
|
Loc: Outback, Australia
|
|
|
|
Send PM
|
|
|
Re: Nice virus
[Re: Sune]
#239712 - 11/25/10 09:33 AM
|
|
|
> > Not to mention the 2TB of data I must scan until I am sure I got rid of that
> thingy.
>
> oh damn, that's going to take time especially if you use several tools to scan with.
There's 2 problems here: making sure it is gone and making sure none of your files are damaged. Making sure it's gone is relatively easy. Making sure the files / data is intact is much harder. e.g. you can test zip files to make sure they are intact, but how do you know nothing was deleted or changed in the zip file (and relying on the file's size, modified date, etc wont cut the mustard, because these are so easy to fudge). With Word Docs, text files, images, vids, etc, it can be hard to tell if they are intact.
If you had recent CRC32's / MD5's / etc for every file on your system, you could check / compare and narrow down your checking to just the files that didn't match. But only a few go to these lengths ...
Or, if you have an intact backup, that was done before the attack, you could compare against this (file by file) and narrow down your checking to newer or changed files. If you do these type of checks and can't find any damaged / mismatched files, you can breath a sigh of relief.
A 3rd (and most urgent) problem is making sure the little turd can't return and that your machine is as secure as possible.
And I agree: people who write this malicious software should be hung by the nads.
|
Moose
|
|
Previous 
Index 
Next 
Threaded 
Nice virus
Reply
[Re: 
