ClanKiller.com
https://forums.plasmasky.com/

my encounter with a malicious website
https://forums.plasmasky.com/viewtopic.php?f=8&t=1392		 Page 1 of 1
Author:  Satis [ Sat Sep 03, 2005 8:22 pm ]
Post subject:  my encounter with a malicious website
Ok....so, as you may have guessed, I had a close encounter with a malicious website. I was using a WinXP box with SP1...no patches beyond that. No firefox was installed, so I used an unprotected copy of IE to hit a website...and I hit a malicious one.

I got a crapload of pages open, my desktop filled with links to porn sites and shit, and I knew I'd been whacked. So, I deleted the icons and closed all the windows.

I then right-clicked to go to task manager and see what was running. However, task manager was grayed out. so I hit ctrl-shift-escape (the task manager hotkey) and was told that it was disabled by policy. Great.

Whatever, I went back online, grabbed firefox, then used it to hit the systeinternals website to download process explorer. For anyone that doens't know about it, that's an awesome app...I use it all the time. Kind of like task manager, but on some sort of mega-steroid crack.

Anyway, I unzip it, run it....crash. Something was fucking with it. Fine. I download adaware next. I figure I'm mainly looking at spyware/adware. The application downloads, but when I try to launch the installer, it crashes.

Wonderful. So I reboot into safe mode. Adaware installs now, but of course I don't have internet capability. so I scan with 107 day old definitions and nab around 100 items. Woooo. After cleaning, I reboot back into regular mode.

Adaware launches ok, but process explorer still craps. So I update adaware and run it again. More crap is nabbed, but I still can't access task manager and I still can't launch process explorer.

so I grab spybot S&D. This one installs ok in normal mode, but hung when downloading updates. so I rebooted back into safe mode, scanned the system, cleaned some more crap up (we're at around 120 objects now), then rebooted back into regular mode. I'm now able to update the application, so I do that and scan again.

However, shit is still fucked up. Getting a bit agitated, I download AVG antivirus from GRISoft. After installation, it immediately freaks out about a trojan, which I let it kill. I do all the updates, then run a scan...around 80 objects detected, most of them various trojan horses.

After cleaning with AVG, I reran adaware and spybot S&D, cleaning up a few more items. After another reboot, I do some more scans (AVG, adaware and spybot) and everything is coming up clean. I can now run task manager, and I can run process explorer. Using those apps. I see a process running that's bad, so I killed it and downloaded hijackthis.

Hijackthis finds a few more bad things floating around, including a DLL I had to whack on reboot. However, at long last, it looks like I've managed to completely clean my system. For a bit I was tempted to wipe the box and just reload, since everything important was already saved on DVD. However, I'm pretty confident everything is good to go now.

BTW...I think I may right this experience up into a guide, with screenshots and instructions on using the various apps. I feel fairly powerful now. :)
Author:  ElevenBravo [ Sat Sep 03, 2005 11:02 pm ]
Post subject: 
Dude, boot to safe mode with networking. End of story.

I always use www.trendmicro.com, to run anti-virus scans. It does WAY better than scanning from your computer(even though I hav Bullguard-the best antivirus protection there is)

Also, might I suggest PURCHASING windows so you can update it?
Author:  derf [ Sun Sep 04, 2005 3:59 am ]
Post subject: 
Lol, i was thinking half way down that page 'this would serve as a good indicator to install sp2'.
Author:  Mole [ Sun Sep 04, 2005 4:04 am ]
Post subject: 
I was thinking that it was indicating to install linux or some other OS that's not XP. Maybe even get a mac ;)

Stupid crappy microsoft.
Author:  derf [ Sun Sep 04, 2005 4:14 am ]
Post subject: 
Stupid crappy computers. Hey its like when nanotechnology comes in, your computer will get a virus and start downloading a gun, then this gun will shoot you. Or it will just download a virus on its own and wipe out the world. Yeh, thats pretty random.
Author:  Mole [ Sun Sep 04, 2005 5:18 am ]
Post subject: 
And probably true
Author:  Rinox [ Sun Sep 04, 2005 10:30 am ]
Post subject: 
Hehe, great story...glad you got rid of that bitchass spyware tho...Hijackthis for the win!!
Author:  Satis [ Sun Sep 04, 2005 1:01 pm ]
Post subject: 
lol...you guys are a bunch of bishes. What it shows is keep your shit updated (regardless of legal or illegal copies of windows) and don't use IE. Good luck getting windowsupdate to work with Firefox though.

I was a bit nervous of using safe mode with networking. I wasn't sure if anything had taken control of the winsocks, since that's a pretty common viral vector.

oh, and I forgot to mention. I found this funny. One of hte virii/trojans had written to the hosts file. All the popular antivirus download sites were redirected to 127.0.0.1. :P
Author:  Mole [ Sun Sep 04, 2005 1:38 pm ]
Post subject: 
yeah, it sucks that Firefox doesn't like to do windows updates. I wish someone would release a plug-in fixing that.
Author:  Satis [ Sun Sep 04, 2005 8:11 pm ]
Post subject: 
that's not really a problem. Windowsupdate uses activex, which is inherently unsafe and evil. And proprietary, I think. It's a microsoftism. It's ok, you can get all those updates manually if you know where to look.
Author:  pevil [ Mon Sep 05, 2005 2:19 am ]
Post subject: 
lol loving the antivirus site redirection ;) At least you got it sorted. hehe me and Mole woulda been screwed in that situation. A couple of viruses... no problem. But 200+... thats a lil more than our technical brains can cope with ;)

You should sort out Moles brothers computer. now that'd be a challenge for you :P hehehe
Page 1 of 1 All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/