Home
Thursday, May 25, 2017
5:29:34 AM
Users online: 0   You are here >> Home > Security

Forums | Security Forums search
Forum FAQ
   
  1  
Anyone have a fix for the malware from the SQL attack?
exlex 
16/6/08 1:38:22 AM
Champion

[edit] MEC has solution, see his post below.

When it happened I thought it hadn't affected me but after going away for the weekend I turn PC on and first got the slight sense something may be wrong, by the wallpaper being replaced by a giant black on red text reading: Your computer is under spyware attack!

Taskmgr disabled, downloaded lavasoft's 2008 antispyware and found stuff but didnt fix anything.




Edited by exlex: 16/6/2008 05:58:01 AM

-----
the divine light in me salutes the divine light in you

//Kung-v2.0 
16/6/08 1:40:15 AM
Guru

Sounds like that other very common Spyware thing... what's it called again............................

Ah that's it! SmitFraud! Google it.

-----
http://bash.org/?99060
(\_/)
(O.o)
(> < )

exlex 
16/6/08 1:46:21 AM
Champion

Thanks for the info

Thats pretty old though so I'm not going to bother with those tools seeing as I just got the latest fom Lavasoft and it fixed jack all.

I want to hear from the otehr people who got raped on atomic the other night.



Edited by exlex: 16/6/2008 1:48:17 AM

-----
the divine light in me salutes the divine light in you

Outcast_Aussie 
16/6/08 1:50:39 AM
Champion

What are those that have been infected supposed to be seeing ?
I installed the annoying NoScript on this machine but are us TuXx0rs vulnerable as well ?

-----
They say if you play a Micro$oft Cd backwards it has satanic messages on it.. Heck thats nothing.. Play it forwards and it'll install windows.

exlex 
16/6/08 1:55:01 AM
Champion

There are fake taskbar speechbubles from "Windows Defender" saying your computer is infected balh blah and a website antispyspider.us loads

I've put said url in hosts to loopback to localhost for now

Also random error and alert dialogues also with fake msg and loading the same site


Edited by exlex: 16/6/2008 1:56:18 AM

-----
the divine light in me salutes the divine light in you

Kimmo 
16/6/08 1:55:50 AM
Hero
Immortal


I installed the NoScript and disabled it after like half an hour; CBF.

Just been avoiding clicking anything other than thread titles and the Post Message button for now...

This machine needs a reinstall anyway. Haven't seen any weird shit yet though


Edited by Kimmo: 16/6/2008 1:56:49 AM

-----
Quote by Rybags
I'll give ya $20 if you let my dog root you.



exlex 
16/6/08 1:56:54 AM
Champion

Kimmo have you restarted ya comp since the attack?

-----
the divine light in me salutes the divine light in you

Kimmo 
16/6/08 1:58:09 AM
Hero
Immortal


LOL, yeah... it's been BSODing when I flog the RAM for a few weeks now.

Why?

-----
Quote by Rybags
I'll give ya $20 if you let my dog root you.



Midnighter 
16/6/08 1:59:28 AM
Immortal

I don't see what people's problem is with NoScript. It's pretty simple to allow sites, and stops a lot of rubbish.

Outcast_Aussie : I've been experiencing no probs dude, between linux, NoScript, and just general caution, I'm fine it would appear.

-----
Quote by nitro.vo
Manta, dude.
If there was a Prom king and queen for atomic.
Elvenwhore would win queen. You'd win King.
----
"Suicide: a permanent solution to a temporary situation!"

spielentwickler 
16/6/08 1:59:33 AM
Guru

Quote by Outcast_Aussie
What are those that have been infected supposed to be seeing ?
I installed the annoying NoScript on this machine but are us TuXx0rs vulnerable as well ?



Am I correct to assume you meant Linux users when you said TuXx0rs?

If so, the only thing Linux users had to worry about was the fact that one of the servers was fucking up causing a delay in page loads.

-----
Bacchus-D - Energy Crack
http://www.last.fm/user/spielentwickler/
<= knight of the 6fAOEC =>

Rybags 
16/6/08 2:01:09 AM
Hero
Immortal


NoScript installed here - it's annoying as fuck.

And, I can imagine it slowing FF down a heap once you've whitelisted the couple of hundred or so sites you'll surely need to enable.

But, I took the opportunity to run virus scans on Windows, Program Files and Doc & Settings. Only picked up a few things, all but 1 in D & S and they were nothing major.

Haven't rebooted in days, probably give HiJackThis a quick run beforehand to make sure no nasty stuff found it's way into Startup/StartOnce.

-----
Quote by Bear Grylls

Awww... it tastes like an... explosion of brain, guts and pus!

exlex 
16/6/08 2:05:32 AM
Champion

The trojan didnt manifest untill i restarted is all.

If you get infected you will know it.

I used to run noscript when it was first around but didn't put it back after a reinstall and havent missed it. Untill now.

-----
the divine light in me salutes the divine light in you

exlex 
16/6/08 2:12:13 AM
Champion

[Edit]I found this:



Steps to re-enable the Task Manager and registry editor:

Go to Start->Run-> type mmc and hit enter.
The Console window will open.

Click on File and choose ->Add/Remove snap-in-
Then click on Add and you get a list of snap-in.
Select "Group Policy Object Editor" and click Add then click finish, close and last click OK

Under Console Root, expand the Local Computer Policy
Then expand the User Configuration container.
Click on Administrative Templates then click on System.
In the right pane find "Prevent access to registry editing tools" double click on it and dot Disabled. Click OK

Locate the Ctrl+Alt+Del Options folder. Click on it.
In the right pane, find "Remove Task Manager" double click on it and DOT disabled. Click OK



Edited by exlex: 16/6/2008 03:31:30 AM

-----
the divine light in me salutes the divine light in you

Caelum 
16/6/08 2:23:16 AM
Banned

what browser/operating system?


running firefox + 2008 here, no problems..

-----
This will be your final warning with regards to your actions on this forum.

Rybags 
16/6/08 2:24:31 AM
Hero
Immortal


I doubt I got hit anyway.

Once the site started playing up initially, it was also taking ages to load, and I just got the shits and went elsewhere.

Plus, I've got fairly reasonable security measures here anyway.

-----
Quote by Bear Grylls

Awww... it tastes like an... explosion of brain, guts and pus!

MEC 
16/6/08 2:59:28 AM
Champion

Quote by exlex
Steps to re-enable the Task Manager and registry editor:

Go to Start->Run-> type mmc and hit enter.
The Console window will open.

Click on File and choose ->Add/Remove snap-in-
Then click on Add and you get a list of snap-in.
Select "Group Policy Object Editor" and click Add then click finish, close and last click OK

Under Console Root, expand the Local Computer Policy
Then expand the User Configuration container.
Click on Administrative Templates then click on System.
In the right pane find "Prevent access to registry editing tools" double click on it and dot Disabled. Click OK

Locate the Ctrl+Alt+Del Options folder. Click on it.
In the right pane, find "Remove Task Manager" double click on it and DOT disabled. Click OK



Thanks for the little lesson, nice. I found this googling as well. Start>Run>REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

But after your post I guess I had neglected regedit.

I have exactly the same problem going on here with Malware and antispyspider with no fix yet. AVG & adaware buttsecksed a couple trojans.

The shit is still going now, hijacking firefox every 2 minutes or so and I'm not sure which process to axe so I'm gonna run AVG & adaware again in safe mode with system restore off.


Edit: Just read the sticky about the sql attack. I was at fucking work and my brother in law came around using IE instead of Firefox.

Anyway, installed AVG8 and she's a beauty. Problem resolved.


Edited by MEC: 16/6/2008 03:48:42 AM

-----
Kafka's Law: In the fight between you and the world, back the world. -- Franz Kafka, "RS's 1974 Expectation of Days"

That's the funny thing about standards, there's so many to choose from.

exlex 
16/6/08 6:03:56 AM
Champion

Thanks MEC you got it.

Up to date AVG 7 missed The Honourable adware.generic.DMW iirc.

I didn't know AVG 8 had a free option, thinnk they might not have offered it originaly.

-----
the divine light in me salutes the divine light in you

TheFrunj 
16/6/08 10:31:41 AM
Titan

Quote by exlex
Thanks MEC you got it.

Up to date AVG 7 missed The Honourable adware.generic.DMW iirc.

I didn't know AVG 8 had a free option, thinnk they might not have offered it originaly.


They didn't, they only released the free version of 8 about a month and a bit ago.

Good to see that it fixed it :)

-----
Minister of Technology

Quote by David Hollingworth
TheFrunj: The man in the hat is right.

twinair 
16/6/08 10:33:29 AM
Banned

Sounds like this thread should belong in Security, not the Green Room.

-----
I've been accused of being a crude, cock sucking arsehole.
That's OK, I can take constructive criticism.
But if my grandmother ever says that again I'll kick her fucking head in.

  1  
Forums | Security