Malware attacks...

Discussion in 'other anti-malware software' started by curious george, Sep 15, 2008.

Thread Status:
Not open for further replies.
  1. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    Well, right now i dont have all too much protection on my computer. Didn't think i'd really need it nor do i now. Yesterday, i for some odd stupid reason decided to let my cousin use the computer, and forgot to turn on returnil. I come back to to a horror movie. My desktop was hijacked, the desktop tab was removed random annoying stupid pop ups flooded my screen. Well, it wasn't much of a big deal, since i deal with this all the time, except this time it seemed the creator was a tad bit smarter. I scanned with MalwareBytes, found a few threats, cleaned them and restarted. Upon restart, same deal. Malware Bytes didn't help all too much (possibly new malware) Decided to load hijack this for a quick easy clean, but there was nothing wrong with in the outcome. Now my last resort was NOD32. The second i loaded it up, i got a pop up alerting me to some weird actions. Anyway, using the heuristics on it, i was able to find 8 infections, most of which where Trojans, and ended up with a clean pc and fixed the desktop tab as well. Now...my question to all of you is are the malware developers much quicker or possibly faster then the anti malware developers? As i said before, both Malware bytes and hijack this failed to locate anything. Im assuming it was all heuristics...so what do you think?
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Apparently the reason why the real expert says that NOD32 completely sucks and fails... :rolleyes: :p

    Always been the case; pretty much covers the nature of AV industry. ;)
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    your cousing should carry your nick''curious george" afater that masive attack:D
    thats why i always recomend to either use a strong sandbox or lock system down,just in case,i dont trust any of my familly menmbers to use my pc,thats include my wife:D o_O :argh: :D so people lock down or virtuallize,

    prevention is better than the cure.
     
  4. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Apparently we need better <sarcasm> tags... :D IOW, nor do I. ;)
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Nod is really poor at removing and detecting spywares
    if you run nod and superantispyware or even zemana it is good to go
     
  7. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Blacklist scanners will always be one step behind malware. They are REACTIVE, not proactive. Now with new technologies, like heuristics, virtualization, etc, they are trying to speed up, but they have a loooooong way to go yet.

    EDIT:
    This is the classical cycle:
    1.- Malware writer creates and distributes new malware
    2.- AV industry detects new threat (sometimes within hours, sometimes within days)
    3.- AV industry creates definitions and defeats new malware
    4.- GOTO "1"

    AV industry is trying to break that cycle, but has not succeeded 'til now.
     
  8. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    That's why I make a system disk image at least every 3-4 days.

    By the way -- shoot your cousin. No court will convict you of anything more than a misdemeanor (for littering).;)
     
  9. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    you couldve avoided all this **** to begin with if youd just had all your browsers set sandboxed.

    alternatively, you could have a frozen fdisr snapshot called "this is the one i let my cousin use" , but thats a whole other can of worms :D
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I think it's mutually agreed on that blacklist scanners are designed to track AFTER THE FACT, but as chrome_sturmen points to, but you can transform such scanners into a ProActive posture if you "SANDBOX" your browser or even an executable you've pulled from the sandbox for scanner examination, provided it's not a fresh introduction which isn't been identified as malware yet.

    SandboxIE is a beauty man as everyone knows by now. Cuts the crud and safely confines files/registry actions within the bull pen. LoL
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    :D :D :D lol

    If you talk about the elite surely, if you talk about usual miscreants probably not.
     
  12. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    well...i dont know guys. after running a scan with super antispyware, there is still various crap in my system. Me and NOD32 go way back...but now im having second thoughts...Might switch to avira.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    None of them catch everything. If you'd run them in a different order, you'd have found that SAS also missed stuff the others found. Heuristics and behavior blocking will always have limits as well. In order to break the reactive cycle that's been the normal for many years, you have a few choices.

    • Use sandboxing and/or virtualization software to contain malicious code.
    • Use a "restore at reboot" type program, which puts the system back as it was.
    • Implement a default-deny policy in which only those processes that you use and ones necessary for normal system function are allowed to run, and block everything else.
    These 3 can be combined in various ways.
     
  14. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    You can keep 2 or 3 antiviruses around if you want, so you can scan with them in case that you become infected - but you can only run one in realtime. personally i dont run any antivirus realtime, but i do keep a few around for their scanning engines to use on-demand. anyway, antivirus should be considered your last line of defense. sandbox, backup snapshots, h.i.p.s. and virtualization should make up your first lines of defense and keep your system in a state that you never need the antivirus, except for occasional on-demand scans.

    by the way, i'd download a trial version of malwarebytes antimalware and run a scan, that should clean out any remaining junk on your system, and let this be a lesson!

    chrome
     
  15. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    what would be really awsome if there where bootable cd's that updated, and portable antiviruses we can use. I know dr webb has one but im not too big of a fan. -shrugs-
     
  16. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Avira AntiVir Rescue System is updated on a daily basis.

    BitDefender Rescue CD has live update feature so it can always download fresh AV definitions.
     
  17. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Your intuition could be right. :D At least this enterprise has some evil friends who like to play master monster mob of the internet. With ultimate Big Brother ambitions.
    Cool, I knew that about Kaspersky and Avira but didn´t know that they also have a Rescue CD.

    I am impressed, BitDefender rescue looks most complete with knoppix integration,
    Avira should step forward to a GUI version too.
     
    Last edited: Sep 17, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.