Well, I just got the sh*t kicked out of me by a virus...

Somehow I don't think that Wilders is the right place to explain what cracks are and encourage readers this way to use them. Cracks are illegal and most probably the main reason, why more and more software companies create softwares with activation to protect their software against piracy. I hate activations.

 

Erik, while I agree that this isnt the place to discuss cracks as they are beyond the scope of the forum's functional area- he just asked what they were, and since this is foremost a place of learning, we may as well tell him- if he wants to learn more thereafter, theres google etc.

tw- cracks are small programs that break the registration protection of applications- making them registered and function as though they'd been paid for, although they were not. Crackers have their own sub cultures actually, with different groups competing to see who can produce a working crack for such and such an application first, etc. Go hit gigablast and do a search on it, it makes for some interesting reading.

Chrome

 

If software becomes more prominent and more to be known by many then crackers will be focus their attention on and will sucseed in cracking any code,for almost every paid software there cracks around the web.

 

Thanks for the heads up. They make it tough for the rest of us. As Erik says, he hates registrations, as do I. If these crackers didn't do their thing we might have an easier time registering.

 

Hey Pete:

Got it
I keep forgetting about your "separation" rules and set-ups.
I also have a box that has NEVER been on the net. Never had XPProSp2 patched, runs my biz apps and db: no one but me EVER goes near it with any writeable media, never even twitches
( except for HD burnout, that is another story and why back-ups RULE )
..and that is also backed up..with FDISR and BING..reminds me.. hits shortcut to IFW...

Regards

"no one but me EVER goes near it with any writeable media".. hmm in retrospect that may give some people the shivers

 

I know. Long ago, I saw a video created by a cracker group to celebrate their 10,000th crack.

 

Hi, folks: Cracked programs are very common among applications other than security apps (AV, AT and AS). Some cracked ones come with keygen, as long as outbound connection can be stopped, any code generated by KG may work. Be honest here, I do have few top-notched apps are cracked and safely been used for quite some time, I am not proud of this, but, if prog developer can not protect their own, anyone who happens to be smarter can freely use it. Cyber products are very hard to protect on both ways--consumers and vendors. Often users are cheated out their hard-earned money by vendors, by the same token, vendors may lose thousands thousands income due to crackers' work. This is a real world, everything is for real. No kidding.

 

I'm really disappointed,

I saw this thread with Erik's name at the side, and assumed he was the author of the original post.

I was like, what, a virus managed to kick the sh*t out of Erik's set-up? How the hell did that happen?

Not wishing disaster on you, Erik, but it would have definitely made for an interesting thread.

 

While I appreciate all the input, i'd really rather not turn this thread into a discussion of cracks (as per erik's statement). My mention of cracks was only peripheral to the main topic, and only elaborated on in order to allow someone who didn't know what they were, to follow along with the discussion.

The topic is first and foremost about how I got infected with a virus, and how first defense saved my ass....

 

Sorry i initiated this stray,not Erik.

 

I agree. This is always a touchy subject, which should be dealt with via PMs. So I strongly encourage everyone to use them instead.

Cheers.

 

I played with it a little bit. Seems very nasty. On VT it was detected by only Antivir, AVG, Dr.Web, NOD32 and few other, not detected by KAV, Norton, Ewido etc..
It destroyed my Antivir as I was not able to update and run it for a scan.. Here are some popups from GesWall, CH and EQSecure.
I may try it later in detail.
I am currently in Shadow mode, I hope ShadowSurfer will take care of it.

 

GesWall log when executed inside it.

 

I was a bit afraid but SS took care of it on reboot( even though I had allowed it to modify/ modify the memory of SS files itself.

Interestingly I got nag pop up from Antivir after reboot while updating and I saw this new pop up first time. On first glance I became afraid that may be it,s a irus or something like that. lol

 

Seems to me that Anti-Executable would have stopped this one : no installation and no execution.

 

Sure.

 

I was just thinking back about when this happened to me. I guess it can be deduced then, that an isr snapshot is not sufficient for testing malware/virii, right? Your thoughts please.

 

Thanks for the input pete, I actually just installed server 2008 in a vm. The only thing is, it seems you would want to try the malware against your defenses, right? So you'd need to set up the vm, with the same exact malware defense lines you use on your host machine, right? I guess malware cant jump out of a vm, i've never heard of it happening.

Edit - as far as I know, if you want to share files between the vm and host machine, you have to set up a network between the vm and host, right? Couldnt then a virus spread through to the host just as virii spread through networks? I didnt think my thought through well enough before saying the above.

Edit 2 - when this virus hit me, if i'd had a second operating system on another partition/disk (instead of trying to boot over to another isr snapshot), couldnt i have booted to that auxiliary operating system on the other partition/disk, and from there scanned the infected partition and cleaned it safely?

 

I am sorry to hear your misfortune.

One option to prevent nasties from infiltrating your fd-isr services might be to protect them by a HIPS. SSM for example allows to do that. Of course this does not replace common sense.

Frank

 

I notice on a regular basis Pete your constant references to IMAGE restores. Being a malware researcher over the years i always run malware thru a test machine to monitor behavior & changes to better assist users who got in trouble. I spent enormous time, sometimes 48 hours without sleep to address and assist users in a HijackThis forum i worked at online. With that i not only fell out of the loop of bringing my own system into line with the times but never really gave serious thought to imaging.

All that is changed since then, with the onset of great rollback apps like FD-ISR which i took for granted as a reliable substitute for imaging, but when something does go amiss and theres no other alternative to turn, imaging is the very final line of recovery that saves from loss of time, effort & work.

Recently i let loose a file-infector virus myself, and not a rootkit or other malware that mimicked something very similiar that happened to me back in the 98 days where i lost a whole drive of data without possibility of recovery, only in this case no outright delete but corruption of every single exe file on a system WITH first-defense. It rendered ALL my snapshots, including the $ISR directory adversely affected even though FD-ISR was able to salvage some of them, the others were beyond recovery, and even the ones working had some programs affected leaving no choice but to wipe that partition afresh and start over.

Thankfully, ALL my FD-ISR reserved ARCHIVES made for successful recovery of the individual snapshots by re-creating them again being they were storaged away from the machine on alternative drives/partitions.

So everytime now when i read all the heavy discussion over IMAGING it becomes very clear & wise that IMAGING alone is extremely vital to maintaining a reliable productive environment without too much loss of time and certainly makes up for loss of critical effort and work.