Yes I got infected!

Discussion in 'other anti-virus software' started by jo3blac1, Feb 11, 2013.

Thread Status:
Not open for further replies.
  1. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    My set up when I got infected:
    - MBAM Pro Real Time File System protection
    - EMET 3.5
    - FF + NS + ABP

    My current set up:
    - MBAM Pro
    - EMET 3.5
    - FF + NS + ABP
    - FortiClient Antivirus

    FortiClient AV found:
    "Malware: W32/Hamweq.AQ!tr found in D:\RESTORE"
    "Malware: W32/Injector.VOX!tr found in D:\RECYCLER"
    "Malare: INF/AutoRun!tr found in d:\autorun.in by realtime scan"

    Drive D is my USB. I used it to connect to a computer at a local hospital where I was giving a presentation. Drive D doesn't have a write protection.
     
    Last edited: Feb 11, 2013
  2. guest

    guest Guest

    Just one thought as I don't know that FortiClient thing:

    Not every "found malware!" is really malware found. - AV scanning to me in the last years only brought up false positives! (And I used different products). - So make sure this is real and no false alarm by checking that stuff with VirusTotal and other scanners before you decide anything. My advise. :)
     
  3. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Hmmm. Good point. I did delete those files already. So now it makes me wonder if these were false positives. I will keep your advice in mind for the next time.
     
  4. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Is this cheering in your topic title? :ninja:
     
  5. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Well I do like playing the cat and mouse game. And I learned something new.
     
  6. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    Did Forticlient find the malware? MBAM?
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    +1
    Which AV found the viruses?
    Were you running MBAM with realtime protection?
     
  8. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Was running MBAM Pro meaning the real time protection was on. FortiClient found the virus on realtime without any kind of scanning. Then on demand scan it found 2 more.
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,218
    FPs are always possible, but there are also situations whereby leftovers from past infections (malware no longer active) are picked up by over sensitive scanners. It happened to me when testing Emisoft on a computer which had been infected and cleaned.
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    And hospitals are supposed to be sterile! Hospital borne infections are becoming all too common these days!

    (Sorry; it had to be said :D :D )
     
  11. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    Unless you're using XP or unpatched Vista I doubt those autorun infections will get a chance to activate themself on your Win7 machine. Maybe that's why your old setup just ignored those (your USB device is infected and may act as a medium to infect old systems, but your machine is safe).
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Does MBAM realtime automatically scan usb devices when they are plugged in? Also, if these 'malware' had not executed would MBAM scan them? For some reason I was thinking MBAM realtime only scanned on execution. So if these were autorun and not executed, MBAM realtime would have ignored them unless there was an on-demand scan of the usb?
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Perhaps you should inform the hospital that they are probably infected ;)
     
  14. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    The fact that he got a usb plugged onto their computer makes me think that's the last thing they should be worried about. Who's managing their network?
     
  15. RED_404

    RED_404 Registered Member

    Joined:
    Mar 5, 2010
    Posts:
    5
    This is why all my drives have a physical write-protect switch. Remember, always use a condom. :D

    I use Kanguru drives but there are other alternatives out there.
     
  16. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Especially in a hospital :)

    Thanks guys. Yes I do run windows 7, I have autorun disabled in my settings as well. Perhaps this was the reason that MBAM Pro didn't detect it.

    As for the computer. It was another doctors laptop (chairman of the department). It might have been his private computer running XP Pro. I don't know if it had any kind of antivirus on it but the guy didn't seem to know much about computers in the first place. Yes perhaps I should shoot him an email that his laptop is infected.
     
  17. gugarci

    gugarci Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    288
    Location:
    Jersey
    That's what I've been doing for years and it has not failed me once. If your PC is working well and is not showing any signs of being compromised. Assume it's a false positive and double and triple check it before you delete anything.

    Also some scanners will flag cookies and PUP, potentially unwanted programs. PUP's are not malware when you install the program yourself.
     
  18. Malware fighter

    Malware fighter Registered Member

    Joined:
    Jan 31, 2011
    Posts:
    253
    Go to nearest hospital ASAP ! :D
     
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Probably some nitwit :p
    Though it could also be that they have disabled autorun completely and got infected trough other means with a virus that also spreads via USB drives which then infected jo3blac1's one.

    :D
     
  20. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA

    Next time you could upload to:

    https://www.virustotal.com/

    or

    http://virscan.org/

    for confirmation.
     
  21. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    You should be better protected with Forticlient up and running.
     
  22. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Forticlient is enterprise level security. Generally it's the software engine used on enterprise security appliances. Very strong, and reliable.

    I've used enterprise filtering for years in the home. Currently I use Trend on my $1200 Juniper router I bought got $50 from a business that was upgrading, it provides an additional, front line defense, and you don't really need to go all crazy with installing stuff because of a good enterprise solution. Consumer routers are hideous.

    Fortinet is well known in the SOHO/Enterprise markets, and is known to be very good.
     
  23. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Hopefully they won't change it into bloatware over time. The only reason I kept it was because it feels very light on my laptop.
     
  24. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    So were they false-positives or real?
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    MBAM is not an AV replacement.
     
Loading...
Thread Status:
Not open for further replies.