Got a virus

[olds]

It disabled Malwarebytes and Norton (free from comcast). I disconnected from network worried that it might spread to wife's machine.

Something i can download to my phone then run on my pc to clean it?

Other options?

 

[lxskllr]

You could try this...

http://www.avg.com/us-en/avg-rescue-cd

Here's a general search that might be useful...

https://duckduckgo.com/?q=bootable+anti+virus

 

[olds]

Meh, Set up AVG and it said it was bootable but it wouldn't boot. Did a Windows 8 recovery and now I can spend the next two days downloading and re-installing all my "Apps".

So much for having an antivirus and malware blocker.

 

[lxskllr]

I've really become disenchanted with av over the years. They really are crap, and can't be relied on. If I ran Windows, I'd probably still run one that was light, and didn't bother me, but I have no faith in them. Try to harden your setup, and fix the core reason you got a virus. Once a virus is on your machine, you've lost the game, whether or not av takes care of it for you.

 

[olds]

I've really become disenchanted with av over the years. They really are crap, and can't be relied on. If I ran Windows, I'd probably still run one that was light, and didn't bother me, but I have no faith in them. Try to harden your setup, and fix the core reason you got a virus. Once a virus is on your machine, you've lost the game, whether or not av takes care of it for you.

I appreciate your help. The meh, wasn't for you, it was for me.

I got the virus removing spam accounts on another site. Never clicked a link, just opened threads, clicked user names and deleted their accounts and posts. I think I'll nuke the whole forum (and every post) from my Kindle and not my PC.

I let the AV and Malwarebytes update automatically so I assumed I'd have the latest definitions.

 

[Ketchup]

I've really become disenchanted with av over the years. They really are crap, and can't be relied on. If I ran Windows, I'd probably still run one that was light, and didn't bother me, but I have no faith in them. Try to harden your setup, and fix the core reason you got a virus. Once a virus is on your machine, you've lost the game, whether or not av takes care of it for you.

Couldn't agree more. Run MSE on the desktop and laptop, nothing on the VM's, and haven't had a virus in years. It's all about safe browsing practices.

 

[lxskllr]

https://duckduckgo.com/?q=bootable+anti+virus
I got the virus removing spam accounts on another site. Never clicked a link, just opened threads, clicked user names and deleted their accounts and posts. I think I'll nuke the whole forum (and every post) from my Kindle and not my PC.

In this particular case, it sounds like NoScript might have prevented the infection. In the future, if you have any potentially dangerous network activity to do, Try GNU/Linux from a bootable USB/CD, or a vm. That'll help keep your primary system separated from the activity. The Kindle should work too, but I really dislike doing real work from a touhscreen. Tablets are great as a backup/quick browser, but they aren't serious tools AFAIC.

 

[olds]

In this particular case, it sounds like NoScript might have prevented the infection. In the future, if you have any potentially dangerous network activity to do, Try GNU/Linux from a bootable USB/CD, or a vm. That'll help keep your primary system separated from the activity. The Kindle should work too, but I really dislike doing real work from a touhscreen. Tablets are great as a backup/quick browser, but they aren't serious tools AFAIC.

I'll have to look into Linux for stuff like that. I have an 8 GB USB stick I am not using. I was using Chrome on the site but I use No Script on Firefox. My local paper requires a login to read the paper and No Script blocks it so I can read for free...

 

[John Connor]

Panda cloud and Noscript for Pale Moon. All you need besides safe, common sense browsing habits.

 

[balloonshark]

NoScript is great but I like my layers. I've been running my internet facing apps in Sandboxie for years. It has a bit of a learning curve but it is worth the effort. I also set it up on my mother's PC and my niece's laptops.

There are also other security apps that perform better than AVs. You just have to be willing to learn and step outside your comfort zone.

 

[mechBgon]

Panda cloud and Noscript for Pale Moon. All you need besides safe, common sense browsing habits.

Statistically, more than half of the malicious websites out there on any given day are normally safe. So that's a serious shortcoming of the "common-sense browsing" mentality. For example, if AnandTech gets hax0red and it's on your NoScript whitelist...? Yeah.

My suggestions are yonder: http://www.mechbgon.com/security The general theme is

1. eliminate unnecessary attack surface, particularly Java browser plug-ins
2. harden your Windows installation
3. harden the apps you're keeping
4. have a working backup/recovery setup
5. if you can handle Software Restriction Policy, it's the granddaddy of damage control. Takes some getting used to.

If you think the attack was browser-driven, consider use a browser that has sandboxing if you don't already do that. Chrome is an option. IE11 is an option, particularly with EPM enabled. FireFox, after all these years, still runs with user-level privileges and Medium integrity, making the worst-case scenario far more serious. Anything you can do, it can do too. Sort of a WinXP-era way of thinking there.

 

[olds]

I am running Ubuntu on a USB stick right now.
I installed No Script on Firefox.

Am I safe to go back to the site that infected me and finish what I was doing? Or can I still get a virus?

 

[PliotronX]

I've had to modify my standard removal a bit since discovering viruses masquerading Java runtimes as the latest version. I was tearing my hair out trying to find what was causing this one lady's PC to be reinfected after full scans of MBAM and SAS when I found this out. The add/remove programs list had me fooled that it had the latest Java. If you have the latest (7.0u60 or 8.0u20), uninstall it for good measure and observe the uninstallation box's reported version. I've seen the uninstaller reveal that the real version is 7.0u25 or older. Full of holes, the virus is free to keep downloading crap.

So try this, first boot into safe mode if you can, run a scan with MBAM Chameleon, ComboFix, SuperAntiSpyware, Adwcleaner. If you cannot boot, your only options are live CD's from Kaspersky or Sophos really.

Oh shoot, saw that the Windows recovery reset everything. Sorry man, it's probably for the best.

 

[lxskllr]

I am running Ubuntu on a USB stick right now.
I installed No Script on Firefox.

Am I safe to go back to the site that infected me and finish what I was doing? Or can I still get a virus?

100% certainty can never be assured, but you should be ok. Just for kicks, unmount your main HD. It probably automounted when you booted to the stick, and that would cut down on the unlikely chance something could get to that drive through Ubuntu. The easiest way to do that is open up the file manager(nautilus), and where it shows your main HD, there should be an arrow next to it. Click that arrow, and it should dismount. You can also right click your drive, and pick eject, unmount, or whatever the verbiage is.

 

[olds]

"Unable to mount 128 GB Volume" (That's my C drive)
Sounds disconnected?

 

[lxskllr]

"Unable to mount 128 GB Volume" (That's my C drive)
Sounds disconnected?

Yea, sounds like it. Was it mounted previously? Usually that happens automagically at boot. Not really important for this task, but it's useful being able to get into your Windows partition in the future in case you have to do a rescue or something.

 

[olds]

I don't believe it was previously mounted. Looking for nautilus, I came across that.

 

[olds]

LOL
Looks like I need to disable No Script to login

 

[lxskllr]

LOL
Looks like I need to disable No Script to login

Allow the minimum necessary to get in, and make sure all plugins are disabled. In the NoScript options, go to Embeddings, and check all the plugin options.

These are my settings. I have a fairly paranoid setup, and it's based more on security than convenience. It should stop most script based attacks from getting in...

Edit:
You'll want to check [Apply these restrictions to whitelisted sites too]. It's prudent since you're working on a known malicious site. That /may/ cause issues with login if it uses something retarded like Flash, but it shouldn't affect operation. I have very few sites whitelisted. so I never left it checked.

 

[John Connor]

Statistically, more than half of the malicious websites out there on any given day are normally safe. So that's a serious shortcoming of the "common-sense browsing" mentality. For example, if AnandTech gets hax0red and it's on your NoScript whitelist...? Yeah.

My suggestions are yonder: http://www.mechbgon.com/security The general theme is

1. eliminate unnecessary attack surface, particularly Java browser plug-ins
2. harden your Windows installation
3. harden the apps you're keeping
4. have a working backup/recovery setup
5. if you can handle Software Restriction Policy, it's the granddaddy of damage control. Takes some getting used to.

If you think the attack was browser-driven, consider use a browser that has sandboxing if you don't already do that. Chrome is an option. IE11 is an option, particularly with EPM enabled. FireFox, after all these years, still runs with user-level privileges and Medium integrity, making the worst-case scenario far more serious. Anything you can do, it can do too. Sort of a WinXP-era way of thinking there.

I have Comodo firewall that does sandboxing...

 

[olds]

"This "Sandbox" isn't something you can actually "see" in Chrome. It isn't really a tool, per se. Sandboxing is just a term used to describe how measures have been taken to make Chrome much more secure under the hood. It's just a way of describing more secure software, to put it simply."

Dang, I was using Chrome when I was infected.

 

[MustISO]

On my main machine I have no java and no adobe products. I use VMs for those and run the browser in Sandboxie.

 

[balloonshark]

On my main machine I have no java and no adobe products. I use VMs for those and run the browser in Sandboxie.

Similar setup here but the only VM I use is a light virtualization app. I only use it on demand though.

Sandboxie gives you that warm and fuzzy feeling when surfing.

 

[NWilliam]

Hey guys,

My phone just keep getting infected by various malwares. I need to find a solid solution and take care of this problem for good. In this article http://www.mobileprivacysource.com/keeping-android-device-protected-malware/ the bloggers mentions three anti-virus apps: AVG, AVAST and F-Secure. What do you think, which one is the best from here?

 

[petrat]

F-Secure would be my choice