New Very Nasty Malware/Rootkits ????

GunJack

Guys,

this week, I've had the first pc I haven't been able to clean - having to recommend a complete wipe and re-install. The thing is, I've now come across a second one which is exhibiting similar symptoms, and wondered if anyone else has seen a recent increase in very nasty, hard to remove malware, rootkits, whatever ???

I've tried mbam, combofix, hitman and dr.web, and on the first machine dr.web found a lot but couldn't cure it. The second machine combofix found lots and deleted it, same with hitman, and I've currently got a full dr.web scan running. On both machines mbam had it's update disabled.

Anyone got any ideas/similar experiences ??????

busenbust

Nothing attacking me here! Out of interest, this machine -- which browser was being used ?? IE/FF/

Drone31

Yep I've always been very savvy with regard to this, to a point I rarely worry as I know how to avoid infection in the first place - a while ago however, my laptop was infeceted with malware due to an unfortunate blunder on my part, and I found it utterly impossible to remove. It was the first time in around five years I haven't been able to remove something.

I ended up formatting (which I do regularly anyway; every six months give or take) and reinstalling.

I literally tried everything. I was all over the registry, looking at values, running all kinds of software, and I just couldn't shift it. The people behind these things are definitely gaining ground on the most popular "anti" software developers around.

busenbust

Drone31 wrote: »

Yep I've always been very savvy with regard to this, to a point I rarely worry as I know how to avoid infection in the first place - a while ago however, my laptop was infeceted with malware due to an unfortunate blunder on my part, and I found it utterly impossible to remove. It was the first time in around five years I haven't been able to remove something.

I ended up formatting (which I do regularly anyway; every six months give or take) and reinstalling.

I literally tried everything. I was all over the registry, looking at values, running all kinds of software, and I just couldn't shift it. The people behind these things are definitely gaining ground on the most popular "anti" software developers around.

wow! what's your current security setup?? and welcome to mse !:)

Drone31

busenbust wrote: »

wow! what's your current security setup?? and welcome to mse !:)

Thank you

I run an independant hardware firewall, and a lot of insanely complicated manual scripting, which tends to keep out the nasties. I've developed a lot of it myself - which is why I tend to do a lot of formatting, as I have a tendency to make things not work at the push of a button, but what does work is hugely effective :j

GunJack

In both of these cases, they've been using both browsers.

The first pc I'd not seen before, but they had been using mcCrapafee.

The second I'm a bit miffed about 'coz I'd sorted it out, put my usual security suite on and left detailed instructions on how to use it, but they'd let the (grown-up) kids and grandkids onto it to click and download pretty much anything they wanted :mad: That, coupled with NOT using the security suite as directed has led to this situation....

Neither client are tech-savvy, but it's a bit concerning that that's two in a week that are so bad

busenbust

Drone31 wrote: »

Thank you

I run an independant hardware firewall, and a lot of insanely complicated manual scripting, which tends to keep out the nasties. I've developed a lot of it myself - which is why I tend to do a lot of formatting, as I have a tendency to make things not work at the push of a button, but what does work is hugely effective :j

thanks. this is mine atm:

Originally Posted by busenbust
erm , IMO, I would not touch IE with a 500ft bargepole!:rotfl:Go with FF or Chrome or Opera or anything other than IE. Security? this is what I use: Avast+Windows Defender+ MBAM + NoScript (the latter makes browsing bomb-proof, but not idiot-proof :rotfl:)

HTH.

busenbust

GunJack wrote: »

In both of these cases, they've been using both browsers.

The first pc I'd not seen before, but they had been using mcCrapafee.

The second I'm a bit miffed about 'coz I'd sorted it out, put my usual security suite on and left detailed instructions on how to use it, but they'd let the (grown-up) kids and grandkids onto it to click and download pretty much anything they wanted :mad: That, coupled with NOT using the security suite as directed has led to this situation....

Neither client are tech-savvy, but it's a bit concerning that that's two in a week that are so bad

was the virus/malware infection identical on both machines ??

Drone31

GunJack wrote: »

In both of these cases, they've been using both browsers.

The first pc I'd not seen before, but they had been using mcCrapafee.

The second I'm a bit miffed about 'coz I'd sorted it out, put my usual security suite on and left detailed instructions on how to use it, but they'd let the (grown-up) kids and grandkids onto it to click and download pretty much anything they wanted :mad: That, coupled with NOT using the security suite as directed has led to this situation....

Neither client are tech-savvy, but it's a bit concerning that that's two in a week that are so bad

What's it doing to the machines inparticular? Is it the usual browser redirecting, startup/service items appearing etc?

23n1th

GunJack when people post about this sort of infection I point people to this website however most people ignore it but they are very good. http://www.geekstogo.com/forum/ they are experts and are trained at getting rid of the real nasties.

busenbust

23n1th wrote: »

GunJack when people post about this sort of infection I point people to this website however most people ignore it but they are very good. http://www.geekstogo.com/forum/ they are experts and are trained at getting rid of the real nasties.

wow! looks comprehensive enough!