Lost Everything and have to hand in IT coursework tomorrow...HELP

asbokid

LucianH wrote: »

Given my limited expertise, this would have been my first call to check of the data was there and then try and recover the data. I realise that we don’t know the exact cause of the problem, but is it possible that this would have worked and could you have used CMD.EXE to copy files to a memory sitck (or could the (possible) malware be running in the background continuously hiding the files)?

It's possible, perhaps even probable that resetting the hidden attributes on the files in that directory might have worked, allowing the files to be recovered.

However, the malware could perform any malicious function, from immediately re-setting those file attributes back to hidden, to irreversibly corrupting the file system, whether deliberately or not.

And since no one could identify the malware with any level of certainty, except to make an educated guess that it was from the TDSS family of rootkits - no one could say for sure what the malware might actually be doing to the file system.

There are some limited industry-funded analyses of TDSS (also known as TDL) rootkits. See below. The rootkits install themselves as device drivers, and use that elevated user privilege to run functions which only 'root' (i.e. the Administrator) is normally allowed to invoke.

Once a machine has been rooted, you cannot trust it any more, since you cannot guarantee the integrity of any binary, any library, nor the integrity of the operating system kernel itself.

A rooted machine is basically trashed and a re-install of the entire operating system is the only truly safe option.

However, in the sloppy world of Microsoft Windows security, happy-go-lucky users will make do with excising just the obvious signs of infection, while the malicious corruption of the operating system and userspace binaries - including the web browser - is left unrepaired.

http://www.esagelab.com/files/AlisaS-VBMay09.pdf

asbokid

debitcardmayhem wrote: »

troll

In other words you toss in the "conspiracy theory" insult, and then you run away when asked to justify it with reasoned comment. A troll, indeed.

However none of this is going to help the thread creator

Why does that matter? Plenty of interesting discussion comes from thread drift. Neither YOU nor the OP of any thread has a monopoly on the topics of discussion.

This thread could naturally lead on to a debate about the security of Microsoft Windows compared to open source operating systems like Linux.

There is some limited credibility to Microsoft's claim of security-through-obscurity. That is, by keeping the Windows source code secret, this make it more difficult for hackers to discover weaknesses.

However, there have been numerous leaks of Microsoft Windows source code. Around 50% of the codebase was leaked online in one incident alone.

Microsoft also shares its operating system codebase under non-disclosure agreements (NDAs) with "select partners", including research groups and "third party security application developers".

Since much of the Windows codebase is already out there, and in the hands of dubious Eastern European [strike]malware writers[/strike] anti-virus software houses, Microsoft's security-through-obscurity argument is completely lost.

I've spent over 25 years in C development, mostly on x86 and Sparcs, but lately working on ARM-based embedded systems. The last project was a novel wireless router. We built the router's operating system from scratch. We had an extensive development toolbase for squishing bugs.

Since we developed the system, we also had all the source code to debug against. Without that source code, reverse-engineering object code to discover bugs, even for a humble microcontroller, is a painstaking task.

And that is why security flaws in open source developments like Linux are spotted and fixed in a matter of hours. The ethos of open source was summed up in a simple sentence by Linus Torvalds, the author of Linux.. "Given enough eyeballs, all bugs are shallow"

However, in closed source corporate products like Microsoft Windows, similar flaws can lay undiscovered (at least officially) for a decade or more.

And yet there are highly paid "security experts" both inside and outside of Microsoft who enjoy privileged access to the Windows source code which should make discovering these flaws virtually childsplay.

These experts have all the debugging tools that money could buy. And yet they are, seemingly, still overlooking pretty obvious Windows security flaws.

Or have those flaws been genuinely overlooked? There are those who claim that while security flaws go unreported on the official newswires, their discovery is discreetly passed to malware developers. They then go on to code exploits that take advantage of the flaws.

debitcardmayhem

RussJK wrote: »

I'm not sure why you say this part....snipped ... Obviously it's better to have backups in the first place ...snipped

Sorry , scare tactics :eek:, people should have backups, but ....

I was not saying that most of the data cannot be recovered (double negative there) but it is a question of how long it will take to recover from a compromised system without knowledge versus restore the latest backup. Too long working in Enterprise sized systems in a past life I guess.

debitcardmayhem

asbokid wrote: »

In other words you toss in the "conspiracy theory" insult, and then you run away when asked to justify it with reasoned comment. A troll, indeed.
Why does that matter? Plenty of interesting discussion comes from thread drift. Neither YOU nor the OP of any thread has a monopoly on the topics of discussion.

This thread could naturally lead on to a debate about the security of Microsoft Windows compared to open source operating systems like Linux.

There is some limited credibility to Microsoft's claim of security-through-obscurity. That is, by keeping the Windows source code secret, this make it more difficult for hackers to discover weaknesses.

However, there have been numerous leaks of Microsoft Windows source code. Around 50% of the codebase was leaked online in one incident alone.

Microsoft also shares its operating system codebase under non-disclosure agreements (NDAs) with "select partners", including research groups and "third party security application developers".

Since much of the Windows codebase is already out there, and in the hands of dubious Eastern European [strike]malware writers[/strike] anti-virus software houses, Microsoft's security-through-obscurity argument is completely lost.

I've spent over 25 years in C development, mostly on x86 and Sparcs, but lately working on ARM-based embedded systems. The last project was a novel wireless router. We built the router's operating system from scratch. We had an extensive development toolbase for squishing bugs.

Since we developed the system, we also had all the source code to debug against. Without that source code, reverse-engineering object code to discover bugs, even for a humble microcontroller, is a painstaking task.

And that is why security flaws in open source developments like Linux are spotted and fixed in a matter of hours. Whilst in closed source corporate products like Microsoft Windows, similar flaws can lay undiscovered (at least officially) for a decade or more.

The ethos of open source was summed up in a simple sentence by Linus Torvalds, the author of Linux..

"Given enough eyeballs, all bugs are shallow"

Not at all, if you wish to expound on your theories then feel free to start a new thread , invite comments , and hey lets see if someone hijacks your thread and starts talking about IBM assembly language, or maybe ICL George II/III or maybe someone like me talking about Susan George , or perhaps REXX, or Unix (you know the one before Linus and the plethora of *IX's) Or Data General or Commodore 64s or Amigas or BBC Micro, hey lets broaden the topic to Android, Symbian, or even carrier pigeons. Did you you that Julius Reuter started his news agency using pigeons.

Apologies to loopyloo2 and others for this rant

asbokid

debitcardmayhem wrote: »

if you wish to expound on your theories then feel free to start a new thread, invite comments , and hey lets see if someone hijacks your thread

Since loopyloo2 has vanished, but is free to post to this thread whenever she wants, and since you've added nothing to the discussion but a cut-and-paste reference to a DOS command, you have nothing to complain about.

This is thread about a Microsoft Windows security violation. From those with personal experience of such things, the OP's problem has been remotely diagnosed as a rootkit-based attack.

That has since led to discussion on rootkits in general and I provided references to online books authored by experts in the field, including one book by a Cambridge professor in security engineering, and a second book by a group of independent security experts.

I also gave a link to an industry analysis of the TDSS family of rootkits. And lastly, I gave web links to two tech forums where the widespread belief is being aired that AV software houses are in bed with malicious code developers. Something that you ridiculed, without justification, as a "conspiracy theory".

Apologies to loopyloo2 and others for this rant

You owe me an apology as well for insulting me.

On a point of posting etiquette, it was hardly necessary to duplicate my entire message before adding your one line insult. Perhaps you thought that it would cause others to be irritated by me, bolstering your own viewpoint that I am taking up more thread space than you feel I deserve? Why don't you do the polite thing and go back and edit your message, and only quote what is pertinent to your own comment.

loobyloo2

Hi All

Wow, what a long thread this has turned into, I will go through it and thank all your posts after posting this.
I took the laptop to school. That was a complete waste of time, couldn't do anything as it was not a school computer, though she did get an extention to hand in her work. So, popped into the reair shop and explained what had happened, they said it was a Trojan. I haven't a clue what a trojan is, but.... they were able to recover everything, and reinstall Windows, put AVG security on, and even clean the screen (what do you all use for cleaning?) for £45 which I was really happy about. Got it back at teatime, and daughter has now put everything onto memory sticks.
I would fail her too, for not doing what she had plainly been taught, but I think this has now taught her a lesson.
I would like to say a big thankyou to all who have tried to help, especially the kind gent in Derby (I'm in East London/Essex) and of course all the rest of you , but at the end of the day, I was too inexperienced to even attempt resolving this, I found it daunting.
I wish I understood computers, but all I do is a bit of browsing and a few emails.
It is lovely though to know, that when a desperate situation arises, all of you fabulous people are out there to help.
Loobyloo

debitcardmayhem

Fine result and the cost was exceptionally good , thanks for letting us know.

gaming_guy

....................

[Deleted User]

Nice one looby, glad the homework was recovered. It took a nasty shock like this when i was 15 to get me into the habit of backing up all my work whenever I could.

Personally, i use window cleaner on a bit of kitchen roll to clean my laptop's screen! If you want to clean your keyboard, you can buy cans of compressed air that are great at getting all the grub from behind the keys. And they collect a lot of grub.

closed

You've moved or copied all the work onto usb sticks?

The former is not a backup, the latter is. usb sticks are easily lost/corrupted/infected

avg isn't the best free one, avast or avira are better, and most AV's struggle to keep up with these types of infections so any unusual screens again, end internet explorer in task manager, shutdown, restart and do a system restore, then scan with malwarebytes

post a hijackthis log