Malware recent encounters, or the odd hardware problem.
Results 1 to 5 of 5

Thread: Malware recent encounters, or the odd hardware problem.

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743

    Malware recent encounters, or the odd hardware problem.

    Greets Guys,

    Have been getting some regular cleanups lately that dont seem to fit a particular malware, and one item is too coincidental to be random hardware..

    1/
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    Spotted this with Spybot, each time I have encountered this the Antivirus has benn knobbled, NAV, McAfee and Trend Micro.. The Antivirus was not uptodate nore was it operational..
    Oh and a crap load of parasites and worms

    2/
    Systems not booting to desktop - A quick glance of a BSOD screen with
    "Unmountable Boot Drive"
    .

    Booting the same machines with a XP-PE cd shows an operational hdd..
    a run of HDD Regen finds a bad sector.. and only one..
    it repairs..
    I reboot the system after the scan has completed 5Gb of the drive..
    windows does a file integrity test,
    boots without a hitch to the desktop
    spyware/antivirus scans are varied some machines have a **** load of parasites and worms others with near zero,, Mind each of these have had the xxxxDisableNotify regkey set.

    this second problem has been with some 10 or more machines this week.. just that symptom..

    So is there a malware that is damaging boot sector information on hdds that I have missed the informations ..
    Or am I encountering a series of coincidental hdd sector/cluster errors that cause the exactly the same error..

    And as for the first issue.. It seems some users disable the Antivirus and Firwall notifications manually, I know this will happen with NAV (**cough**Crap**cough**), didnt know that the other two would also cause the same symptoms.... well I know that Trend dosent.. have deliberatly tested the installs I have done..
    And it seems the safest fix has been to uninstall the antivirus, manually fix the keys, confirm the warnings are working then reinstall.. the antivirus installs/updates and all warnings appear to work through the process..

    OK..

    Anyone else encountering this pair, and thoughts?

    thanks
    Undies
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Cant say I have encountered these probs, but then, I don't do cleanups for a living.

    But I would hazard a guess that some shyster is coding badly. Or if I want to be synical some shyster is coding very well, to boost their income.

    Malware that prevents a system booting must either be for the hell of it, or for some other reason which I would hazard a guess to be finantual.

    Couple that with turning off protection. Would seem, to me at least, that some winker is looking to make some money and is either in the repair business or data theft, but has not got the coding right.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Undies~

    "RegistryProt"?



    I have not seen it yet, but where I am, a petrodactyl attack would be more probable

    Hey, last time I looked you buggers were 30 for 3?

    I wish you well with the Americas Cup

    Johnno

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    "RegistryProt"?
    Yeh I know.. but customers have a bad habit of either answering Yes to every question or always No.. but both times complain when things go wrong..


    certainly seeing a lot of questions regarding the xxxxxDisableNotify and xxxxxxOverride detection in Spybot.. certainly that will catch a lot of people out..

    Work isnt allowing time for my forensic check of machines (unless the customer is paying for it).. so I am unable to trace back on these boxes to try to find a common source.. (it is time I moved on... I hear other admins , salary, are on more than $20 an hour for 35hr weeks.. my own business is looking more attractive every day)
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Regarding the Second Issue:

    Ok the week is only starting to get cracking and 2 more systems with the bad sector problema bit more attention and it both had the bad sector after the 10Mb point but before the 12mb.. that is a s close as I can pin point.. the prog I am useing wont give me a report of the exact error point..

    Why so may drives, why only this area of the drive? and in both these cases a shipload of Crapware..

    Is anyone else noticing this problem ..or is everyone just formattig the drives and asking no questions? or is it that margins are so tight in the repair industry that asking questions is a thing of the past?
    BTW: the age of the drives as young now as 1 month and the oldest about 18 months average age is 10 months.. mixed brands..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •