Results 1 to 5 of 5

Threaded View

  1. #1
    Member Slartarama's Avatar
    Join Date
    May 2008
    Pacific Northwest

    Games changed, any new helpful ideas/tools?

    So, just to state this, I am no infosec expert. I work as a sysadmin (windows obviously). I've been dealing with malware for a long time and a few years ago I noticed the game has definitely changed. They run in Safe mode, start up in new places, encrypt themselves, block known tools from running, redirect websites etc. I That and other resources helped me see why malware was changing, and being on the frontline, I getto see it everyday.(ugh)

    So today I'm dealing with a fake AV product. WIndows_*_ AntiVirus200Whatever. So this malware is really trixie, I can't get it to die, I'm having to rename tools to run them (I.E. HijackThis, ComboFix, ProcExplorere, etc). I am going to beat this one, but the question I have is, are there any other tools or places to look in the OS to fix this, other than Malware Bytes, SuperAnti-Spyware, Hijack This, ComboFix, and all major AV software, etc that will not be brought down by things like this new baddy?

    More importantly, since I like to learn where things live, how in the hell is it redirecting every browser that I install? I see no proxies set in any browser. Is there a hidden, proprietary proxy these things run, or am I missing something in the OS that can be changed to beat this thing blocking ALL access to anti-malware websites, which is pissing me off. That is a big one, since I want to know where is it redirecting the sites from? It is reminiscent of WindwosAntiVirus2008, but fresher and better written.

    I couldn't even run certain EXEs until I ran a registry fix for EXEs that... well, I've had to do that before, someone wrote and published that, I got that reg file last year, sorry author don't remember your name. I am pretty fluent in WMI/VBS scripting, and the registry so if someone can point in the direction of where this thing is blocking sites from, I'll write my own tool. I used Autoruns to check and could find nothing out of the ordinary, I also pulled a BHO from Hijakc this, but that hasn't stopped it. Nothing in AppInit, Run Runonce, Winlogin, Startup, etc. I checked the HOSTS file too, no joy.

    Tried SDFix, Fix Wlechia, FixVundo, FixVirtumonde, ConfikerFix, etc.

    I plan on slaving the drive to get rid of the thing tomorrow, so I am not worried about beating it, I just want any help pointing me towards real time tools that I might be missing, whether they are written tools or just some part of the OS/Registry that I can edit/hack to stop this crap in the future I don't care, either would be great, but I would prefer a whole understanding of how this is happening.

    Last edited by Slartarama; August 27th, 2009 at 07:00 AM.

Similar Threads

  1. Doom
    By gore in forum AntiOnline's General Chit Chat
    Replies: 55
    Last Post: December 5th, 2005, 03:35 AM
  2. Video Game Violence Interview
    By The Grunt in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: March 5th, 2005, 07:36 PM
  3. New PS2 games
    By LarryKingSux in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: December 26th, 2003, 04:42 AM
  4. Banned Games
    By tyger_claw in forum AntiOnline's General Chit Chat
    Replies: 69
    Last Post: February 7th, 2003, 06:15 PM
  5. Cosmos Games...
    By Negative in forum Cosmos
    Replies: 15
    Last Post: March 14th, 2002, 12:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.