-
November 24th, 2009, 09:16 PM
#1
Huytebesy4ko redirect....
Uhg. I've got a staff member who has IE7 and no matter what link she clicks on it redirects her to another site. Down in the info bar it always has redirect http:huytebesy4ko.net - I did a virus check and found over 500 infected files which happily have been deleted/quarentined. gone through the registry, but haven't been able to find the annoying virus. Any help? (Normally I would format the system, but the lady freaked and began crying) I'll format if I have to, but would prefer not being on her **** list.
-- thanks.
Because I am a woman, I must make unusual efforts to succeed. If I fail, no one will say, "She doesn't have what it takes"; They will say, "Women don't have what it takes".
Clare Boothe Luce
-
November 25th, 2009, 09:02 PM
#2
Not really a good time for emotion...Don't risk your job or the network.
Grab critical data and wipe it.
-
November 26th, 2009, 01:37 AM
#3
Do you have Spybot S&D? The Immunize feature and a full scan would probably help since not onyl will it scan for stuff an AV product sometimes misses (Not as much of an issue today with AV companies also giving out Spyware and cookie detection options, but still a thought) and the Immunize will also go to the hosts file and make it a bit more locked down, and of course it locks down IE, Firefox, and Opera so that this kind of thing is harder to get infected with if it's an infection.
You could also have them use Opera with Spybot so that they're not as likely to infect themselves. If they complain about your efforts, tell a boss what they did and how they're a huge risk to the network, and that you could clean it up, that way you've got the CYA principles down.
If all else fails, all users appreciate a disk format
-
December 6th, 2009, 12:50 AM
#4
Originally Posted by techtech
Uhg. I've got a staff member who has IE7 and no matter what link she clicks on it redirects her to another site. Down in the info bar it always has redirect http:huytebesy4ko.net - I did a virus check and found over 500 infected files which happily have been deleted/quarentined. gone through the registry, but haven't been able to find the annoying virus. Any help? (Normally I would format the system, but the lady freaked and began crying) I'll format if I have to, but would prefer not being on her **** list.
-- thanks.
Being a Business PC - and as much as it pains me: ss2chef hit the nail..
the business network and data is more critical than the time cost of format and clean install:
there were tutorials here stepping through the procedure to image an installation. this give you a half hour turn-around on a system recovery - Also having all data on a server or on a separate partition of the HDD eases the pain of such an operation - and enable the ability for regular updated images of the OS and apps
As for cleaning: You have a browser hijack, as simple as changed DNS settings, Spybot is OK for lite infections. BUT in this type of situation I use a tool called Combofix (you need to talk a trained consultant ), then follow with either Superantispyware or Malwarebytes to clean the mess.. then depending on the results there are numerous tools to complete the task.
As there is a chance of RAT (Trojan infection) I normally monitor an infected PC's network activity in case of a still hidden infection.. (That is why We recommend the Clean install)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
December 6th, 2009, 02:20 AM
#5
I've never heard of Combofix, but I'm assuming there is a huge ballpark of these things I haven't since I don't really use Windows very often. What did you mean by the consultant part?
-
December 6th, 2009, 07:23 PM
#6
Hmmmmm,
What did you mean by the consultant part?
Basically Combofix is quite a specialist tool and you need to understand it to use it safely, and effectively. In a way it is a bit like HijackThis! log interpretation
In this situation I feel that save, reformat and reinstall is the only recommendable option.
A variety of other approaches might include using Linux/Unix bootable media and rat hunting/saving. Otherwise just install a new "C" drive and slave the existing one..............kill the OS and browser on the old drive
I like Malwarebytes as a general cleaner...........make sure to update it and run it in safe mode
This does not sound as if it is "that bad", although I would say that if you found 500 instances of malware, then the box has been pretty much exposed?
-
December 7th, 2009, 08:37 PM
#7
Ahh, that's what I thought was meant. I'm not to up to date on some of these tools in use right now. I do have Windows here, like on my laptop I have Windows XP loaded right now as I was playing Wolfenstein, but my situation was normally "OK, grab Ad Aware, update it, scan, and use AVG" but now Ad Aware seems to have gone down hill, so I use Spybot S&D, and all the browsers are immunized, and I also have AVG, the newest version, the free one, and that for me is enough because I do the following:
1. I install patches. I don't let Windows Update even check for them because it's REALLY annoying when you first turn on the computer and need to do something (Especially for a Laptop) and you're sitting there waiting like "OK, what is taking so long??" and then you see that Windows Update is going off, your Anti Virus Software is going off, and then after 5 minutes you see "New Windows Updates Available...New Virus Definition files Available.... New Java Updates Available....New Flash Updates Available.".... And if you're not plugged in, your battery is going to be half dead by the time that crap finishes up and a lot of it is going to need a reboot. When you reboot, it starts again where you need 5 or 10 minutes to sit there waiting because it all runs again to check for more updates. So I turned all of it off.
Just last night I was playing DooM 2, and kept lagging for some reason, only to find that the Definitions Database was running for a long period of time, and Div X was trying to update too. That drives me nuts, so I turn all of them off and then check for updates manually.
2. I don't do a lot of web browsing on Windows unless it's well known like Wikipedia, here, and a few other trusted / trust worthy web sites.
3. My Email has good filters and Spam stuff, so when I actually DO use Windows for email, which isn't often, I'm careful.
Those things tend to make your machine safe enough that you don't have to look any further than freely available AVG which now also checks for Spyware / Mal Ware, and other threats online, and Spybot which also works enough for my needs.
-
December 8th, 2009, 01:08 PM
#8
-
December 8th, 2009, 11:00 PM
#9
Originally Posted by nihil
Gore my friend,
I guess I am reading between the lines here, but if you have a work computer with 500 malware on it, you are pretty soon looking for a new job?
Gotta be an EVP or senior management?
Time for a new laptop, and let the brats play with the old one until it dies.
Give her Vista with a limited account, full UAC and a few other little goodies I can think of
Shouldn't be a problem as she should not be attempting to install software or change settings on a work computer? Hell! if you don't take control then the lunatics will fetch up running the asylum?
Please check this out:
http://www.tallemu.com/
I might also be inclined to go to IE8 and use a different browser And DO save your bookmarks/favourites manually
Lol, yea, if you have a computer that you use at work and isn't your computer.... And you have THAT much crap on it, I'd assume anyone below manager would be screwed.
I've thought about it for a long while where users are concerned:
While the Cat is away the mice will be morons and try to stick their heads in the trap even when there is no Cheese
Similar Threads
-
By cheyenne1212 in forum Microsoft Security Discussions
Replies: 9
Last Post: July 24th, 2007, 03:30 PM
-
By ba0 in forum Web Development
Replies: 4
Last Post: June 13th, 2005, 12:12 PM
-
By jintao in forum Newbie Security Questions
Replies: 3
Last Post: August 23rd, 2003, 12:39 PM
-
By dantesheaven in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: July 31st, 2003, 03:54 PM
-
By hellbringer87 in forum Site Feedback/Questions/Suggestions
Replies: 1
Last Post: June 24th, 2002, 05:08 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|