Vocal Voices

Then you are in a world of pain.

Mine ran out during the day on Friday. I bought another one on ebay for £21 but had to wait until Saturday for the key to arrive.

In the interim, I went to a usual site, downloaded something fairly normal and wound up with nearly 90 infections on my machine. Also I wound up with a shopper redirect on my IE which was not amusing me at all.

After getting my key, downloading no end of malware removal tools and using revo to do a bunch of in depth app removals, I finally found a Trojan killer which found that the default IE open command in the registry had been hijacked. Since it wanted money to remove anything, I went to the registry key by hand, only to find that it had actually removed the hijack even though it wanted cash to do the work.

What I did notice during the work to get the crap out of the system is that Lavasofts AdAware has moved from being one of the best tools I've used to being one of the most useless. Malwarebytes, one of the very best you could get couldn't even find the registry hijack and, although it did find a bunch of smaller stuff, didn't actually do very much for me.

Spyware Hunter was pretty good at finding stuff but wouldn't do a thing without money and the previously mentioned Trojan killer found all the left overs from the removals I'd already done, but only one live entry which was the IE home page hijack.

Now I won't pay for software I can't fully verify and, in short, I don't need most of this software. It just clashes with Norton and causes havoc. Whilst Norton did not find any of these infections (possibly because by the time I had the key installed most of them were gone), the key point is that with Norton in place I don't need to find all these infections because I simply never get them.

Now I'm having to rebuild all my passwords and stuff I removed when I reset IE. Pain in the knackers but my own fault. I will now have to write down the date I bought the key and put it in my calendar with a 1 week alarm on it.....

Interestingly I found it infected Firefox and also can infect Chrome and Safari. So anyone who thinks they are safe because they don't use IE is deluding themselves. Although it was easier to get it out of Firefox and then I was able to use Firefox to research fixes and download appropriate tools. One of the reasons I never rely in a single browser.

So, in the words of my brother, "I enjoyed making that mistake so much I decided to do it all over again". Although, in mitigation, I haven't had an infection like this in over a decade.

My fault. Shall slap myself around the head all day until I go back to work on Monday. Because it seriously messed up my Saturday as I spent most of it cleaning out my Laptop...

I have been using this for about a year and it has proved to be a bit of a star. If going to possible scareware sites it has a sandbox from which you can extract files and do virus/malware checks on them before deciding whether to keep them or not.

Sadly this one was an exe, purporting to be a keygen. It was completely non malignant according to every scan. When it opened, it connected to several sites and started populating files, apps and registry keys. All to areas which were open to my account without escalation and locked open by background running apps which could block later AV scans......

Norton blocks that because it monitors not only the network activity but the activity of the app itself in memory and in the registry. As soon as it starts to do weird stuff like that it is blocked then deleted, the apps are not allowed to lock the files and no further scans are needed to clean it. No other form of scanning works and I have the heuristics set to pretty aggressive. Only real time scanning of running apps and network activity can block this kind of attack....

Needless to say I need this kind of security because of the type of sites I go to. But, then again, it becomes very useful if a legit site like wordpress is hacked (as has been before).

Another small part on this journey.

Spywarehunter 4. Avoid it. Whilst it does do scans, it inflates the results to scare the user. Also it did detect that something had been in my DNS changing addresses (which others did not), but it failed to resolve the issue without payment and went on popping up a box over and over again as if I was infected over and over again. Which was not true.

Software like that should be stamped out.

I had one other issue. Namely that nothing could totally get rid of my DNS changed addresses because I had an outstanding TCP/IP configuration issue in the registry. My registry settings were corrupted and Windows was (not so conveniently), loading them from backup on ever boot without warning me.

I'm pretty certain the adapter problems happened with an early version of the Displaylink network driver which seemed to screw my IP settings. I just never put the time into going and fixing it.

In the end I had to delete all the registry parameter settings for my adapters and reload them. Then I was able to get the configuration right and flush the DNS cache (none of the tools even suggested that or did that), so that all the malware DNS servers were removed from the system.

It's been a bit of a journey. Anti Virus, Anti Malware and all of that are no good once something gets into your system. They will take you some of the way but you have to have the skills to take it back to a cleaned system if you want to finally get out all the stuff that is in it.

It goes back to what I've believed for a decade now. The only way to deal with infections is never to have them in the first place...

I have Norton installed, but lately I have had one or two very strange Emails.
Two were from websites I'd never heard of, saying that I owed them various
amounts - over £1,000. Of course I deleted the messages immediately. The
Internet is, no doubt, a very useful tool, but it is full of crooks. It's time the
United Nations, or some international organisation clamped down on them.

Aggers, these phishing emails/sites are very clever. They crop up without notice, and once they have achieved what their creators wanted they disappear again. Even the best Internet security suites, such as Norton, can only really play catch-up to help us eradicate them. The first call is mainly up to us.

You did the right thing in deleting the suspicious emails, especially if you did it by visiting your webmail online - gmail, hotmail, Yahoo, GMX or similar. However, the next time you notice one mark it as Spam on your visit to your webmail service (see * below) before deleting it. That flags it up for others.

If you download mail to a client on your own computer, say Thunderbird or similar, and you notice one of these suspicios emails do not open it. * Go to your webmail service and view it there, open it in 'Message source' if possible. If it is a phishing mail first mark it as Spam, then Trash it, then delete it. Once that is done simply delete it from your computer's e-mail client.

It is becoming harder to work with these criminals. I received a mail supposedly from ebay today. However the subject and content was simply not credible. It looked very much like an ebay mail. But there was one very simple difference. Ebay always uses my first name in all communications, this mail used my ebay display name. That is the first indication of this kind of scam.

It was even more difficult than usual to diagnose because the mail address was @email.ebay.co.uk. If you know these things, you would know that all ebay mail addresses are [name]@ebay.co.uk. So even if it was from an account called email it would have been email@ebay.co.uk.

But for the uninitiated, extremely hard to diagnose even if they do all the right things. I looked at the header and checked out the sending servers (hard to diagnose for those who do not know) and it was even harder than usual to detect. They had even gone to the lengths of locally naming their servers as if they were ebay internal servers. A very sophisticated attack indeed.

In cases like this only the old standby is possible to protect you. Which is that you never Ever click on a link to a site like Ebay or your Bank, from an unsolicited email. You always exit the mail and log into your system directly. I have had one instance where an unsolicited mail was sent to me and it really was the real deal. It was when paypal UK was hacked and they ripped $998 from my account (refunded without issue).

It is very difficult to police this. Imagine that instead of having to pay for each letter you send, you buy a service which allows you to send unlimited letters. Then imagine how many scams would do this. But you would have to imagine that paper ink and envelopes were free and that the return address would be a ship which could move out of port and change it's name and shape before popping up in another port and doing the same thing all over again. Now imagine it's 50,000 ships doing this. Then imagine trying to police it.

Granted in some ways it's easier to police the internet as you don't need people on the ground. But it's harder because the scam send time is seconds and the ability to move can be as low as minutes..

No matter what the UN wants, the genie is out of the bottle on the internet. Either we accept total surveillance or we accept that the Internet is the wild west. Even China is not having much luck with restricting criminals from working on the Internet....

Thankfully the "don't do this and don't do that, but do do this and do do that" message is getting through.

We have a pretty savvy group on VV, who most often deal with these things in the best way. They also pass on information of possible scams they have received. It is that sort of community working together which can help to keep us safe.