I want a virus .com 5

[jamesbird]

I'm still not satisfied that I've got a sure fire way of cleaning machines of the AV2009/ AV2010 virus. Seems a bit hit and mis, with combos of Malwarebytes, SpyBot, AVG etc. etc. Best way seems to be to remove drive and as a slave drive run scans then boot it up and scan again. I'd like to experiment to find a reliable 'disk in' sollution, so would like to catch the virus on a test machine.
Strange I know but how can I go about deliberatly infecting myself with the latest and greatest viruseses?
Confused of St Albans

 

[goombawaho]

Bert is like when Ernie says, "Hey Bert" on Sesame Street. Unless it's something new that I need to look into and it was NOT a typo.


UBCD4win is a bootable LINUX CD and it doesn't look anything like Windows. It has menus with multiple layers (motherboard tools, hard drive tools, etc. each with it's own sub menus) to do all kinds of wonderful tests on the mobo, CPU, memory, hard drive etc.

I couldn't even live without one. Mostly I use the hard drive testing utilities from the major manufacturers and the memory diagnostic toos. It boots up in about 5 seconds.

Bart PE looks a lot like a stripped down but different looking windows. You have to create it yourself and all the plug-ins that you want to use, so it takes longer to create and customize. It also takes about 5 minutes to boot depending on the PC and how many functions you have enabled.

I use it for remote registry editing, copying/deleting files, running chkdsk, running Mcafee all against a non-bootable hard drive in the PC. This is even more useful to me than the UBCD.

 

[kjv1611]

Thanks for the summary, goombawaho. I've used UBCD at times, but never looked at UBCD4win that I can remember. And the Bart PE deal, I've just not taken the time to customize. Those are some other things I need to add to my to do list... or maybe I should now call - wish to get done before I die list? Maybe the bucket list? Or some other name - Getting Started Early (I hope) Bucket List?

--

"If to err is human, then I must be some kind of human!" -Me

 

[goombawaho]

I had been under the impression that these two were the same product just using different names - they are not. All of my comments were pertaining to the first one listed below and NOT ubcd4win. It is entirely different but it looks very useful as well. I would encourage you to get a Bart PE cd working though.

http://www.ultimatebootcd.com/

Linux-based

http://www.ubcd4win.com/

Windows-based

So, I'm only an "expert" on the first one listed and what it can do for you. The second one listed IS based on Windows and similar to XP.

Sorry for not noticing/catching the difference in the names of the tools!!!!!!!!!! I'm just floating along and not thinking apparently.

 

[kjv1611]

That's okay. Seems that's a requirement to be able to work on PCs. ;p

--

"If to err is human, then I must be some kind of human!" -Me

 

[electronicsfreak]

The ubcd4win to me is very similar to bartpe, as I have used both. The ubcd4win just seems to have most tools already added in it for you. It has things I have been trying to do for a while. It has tools in it that allow you to modify any part of the entire registry. Where as other tools I have put on bart pe myself, only allowed me to modify certain sections of the registry.

I have found many many useful tools in ubcd4win. From what I understood, they build it from bartpe as well. I may be wrong though, thats just what I have understood.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

 

[goombawaho]

There's a plug-in for BartPE to be able to edit the entire registry on the problem hard drive. Don't have the link.... useless.

 

[2ffat]

Why not tell the scanners to leave the folder with the tools alone? I had to do that with a certain folder of mine. Has tools in it that set off antivirus if I do not tell it to leave alone.

I do but I it seems like every time they do a major update to one of my scanners, the older options disappear. BTW, I use a variety of scanners.


James P. Cottingham
^{I'm number 1,229!
I'm number 1,229!}

 

[electronicsfreak]

Yeah so do I actually, but never had that problem. Although the only program that ever picks up the folder is antivir. Malware bytes, super antispyware, and others leave it alone.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

 

[ronin77]

@ jamesbird and electronicsfreak:

Sorry I missed this thread when it was fresh. I'm an independent PC tech, and I crave sharing good info with peers, but I don't get much opportunity.

1.) The vast majority of IT techs focus on using automated tools to clean infections. I have found that to be extremely time-consuming and inefficient. Consequently, I have developed a method of cleaning a wider variety of viruses by a combination of manual and automated techniques.

2.) The primary first step is using UBCD to boot a pre-shell environment, then using the included tools to locate and delete the core components of the infection. Then I reboot the system to safe mode and use standard automated applications to mop up the leftover "trash".

3.) I am increasingly seeing scareware infections installed by more than one method. i.e. I have seen IS2010 installed in ways that are easy to clean, AND that are very difficult to clean.

As yet, I cannot say if this is because the infection was stopped before it "dug in deep" -- or because the infections originated from different sources that used different methods. My gut feeling is that independent malware-hackers are developing different ways to install the same package. (For a price, of course.)

However, I *am* certain that "fixed" methodologies for cleaning these kind of infections are becoming increasingly unreliable -- as the methodologies for installing these infections mutate too rapidly.

 

[kjv1611]

ronin77,

What is your definition of automated? The tools on UBCD, to the best of my knowledge, are no different than the Windows-based downloads currently available... that is, they are all automated in the sense that the program searches for the infection, tells you what it finds, and fixes it upon approval to do so. I don't see anything manual about that. It is a different method, as Windows isn't allowed to boot, but it's definitely not manual.

Even if you look at something like HiJackThis, it's automated to an extent - of course, you'd be a fool to just accept any changes it mentions without manually checking them out.

If there's a more "manual" tool that I'm forgetting, let me know.

--

"If to err is human, then I must be some kind of human!" -Me

 

[goombawaho]

I don't think anyone relies on a truly "automated" method - it's more art than science. You have to look at what's going on and running on each PC, then choose your weapon.

Having said that, MalwareByte's Anti-Malware has fixed everything I've seen in the last 1.5 years, except for two things. I ALWASYS run it first after killing off suspicious processes and/or booting to safe mode if required. It's "automated", works great, is free and hasn't screwed up one PC yet.

Plus it hardly ever crashes if the computer is half-way stable.

Then using a combination of Autoruns, RootRepeal, GMER, RogueFix, etc., etc., you have to roll with the punches for the really weird/persistent stuff. I'd throw in ComboFix, but it sort of does it's own thing and you don't have much control over what it does, so BIG caution flag there about running it on every PC as standard procedure.

Bottom line - every PC is different. Different hardware, software and malware running on it. Some are just tougher to fight than others. But having a standard procedure (cleaning out temp files, looking at startup items, running your favorite anti-malware) is what I do on EVERY PC. Then I start to see if anything else is lurking or tyring to reinstall itself.

If you're so confident of your methods, please write up a White Paper for all of us. I'd read it.

 

[BigRed1212]

As far as actually getting a virus, searching for warez or something on Google ought to bring more than one of those sites that say "content may be harmful". I'm sure they woudld be willing to infect you with something.

 

[kjv1611]

Good point.

Or of course, there's always the method of just opening up a PC to the wild - no router, no firewall, etc.. shouldn't take more than 15 minutes TOPS!



--

"If to err is human, then I must be some kind of human!" -Me

 

[ronin77]

I define "manual" as any tool that does not make distinctions between normal and hostile components, and completely relies on the expertise of the user to decide what elements to delete or modify.

I consider HJT a "manual" tool for exactly that reason. All it does is report components from specific areas of the registry. It does not make assumptions about the nature of any of them.

The only "manual" malware removal tool I use on UBCD is EZ-PC Fix. Basically, it's a specialized registry editor, focused to assist technicians to locate and cripple core viral components. Used within a PE, it's sort of like HJT on steroids. (...Although it could use some updating to include new areas of the registry that are being commonly exploited.)

Anyway, I'm not qualified to "write a white paper", nor would I have time if I were inclined. I was just trying to offer some alternative thinking and experiences on the subject. Since it doesn't seem to be well received here, I'll shut up.

 

[ronin77]

Missed a post from Goom that I have to respond to here:

UBCD is NOT a Linux CD. It is a Windows Pre-Environment based on BartPE.

 

[goombawaho]

Yeah - If you look further up in THIS very thread, I recanted on my mis-categorization.

I'm on top of my mistakes more than my responsibilities.

 

[manhunter2826]

As far as actually getting a virus, searching for warez or something on Google ought to bring more than one of those sites that say "content may be harmful". I'm sure they woudld be willing to infect you with something.

Very true, and although I'm not a particular big fan of McAfee anti-virus, the McAfee

http://www.siteadvisor.com/

can be quite useful...although does it merely warn of the obvious