Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Virus/Malware Virus /Rootkits Thread, Work In Progress

views
     
eltaria
post Dec 13 2008, 12:52 PM

GO GO GO
******
Senior Member
1,039 posts

Joined: Apr 2005


Hi guys, just wondering, I'm an IT guy as well, I practice safe computing, which practically eliminates 95% of the viruses. Using non admin account, and not opening unsafe files, right click explore /disable autorun pendrives etc..

Problem is, if the virus is written effectively.
How would you know if you got hit with a virus?

Case in point is the me_cute.exe virus that some of my colleagues got hit with. In this case, the me_cute.exe virus writer actually made a mistake in the registry field, which tried to load c:\windows\system32userinit.exe
instead of c:\windows\system32\userinit.exe

Ofcourse, the file doesn't exists and windows can't load normally. which gives a tell tale sign that something is a miss, and the troubleshooting steps begins.

Whether this was a typo by the virus writer, or he did it on purpose, we'll never know. BUT if he DID typed the path to userinit.exe correctly, the girls will never even know they got hit with a virus. they'll happily reboot, and use their pc continuosly, and passing their pendrives around infecting others in the process.

Which leads me to the question, how would you know if your PC has been compromised? If the virus is written cleverly, and is local to a specific region. the latest updates on AVG8 paid version didn't even catch the virus. and uploading the file to virus total, i noticed a lot of other AVs don't even have the signature for it yet.

A virus which spreads by pendrive, properly written, limited to a specific local, KL/PJ/Ipoh. it'll be hard for people to even notice it's there until it's too late (IE the pen drive reaching our hands, and we right click, and noticed the hidden autorun.inf inside it.....)


Added on December 13, 2008, 12:57 pmIs there steps that we can do manually, to ensure our PC is safe?

Even for us IT ppl, sometimes we accidentally do double click the pendrive, and that's all it takes for the virus to get in.

In my case, I noticed it due to my firewall alerting me of outgoing communications.

Layered defense. But again, what if it escaped my firewall too, then I'd have no idea I've already been compromised.

This post has been edited by eltaria: Dec 13 2008, 12:57 PM

 

Change to:
| Lo-Fi Version
0.0190sec    0.31    7 queries    GZIP Disabled
Time is now: 28th March 2024 - 07:49 PM