PDA

View Full Version : How do you get infected with "Personal Security" and the likes?



Chilling_Silence
10-03-2010, 10:34 PM
I've got a client who's been infected by "Personal Security", but they've got no idea how.

They swear black and blue they were using Firefox at the time, and only on Facebook, nothing more? They mostly just do Facebook and Emails, that's about it.

Security Essentials is installed and up-to-date too...

Oh well, off first thing tomorrow to fix it.

Just thought I'd ask the most common ways people are infected?

Cheers


Chill.

Speedy Gonzales
10-03-2010, 10:43 PM
Probably with a file sharing program. Or not checking Google/Yahoo before installing something. Some people wouldnt have a clue, what theyre installing.

It looks like a firewall / security program, they install it. They don't actually check whether its malware or not. By the time they do find out, it's too late, they're infected. And even if someone has installed something like Avast / MSE etc, do they know how to use it??

You'll be surprised how many people think it sits in the background, and detect all kinds of malware, and removes it by itself. People dont actually update it, (some may update automatically, some may not), or scan the whole hdd with it. And wonder why or how they were infected

Renmoo
10-03-2010, 10:45 PM
Wares, clicking on fraudulent links (can be quite prominent on Facebook at times).

Sweep
10-03-2010, 11:27 PM
We don't know...

I spent a fair time today on another computer getting rid of malware and trojans and viruses. He had Avast 4 installed which I noted had not been updated since Nov 2009.

Running Legal XP SP3.

First was to update AV and then scan 17 put in the chest. So far so good. Still running very slow so dumped Avast and installed MSE and full scan. That found more.

Install Glary Utils and that found more crap.

Posted HijackThis log on PressF1 and did what was advised by Speedy ( Thanks again )

His printer was not working and he really wanted to print an Email which I had already put on a USB stick. Downloaded printer drivers for my Printer and was going to install but they crapped out saying expected file not found. Deleted all printers and uninstalled same.

He had also said that he had no sound but everything was fine here speakerwise.

I had noticed that NTI DVD and other DVD software like PowerDVD had been installed in spite of the fact that there was no internal DVD writer installed but maybe there was an external one hanging around I had not noticed.

CMOS battery was dead as when I powered up at my place it insisted that the date was
1st Jan 2003.

But he had not done anything he says. He admits that his daughter has visited and also his son.

Anyway it's fixed now.

As an aside he wanted to know if all the updates etc would keep on coming while he is away and the computer is turned off at the wall and whether he could access the emails on his local computer from Holland.

PinoyKiw
11-03-2010, 07:32 AM
I fixed a computer a few years ago for a elderly gentleman. He was one of these born again, church every day souls, never did anything wrong, saw evil around every corner sort of person.

Pop ups and real sluggish computer and other problems.

Asked him if he had installed anything which he answered no. What did he use the computer for, oh, just the odd email and read on line newspapers and visit some church related sites.

Ok.

He didn't want the computer taken away and he made sure he watched my every move even though he had no idea what I was doing.

Quick look through the cookies and other folder, this was back when Win98 or WinME was still the Operating system, could see that he had been visiting sex sites galore, while he made coffee quickly found where he had saved his files and it was chocker full of images of, well, lets say nudity to keep it simple. He did have a AV program that had never been updated and he had never done a scan, he thought the program took care of all that, after all, this was a computer and he had a firewall but I suspect he just clicked allow for everything if it had ever prompted him.

I just told him that the problems were terminal, easiest way was to format it, saved his address book and the few emails he had and wiped it, loaded Windows installed a new AV and Firewall and left him to visit his *church related sites*.

I beleive it wasn't long before he had more problems but he took his *business* else where as I hadn't done my job properly in ensuring he had no further problems.

As if I could have waved a magic wand over his computer .............

wainuitech
11-03-2010, 08:02 AM
Some times you dont have to be doing anything wrong at all- you can get hit by a Drive-By Download (http://en.wikipedia.org/wiki/Drive-by_download)

It DOES happen , in fact I saw it first hand last year when SWMBO was showing me some outdoor furniture on a site, just scrolling through and WHAM - Nod32 stopped it dead in its tracks and pops up with a warning saying some antivirus program tried to install.

My son also got hit last year and he was simply playing runescape - Once again Nod stopped it - thats when he came and got me to ask what to do.

pctek
11-03-2010, 08:34 AM
I fixed a computer a few years ago for a elderly gentleman. He was one of these born again, church every day souls, never did anything wrong, saw evil around every corner sort of person.

it was chocker full of images of, well, lets say nudity

I just told him that the problems were terminal, easiest way was to format it, saved his address book and the few emails he had and wiped it, loaded Windows installed a new AV and Firewall and left him to visit his *church related sites*.
.
I tell them.
I point out it makes them more of a target and if they are going to do warez/porn/p2p then they need to be updating and scanning all the time.

You should have told him why.

PinoyKiw
11-03-2010, 08:58 AM
I usually would tell them why I beleive they had got infected and tell them about safe computing but this is one person who would have read back to me word for word the bible backwards. He was such a good person, never did any wrong.

While I did the job for free, someone further down the line would have made money, from what I heard, he was always getting his computer *fixed*.

wainuitech
11-03-2010, 09:05 AM
In cases like that - finding porn etc, and "no ones Been on those sites at all" ;)

As Pctek mentioned, I point it out, and show them what the problem was/is, BUT dont actually accuse anyone directly, Just say Somehow or someone has been to those sites, possibly without your knowledge and infected the PC.

Its a indirect way of saying -- Theres the problem now dont do it again or it will happen again -- If they dont listen , OR say something like " its only me on the PC" then they are more or less saying it IS them -- then its not your fault.

pctek
11-03-2010, 01:48 PM
As Pctek mentioned, I point it out, and show them what the problem was/is, BUT dont actually accuse anyone directly, .

I say, doing these things on the net makes you more of a target.
I don't say it was them, but I don't say it wasn't either.
I don't say anyone, just mention the activities.........

Anyway this morning, I had a business customer who totally ignore everything I'd said 2 years ago, uninstalled whatever AV I put on then, bought the latest Nortons, installed it, it then complained about something so he rang me to fix it.
I told him how it was with Nortons, he said well I bought it now, you come over and sort it, I said no.
So he gave in and asked me to sort the PC (a whole nother thing), so I went over and found he'd got the XP AV thing, clicked it, and then GAVE THEM his credit card number.

Nortons wasn't even mentioning it (and all the others) existence as usual.

Geez.


In the process of disinfecting it now, it has loads of infections.....

Chilling_Silence
11-03-2010, 02:44 PM
I just removed Personal Security from one yesterday, and then shortly after posting that I get an email from my grandfather asking for help with it. Malwarebytes sorted him, with over 600 infections, I think it did a good job :)

Agent_24
11-03-2010, 07:39 PM
Probably with a file sharing program

But using P2P programs does not automatically mean you will get a virus, you have to be silly enough to download a virus first.

If you see something like "GTA4 FULL VERSION CRACKED.EXE" and it's 55KB it's obviously a virus.

The real game is about 14GB or so.

Speedy Gonzales
11-03-2010, 07:43 PM
I know that. Most are silly / stupid enough to download / run an exe file with a virus in it. I havent come across a system yet where its infected and a P2P program hasnt been on it

pctek
11-03-2010, 09:03 PM
If you see something like "GTA4 FULL VERSION CRACKED.EXE" and it's 55KB it's obviously a virus.

The real game is about 14GB or so.
You think if you download a large file you're safe? They can pack the virus or whatever into the real file too you know.

Blam
11-03-2010, 09:14 PM
You think if you download a large file you're safe? They can pack the virus or whatever into the real file too you know.

You're missing the point.....its got nothing to do with how big or small the file is, its the fact that a 55KB file is probably not the real game but a virus)The name is supposed to attract n00bs)....

And I disagree that P2P sharing causes the majority of viruses, IMO its just the websites you visit and *questionable* things you do on the internet that leads to....:eek:

And scareware ads.

Blam

Agent_24
11-03-2010, 09:51 PM
You think if you download a large file you're safe? They can pack the virus or whatever into the real file too you know.

Of course I know that - For example I have seen No-CD cracks which are not the real executable file, but are in fact a self-extracting archive which contains the real executable and a virus as well.

I'm sure you know as well as I do that there are many more ways than that though...