[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4762: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4764: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4765: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4766: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
ClanKiller.com - View topic - my encounter with a malicious website
It is currently Fri Nov 22, 2024 2:09 am



Reply to topic  [ 11 posts ] 
my encounter with a malicious website 
Author Message
Felix Rex
User avatar

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
Reply with quote
Post my encounter with a malicious website
Ok....so, as you may have guessed, I had a close encounter with a malicious website. I was using a WinXP box with SP1...no patches beyond that. No firefox was installed, so I used an unprotected copy of IE to hit a website...and I hit a malicious one.

I got a crapload of pages open, my desktop filled with links to porn sites and shit, and I knew I'd been whacked. So, I deleted the icons and closed all the windows.

I then right-clicked to go to task manager and see what was running. However, task manager was grayed out. so I hit ctrl-shift-escape (the task manager hotkey) and was told that it was disabled by policy. Great.

Whatever, I went back online, grabbed firefox, then used it to hit the systeinternals website to download . For anyone that doens't know about it, that's an awesome app...I use it all the time. Kind of like task manager, but on some sort of mega-steroid crack.

Anyway, I unzip it, run it....crash. Something was fucking with it. Fine. I download adaware next. I figure I'm mainly looking at spyware/adware. The application downloads, but when I try to launch the installer, it crashes.

Wonderful. So I reboot into safe mode. Adaware installs now, but of course I don't have internet capability. so I scan with 107 day old definitions and nab around 100 items. Woooo. After cleaning, I reboot back into regular mode.

Adaware launches ok, but process explorer still craps. So I update adaware and run it again. More crap is nabbed, but I still can't access task manager and I still can't launch process explorer.

so I grab spybot S&D. This one installs ok in normal mode, but hung when downloading updates. so I rebooted back into safe mode, scanned the system, cleaned some more crap up (we're at around 120 objects now), then rebooted back into regular mode. I'm now able to update the application, so I do that and scan again.

However, shit is still fucked up. Getting a bit agitated, I download AVG antivirus from GRISoft. After installation, it immediately freaks out about a trojan, which I let it kill. I do all the updates, then run a scan...around 80 objects detected, most of them various trojan horses.

After cleaning with AVG, I reran adaware and spybot S&D, cleaning up a few more items. After another reboot, I do some more scans (AVG, adaware and spybot) and everything is coming up clean. I can now run task manager, and I can run process explorer. Using those apps. I see a process running that's bad, so I killed it and downloaded hijackthis.

Hijackthis finds a few more bad things floating around, including a DLL I had to whack on reboot. However, at long last, it looks like I've managed to completely clean my system. For a bit I was tempted to wipe the box and just reload, since everything important was already saved on DVD. However, I'm pretty confident everything is good to go now.

BTW...I think I may right this experience up into a guide, with screenshots and instructions on using the various apps. I feel fairly powerful now. :)

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.


Sat Sep 03, 2005 8:22 pm
Profile WWW
King
User avatar

Joined: Wed Apr 16, 2003 2:18 pm
Posts: 1976
Location: Sexy Town
Reply with quote
Post 
Dude, boot to safe mode with networking. End of story.

I always use www.trendmicro.com, to run anti-virus scans. It does WAY better than scanning from your computer(even though I hav Bullguard-the best antivirus protection there is)

Also, might I suggest PURCHASING windows so you can update it?

_________________
Contrary to popular belief, America is not a democracy, it is a Chucktatorship.


Sat Sep 03, 2005 11:02 pm
Profile ICQ YIM
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 2:17 pm
Posts: 7721
Location: Centre of the sun
Reply with quote
Post 

_________________
"Well a very, very hevate, ah, heavy duh burtation tonight. We had a very derrist derrison, bite, let's go ahead and terrist teysond those fullabit who have the pit." - Serene Branson


Sun Sep 04, 2005 3:59 am
Profile
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
Reply with quote
Post 

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts


Sun Sep 04, 2005 4:04 am
Profile WWW
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 2:17 pm
Posts: 7721
Location: Centre of the sun
Reply with quote
Post 

_________________
"Well a very, very hevate, ah, heavy duh burtation tonight. We had a very derrist derrison, bite, let's go ahead and terrist teysond those fullabit who have the pit." - Serene Branson


Sun Sep 04, 2005 4:14 am
Profile
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
Reply with quote
Post 

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts


Sun Sep 04, 2005 5:18 am
Profile WWW
Minor Diety
User avatar

Joined: Mon Mar 31, 2003 7:23 am
Posts: 14892
Location: behind a good glass of Duvel
Reply with quote
Post 

_________________
"I find a Burger Tank in this place? I'm-a be a one-man cheeseburger apocalypse."

- Coach


Sun Sep 04, 2005 10:30 am
Profile
Felix Rex
User avatar

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
Reply with quote
Post 

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.


Sun Sep 04, 2005 1:01 pm
Profile WWW
Minor Diety
User avatar

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
Reply with quote
Post 
yeah, it sucks that Firefox doesn't like to do windows updates. I wish someone would release a plug-in fixing that.

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts


Sun Sep 04, 2005 1:38 pm
Profile WWW
Felix Rex
User avatar

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
Reply with quote
Post 
that's not really a problem. Windowsupdate uses activex, which is inherently unsafe and evil. And proprietary, I think. It's a microsoftism. It's ok, you can get all those updates manually if you know where to look.

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.


Sun Sep 04, 2005 8:11 pm
Profile WWW
Minor Diety
User avatar

Joined: Mon Mar 31, 2003 1:43 am
Posts: 4320
Reply with quote
Post 
lol loving the antivirus site redirection ;) At least you got it sorted. hehe me and Mole woulda been screwed in that situation. A couple of viruses... no problem. But 200+... thats a lil more than our technical brains can cope with ;)

You should sort out Moles brothers computer. now that'd be a challenge for you :P hehehe


Mon Sep 05, 2005 2:19 am
Profile WWW
Display posts from previous:  Sort by  
Reply to topic   [ 11 posts ] 

Who is online

Users browsing this forum: No registered users and 36 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware.