×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

I want a virus .com
5

I want a virus .com

I want a virus .com

(OP)
I'm still not satisfied that I've got a sure fire way of cleaning machines of the AV2009/ AV2010 virus. Seems a bit hit and mis, with combos of Malwarebytes, SpyBot, AVG etc. etc. Best way seems to be to remove drive and as a slave drive run scans then boot it up and scan again. I'd like to experiment to find a reliable 'disk in' sollution, so would like to catch the virus on a test machine.
Strange I know but how can I go about deliberatly infecting myself with the latest and greatest viruseses?
Confused of St Albans

RE: I want a virus .com

I haven't seen that you need anything more than MBAM to get rid of MOST malware.  Failing that (or if that fails) there's GMER, RogueFix, ComboFix, SDFix, CWShredder and then bootable CDs (such as Avira or BartPE with Mcafee plug-in).

But as I said, most malware is vanquished by MBAM - game over.  If you want to be sure, you can run a scan with the updated AV on the machine that let the threat through (somewhat tongue-in-cheek) but maybe worthwhile.

In terms of catching a malware on purpose - that's perverse, but I understand.   Try searching for XP Antivirus 2009 and go to the links.

RE: I want a virus .com

(OP)
Hi Goom, I agree Malwarebytes is good - if you can get it to run. I find on 'bout half the machines infected that Malwarebytes wont load or if it'll load, wont run.
Ta

RE: I want a virus .com

Then is you haven't already tried this? Re-name the MBAM executable.

Most malware only has one line of defence against a scanner like MBAM and that is to prevent it from running.
They can only really do this by watching the windows stack for the application name.
If its different its much harder to block.
 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: I want a virus .com

I have personally tried renaming it before, that never works for me.  It still does not work once malware attacks it.  I have been able to rename the installer before to get it to install though.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

RE: I want a virus .com

e-freak, that is the ticket... the installer needs to be renamed not the installed app, as you have noted Malware has already blocked it...

with really badly infected systems, well there is only one way to deal with that, NUKE the drive using DBAN or ActiveKillDisk (nothing survives a DoD 7 pass wipe), then reinstall the OS...
 

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

RE: I want a virus .com

2
I use rkill first, then launch Malwarebytes stuff, that seems to negate most of the issues I've had with these virus'.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 

RE: I want a virus .com

Running GMER and RogueFix will usually get you to be able to run MBAM.

As stated, starting in safe mode, renaming the installer file and renaming the MBAM.exe executable all help in getting it to run.

Rather than nuke a machine, I'd have that Bart PE CD always ready with Mcafee plug-in and/or the Avira Rescue CD.  Even if you only scan the Documents and Settings folder and the Windows folder (to save time) it will usually get the nasties that are keeping MBAM from running.

RE: I want a virus .com

Thanks for mentioning rkill, Davetoo.  I don't recall hearing about that one yet, but it sounds like a good tool to keep handy.

Here's a link to that one:
http://www.bleepingcomputer.com/virus-removal/remove-security-tool

It's between a third and half-way down the page.

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

Neither have I actually.  Going to try it out next time I deal with that infection.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

RE: I want a virus .com

Now I just need an infected computer to test it on.  Oh, if only I had a virus!  LOL

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

What are people's opinions about malwarebytes with regards to type of scan? I've been reading recently (don't have the link) that it's been suggested to run only a quick scan and not a full scan.

RE: I want a virus .com

The quick scan is really fast, and the full scan seems really slow.  I have found things with the full scan that the quick scan did not pick up.

I'd recommend a quick scan as soon as it's installed, and then a full scan if you think you need it later.  If its on your home computer, you could always start the full scan, walk away, and just check back on it whenever you get back to your PC.

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

My problem with full scans on any anti-malware software has always been that they pick up some of my network tools as potential spyware. Most of those tools can be used for nefarious reasons but I need them to prevent people from braking into our network.

My rule of thumb is do a full scan when installing new software, otherwise I do a quick scan. If the quick scan picks up something I do a full scan.
 

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: I want a virus .com

Thanks both for your fast feedback; stars* for both.

RE: I want a virus .com

Check out UBCD4WIN.com, It's a Bert Pe with a lot of good sanners added.  I use to do my own Bert Pe that was a lot of work.  UBCD4WIN is and easy way to go.  I have NOD32, Betdefinder, FileWalker , malwarebytes spyware S&D, super antispyware to name a few that boot and run from the CD and I have not fould any thing that I have not been able to clean yet.

RE: I want a virus .com

Yeah I used ubcd4win as well.  Very good cd.

2ffat - Why not tell the scanners to leave the folder with the tools alone?  I had to do that with a certain folder of mine.  Has tools in it that set off antivirus if I do not tell it to leave alone.  Password recovery, keyfinders, etc..

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

RE: I want a virus .com

So, on the UBCD4win disk, how do you make sure the virus definitions are up to date?  I suppose you can load network drivers into that same CD as well, so you can connect to the web?

I really do need to give that a try, sounds like a winner to me!

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

the UBCD4win disk is NOT a BART PE CD (not BERT).  It's a linux-based bootable CD with applications integrated into it.

Bart PE is made from a bare bones set of Windows XP software to make it bootable and also to be able to run tools.  They're as different as a Zebra and a Skunk, but they both have stripes, if you see what I mean.

RE: I want a virus .com

Okay, I know BART PE, but what is BERT?  Or was it a typo?

As far as the UBCD4win, does it run within Windows, or is it a bootable Linux, distro, to look like Windows then?  That's got me curious, b/c from the looks of it, it looked like it did the same or similar thing as the Bart PE type setup...

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

Bert is like when Ernie says, "Hey Bert" on Sesame Street.  Unless it's something new that I need to look into and it was NOT a typo.


UBCD4win is a bootable LINUX CD and it doesn't look anything like Windows.  It has menus with multiple layers (motherboard tools, hard drive tools, etc. each with it's own sub menus) to do all kinds of wonderful tests on the mobo, CPU, memory, hard drive etc.

I couldn't even live without one.  Mostly I use the hard drive testing utilities from the major manufacturers and the memory diagnostic toos.  It boots up in about 5 seconds.

Bart PE looks a lot like a stripped down but different looking windows.  You have to create it yourself and all the plug-ins that you want to use, so it takes longer to create and customize.  It also takes about 5 minutes to boot depending on the PC and how many functions you have enabled.

I use it for remote registry editing, copying/deleting files, running chkdsk, running Mcafee all against a non-bootable hard drive in the PC.   This is even more useful to me than the UBCD.

RE: I want a virus .com

Thanks for the summary, goombawaho.  I've used UBCD at times, but never looked at UBCD4win that I can remember.  And the Bart PE deal, I've just not taken the time to customize.  Those are some other things I need to add to my to do list... or maybe I should now call - wish to get done before I die list?  Maybe the bucket list?  Or some other name - Getting Started Early (I hope) Bucket List? wink

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

I had been under the impression that these two were the same product just using different names - they are not.  All of my comments were pertaining to the first one listed below and NOT ubcd4win.  It is entirely different but it looks very useful as well.  I would encourage you to get a Bart PE cd working though.

http://www.ultimatebootcd.com/          Linux-based
 
http://www.ubcd4win.com/              Windows-based

So, I'm only an "expert" on the first one listed and what it can do for you.  The second one listed IS based on Windows and similar to XP.

Sorry for not noticing/catching the difference in the names of the tools!!!!!!!!!!   I'm just floating along and not thinking apparently.

 

RE: I want a virus .com

That's okay.  Seems that's a requirement to be able to work on PCs.  ;p

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

The ubcd4win to me is very similar to bartpe, as I have used both. The ubcd4win just seems to have most tools already added in it for you.  It has things I have been trying to do for a while.  It has tools in it that allow you to modify any part of the entire registry.  Where as other tools I have put on bart pe myself, only allowed me to modify certain sections of the registry.

I have found many many useful tools in ubcd4win.  From what I understood, they build it from bartpe as well.  I may be wrong though, thats just what I have understood.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

RE: I want a virus .com

There's a plug-in for BartPE to be able to edit the entire registry on the problem hard drive.  Don't have the link....  useless.

RE: I want a virus .com

Quote:

Why not tell the scanners to leave the folder with the tools alone?  I had to do that with a certain folder of mine.  Has tools in it that set off antivirus if I do not tell it to leave alone.
I do but I it seems like every time they do a major update to one of my scanners, the older options disappear. BTW, I use a variety of scanners.
 

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: I want a virus .com

Yeah so do I actually, but never had that problem.  Although the only program that ever picks up the folder is antivir.  Malware bytes, super antispyware, and others leave it alone.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon

RE: I want a virus .com

@ jamesbird and electronicsfreak:

Sorry I missed this thread when it was fresh.  I'm an independent PC tech, and I crave sharing good info with peers, but I don't get much opportunity.

1.)  The vast majority of IT techs focus on using automated tools to clean infections.  I have found that to be extremely time-consuming and inefficient.  Consequently, I have developed a method of cleaning a wider variety of viruses by a combination of manual and automated techniques.

2.)  The primary first step is using UBCD to boot a pre-shell environment, then using the included tools to locate and delete the core components of the infection.  Then I reboot the system to safe mode and use standard automated applications to mop up the leftover "trash".

3.)  I am increasingly seeing scareware infections installed by more than one method.  i.e.  I have seen IS2010 installed in ways that are easy to clean, AND that are very difficult to clean.  

As yet, I cannot say if this is because the infection was stopped before it "dug in deep" -- or because the infections originated from different sources that used different methods.   My gut feeling is that independent malware-hackers are developing different ways to install the same package.  (For a price, of course.)

However, I *am* certain that "fixed" methodologies for cleaning these kind of infections are becoming increasingly unreliable -- as the methodologies for installing these infections mutate too rapidly.

 

RE: I want a virus .com

ronin77,

What is your definition of automated?  The tools on UBCD, to the best of my knowledge, are no different than the Windows-based downloads currently available... that is, they are all automated in the sense that the program searches for the infection, tells you what it finds, and fixes it upon approval to do so.  I don't see anything manual about that.  It is a different method, as Windows isn't allowed to boot, but it's definitely not manual.

Even if you look at something like HiJackThis, it's automated to an extent - of course, you'd be a fool to just accept any changes it mentions without manually checking them out.  wink

If there's a more "manual" tool that I'm forgetting, let me know.

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

I don't think anyone relies on a truly "automated" method - it's more art than science.  You have to look at what's going on and running on each PC, then choose your weapon.

Having said that, MalwareByte's Anti-Malware has fixed everything I've seen in the last 1.5 years, except for two things.  I ALWASYS run it first after killing off suspicious processes and/or booting to safe mode if required.  It's "automated", works great, is free and hasn't screwed up one PC yet.

Plus it hardly ever crashes if the computer is half-way stable.

Then using a combination of Autoruns, RootRepeal, GMER, RogueFix, etc., etc., you have to roll with the punches for the really weird/persistent stuff.   I'd throw in ComboFix, but it sort of does it's own thing and you don't have much control over what it does, so BIG caution flag there about running it on every PC as standard procedure.

Bottom line - every PC is different.  Different hardware, software and malware running on it.  Some are just tougher to fight than others.  But having a standard procedure (cleaning out temp files, looking at startup items, running your favorite anti-malware) is what I do on EVERY PC.  Then I start to see if anything else is lurking or tyring to reinstall itself.

If you're so confident of your methods, please write up a White Paper for all of us.  I'd read it.

RE: I want a virus .com

As far as actually getting a virus, searching for warez or something on Google ought to bring more than one of those sites that say "content may be harmful".  I'm sure they woudld be willing to infect you with something.  

RE: I want a virus .com

Good point.

Or of course, there's always the method of just opening up a PC to the wild - no router, no firewall, etc.. shouldn't take more than 15 minutes TOPS!

wink

--

"If to err is human, then I must be some kind of human!" -Me

RE: I want a virus .com

I define "manual" as any tool that does not make distinctions between normal and hostile components, and completely relies on the expertise of the user to decide what elements to delete or modify.  

I consider HJT a "manual" tool for exactly that reason.  All it does is report components from specific areas of the registry.  It does not make assumptions about the nature of any of them.

The only "manual" malware removal tool I use on UBCD is EZ-PC Fix.  Basically, it's a specialized registry editor, focused to assist technicians to locate and cripple core viral components.  Used within a PE, it's sort of like HJT on steroids.  (...Although it could use some updating to include new areas of the registry that are being commonly exploited.)

Anyway, I'm not qualified to "write a white paper", nor would I have time if I were inclined.  I was just trying to offer some alternative thinking and experiences on the subject.  Since it doesn't seem to be well received here, I'll shut up.

 

RE: I want a virus .com

Missed a post from Goom that I have to respond to here:

UBCD is NOT a Linux CD.  It is a Windows Pre-Environment based on BartPE.

RE: I want a virus .com

Yeah - If you look further up in THIS very thread, I recanted on my mis-categorization.

I'm on top of my mistakes more than my responsibilities.

RE: I want a virus .com

Quote:

As far as actually getting a virus, searching for warez or something on Google ought to bring more than one of those sites that say "content may be harmful".  I'm sure they woudld be willing to infect you with something.

Very true, and although I'm not a particular big fan of McAfee anti-virus, the McAfee http://www.siteadvisor.com/ can be quite useful...although does it merely warn of the obviouspimp

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close