From: Leythos on
In article <op.vabo3vpma3w0dxdave(a)hodgins.homeip.net>,
dwhodgins(a)nomail.afraid.org says...
> I'll be going back over to his place on Tuesday. I expect the next
> step will be to pull the hard drive out of his computer, and put it
> in mine, as a slave, so I can scan it without whatever rootkits are
> running.
>
> Luckily he doesn't use if for online banking, or shopping!
>
> I HATE Microsoft. I expect this friend will become another linux
> convert very soon!
>

And yet, in my 30+ years of using computers, thousands of them with MS
Operating sytems, I've had exactly one malware on all of those machines
that I've used.

If the system is that old, that it takes hours to do a scan, which is
normal for many computers, wipe it and reinstall clean, the system will
most likely run faster and it will be easier for you to do the updates
and make sure that everything is applied.

I have never seen a machine where the user was always using a Limited
account that was compromised, but I've seen a lot of machine where the
user had a limited account and wasn't using that one, where they were
using the Admin account after being warned not to, and they were
compromised while using the admin account.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free(a)rrohio.com (remove 999 for proper email address)
From: David H. Lipman on
From: "Leythos" <spam999free(a)rrohio.com>



| I have never seen a machine where the user was always using a Limited
| account that was compromised, but I've seen a lot of machine where the
| user had a limited account and wasn't using that one, where they were
| using the Admin account after being warned not to, and they were
| compromised while using the admin account.


I have. They were infected through malware that took advantage of Buffer Overflow
conditions and the subsequent elevation of privileges.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Dave Cohen on
On 3/29/2010 5:39 AM, David W. Hodgins wrote:
> Spent the last 4 hours or so, at a friends place. I'd previously
> done everything I could to lock down the system, but he managed
> to get some sort of malware installed.
>
> Neither avast or superantispyware find any problems. It's an old,
> slow computer, so the scans took hours.
>
> The admin account is no longer accessible from the login screen,
> even in safe mode. Only the limited user account is accessible.
> GMER will not run, apparently due to lack of permissions.
>
> The fire wall service is not running, and can't be started due
> to lack of permission.
> The security center service is not running.
>
> This old computer has an lcd tv used as the monitor. The tv does
> not display text mode, so the bios setup screen cannot be seen.
>
> The bios is set to boot from the hard drive first, so booting from
> a cd is out.
>
> I'll be going back over to his place on Tuesday. I expect the next
> step will be to pull the hard drive out of his computer, and put it
> in mine, as a slave, so I can scan it without whatever rootkits are
> running.
>
> Luckily he doesn't use if for online banking, or shopping!
>
> I HATE Microsoft. I expect this friend will become another linux
> convert very soon!
>
> Regards, Dave Hodgins
>
>

I've never had a virus and I've used MS for years. I'm not going to get
into a back and forth MS vs Linux and I wouldn't waste much time
defending MS, but I've used both and if your user can't handle MS he
won't get very far with Linux unless all he wants to do is email and
surf the net. It is not a system ready for the non technical user, and
if you friend requires you to set things up for him, I have to assume he
fits that description.
From: David W. Hodgins on
On Mon, 29 Mar 2010 12:59:02 -0400, Dave Cohen <user(a)example.net> wrote:

> surf the net. It is not a system ready for the non technical user, and
> if you friend requires you to set things up for him, I have to assume he
> fits that description.

He's one of those users who thinks he knows a lot more than he
does. At least with linux, I can lock down the privileges to
control what he can do. For example, I can set it up so that
he can install updates from the distributions repositories, but
can't install new programs, or stuff from third parties, without
my involvement.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
From: David W. Hodgins on
On Mon, 29 Mar 2010 08:31:57 -0400, Leythos <spam999free(a)rrohio.com> wrote:

> If the system is that old, that it takes hours to do a scan, which is
> normal for many computers, wipe it and reinstall clean, the system will
> most likely run faster and it will be easier for you to do the updates
> and make sure that everything is applied.

Agreed. Means I'll have to hook up a real monitor, so I can see
the post/bios setup messages, in order to be able to change the
boot order, so I can boot from an install cd.

> I have never seen a machine where the user was always using a Limited
> account that was compromised, but I've seen a lot of machine where the
> user had a limited account and wasn't using that one, where they were
> using the Admin account after being warned not to, and they were
> compromised while using the admin account.

I'm pretty sure that's what happened here. I'd like to figure out
exactly what he did, and what malware was involved, but I think
that may just be a waste of time, at this point.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: Avira 10 Bug
Next: Avira 10 On Windows 7