Fully updated system with up-to-date AV now hacked!
in [Anti-Virus]
|
Prev: Avira 10 Bug
Next: Avira 10 On Windows 7
From: David W. Hodgins on 29 Mar 2010 05:39 Spent the last 4 hours or so, at a friends place. I'd previously done everything I could to lock down the system, but he managed to get some sort of malware installed. Neither avast or superantispyware find any problems. It's an old, slow computer, so the scans took hours. The admin account is no longer accessible from the login screen, even in safe mode. Only the limited user account is accessible. GMER will not run, apparently due to lack of permissions. The fire wall service is not running, and can't be started due to lack of permission. The security center service is not running. This old computer has an lcd tv used as the monitor. The tv does not display text mode, so the bios setup screen cannot be seen. The bios is set to boot from the hard drive first, so booting from a cd is out. I'll be going back over to his place on Tuesday. I expect the next step will be to pull the hard drive out of his computer, and put it in mine, as a slave, so I can scan it without whatever rootkits are running. Luckily he doesn't use if for online banking, or shopping! I HATE Microsoft. I expect this friend will become another linux convert very soon! Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: FromTheRafters on 29 Mar 2010 06:36 "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in message news:op.vabo3vpma3w0dxdave(a)hodgins.homeip.net... > This old computer has an lcd tv used as the monitor. The tv does > not display text mode, so the bios setup screen cannot be seen. In my experience (not a professional) if you use an s-video connection, the onboard video support requires the OS for the driver. If you use the RS-232 (VGA) video cable instead of the s-video cable you can see the messages during boot.
From: David H. Lipman on 29 Mar 2010 06:43 From: "FromTheRafters" <erratic(a)nomail.afraid.org> | "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in message | news:op.vabo3vpma3w0dxdave(a)hodgins.homeip.net... >> This old computer has an lcd tv used as the monitor. The tv does >> not display text mode, so the bios setup screen cannot be seen. | In my experience (not a professional) if you use an s-video connection, | the onboard video support requires the OS for the driver. If you use the | RS-232 (VGA) video cable instead of the s-video cable you can see the | messages during boot. The RS-232 uses 9 or 25 pin D-Subminature interface VGA is a 15 pin D-Subminature and should not be called RS-232 nor confused with this old serial connector. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 29 Mar 2010 06:51 "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in message news:op.vabo3vpma3w0dxdave(a)hodgins.homeip.net... > The admin account is no longer accessible from the login screen, > even in safe mode. Only the limited user account is accessible. It might have been a trojan bomb. There is no way for me to tell, but IIRC the Safe Mode admin account is supposed to be enabled when there is no other admin account (i.e., when the last existing one is demoted or otherwise removed). A miscreant with sufficient privileges can however assign admin rights to the asp.net user account (satisfying the requirement for not needing to enable the Safe Mode admin account )and remove/demote all others resulting in the user being unable to elevate.
From: FromTheRafters on 29 Mar 2010 06:59
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:hoq09g0l9h(a)news3.newsguy.com... > From: "FromTheRafters" <erratic(a)nomail.afraid.org> > > | "David W. Hodgins" <dwhodgins(a)nomail.afraid.org> wrote in message > | news:op.vabo3vpma3w0dxdave(a)hodgins.homeip.net... > >>> This old computer has an lcd tv used as the monitor. The tv does >>> not display text mode, so the bios setup screen cannot be seen. > > | In my experience (not a professional) if you use an s-video > connection, > | the onboard video support requires the OS for the driver. If you use > the > | RS-232 (VGA) video cable instead of the s-video cable you can see > the > | messages during boot. > > > The RS-232 uses 9 or 25 pin D-Subminature interface > > VGA is a 15 pin D-Subminature and should not be called RS-232 nor > confused with this old > serial connector. Sorry, I knew it wasn't quite right but was too lazy look up the correct nomenclature. My hope was to help David W. Hodgins. I Googled "rs-232" (the only nomenclature I could remember) and "video" and got "confirmed by google" <cough> enough to make the errant post. Thanks for correcting me. |