• Anatomy of a malware

    Home » Forums » Newsletter and Homepage topics » Anatomy of a malware

    Author
    Topic
    #2363812

    ISSUE 18.17 • 2021-05-10 SAFETY By Ben Myers Things are not always as they seem. What might appear to be a devastating, PC-destroying piece of malware
    [See the full post at: Anatomy of a malware]

    2 users thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #2363815

      For the record, the ‘new’ way to get to the Folder Options and make it so that Windows shows hidden files and extensions is to click File on top of a file explorer window, then selecting Change folder and search options.
      This will bring up the same Folder Options dialog where you can opt to show everything.
      I also recommend turning at least Hide protected operating systems back on after it is no longer needed for any casual user, as otherwise they will see multiple files and folders they cannot and should not interact with.

      1 user thanked author for this post.
    • #2363849

      Great Article.  Thank you for sharing it.  I hope I never have to use what you presented.

       

      Ramsesvi

    • #2363863

      This is  the  infamous    Micro Soft Tech Support  scam.     One of many internet scams out  of India.   For more information please go to You Tube and search   Scam Baiting,   also see:   Jim Browning, Kitboga, scammer payback.    Yes,  there is a group of people fighting back.   Also see:   Scammer.info .     Billions have been lost to these scammers.

    • #2363885

      You forgot to mention the No. 1 tool (IMHO) in the fight against malware/ransomeware Image Backups. You never have to fear if you have recent Images of your drives. Just boot from a USB drive and restore the C: drive done! HTH 😎

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      3 users thanked author for this post.
      • #2364700

        As in many cases when a client’s system shows up here, they did not ever do any backup.  And, doing regular image backups are often beyond the abilities of many people who simply think of their computers as appliances to do what they need to do and no more.  To put it less delicately, the level of know-how for many computer owners is pretty low.

        2 users thanked author for this post.
    • #2363895

      I can’t get to c:\windows\temp in file explorer. I can get to C:\windows, but when I click on Temp, nothing happens.

      I can get to it via command prompt with admin privileges.

      How come I can’t get to it in Windows explorer?

      • #2363899

        If you can get to it with Admin privileges in the Command Prompt, and you can’t get to it with File Explorer using your ID, I have to ask – Is your ID a Standard User or a member of the Administrators Group?

        If you right click on Explorer and “Run as Admin,” can you access it?

        1 user thanked author for this post.
    • #2363948

      WARNING: Improperly editing file rights can trash your system, make sure you have a backup or other recovery methods before doing the following!

      One tip for harder to remove malware processes: Remove SYSTEM rights from the bad files after adding your user full rights. Reboot!

      After booting, Windows won’t have access to the bad files, but you can go back and then delete them! I’ve used this trick a few times in the past.

      Today, I prefer to wipe the system as what you see could only be the tip of the security iceberg: There could be multiple layers of malware installed and you can’t always see all of them. Technology makes it easy to make custom malware on-the-fly, making such malware undetected by normal security software.

      I prefer to see security malware as an alarm system: If you see something, the system is now compromised and under someone else’s control. Only a complete forensic analysis can reveal the extent of the compromise, something most users can’t do.

      So, if you find something, burn it and start over!

      Martin

      • This reply was modified 4 years ago by ve2mrx. Reason: Clarity
      1 user thanked author for this post.
    • #2364007

      Thank you for this post. I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them (Word files, music files like “la Tempesta di Mare”…)

      1 user thanked author for this post.
      • #2364702

        The temp string is not an issue.  I cannot ever recall an issue with doing a Select All followed by a Delete from the %temp% folder.  If a file is in use, the Delete function will tell you and you can skip its deletion.

        Further, one needs to ask how music, Word, Excel or other files have found their way into %temp%, and whether or not there are more permanent files elsewhere.  After all, the %temp% folder is for files and folders that are temporary.

      • #2364707

        I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them

        It’s not a filename search. %temp% is a folder, as the article explains.

        2 users thanked author for this post.
    Viewing 6 reply threads
    Reply To: Anatomy of a malware

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: