pharaoh fortune slot
ExamNotes.net
Welcome, Guest. Please login or register.
November 19, 2017, 02:23:24 AM

Login with username, password and session length
* Home Help Search Login Register
+  ExamNotes.net
|-+  CompTIA
| |-+  i-NET+
| | |-+  inet+ not good enough for virus attack
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: inet+ not good enough for virus attack  (Read 8167 times)
EllenD2
Member
Jr. Member
**
Offline Offline

Posts: 64

0


View Profile WWW
« on: June 13, 2004, 07:46:55 PM »

I just got hit by the Zestyfind/Spotresults ad virus
on my home win98 computer.
It seems I answered yes to "Do
you want to install this browser
update" from Nic Tech Networks.
Now ads are popping up every
10 seconds even when I'm not
connected to the Internet (gives
"Work Offline" dialog box).
Spyware programs are doing nothing.
What cert can help me?
Logged
DaDnDe
Senior Member
Hero Member
*****
Offline Offline

Posts: 917

0


View Profile WWW
« Reply #1 on: June 16, 2004, 02:21:47 PM »

never never never agree to anything that is delivered by popups.

here is a computer i worked on last week



 

the only way to fight adware, malware, spam etc is to simply not participate. always close a popup by clicking on the "X" in the corner. (keep in mind that some popups will install a program even if you say no to what they are offering.)

an even bigger problem stems from letting these programs get a foothold in your system. they can dig in so deep that it will soon become nearly impossible to clean them out. one program i dealt with recently installed a program that checks to make sure that the parent program is still installed on every bootup and will reinstall the program if it detects any of its program files missing.
« Last Edit: June 16, 2004, 02:30:23 PM by DaDnDe » Logged

"Nuchi du takara"
"Life is a treasure"

http://www.besttests.com
EllenD2
Member
Jr. Member
**
Offline Offline

Posts: 64

0


View Profile WWW
« Reply #2 on: June 16, 2004, 07:49:30 PM »

Thanks for the advice.

You may have the same virus.

What I really need is a good
lawyer because implementing a
phony shell of Windows is not
what the popup stated - it said
"Browser Update" from Nic Tech
Networks.  This is causing me to
waste a lot of time deleting
the virus files (which either
state Nic Tech Networks as the
author or give no creator at all)

The virus takes up so much memory
that some of the Windows system
programs like Control Panel either
take a very long time to come up
or some of the icons don't appear
at all.
Logged
freak
Moderator
Hero Member
*****
Offline Offline

Posts: 9021

2


View Profile WWW
« Reply #3 on: June 30, 2004, 12:11:56 PM »

run Highjack This! to see what's grabbing your browser and where the pop ups are coming from Smiley It's a free download, and along with a good anti-virus, it will help you clean up that box. Great software, running HT is a must. I do it on a regular basis at all my customers as a value-add, and you'd be amazed the amount of crap I find on their boxes... actually, you wouldn't be, I am sure you have seen it first hand in the real world too! Cheesy
Logged

Freak, MA, M.Ed., Net+,I-Net+, Security+, CEH, CEI, CCA, CCNA, MCP+I, MCSA, MCSE NT, MCSE 2K, MCT

iCertify dot net
: Free Forum, quizzes, study guides...

FreakNotes.com: free subnetting, DHCP, Network Security study guides! Also 120-page Security+ book and 100+ page Network+ book!

InfoSecWeb.com
jennie313
Member
Jr. Member
**
Offline Offline

Posts: 66

0


View Profile
« Reply #4 on: June 30, 2004, 12:28:30 PM »

I've really come to love spyware and adware because things like this give me such good job security.  Clients love you when you clean up pop ups and such for them.  Encountering this will give you great experience and you will soon learn that Hijack This can be your best friend.
Logged
freak
Moderator
Hero Member
*****
Offline Offline

Posts: 9021

2


View Profile WWW
« Reply #5 on: June 30, 2004, 09:31:19 PM »

I'd rather bill them for doing something constructive on their network, though...
Logged

Freak, MA, M.Ed., Net+,I-Net+, Security+, CEH, CEI, CCA, CCNA, MCP+I, MCSA, MCSE NT, MCSE 2K, MCT

iCertify dot net
: Free Forum, quizzes, study guides...

FreakNotes.com: free subnetting, DHCP, Network Security study guides! Also 120-page Security+ book and 100+ page Network+ book!

InfoSecWeb.com
DaDnDe
Senior Member
Hero Member
*****
Offline Offline

Posts: 917

0


View Profile WWW
« Reply #6 on: July 01, 2004, 02:01:05 PM »

i 2nd that. i get a great sense of worth when i can show someone a better or faster way to do something they do everyday on a system that is already working fine. i find that many times, people take it rather personally when i fix a computer that has viruses and such. i guess i put too much emphasis on how simple it can be to eliminate 90% of their security problems.

but there are the ones who wont change their method even if it will save them time; they are just creatures of habit afrraid of change.

then there are the others who practically idolize you. its the latter that really make my day:p
Logged

"Nuchi du takara"
"Life is a treasure"

http://www.besttests.com
freak
Moderator
Hero Member
*****
Offline Offline

Posts: 9021

2


View Profile WWW
« Reply #7 on: November 01, 2004, 12:28:49 PM »

Quote
Originally posted by DaDnDe
i guess i put too much emphasis on how simple it can be to eliminate 90% of their security problems.



that's why I wrote a document called 10 easy network security rules Smiley
Logged

Freak, MA, M.Ed., Net+,I-Net+, Security+, CEH, CEI, CCA, CCNA, MCP+I, MCSA, MCSE NT, MCSE 2K, MCT

iCertify dot net
: Free Forum, quizzes, study guides...

FreakNotes.com: free subnetting, DHCP, Network Security study guides! Also 120-page Security+ book and 100+ page Network+ book!

InfoSecWeb.com
corndog
Junior Member

Offline Offline

Posts: 28

0


View Profile
« Reply #8 on: January 08, 2005, 04:49:48 AM »

the only programs i use are adaware, norton antivirues 2005, and tiny personal firewall. i tell friends this all the time but they dont seem to understand (not pc savvy). this is what you need to do if your gonna be online imo. 99% of the time the exe will be running in your processes. enter task manager and get to know your processes. i know that i have 27 processes when i first boot my machine. if my pc slows down at all, i check my processes and easily pick up anything suspicious. just to be sure, do a google search on the exe and make sure its illegitimate before you make any attempts to remove it. also 99% of the time, the exe wont let you remove it. reboot in safe mode and delete it. when you search for the file, make sure you check the hidden files and folders box. also if the file is named something like bargain.exe, just do a search for bargain. most of the time there will be more files than just the exe that need to be removed. just my 2c, this method works great for me.
Logged

a guy builds a hundred bridges and nobody calls him a bridge builder...
freak
Moderator
Hero Member
*****
Offline Offline

Posts: 9021

2


View Profile WWW
« Reply #9 on: January 10, 2005, 06:49:15 PM »

I hear good things about the beta anti spyware tool that MS is distributing these days...
Logged

Freak, MA, M.Ed., Net+,I-Net+, Security+, CEH, CEI, CCA, CCNA, MCP+I, MCSA, MCSE NT, MCSE 2K, MCT

iCertify dot net
: Free Forum, quizzes, study guides...

FreakNotes.com: free subnetting, DHCP, Network Security study guides! Also 120-page Security+ book and 100+ page Network+ book!

InfoSecWeb.com
kool_gall1991
Member
Jr. Member
**
Offline Offline

Posts: 61

0


View Profile WWW
« Reply #10 on: October 03, 2005, 05:15:18 PM »

i think windows should start off with a spyware blocker or firewall....once i installed windows xp and as before i could do the system updates and virus updates i had a virus (i was online maybe 30 secodns when i got the sasser error message).
Logged

EllenD2
Member
Jr. Member
**
Offline Offline

Posts: 64

0


View Profile WWW
« Reply #11 on: October 04, 2005, 09:39:34 AM »

Windows XP has a firewall.
The following is info on how
to activate it:
http://support.microsoft.com/default.aspx?scid=kb;en-us;283673
Logged
obeel65
Member
Jr. Member
**
Offline Offline

Posts: 50

0


View Profile
« Reply #12 on: October 20, 2005, 09:19:16 PM »

I've found that if you have a good idea about what time period you became infected
that by using the Search or Find tool you can check to see what Files/Folders were created at that particular time period and narrow down the Culprit Parent File with some detective work....
Logged
EllenD2
Member
Jr. Member
**
Offline Offline

Posts: 64

0


View Profile WWW
« Reply #13 on: October 22, 2005, 09:33:17 AM »

I already did that and found out that the virus was launching from multiple locations in the Registry using bogus WINDOWS startup files like explorer.exe. When you deleted the bogus explorer.exe, the virus just re-downloaded it from the virus web site. (The bogus Windows files were also part of the TCP/IP setup when you first brought up the Internet! over 54 of them!
The virus company was Nic Tech Networks originally but later they deleted their name when you did a right-click, Properties, on the file and looked at the Company name!)
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!