{"id":1181,"date":"2009-10-21T16:56:32","date_gmt":"2009-10-21T23:56:32","guid":{"rendered":"http:\/\/www.bibik.org\/blog\/?p=1181"},"modified":"2009-10-21T16:56:32","modified_gmt":"2009-10-21T23:56:32","slug":"viruses-are-malicious-buggers-these-days","status":"publish","type":"post","link":"https:\/\/bibik.org\/index.php\/2009\/10\/21\/viruses-are-malicious-buggers-these-days\/","title":{"rendered":"Viruses are malicious buggers, these days"},"content":{"rendered":"<p>The first symptom was Clare&#8217;s laptop having trouble burning a CD through iTunes. \u00c2\u00a0A few reboots later and some odd anti-virus dialogs started popping up. \u00c2\u00a0A few web searches and another reboot later, the machine was completely owned.<\/p>\n<p>Boot up was taking five times as long and was punctuated with incessant dialogs and tooltips from the system tray. \u00c2\u00a0Having tackled a few bits of malware in the past, I immediately turned to Malware-Bytes Anti-Malware and ComboFix. \u00c2\u00a0Unfortunately, the malware-writers know all about these tools and try so very hard to keep the system. \u00c2\u00a0 Here are some of the cute steps they took to keep the system in lock down:<\/p>\n<ul>\n<li>Disabled access to the Task Manager<\/li>\n<li>Disabled CD and USB drive access<\/li>\n<li>Turned off automatic updates<\/li>\n<li>Disabled all executables!<\/li>\n<\/ul>\n<p>That last one was ridiculous. \u00c2\u00a0If you could find a way to get a file onto the computer (don&#8217;t forget, no USB disks, no CDs), you couldn&#8217;t even execute the file. \u00c2\u00a0I tried all sorts of tricks and literally everything was locked down. \u00c2\u00a0Finally, a little research explained that only a few executables are allowed to run. \u00c2\u00a0If you rename your app to explorer.exe, it&#8217;ll run. \u00c2\u00a0 Using that trick and Process Explorer, I was able to kill the offending processes. \u00c2\u00a0A few registry hacks, exeFixer, ComboFix and finally Malware-Bytes and I think the system is fixed.<\/p>\n<p>Oh, who am I kidding, I don&#8217;t trust a once-rooted system. \u00c2\u00a0Time to wipe and install Windows 7!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The first symptom was Clare&#8217;s laptop having trouble burning a CD through iTunes. \u00c2\u00a0A few reboots later and some odd anti-virus dialogs started popping up. \u00c2\u00a0A few web searches and another reboot later, the machine was completely owned. Boot up was taking five times as long and was punctuated with incessant dialogs and tooltips from [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1181","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/posts\/1181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/comments?post=1181"}],"version-history":[{"count":0,"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/posts\/1181\/revisions"}],"wp:attachment":[{"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/media?parent=1181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/categories?post=1181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bibik.org\/index.php\/wp-json\/wp\/v2\/tags?post=1181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}