1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning - Nasty fucking malware that KASPERSKY missed

Discussion in 'BlackHat Lounge' started by loclhero, Dec 12, 2009.

  1. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    Well fuck me, what a week. Just a heads up that even if you're running KIS you might not be as safe as you thought. Kaspersky wasn't able to stop this irritating-as-fuck-all trojan/malware from giving me a pre Christmas headache. I'm on day 4 of trying to clean up this mess and I'm still not sure if I'm good.

    I'm not educated on trojans and all but what I'm figuring is that basically, I picked up some big assed bundle of malware that seems to have quite a few little viruses or trojans or whatever. I believe the main executable is av_md.exe which is the file for "Antivirus Live", a bullshit antivirus prog that keeps popping up and telling you that you are infected with all kinds of shit.

    The noob will see this and of course click on "clean now" which takes you to their site where they'll sell you more bogus crap. The problem though is that this fucker corrupted my KIS database, would not allow me to update by overriding the proxy that KIS uses to update and any attempt to use regedit was overridden. Additionally, it placed a ton of other shit on my hd.

    I found a few sites that were pretty much up to date on this thing but their solutions to fix it were useless.

    After a couple of emails with Kaspersky who admitted that KIS was not equipped to deal with it, they directed me to use "Malwarebytes" which seems to have taken care of it. This then allowed me to update KIS and run it.

    My fear though is that it's still in here and there's a key logger of some kind. Since I do banking on this computer (I know, stupid), I'm concerned with a security breach. So I'm now using some crappy, old laptop for those purposes. Looks like I finally get that new Toshiba I want. :rolleyes:

    So even though there are numerous sites advising on how to fix this, Kaspersky still doesn't even have it on their virus list.

    I guess if I was more savvy on trojans and all I could have fixed it quicker but what a pain the ass this has been.

    Just my little warning.
     
    • Thanks Thanks x 3
  2. djedje70

    djedje70 Regular Member

    Joined:
    Feb 5, 2008
    Messages:
    239
    Likes Received:
    252
    Location:
    none of ur fr#$%ing biz dude!!!
    I ran into something similar years ago.

    Basically, there was a hidden process that would rewrite the trojan into the registry db. So no matter what I would do, it would just be there all the time.

    Format and install might be the way to go.
     
  3. ebikerz

    ebikerz Regular Member Premium Member

    Joined:
    Dec 18, 2007
    Messages:
    414
    Likes Received:
    115
    Occupation:
    Air Force Civilian, Mechanic
    Location:
    USA
    Any idea where you picked it up at, so I can avoid it.
     
  4. grodt

    grodt Newbie

    Joined:
    Sep 6, 2009
    Messages:
    26
    Likes Received:
    6
    Once your machine is compromised, you can't trust it. Do a clean install wiping down the hdd.

    This is why I always use and recommend a limited account to do your daily stuff on the computer, this still means you can install software but only if you explicitly right hand click and say ?run as administrator? or run it from admin cmd box.

    Think of it as always wearing a condom, knowing you're always going to get laid.
     
  5. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    My best guess is that it was at a site that had free wp themes but I cannot recall which one. If I can backtrack I'll post it. I d/l'ed a wp theme zip file but never even opened it so I'm guessing it was on the site itself. If that's even possible. That was the last thing I did of any note before all hell broke loose.
     
  6. cool0403

    cool0403 BANNED BANNED

    Joined:
    Dec 29, 2008
    Messages:
    565
    Likes Received:
    718
    Okay first of all loclhero, its bad to only have 1 installation of windows xp in your computer and furthermore have all your files in that installation.

    What i always do is have atleast 2 windows xp installations on my computer, and sometimes i even go further in having linux.

    You should always have your main installation of windows xp. This is where you do most of your work and stuff and have most of your files. Now if you are like me and fear of losing your work to those stupid viruses , then you should partition your hard drive and make enough room to put another installation of windows xp. Its honestly pretty easy steps.

    Now if you fear of someone stealing your information, you should definitely encrypt your data.

    Use this http://www.truecrypt.org
    It works like a charm .

    Use Partition Magic 8 to partition your hard drive, you can get it here
    http://thepiratebay.org/torrent/3406299/Norton_Partition_Magic_8.05___serial.zip
    This torrent has no viruses , i ve downloaded over 10 times because i ve lost tons of copies in my hard drive.
     
    • Thanks Thanks x 2
  7. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road

    Great info. Well I've already pretty much decided I'll be getting a new laptop. This box I'm using is going on 5 yrs old and I've been fed up with it for some time. So assuming this all holds true for Windows 7, it seems like a no brainer to partition the hd.
     
  8. BillyMac856

    BillyMac856 Newbie

    Joined:
    Oct 12, 2009
    Messages:
    24
    Likes Received:
    68
    That sucks man I feel for ya, you said you think you got it from a site that you downloaded free wp-theme from and didn't even open the file, damn they're some fucked up people anymore man. Deliberately doing that to someone, I know you'd probably like to meet up with the jerk-off that did that to ya right about now huh, lol
    That sucks, sorry to hear that man, if you remember where you got it or ya find out make sure ya post it.
    SeeYa,
    Billy
     
  9. cool0403

    cool0403 BANNED BANNED

    Joined:
    Dec 29, 2008
    Messages:
    565
    Likes Received:
    718
    Oh thats perfect, but try to have atleast one windows xp installation. XP in my opinion is the most stable windows( i dont like vista never did, but i dont know about windows 7 am going to give that one a try)

    Now what i like about truecrypt is that you can hide information inside the crypted information. So it works like this.

    Suppose you have a encrypted container file of 100 mb. Well you can have a secret encrypted container file inside the 100mb file. So its like having a hidden key to another container file , but its nearly impossible or should i say impossible for most of all to figure out the hidden container inside the encrypted container.

    I always have a big container of 5 gb, and have 1 hidden 1gb container inside the 5 gb that contains just porn and nudity. The other 4gb are just normal files but still files that are too personal and dont like ppl seeing them, but i worry more about the porn and nudity, obviously most of the porn and nudity is acquired from hard work and its used for promoting black hat methods. And some wackin here and there lol.
     
  10. cheesecake

    cheesecake Regular Member

    Joined:
    Jan 12, 2009
    Messages:
    270
    Likes Received:
    229
    Browsing with Firefox and Noscript addon will avoid anything like that getting on your computer.
     
  11. Paper-Boy

    Paper-Boy Elite Member

    Joined:
    Jun 17, 2009
    Messages:
    5,116
    Likes Received:
    1,821
    or run your downloads on vmware.
     
  12. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    All I ever use is FF. Not familiar with the addon but will check it out.
     
  13. j0b0123

    j0b0123 Regular Member

    Joined:
    Oct 30, 2009
    Messages:
    262
    Likes Received:
    218
    Occupation:
    professional trader - stocks, forex, futures
    Location:
    Las Vegas, USA
    Home Page:
    I too got the same bullshit on my laptop. I actually had it fixed where any av scan found nothing. Then I downloaded a zip file from a legit site (download.com), unzipped it and somehow the virus reattached itself to the exe. When I installed the program, within a few min the same bullshit started happening again, saying xxxx is infected, do you want to run AV now?

    Now it is possible it was hiding in memory or some part of drive that was missed, but I made sure when I was cleaning it the computer WAS NOT connected to the internet. I even used boot disk to run windows rather than boot the computer as usually you have far more luck removing stuff. I used 4 separate AV programs repeatedly to clean, when nothing more came up, I booted computer up, seemed fine, even hijack this real time scan found nothing out of ordinary.

    Now its totally borked again, does not boot right so I get to spend my day fixing it yet again.
     
  14. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    Wow...well I'm all into porn but I never keep any. In all honesty, this old box has about 1gb of hd and I've got about 70% left. But I do like the idea of running a version of xp along with 7 when i get the new laptop.

    Just wondering though, rather than partition the hd (and considering how little space is used on my hd) could I just install xp onto an external drive? Or even on this computer, I have most of my images on a 500gb external. I could go and buy a huge external hd for practically nothing and install xp on there. Yes? no?
     
  15. tywebb

    tywebb Regular Member

    Joined:
    Dec 8, 2008
    Messages:
    226
    Likes Received:
    144
    Location:
    In the fairway
    Your working on a box with a 1gb HD?!?!

    Wow, you are an old timer ;)
     
  16. appleman

    appleman Regular Member

    Joined:
    Oct 30, 2009
    Messages:
    358
    Likes Received:
    97
    sounds like a ppi company to me..and no anti virus/program can remove their code honestly....they always leave somethin behind undetected...
     
  17. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    LMAO....well lets put it this way "Ty" ;)
    I was twenty FUCKING five when Caddyshack came out!

    Seriously though, this thing was new in early 2005, and has made me more money in the past 3 years than most people can imagine. I've been lucky or blessed or both and have never been a toy or tech geek so I always figured wtf, it works.

    Be the ball Danny, be the ball
     
  18. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    My thought exactly. Looks like I'll just be using this one for BHW
     
  19. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    My brothers computer had a simpler problem a couple months back where he did the noobie thing of actually thinking he needed to download the software to get rid of the viruses made it 10 times worse.
    I just Googled it and several people have had the same problem so it was quite easy once the viruses let me on the internet.... lol

    Personally i don?t think i could trust my pc after that i'd just wipe my computer clean. Totally wiping your hard drive is best i heard someone say in college if u use a strong magnet and run it across the hard drive it totally wipes everything but im not sure if it will do damage to the hard drive, so i wouldn?t advise it
     
    Last edited: Dec 12, 2009
  20. triggershot

    triggershot Registered Member

    Joined:
    Sep 15, 2008
    Messages:
    52
    Likes Received:
    69
    I actually had the same problem yesterday, a similar virus, but it had a different name, but it was doing the same type of stuff. I hope I got rid of it though.