Finally been caught out :(

**Kymmy** · 07-06-2009, 11:51

Show's how complacent I've been getting lately

Went to run a setup file within an ISO and just noticed as I clicked run that the dates were out of sequence...

Virus warning flashed up, locked out of registry, administrator account, internet redirected, two keyloggers, one botnet...

Instantly hit the power switch and restarted in safe mode..

Recovered registry access in GP, removed all the naughties, used hijackthis and undll to remove some more stuff

Can't figure out how the admin accoutns been locked out as all the security policies look OK..

BHO's and redirects removed from network

No data loss

Gonna back-up and re-install...

At least the only other machine live on the network looks OK..otherwise Jen would have killed me (well after I reloaded her PC she would have killed me

)

Druchii · 07-06-2009, 12:22

Where'd you get the ISO?
If it's somewhere legal you should report it to the site owners really.

Otherwise, well, glad you can reinstall.

**Kymmy** · 07-06-2009, 12:27

Quote:

Originally Posted by Druchii

Where'd you get the ISO?
If it's somewhere legal you should report it to the site owners really.

Otherwise, well, glad you can reinstall.

Errrrrr.....

/kymmy sits here twiddling her finger and 13 toes wondering why people ask where the iso came from

---------- Post added at 12:27 ---------- Previous post was at 12:26 ----------

Before anyone says anything....YEP, serves me right

even though it was only to replace a damaged disk....

Halcyon · 07-06-2009, 12:48

Virus scan everything!

Any file I download from anywhere gets virus scanned before being opened.

**Kymmy** · 07-06-2009, 12:49

I did do... but if the virus is encrypted within an installer no AV scan will find it

Anyway my Group and security policies are all over the place, so off to rebuild, catch you all later

Halcyon · 07-06-2009, 12:52

Good luck. Hope it all goes well.

Druchii · 07-06-2009, 12:57

Quote:

Originally Posted by Kymmy

Errrrrr.....

/kymmy sits here twiddling her finger and 13 toes wondering why people ask where the iso came from

---------- Post added at 12:27 ---------- Previous post was at 12:26 ----------

Before anyone says anything....YEP, serves me right

even though it was only to replace a damaged disk....

Hehe.

Innocence eh?

**Kymmy** · 07-06-2009, 15:00

Anyone now know a free AV for win7 (64 bit preferred)

Druchii · 07-06-2009, 15:03

Quote:

Originally Posted by Kymmy

Anyone now know a free AV for win7 (64 bit preferred)

Avast works.

SnoopZ · 07-06-2009, 15:21

Quote:

Originally Posted by Kymmy

Anyone now know a free AV for win7 (64 bit preferred)

I'm using the 32bit version of Comodo Firewall and it's working great on Windows 7.

Link.

[edit]

Just noticed it was an AV you were after and not a Firewall!

**Kymmy** · 07-06-2009, 15:46

Will try AVAST till I get something more permanent

DaiNasty · 07-06-2009, 16:42

Avira works too

popper · 07-06-2009, 17:29

windows?, make yourself a

UBCD4Win livecd and use the tools on there to check it again, and use one of the drive image tools to make a new backup after you get the PCs back to how you like them for next time you need to reinstall your main or a virtualBox PC later.

DriveImage XML for instance..

http://ubcd4win.com/forum/index.php?act=idx

http://ubcd4win.com/contents.htm

nicolodeon · 08-06-2009, 17:38

seen this before on a compromised machine, you need to get nordahls admin password recovery tool, look at the accounts in the SAM and you'll note that one of them has been locked, it will save you a rebuild.

PS - you could put the installer through www.virustotal.com just to make sure you've got a fingerprint of the issue, of course using SSL.... (10Mb size limit)