Hav0c
-
Posts
333 -
Joined
-
Last visited
Posts posted by Hav0c
-
-
nice one @LuLu
i have two black Labs that would make over-qualified Tech Support members if that was the job description.
-
I use MAC filtering by only adding the MACs manually the other thing is using a long complex passkey.
Yes Mta and Andavari it's shocking to see how people do not change the default login username/password, wifi SSID and passkey
Doest this count as "Layered security" ?
-
Sitting and wonder if anyone even use Hardware security ex Hardware firewalls.
I know a router can be seen as Hardware protection but what else ?
-
The software you downloaded from that site Tel may contain Conduit and/or SweetPacks and is certainly not a recommended CCleaner download site, nor has anything to do with them.
Scan your pc with a few different things until you are certain you are not in trouble.
Some recommended tools we users use that may help you scan your PC can be found here
-
It's only a small less than 5mb folder and simply a scanner. Uses the usual resources most scanners do which in this case is about 70% of CPU and 2mb memory.
Has two scan levels and is reasonably quick, although I would advise you research anything it finds. Like most rootkit scanners it goes pretty deep and can find unusual items such as hidden files in the prefetch folder (XP), and I mean files that don't show up with show hidden and system files set.
Got some mixed feelings about AVG Anti-Rootkit, I have noticed the CPU usage is a bit high but understandable for this sort of tool and a lot less memory usage then I thought.
I have a virtual PC dedicated to the running of viruses, malware and rootkits and the testing of AVs and Anti-Malware software. So I know for a fact that it has some weird stuff running on it and this is the best part AVG Anti-Rootkit detects NOTHING
. Not even when I run both tests 10min apart. But Malwarebytes Anti-Rootkit, RootkitRevealer and Autoruns does indicate there are entries. Makes me wonder about AVG in general 
:unsure: . -
KIS, mbam, admuncher, malware domain(adblockplus)
i think mbam can replace cwshredder(last update 2005)
gmer can replace rootkitrevealer(last update 2006)
hijackthis - a dev already porting hijackthis vb6 source code v2.0.5 beta to c#
hope it will be a success to replace hijackthis and OTL(seem no longer developed)
All Rootkit are commonly installed under the same locations, RootkitRevealer even thou out of date still does a very good job in looking at the most obvious locations Rootkit are installed and is still fast.
My bad in posting a "new" post and not update the one above
. -
I don't use traditional Anti-Malware software. I prefer to write/maintain my own security solution, which monitors the system in real-time (similar to WinPatrol). When an .exe, .bat, .dll or .com file is added to the system, or modified, my app sends it to a ClamAV server running on my network. Checksums are also compared against VirusTotal.
As my security app does all its processing externally and has no user interface, the memory usage is minimal. 9MB at idle.
I also keep Malwarebytes installed, but I haven't used it for months.
So your application makes a "snapshot" of the file or of your system ?
Isn't your network a bit on the busy side if every file is send to the ClamAV server and then back ?
-
I have disable unneeded services and AutoPlay capabilities.
-
A thing that I didn't mention was, Deep Freeze can be set up with a "save zone" where users can save data that will not be affected by the reboot.
Ask the Admins if they didn't set up a "save zone" or can set one up for future use.
-
Hello and welcome to the forums.
The place where I studied used Deep Freeze. It's a very, very solid piece of software !
My understanding of how it works is it locks all files pre installing of Deep Freeze. Once the system starts and you work on it ALL modifications done to the PC will be undone after you restart the system. In other words the system will resort back to the state when Deep Freeze was installed.
All the files saved prior to installing Deep Frees to the system will be erased for good and you will not be able to get them back as Deep Freeze secure erase the files.
I personally think that Deep Freeze was developed in the mid set of always having a stable testing system to work on no matter how hard you try to modify it.
-
MBAM free version, and Malwarebytes Anti-Rootkit. The latter is a beta.
Standalone version of AVG Anti-Rootkit: (All paid versions of AVG include the Anti-Rootkit).
Also still a fan of SpywareBlaster.
In your opinion DennisD, Is AVG Anti-Rootkit anything like their AV, heavy on resources and bloated ?
Going to try out the Anti Rootkit tools you mentioned and SpywareBlaster.
Edit: Added 5 more tools i use in original topic.
-
Granted that it's slow in scanning and regarding but there is a improvement on how the application scans your system.
-
So we have a thread about what AV and what Firewall you use now it's time for what Anti-Malware / Anti-Spyware do you use ?
Currently I am using Malwarebytes (v2.0.1.1004) and Spybot - Search & Destroy (v2.3).
The new look for Malwarebytes isn't that impressive to me, with the new "ad window" the Malwarebytes secure Backup on the Dashboard just doesn't do it at all. All thou they did make a massive improvement on how the application scans your system that is a plus to in my book. Response time after sending them files are very good as well. Accessing tasks are pretty good as well.
Spybot - S&D what can I say, the please donate everywhere is an eyesore, the multiple clicks to get a task done compared to the version 1.6.2 really, really do not like it. Version 1.6.2 with the correct setup you can just click scan and you could be sure that your entire system will be scanned. Now with the new version I am not that sure. All is so hidden in a way from the user. Really have to probe to get a setting.
Then not even to mention all the misses on a system, it is Socking. Probably send then to date over 12 files that Malwarebytes, my AV and even VirusTotal detection and still after a month nothing from Spybot. Version 1.6.2 did a pritty good job in finding the bad things, wonder where they missed the boat.
I totally forgot about some stand alone tools I use as well:
RootkitRevealer (RootkitRevealer is an advanced rootkit detection utility.)
Autoruns (Autoruns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them)
HijackThis (wonder why they stopped this application
)
GMER
CWShredder -
Seems to be a bit of confusion with the Malwarebytes Anti-Malware.
Combine entry
[Malwarebytes Anti-Malware More*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey3=%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey4=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware|mbam-setup.exe
for version 2 and pre.
There is nothing missing in FileKey1 as it is for version 2, FileKey2 is for pre version 2.
The Detect used works for version 1.75 on my system. cant see why
Detect1=HKCU\Software\Malwarebytes' Anti-Malware
was added ??
-
I think you will need the following Detect1 and Detect2 code to combine the older MBAM code with the new 2.0 code. I don't think the old MBAM created an HKLM entry.
Detect1=HKCU\Software\Malwarebytes' Anti-Malware Detect2=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe
I'm using v1.75.0.1300 this is my keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe
Did testes a while back and found that Wow6432Node wasn't needed in most cases.
-
Winapp dont support lng files und other special things tere are risky/not good for noobs....
We could create a second version like winapp2 with these special entries????
I am aware of this and Winapp2.ini (the member) did indicate this a while back as well that he will not include them within the Winapp2.ini file.
It's more of a cherry pick anyway the lang entries.
That is why all my lng entries have warnings.
-
Question ?
Combine
[Malwarebytes Anti-Malware 2.0*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.* [MalwareBytes Anti Malware More*] LangSecRef=3024 Detect=HKCU\Software\Malwarebytes' Anti-Malware Default=False FileKey1=%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey3=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware|mbam-setup.exe
Into
[Malwarebytes Anti-Malware More*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey3=%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.* FileKey4=%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware|mbam-setup.exe
FileKey1 is for version 2.0 and FileKey 2 - 4 for pre version 2.0
New
[Malwarebytes Anti-Malware (Lng)*] Section=Language Files Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe Default=False Warning=This will delete all language files excluding English. FileKey1=%ProgramFiles%\Malwarebytes Anti-Malware\Languages|*.qm FileKey2=%ProgramFiles%\Malwarebytes' Anti-Malware\Languages|*.lng ExcludeKey1=FILE|%ProgramFiles%\Malwarebytes Anti-Malware\Languages|lang_en.qm ExcludeKey2=FILE|%ProgramFiles%\Malwarebytes' Anti-Malware\Languages|english.lng [Speccy (Lng)*] Section=Language Files Detect=HKLM\SOFTWARE\Piriform\Speccy Default=False Warning=This will delete all language files excluding the Default language. FileKey1=%ProgramFiles%\Speccy\Lang|*.*|REMOVESELF [Spybot - Search & Destroy 2 (lng)*] Section=Language Files Detect=HKCU\Software\Safer Networking Limited\Spybot - Search & Destroy 2 Default=False Warning=This will delete all language files excluding the Default language. FileKey1=%ProgramFiles%\Spybot - Search & Destroy 2\locale|*.*|REMOVESELF
-
gmail ignores dots in email handles.
x.x.x.x.x.yyyyy@gmail.com will send to xxxxxyyyyy@gmail.com
If so, then why can there be a user xxxxx.yyyyy@gmail.com and xxxxxyyyyy@gmail.com active at the same time ?
wouldn't that course a user already exist error ?
(Getting a bit off topic here
) -
@Derek891
You did have something to offer namely EarthLink
.This is just more of a "awareness" post to counter phishing, maybe EarthLink also needs users to help them counter phishing by sending in the links, I don't know.
But one thing is for sure and that is AV companies appropriate it if their users send them phishing links or HTML attachments.
Banks fraud department also appropriate it when customers sends them the links.
@Winapp2
The spam bots that the guys uses just random the mail address. Some of them are very good at it also.
I got a gmail address in format xxxxx(dot)yyyyyy and get mail for xxxxxyyyyyy and it's 99% phishing mails. So I just send it off to my AV.
-
I am getting a lot of phishing emails, send them off to my AV (Eset) and they add it to their signature list all the time.
They gave me a link to help battle the fight against phishing.
So join in it's really fun !!
Send your phishing emails to your AV as well, together we can win !
*sound like a politician running for re election now*
-
Looks like this topic has come up a couple of times in the past as well.
Spoken to ESET again and they said they will not change the "threat" level of the Google toolbar.
This comeing from a fellow ESET user:
all ESET users must either use the Slim or the Portable. Unless they want to look at the warning once again download the normal version !
Cant we link all ESET posts to this one so doing that we don't have to re-stat all this over and over ?
-
Every one will be in a database somewhere at some point in time this is a fact,
If you have a I.D, passport, drivers license, or even if you want to adopt a dog at the SPCA you will be assimilated in a database.
The FBI can just target the Department of motor vehicles, DOD, prisons then hospitals and get most of your information. So that will give them a nice heads start
.
Scary, yes !
Inevitable, yes ! -
Hey all,
A nice little update as always ...
So I am sitting here looking at some of the entries, especially the once with
Detect=HKLM\SOFTWARE\Microsoft\Windows
This entries are very, very vague (in my opinion) and causes a lot of false hits on my system.
Cant we make this sort of entries more target specific and not "to whom running Windows" ? -
New
[JetBrains dotPeek v1.1*] LangSecRef=3024 Detect=HKLM\SOFTWARE\JetBrains\dotPeek Default=False FileKey1=%LocalAppData%\JetBrains\dotPeek\v1.1\Caches|*.*|REMOVESELF
This entry needs to be updated by the user seeing they can save this software anywhere they want.
[OllyDbg v1.10*]
Section=3024
DetectFile=CUSTOM PATH\OllyDbg 1.10\OLLYDBG.EXE
Defauly=Fasle
Filekey1=CUSTOM PATH\OllyDbg 1.10|*.udd;*.bak;*.exe
ExcludeKey1=FILE|CUSTOM PATH\OllyDbg 1.10\OLLYDBG.EXEEDIT: Added version within names
. Not even when I run both tests 10min apart. But Malwarebytes Anti-Rootkit, RootkitRevealer and Autoruns does indicate there are entries. Makes me wonder about AVG in general 
:unsure: .
.
)
.
.
Antiexploit from Malwarebytes
in Software
Posted
Really just hope that MBAM don't go down the same path as Spybot-S&D, bloated and sluggish with all this additional add-ons.