Jump to content

Virtumonde


ParanoiA

Recommended Posts

Virtumonde is such a bastard. :mad: I can't shake it and I'm going to have to wipe my drive and blah blah blah, I hate it.

 

What do I have to do to keep from getting this freaking thing again? :doh:

 

I think I'm getting it from peer to peer. I just use bit torrent and download a movie or tv show once or twice a week maybe. It's always a popular one with lots of seeds and comments, so I don't know how to police my search any better than that. I never download the little text files or info files that sometimes come with them. WTF?

Link to comment
Share on other sites

according to wiki, it infects through java.

 

keep everythiing up-to-date (windows, browser, java, etc)

use anti-virus and anti-spyware, make sure on-access scanning is enabled or manually call a scan on d/l'd stuff

use firewall

etc.

 

alternatively, as you're re-installing, you might check ubuntu out as an alternative to windows. one's annoying because you have to put a lot of effort into learning to use it safely, the other's annoying because you have to put a lot of effort into learning how to use it, but at least there's little chance of malware.

Link to comment
Share on other sites

according to wiki, it infects through java.

 

keep everythiing up-to-date (windows, browser, java, etc)

use anti-virus and anti-spyware, make sure on-access scanning is enabled or manually call a scan on d/l'd stuff

use firewall

etc.

 

alternatively, as you're re-installing, you might check ubuntu out as an alternative to windows. one's annoying because you have to put a lot of effort into learning to use it safely, the other's annoying because you have to put a lot of effort into learning how to use it, but at least there's little chance of malware.

 

Hmm, well I've got Spybot, and it's always running I guess because it's always in my system tray. Sometimes I get a little box giving me the option of denying or allowing a registry change, which I always deny, obviously, unless it is a spybot command trying to get rid of a registry entry. But this never happened with Virtumonde. Suddenly, I was infected.

 

Oh, and I've got Symantic anti-virus also - niether of these programs stopped Virtumonde.

 

I don't remember using Java for anything though. Wouldn't I have that little coffee cup icon in my system tray when running Java? I can't think of what I've done recently that involved Java, unless I was running it and didn't know it.

 

I guess I need to try this ubuntu. I try not to load additional programs on my computer so I always avoid internet browsers, p2p gui interfaces and etc.

Link to comment
Share on other sites

It took me forever to clean off Virtumonde. I spent a good 5 hours in front of my P.C. using every single virus protection tool I've ever known, and it finally left me the hell alone.

Now I use a free ZoneAlarm firewall, AVG 8 free, Spybot and TrendMicro Housecall scans online whenever I'm wary. It's been a while since I've got a virus with this setup, but usually one sweep with Housecall kills any bastard infecting my computer.

 

I don't know all that much about Ubuntu (though I used to have it on a computer that promptly corrupted it's own hard drive), but I suppose it should be a little safer than the OS you're using now.

Link to comment
Share on other sites

it a LOT safer. there are no known viruses in the wild and the only thing you still have to worry about are rootkits and hackers.

 

the only way you can get a rootkit is if you install it yourself or your system is compromised by hackers. a good firewall helps here, ubuntu has one built in.

Link to comment
Share on other sites

Housecall is definitely sweet, I like trendmicro 10! times better than I like McAfee or Norton antivirus. bah.

 

Hey Dude, get Ubuntu, it's what I've been thinking about - especially after having it suggested to me twice in a week! (I just noticed I was listening to "the lion sleeps tonight", the lion king version, in japanese :confused:)

Link to comment
Share on other sites

i'm pretty sure if you had never used windows before you would have to put in just as much effort to get used to it.

 

no not really. windows is much more pick up and play than ubuntu. stuff Just Works much more often in windows. otoh, stuff Just Doesn't Work in windows more often, but, in either case, it's usually a matter of a couple of minutes to either do it or figure out that it Just Can't Be Done So Stop Trying; in ubuntu, more stuff can be done, but less stuff can just be done in a few minutes, espescially for a newbie, which results in a harder OS.

 

otoh, windows takes a kinda 'wouldnt turning the security off by default make it easyer' approach, hence why you either have to learn how to re-engage the security and get stuff to still work (runas /user:admin /env blah.exe etc, which is actually easyer in ubuntu) and so on, or learn what the significance of different registry entries are, what 'so-and-so wishes to run as a server: allow/deny?' means, or try not to do either and get an infection, or learn to use ubuntu, witch i think is a relatively kneck-and-kneck call as far as easyness goes.

 

^the above assumes you want to actually install stuff, tweak configuration, etc. if you just want a PC someone else has set up that you'll never change, i'd agree with what you said.

 

Hmm, well I've got Spybot, and it's always running I guess because it's always in my system tray. Sometimes I get a little box giving me the option of denying or allowing a registry change, which I always deny, obviously, unless it is a spybot command trying to get rid of a registry entry. But this never happened with Virtumonde. Suddenly, I was infected.

 

Oh, and I've got Symantic anti-virus also - niether of these programs stopped Virtumonde.

 

I don't remember using Java for anything though. Wouldn't I have that little coffee cup icon in my system tray when running Java? I can't think of what I've done recently that involved Java, unless I was running it and didn't know it.

 

I guess I need to try this ubuntu. I try not to load additional programs on my computer so I always avoid internet browsers, p2p gui interfaces and etc.

 

can't remember about the tray icon. mayhaps. if you go to add/remove and check, you should see.

 

iirc, java's stupid, and e.g. installing version 1.6 will still leave the 1.5 version installed, and ready to use by any sites that can trick your browser into calling the old (and insecure) version. you have to manually go to add/remove to remove the old versions.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.