I HATE Zero-day Attacks | Talk it up | Forums

A A A

Please consider registering
guest

Log In Register

Register | Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

    

Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
I HATE Zero-day Attacks
Topic Rating: 0 (0 votes) 
April 14, 2011
12:07 AM
Jyo
NY
Geek
Forum Posts: 197
Member Since:
August 20, 2009
Offline
1
0

Sigh, now I will forever be paranoid until I do a full reinstall…..should've done an image backup too : (

April 14, 2011
1:02 AM
Locutus
Guru
Forum Posts: 1886
Member Since:
February 19, 2009
Offline
2
0

What happened? o.O

Oh, the site that was :(
April 14, 2011
6:54 PM
Jyo
NY
Geek
Forum Posts: 197
Member Since:
August 20, 2009
Offline
3
0

I was researching on phones, and I got hit with a Hiloti Trojan. I'm pretty sure it was a zero day attack because I did not download anything, and on a legitimate forum site, suddenly my Java ran for no reason, then Adobe Reader crashed, and I wasn't using Java or reading pdf files. Next thing I know, mighty WinPatrol picks up some new startup items with gibberish names. The startup items kept coming on despite my efforts to delete it.

Long story short, Malwarebytes removed it, but on Firefox I still get redirected to spam pages to buy fake AVs when I click on google results (this happens very randomly and rarely, but it does and this never happened before). I already scanned with both SuperAntiSpyware and Malwarebytes, nothing.

 

I'm so mad Avira didn't pick anything up, but I guess it happens even to the best. Good thing WinPatrol alerted me.

Btw, I was using an outdated version of Adobe Reader Lite – lesson learned, moving to foxit. So reinstall it is  : (

April 14, 2011
9:16 PM
Jyo
NY
Geek
Forum Posts: 197
Member Since:
August 20, 2009
Offline
4
0

Do you think UAC couldve prevented this? I had it disabled.

 

**On another note, AV-Comparatives has published new reports!!

April 14, 2011
10:11 PM
o(o.o)o
Novice
Forum Posts: 35
Member Since:
December 9, 2009
Offline
5
0

Jyo said:

Do you think UAC couldve prevented this? I had it disabled.


It likely would have. If you must run under an admin account, better to keep UAC on especially since some OS security measures rely on it (IE protected mode for instance). And perhaps add SRP or Applocker too. Another security tool you could implement is EMET http://support.microsoft.com/kb/2458544

http://www.mechbgon.com/build/security2.html#sehop

April 15, 2011
6:41 PM
Jyo
NY
Geek
Forum Posts: 197
Member Since:
August 20, 2009
Offline
6
0

Thanks for the suggestions, never heard of EMET till now. Anyways, could I disable UAC temporarily, until I install all my apps from the reinstallation, then re-enable it? Will this have any bad effects?

April 16, 2011
1:21 PM
o(o.o)o
Novice
Forum Posts: 35
Member Since:
December 9, 2009
Offline
7
0

Jyo said:

Thanks for the suggestions, never heard of EMET till now. Anyways, could I disable UAC temporarily, until I install all my apps from the reinstallation, then re-enable it? Will this have any bad effects?


None that I know of as long as the programs you'll be running are confirmed safe ones although given a choice, I'd leave UAC on and just run a file manager via right click > run as admin then browse to the folder where my setup files are and run them so that child processes will run as admin too.

 

With regards to EMET, I've read something a few weeks before that it helped stop some adobe exploits IF the target applications

were added to EMET's protected apps. Wink Btw, microsoft released a free on demand scanner you can use. Maybe it can help clean out the remnants of the infection. About a 70mb download though.( http://www.microsoft.com/security/scanner/en-us/default.aspx )

 

Another viable option is to set up a limited/standard account and use it as your main account instead of the admin account. If certain apps like games need to run with administrator rights, you can use a program like SuRun to elevate user rights for that application. It even lets you set it up so that u can run a program with admin rights each time you open it up. Site is in german but you can click on a link to have it translated.( http://kay-bruns.de/wp/software/surun/ )

April 17, 2011
12:21 PM
Jyo
NY
Geek
Forum Posts: 197
Member Since:
August 20, 2009
Offline
8
0

Thanks. I've just reinstalled the whole OS, so no need for any scanners. I have thought about using a standard account, but I feel it's too restrictive, and a big pain when you're constantly "tweaking" the system. I will probably leave UAC on now though.

Forum Timezone: America/Los_Angeles

Most Users Ever Online: wp_sferrorlog

Currently Online: martylyy
47 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

phoenix_rising: 899

karen: 878

Wheezer: 786

yourpalal: 647

PCbasics: 612

ebony: 548

Member Stats:

Guest Posters: 9

Members: 7523

Moderators: 0

Admins: 3

Forum Stats:

Groups: 3

Forums: 17

Topics: 2192

Posts: 15804

Newest Members: hmourad559, blustina, ledmanufacturer, oxtreme, roderick822, dvpm69

Administrators: Ashraf (1741), Locutus (1886), amnesia (270)

Comments