[-]
Main Menu
Portal
Forums
Wiki
Rules
FAQs
Events Calendar
Downloads

[-]
Latest Threads
Where Are You Now?
Last Post: Kretol
06-04-2019 09:14 PM
» Replies: 5
» Views: 133
You Can't Go Home Again
Last Post: Scout
03-15-2019 09:24 PM
» Replies: 0
» Views: 357
You are a fond memory. Good night, CoTH...
Last Post: Stealthscout
09-05-2018 03:04 PM
» Replies: 25
» Views: 82681
What is glistening
Last Post: Geoni
07-04-2018 01:24 AM
» Replies: 1
» Views: 860
"Years of Service" Awards
Last Post: Maulbane
05-26-2018 09:58 PM
» Replies: 100
» Views: 3208

[-]
Who's Online
There are currently no members online.

[-]
Google AdStuff

[WIP] All This Junk: A Comprehensive Guide to Malware
#1
This is gonna be my work in progress guide to Malware and Malware Removal. It's a pet project of gathered experience in computer repair and servicing PC and Mac.

[Image: toolbars.jpg?resize=600%2C299]
Friends Don't Let Friends Install Toolbars
  • Table of Contents
  • What is Malware?
  • PC and Macs. The Difference
  • Notable PC Malware
  • Notable Mac Malware
  • Useful and Free Tools
  • Myths and Facts About Malware
  • Tips to Prevent Malware
  • Bots, Hijackers, Phishers, and More
  • Cleaning Up Malware



What is Malware?


Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. This is how Wikipedia defines malware. It's a short and simple term that encompasses all flavors of harmful software. This includes, but is not limited to: trojans, viruses, adware, spyware, hijackers, ransomware, and rootkits. What are all of these things? That's what I'm here to try and explain.

Lets start with the one most people recognize. The classic virus. What distinguishes a virus above all? Viruses contain self replicating codes. That means when the virus is executed (or started, for those unfamiliar with the terms), its only purpose is to replicate. Just like biological viruses, in a way. And just like biological viruses, they need a host program. These viruses can take place in the memory of the computer and boggle it down to inoperable states, a macro virus that embeds itself into programs, and a boot sector virus that starts itself when the device is booted.

The worm is a dying breed from what I've seen. Much like a virus, it's a self replicating program. The difference? It doesn't require a host program. You might remember worms like Mydoom, Blaster, Melissa, ILOVEYOU, and Sasser. I can recall working with my own computers back in the "glory days" of worms. Back then they spread through email attachments. I can even recall specifically getting the old ILOVEYOU email. So sweet, but obviously a trap. I didn't like anyone and I was super awkward so no one liked me. Simple, yeah? Plus I was 8 and boys were icky. The lesson: don't open shifty attachments. Nowadays worms come through with...

Trojans. Want to wonder why they're called trojans? They usually masquerade as a helpful program. Maybe some rogue antivirus. Or maybe you go on a page and unknowingly download it in a drive-by download. These little buggers will open up backdoors in your computer to let more junk in. Sometimes even hackers will toy with your computer, though that's rather rare.

How about they hold your computer hostage? Lock you out and demand money to unlock your computer? Welcome to the world of ransomware. Your computer is locked up and the only way to get it back is to pay them money. Or maybe... You know... Have a basic understanding of how to repair computers. So further on in the guide I'll show you how to deal with these jerks.

So what's another way to get money? How about annoying ads and adware? Lets have the spyware watch what you do and deliver more "targeted" ads with adware. Though, maybe that spyware is after information like when you log on to online banking.

Scareware is a big phony. A big fat phony. Family Guy reference, anyone?. It'll claim things are wrong with your computer and you need to fix it right now! Usually it comes up with some bogus number. How did you have 40956794580762 errors and not notice?!

Now the rootkit, however... It is a very real threat. It's clever and can hide itself from most common scanner tools. Detection can be extremely tricky and is usually best left to someone with experience in finding these suckers.

PUPs. Potentially Unwanted Program. Not those cute little baby dogs. These are programs that miiiiight do good, but can possibly be harmful and/or annoying. Check out this hour long video of PUPs doing scareware bits!


PC and Macs. The Difference

I could drag on the PC vs Mac debates long enough to write a whole novel. We'll go around different uses for PC and Mac and hardware differences and focus on the software differences. After all, malware requires software in order to carry out its tasks. I'm also gonna try to cover the history of both Microsoft and Apple.

[Image: windows-95-logo.png]

The Architecture of Microsoft Operating Systems
Spoiler:
[Image: 640px-Windows_2000_architecture.svg.png]
A graphic of the architecture of Windows 2000. Credit to Wikipedia.



[Image: original-apple-logo.jpg]

The Architecture of Apple Computers Operating Systems
Spoiler:
[Image: 556px-Diagram_of_Mac_OS_X_architecture.svg.png]
A graphic of the architecture of OS X. Credit to Wikipedia.





Notable PC Malware

All links are to videos of said malware in action or videos about the history of said malware. Why? I think it's pretty neat. And the old DOS viruses were fun to watch.

Viruses

Worms

Trojans/Ransomware
Rootkits
  • win32k.sys
  • Service SKYNET
  • PDCOMP
  • CPU FUN Controller
  • tdssserv
  • lololol (hidemeimhidden)


PUPs
  • MyPC Backup
  • Driver Detective
  • Optimize My PC Pro
  • 27x7 Help
  • Application Updater
  • Ask Toolbar
  • AVG Security Toolbar
  • Any Toolbar, really
  • BearShare
  • Conduit
  • CouponPrinter
  • Delta Search
  • DriverUpdater
  • Freeze.com
  • InstallIQ
  • DomaIQ
  • iLivid
  • Mobogenie
  • Mysearchdial
  • OptimizerPro
  • PC Health Kit
  • PIP
  • RegClean Pro
  • SearchProtect
  • Softsonic
  • Wajam
  • Weather Notifications
  • WeCareReminder
  • Yontoo




APPLEDOS, MSDOS, Tenex, and other OS malware that's historical and fun!
Notable Mac Malware

@Harmonic had a really neat list, but for some reason the URL is dead. Mac malware wasn't near as prevalent as it is now. Around 2006 is when the explosion took place. What's the possible trigger for that? Macs officially left the PPC architecture in favor of Intel based systems. Perhaps that made programming these bugs easier. It did open up the world of Hackintoshing, making OS X available to non-Apple computers. For the most part, OS X faces rootkits and trojans. The Safe Mac is a good site regarding threats seen in OS X and tracks the newest threats.

Trojans
  • Oompa Loompa
  • DNSCharger
  • PokerStealer
  • HellRTS
  • Mac Defender
  • LaoShu

!!! Current Mac Threats !!!
These are newer threats to OS X systems.
  • XSLCmd. This one looks to be the current big baddie.
  • iWorm. Stopped with recent update. It's very important to keep OS X up to date!
  • LaoShu. Low level threat now.



Useful and Free Tools


For free antivirus, I always point people to Avast! Free Antivirus. It offers real time protection, boot scan, browser cleanup, and all sorts of other neat things for free! There are paid versions for more tools, but hey, the free version works better than that fancy-shamncy paid Norton, McAfee, or Kapersky.

With the free Avast I usually back it up with Malwarebytes and SUPERAntiSpyware. These two with Avast is what we offer at the computer shop I work at. They're all free and we make no charges to install it. They're simple update and scan tools with a few other features. If you want them to automatically update, however, you have to invest in the paid versions.

For people more experienced with security, Spybot Search and Destroy is a very good tool. On my PC, I have this along side the trio above. Spybot allows more in depth search and notifies you of any attempted edits to the registry which you can either allow or deny. Be sure to download it from Major Geeks or Bleeping Computer! There are fake versions of it floating around out there!

Hijacker keeps changing your homepage? With the right guidance, Trend Micro's HijackThis is a great tool to rip that sucker out of there.

For a majorly messed up system, there is ComboFix. Note that ComboFix is an extremely powerful tool and should be used as a last resort or under the supervision of a technician.

When it comes to rootkit detection, GMER is a go-to program for the experienced. But if you're not experienced and you suspect a rootkit may be involved with your computer's misbehaving, Malwarebytes has a stand-alone Anti-Rootkit BETA Tool.

The default uninstaller in Windows is nice, but it can leave traces of programs in the registry. IOBit Uninstaller is a great uninstaller. It allows you to do a batch uninstall, so you can select multiple programs and it'll automatically uninstall one after another. Drawback is it can lock up sometimes. Keep the task manager open while running the installations in case an uninstaller locks up.

Even though I don't use Norton Antivirus, Symantec has an excellent security blog. They also release free threat reports and demographics if you like to stay on top of trends. Symantec in itself is a great corporation. It's a shame Norton is laughable security unless you have the enterprise editions. Enterprise products don't play games.

Did you know that Malwarebytes has a YouTube channel? It's really informative. I'd give it a look over if you ever wanna learn more about current malware trends.

Stay on top of cybercrime and scams at Xylibox. They show a lot of technical information on different types of malware and scams. Take caution in that they may link to the source of where they found their malware! Also keep in mind that they make others aware of how the junk works in an effort to try and help people work to detect and/or remove these programs. Using any information to try and code your own malware is just a jerk thing to do. At least make some nice DOS codes like the ones in the Fun and Historical section of Notable PC Malware.

If you're working on an old system or maybe you're getting into virtual machines and you can't seem to find the right program versions or operating systems, WinworldPC is an excellent resource for all things abandonware. It has more than just Windows!

Specific games for old Macs can be hard to get ahold of. Games and other types of abandonware for Macs is available at Macintosh Garden if it's not found at WinworldPC.

If you pick up hobby repair on Macs of the classic variety, I highly suggest joining the 68k Macintosh Liberation Army. It's full of knowledgeable Apple enthusiasts that buy, sell, trade, repair, and guide you through repair Apple computers and some clone computers. The people there are super helpful!


Myths and Facts About Malware

Macs don't get viruses is a common misconception. Back in the days of DOS, Apple computers were just as prone to infection as the PC. That stands true for today. Macs have their vulnerabilities just like Windows and Linux does. The main difference is that Apple has your back. If something does show up in the wild, they'll make an update to fix it or direct you to the proper tool to fix it. Apple also has a support page for people concerned about online security.

Anything harmful on my computer is a virus. If we wanted to get technical, that's malware. Not a virus.

This virus will wreck my computer and make it not work ever again! This is actually fairly rare. CIH (AKA Chernobyl) was the last major form of malware that rendered computers inoperable after rewriting the BIOS. There are rootkits out there, however, than can get this deep into the system. With proper protection and a little know-how, rootkits can't make it there.

Paid antivirus is the only antivirus that works. This is one of the biggest lies there is! Norton is really not that great. McAfee back in the day was good, but not so much anymore. One can find multiple free tools on Major Geeks for PC and Mac as well as Bleeping Computer. Bleeping Computer is possibly one of the best free sources to computer nerds like myself. You can get specialized help on their forums.

You only get malware from porn sites. Did you know you're more likely to get malware from religious websites rather than porn sites? That's right. Private time could never be more enjoyable, yeah? Well. That depends on how you spend your private time. Does that mean all porn sites are good and all religious sites are bad? Nope. Not at all. Like always, you have to be careful!


Tips to Prevent Malware

Pay attention to what you install! If you think a program might be good and it's shoving offers down your throat, it might not be good. Pay attention because some installers may bundle in another installation with the "Terms of Service" no one ever reads. Before you know it, you've agreed to install five other programs that are all junk.

Optional Offer? Optional Junk. Ever notice when you need to go grab Adobe Reader or maybe install Flash player that Adobe tries to offer other things? Once at the shop, Adobe tried to bundle Optimizer Pro with Flash. Seriously. Look for anything that says "Optional Offer" and make sure it's unchecked.

Know what an installer for antivirus or antimalware programs should look like. Rogue antivirus and antimalware is a real thing. You don't want that junk. Trust me. Also try to stick with known names when it comes to antivirus. If you're not sure about one, look it up. If there's people asking how to remove it, then it's more than likely rogue!

Spelling Errors. If they claim their program's good, even if from another language developer, they need at least some sort of spelling and grammar skills to back that claim up. Sometimes it's just plain fun to look at rogue programs and all flavors of malware just to see a lot of spelling errors. Really, look at them on YouTube some time.

"Check out this picture I found of you lol. What were they doing looking for pictures of you? Why do they have to find a link that clearly isn't a photo? Why can't they say "I found this picture of you at X event with Y and I thought it was lulzy, ya know?" Well, chances are it's a bot spreading BS. That link? Don't click on it unless whoever sent it can actually acknowledge that the link is legit.

Call us now for tech support! No. Don't. Don't do it. Ever. There's a multitude of fake tech support groups out there that charge outrageous rates. You can see this forty-five minute video of someone who really knows his stuff sabotage and egg on fake tech support. While on that subject...

NEVER ACCEPT A CALL FROM ANYONE CLAIMING YOUR COMPUTER HAS A VIRUS. I cannot stress this enough. Fake tech support scammers will sometimes call you and tell you things are wrong with their computer. They'll instruct you to log on, give them access, and then they will demand money from you, holding your data ransom. If you don't agree to pay them after they're in, they'll wreck your system. Microsoft will NEVER call you about a virus. No other companies will. No legitimate business can possibly call you about a virus. The only right thing to do is to either hang up or....

Spoiler:



Be my hero.


Bots, Hijackers, Phishers, and More.



Cleaning Up Malware





More to come
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
[-] The following 9 users Like SachikoMaeda's post:
  • Jonoth, Jhorend, Esthrunil, Avitz, Loxmardin, flammos200, Sorum, CappnRob, Caravan
Reply
#2
Updated the lists for PC Malware, added in some images (that will need to be resized), and added some in the Malware Prevention section.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
Reply
#3
Just ten examples of notable viruses on macs.

As an I.T. guy that's been in the biz for a while now, I'd like to say that while it's commonly believed that Macs are safer (As it says in the article) they are still a target of malicious software---a lot of the same software that attacks PC's. PC computers do get a lot of attacks on them, because commonly most people attack Microsoft. Basically the thought is... if you wanted to attack a big group of people, would you go for the software that's targeted for Macs who have less of a userbase, or PC's?

Other than that, this is pretty useful stuff. The things I see most often these days are the FBI virus as well as multiple types of trojans. People just trust clicking on things a little -too- much.
[Image: desc_head_freemasons.jpg]

△Move along.△


△△
△△△
△△△△

[-] The following 1 user Likes Harmonic's post:
  • SachikoMaeda
PM
Reply
#4
I'd like to see a section on click-bait virus/malwear like what was going on in skype for a while!

"lol look at this picture i found of you" *randomlinkhere*
[-] The following 1 user Likes Reigen's post:
  • SachikoMaeda
PM
Reply
#5
(10-07-2014, 08:32 PM)Harmonic Wrote: Just ten examples of notable viruses on macs.

As an I.T. guy that's been in the biz for a while now, I'd like to say that while it's commonly believed that Macs are safer (As it says in the article) they are still a target of malicious software---a lot of the same software that attacks PC's. PC computers do get a lot of attacks on them, because commonly most people attack Microsoft. Basically the thought is... if you wanted to attack a big group of people, would you go for the software that's targeted for Macs who have less of a userbase, or PC's?

Other than that, this is pretty useful stuff. The things I see most often these days are the FBI virus as well as multiple types of trojans. People just trust clicking on things a little -too- much.
Freakin' FBI ransomware, man. All the MoneyPak variants are a pain. But if people targeted Macs, they'd be hitting more of the creative/entertainment industries and colleges that require Macs. The biggest market definitely lies in PC, so that's where most people will work their crap codes for.

EDIT: I probably need to move Elk Cloner, ANIMALS, and Creeper/Reaper since they weren't on Windows/MSDOS.

(10-07-2014, 08:34 PM)Reigen Wrote: I'd like to see a section on click-bait virus/malwear like what was going on in skype for a while!

"lol look at this picture i found of you" *randomlinkhere*

I'm definitely going to add a section in on that, now.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
Reply
#6
Updated the Mac sections. Also added in a few tools, another tip, and two new sections for miscellaneous types of junk/scams and cleaning up malware.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
Reply
#7
Might wanna add Cryptlocker to the notable PC viruses list, if only for the fact it's legit funny that it actually does release files if you pay them.

[-] The following 1 user Likes aroes's post:
  • SachikoMaeda
PM
Reply
#8
(10-08-2014, 08:01 PM)aroes Wrote: Might wanna add Cryptlocker to the notable PC viruses list, if only for the fact it's legit funny that it actually does release files if you pay them.

Well, you gotta have credibility.
[Image: 293D4BE4-7170-4C2A-B8BF-7EA572513EBD.jpg]
Spoiler:
[Image: Lazuri65.png]
[-] The following 1 user Likes Roxas65's post:
  • SachikoMaeda
PM
Reply
#9
(10-08-2014, 08:01 PM)aroes Wrote: Might wanna add Cryptlocker to the notable PC viruses list, if only for the fact it's legit funny that it actually does release files if you pay them.

CryptoLocker is listed under Trojans/Ransomware. I even linked it to a YouTube video of it.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
Reply
#10
Ah, yes. I remember, back when I first connected to the internet, back in the early 2000s, I got a sasser worm.

And you know what? I managed to beat it, because those were the days when AVG was still a good piece of software.

The sasser nearly won, but I managed to update the virus definitions quickly enough that it didn't get to restart before the update was finished(I had a very old AVG). So, when the next restart came around, I recall scanning and removing it.

Race against time, that was. A race against time...

And I have absolutely no idea where I had gotten it from. I never opened weird attachments and didn't even have an email address at the time(since the internet was just getting started in our area).
[Image: 2hhkp3k.gif]
Recommended reads: Divine and Arcane. Also, elves.
Wanna refer me in Tribes: Ascend? Clickies!
[-] The following 1 user Likes flammos200's post:
  • SachikoMaeda
PM
Reply
#11
Oh man, Sasser was quite the ordeal. I bet you'll appreciate this video if you beat Sasser yourself.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
[-] The following 1 user Likes SachikoMaeda's post:
  • flammos200
Reply
#12
Added in new useful links for WinworldPC, Macintosh Garden, and 68kmla. deleted images after a formatting error. Gonna add in new ones later.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
Reply
#13
Fishing this out. Gonna work on it more soon.
[Image: KceuhuX.gif][Image: eKcKrrq.png]
I am tech support

[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Magic- Awareness of Impact [Guide Draft] Ilth 5 391 12-05-2014, 04:33 PM
Last Post: Kaghuros
  Rensin's Indy Game Guide, How to Love the Little Guys Harmonic 16 708 03-15-2012, 10:50 AM
Last Post: Harmonic
  A Roleplayer's Guide to Grammar, vol. 1 MaskofMany 5 302 02-20-2012, 11:34 AM
Last Post: MaskofMany
  SPR SRS Guide for cooling off after heated forum-talkings Harmonic 9 409 01-13-2012, 03:00 PM
Last Post: Cassius
  A Guide to the Rowgen Mind [Critisism Welcome!] Rowgen 11 433 12-24-2011, 06:27 AM
Last Post: Rowgen



Users browsing this thread: 1 Guest(s)

youth-backhand
This forum uses Lukasz Tkacz MyBB addons.