Guess i got some researching and learning to doOriginally Posted by bitman
Yes
No
oops
Guess i got some researching and learning to do
from microsoft: Technical InformationI had downloaded cracks, but some of them worked. Those cracks were OK. But later, when I've wanted to download another crack (from same site and possibly same crack) , it seemed suspicious. It had .zip.exe extension. Then I've got confused. To download or not to download? With luck, I've decided to not download it. You should never download something with .zip.exe (a.k.a. expanded extensions) extensions (or .txt.exe, .bmp.exe, .mp3.exe .bla.exe
A Question:
Does Virtumonde has something with WinSoftware (WinAntiVirusPro,WinFixer and ErrorSafe)?
Win32/Virtumonde is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Virtumonde is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
Installation
Members of the Virtumonde family may compromise an affected system in a number of different ways. They use diverse methods of installation that often includes multiple components.
Virtumonde may use a dropper/downloader component that may be detected as one of the following:
TrojanDropper:Win32/Virtumonde.A
TrojanDropper:Win32/Virtumonde.B
TrojanDownloader:Win32/Virtumonde
Virtumonde also disables pop-ups if a targeted URL contains "mil" or "gov" in the domain.
Modifies System Security Settings
Virtuemonde makes the following registry modification in an attempt to bypass firewalls:
Sets value: "ProxyBypass"
With data: "1"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
Sends Information to Remote Server
Virtuemonde may gather and send the following information from the affected machine to a remote server:
Outlook Express Accounts
Information from Software\Microsoft\Internet Account Manager\Accounts
Pop3 and SMTP user names
Registered owner
OS version number
Network adapter info
MAC address
Keyboard layout
Installation time
Crash log
Additional Information
Virtumonde has been observed in the wild being bundled with rogue anti-spyware products, for example, it has been observed being bundled with 'Evidence Eraser Pro'.
Virtuemonde has also been observed using encryption techniques in order to obfuscate its communications with remote sites.
This family may create the following registry entries in which to store data:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aldd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SysUpd
The Win32/Virtumonde family is closely associated with the Win32/Vundo and Win32/Conhook families.
from f-secure: Virtumonde is adware that displays pop-up advertisements. Some advertisements are for rogue antispyware applications such as Winfixer. Pop-ups are not marked as having originated from Virtumonde.
Virtumonde runs hidden from the user. It installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.
Virtumonde infects Windows XP and 2000.
from wikipedia: Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs.
As the virus is resident in memory and attached to Explorer.Exe and Winlogon, they must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot the pc, so a forced reboot is needed, as when Winlogon re-starts, the virus files are recreated. Internet Explorer, Mozilla Firefox, and Opera are affected by this trojan, but Apple Safari seems to be unaffected by the Trojan's .dll file.
Depending on versions, Vundo attempts to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager or Windows registry editor. WinFixer is closely related to Aurora Network's Nail.exe hijacker/spyware program. In worst-case scenarios, it may embed itself in Internet Explorer and become part of the program, thus being nearly impossible to remove. The program is also closely related to the Vundo and Virtumonde viruses.
i dont know if it can infect vista, but java can be installed on vista so i think it can infect vista too if java is outdated. i dont know if it infects in other ways than java, maybe someone here knows if it could? as you see above: Virtumonde has been observed in the wild being bundled with rogue anti-spyware products.
i dont know if everything from wikipedia is true, i think i have read somewhere that all who wants can edit sites on wikipedia.
i didnt know so much about viruses and spyware when using kazaa, i was downloading software from kazaa some years ago and one time my antivirus detected that a virus was infecting files on my computer, the antivirus went crazy. i also downloaded many software from www.download .com and i got spyware on the computer from some of the software from www.download .com i dont remember if i downloaded something from warez sites.
so i will not recommend anyone to use cracks from filesharing programs or warez sites and not from other places either.
i was also visiting porn sites and got alot of malware from that sites, the malware was installing when visiting the porn sites without me knowing it.
at that time i didnt know that i should download updates from microsoft, so the only software that was updated on the computer was my antivirus. the firewall was disabled at that time too and i think that that setting was the default setting some years ago.
You should have read tashi's 14 ways to get infected without trying: Browse the web for free pOrn.
That could be the malicious drive-by-download. Malware is installed without the user's knowledge.
Kazaa is also infamous, because it is bundled with adware and malware.
Java or not Vista can get infected with Virtuemonde. I've seen HIJACK logs with Vista OS infected with Virtuemonde.
how could i know that surfing porn and download cracked software were unsafe when barely knowing what viruses where? i also thought that www. download .com was safe to download from when other people i know of were downloading from there, and i never heard about that they were getting trouble with the computer when having downloaded software from that site.
i have never heard about spyware at that time either, i have read thashis tread but that was at a later time.
most of us have done stupid things without knowing the consecuenses, nobody is perfect and may make mistakes. im sure you have made mistakes too. some of us know things about computers that others dont and others know things about other things they like. nobody is really stupid but we cant know everything.
I've never made a mistake!
Nah, I'm just joking. I'm the same as you, when I was younger, not knowing the consequences.
However, download . com is becoming infested... by ads and rogue products. You've heard of CopperHead Anti-spyware? Yea, it's rogue.
http://www.download.com/Spyware-Remo...dlPid=10836839
http://www.download.com/Spyware-24x7...dlPid=10813495
Here are two examples of rogue software. Trust me, from my perspective download.com is not even 50% safe. In my perspective. Downloads also are limited because probably of busy servers.
majorgeeks had one program that was infected with cydoor if i remember right, i was looking at different programs at majorgeeks and visited the authors site, the site looked suspicious so i reported it to the hphosts forum and it is now in the hphosts hostsfile, the admin at hphosts forum detected that the program included cydoor.
i have never heard of CopperHead Anti-spyware.
www.download .com is always slow to download from for me, but that is only annoying after formatting the computer and downloading software from there.
What I would suggest is keep a folder of all the executables of the programs you plan to install. That way you can install all of them beforehand, without have to downloading all of them again. I update it everytime there is something new.
Next, I would drag the folder to a flash drive with all my documents.
i have a folder that i download the programs to, but i delete the install files after installing the programs. i sometimes burn the installers to a cd before formatting. i dont have any documents that i need after formatting. and i burn what i have in the download folder from utorrent in my documents.
Download folder from uTorrent.
That reminds me... I have trouble... actually my brother is having trouble with "port forwarding" since he's getting 1kb/sec. on a DSL connection.
I've seen the portforward website, however the articles are too dated and the screenshots look nothing like the modern ones.
i always use the speed guide in utorrent, but that wouldnt help with his problem, but if you restrict your upload speed, then you will have slower download speed that is what happened to me when trying it, i dont know if it is like that ONLY in utorrent but maybe other torrent programs too. but i dont know if it is the trackers (or what it is called) that lowers your speed when doing this. i think the torrent programs must follow some rules, or they will be banned from some trackers. but i maybe have misunderstand what i have read. maybe his router/modem has a firewall, i have mine turned on without a problem and hasnt needed to do portforwarding. i download with lightning speed sometimes, but that is just what i call it. other family members and people i know doesnt have such fast speeds that i have when downloading torrents. but it also depends what speed the other people that is sharing/seeding have. i was getting faster speeds when downloading torrents when upgrading my speed. dslreports shows wrong speed for me when using their tests,both on the flash one and the java one. but Norwegian tests shows better speeds than dslreports, but that isnt strange when dslreports is farer (how do i write it? i was about to write farther but that means probably another thing) away from me.
sorry, i dont know how you do portforwarding
Posting Permissions
Reply With Quote