Browsing articles tagged with "virus - Admins Goodies"
Nov 19, 2012
tom

How to find any file that is an executable or library

Let’s say someone provides you with a tarball, saying it is source code and nothing else. You want to make sure that is true, and that no virus-laden executables or libraries are tucked away in a directory. How to use the find command to do this? Thanks. Asked by Asker You can uncompress the file in a safe place (like a filesystem mounted noexec) and check the resulting directories for binaries. The file command can […]

Continue Reading »
Apr 15, 2012
tom

My website is infected, I restored a backup of the uninfected files, how long will it take to un-mark as dangerous?

My website www.sagamountain.com was recently infected by a malware distributor (or at least I think it may have been). I have removed all external content, google ads, firefly chat, etc. I uploaded a backup from a few weeks ago, when there was no issue. I patched the SQL injection hole. Now, how long will it take to unmark it as dangerous? Where can I contact google? I am not sure if this is the right […]

Continue Reading »
Mar 20, 2012
tom

Scan whole system or just user dirs with clamav

I’m in doubt about how to scan my Linux system with Clamav: do I just scan the places where users can upload files (homedirs, their webroots) or do I scan the whole system? The various sites I’ve read vary in opinion, some say you needn’t scan the Linux-only parts, some say to not scan at all. The latter I’ve already discarded as I think it sensible to at least scan webroots for hosted viruses, but […]

Continue Reading »
Nov 22, 2011
tom

Is it a virus on my PC?

Somehow sqlservr.exe launches cmd.exe (with very strange command line params) and ftp.exe processes on my PC, please see screenshots. I have already installed antivirus. What it could be, how to treat or fix that? Thanks That tends to look like you’ve been compromised (“pwn3d”). That’s pretty suspicious activity. I’d get that box off the ‘net as quickly as you can, start investigating how the breach might have occurred, and be ready to restore the machine […]

Continue Reading »
Nov 2, 2011
tom

Cleaning up a boot-disk by mounting it in another computer

I am helping a friend out who has made quite a mess of his windows PC. Problem is that thar are lots of viruses, maybe rootkits and the like, I’m not a specialist. A google redirect among other things, and It’s almost impossible to get the whole disk clean… (antivirus and antispyware are interrupted constantly). I did try RKill without much succes and now wanted to try stuff like Hijack this… But isn’t it an […]

Continue Reading »
Oct 12, 2011
tom

Can a virus spread through a network share used by an RDP connection?

When connecting to a Windows Server (2003 or 2008) desktop through RDP from a local Windows (7 or XP) PC with networks shares enabled (usually, the local C: disk will be shared with the remote server), is there a real chance that a virus infects the remote server? Of course, we protect our local PCs as good as we can, so I’d just like to know if it makes sense to have a policy to […]

Continue Reading »
Aug 25, 2011
tom

What is the best way to find Conficker infected PCs in company networks remotely?

What is the best way remotely to find Conficker infected PCs in company/ISP networks? The latest version of nmap has the ability to detect all (current) variants of Conficker by detecting the otherwise almost invisible changes that the worm makes to the port 139 and port 445 services on infected machines. This is (AFAIK) the easiest way to do a network based scan of your whole network without visiting each machine. Check more discussion of […]

Continue Reading »
Aug 25, 2011
tom

Conficker: Should steps taken in group policy to secure against virus remain?

We got nailed two weeks ago by Conficker, I ran through the 26 step checklist from Mircrosoft on my own computer, as well as on our domain server. It says near the end to reverse all the changes, but I kinda like the changes (Disables Autorun and some other settings). Is there anything in that fix that’ll come back to haunt me down the road? Also, maybe the group policy never took effect, I couldn’t […]

Continue Reading »
Aug 24, 2011
tom

Why are there unknown URLs in router log?

I recently looked at my router log. Why are a lot of requests that I don’t send originated from a computer in my home network? They do not look like 3rd-party advertisements / images embedded in a page. The request have patterns, such as: top-visitor.com/look.php www.dottip.com/search/result.php?aff=8755&req=nickelodeon+games www.placeca.com/search/result.php?aff=3778&req=wireless+cell+phone www.bb5a.com/search.php?username=3348&keywords=flights www.blazerbox.com/search.php?username=2341&keywords=colorado+springs+real+estate www.freeautosource.com/search.php?username=sun100&keywords=vehicle www.1sp2.com/search.php?username=20190&keywords=las+the+hotel+vegas www.loadgeo.com/search/result.php?aff=10357&req=winamp www.exalt123.com/portal.php?ref=seo2007 www.7catalogs.com/search.php?username=la24&keywords=shutter www.theloaninstitute.com/search.php?username=kevin&keywords=webcam www.grammt.com/search.php?username=2530&keywords=bob And there are hundreds of these requests send within a second. So what’s happening? There are many possibilities, there […]

Continue Reading »
Aug 24, 2011
tom

Google Web History shows

Google Web History Trends is showing URLs such as the following for 4 out of 10 of my Top Clicks (including the top 2): http://ocean2-4979731.org/page/0.volume http://ocean2-6610805.org/page/0.volume http://ocean2-5267347.org/page/0.volume http://ocean2-23139960.org/page/0.volume I have never seen nor visited sites like this, indeed a WHOIS search shows that none of these domain names have ever been registered. Should I check for infection by a botnet (perhaps attempting to access update URLs), or is Google just going haywire? (Web searches for […]

Continue Reading »
Pages:12345»