| Who told you about this place? |
- Pages:
- 1
- 2
| Slayer, Whooz get in here; You done did it | |
|---|---|
| Tweet Topic Started: Monday Dec 6 2010, 01:47 PM (525 Views) | |
| -SG- | Monday Dec 6 2010, 01:47 PM Post #1 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
So the shop techs where I work are saying that they get about 2-3 Windows 7 PCs in a week that will not POST. They say that the cause is always a bad stick of ram, and it always appears to be DDR3. Have you guys seen any of this, on a similar scale? Also, last Friday I had several PCs from several different clients that all got infected at the same time with this rootkit that infects MBR causing svchost(a legitimate svchost, not some bogus %appdata% crap) to utilize 50% CPU and also establishes an assload of TCP connections. You guys see any of that yet? |
| |
![]() |
|
| whoozwah | Monday Dec 6 2010, 02:03 PM Post #2 |
![]()
Is it live, or is it Dave-orex?
![]() ![]() ![]() ![]() ![]() ![]()
|
I have not seen either of those. I rarely see machines with DDR3 except new PCs and I've yet to see one fail to POST. And the only really common infection I see at any given time is Thinkpoint which hides itself in appdata/roaming |
Realtime Last.fm feed. I have everything scrobbling to it.![]() It is possible to not understand without being confused. It is possible to be inaccessible without hiding. It is possible to be aware without being awake. | |
![]() |
|
| -SG- | Monday Dec 6 2010, 02:22 PM Post #3 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
Yeah that thinkpoint bs is everywhere. My Dad caught it, and much to my disbelief his friggin bought it. Now he has a shiny new credit card because of it. |
| |
![]() |
|
| whoozwah | Monday Dec 6 2010, 02:33 PM Post #4 |
![]()
Is it live, or is it Dave-orex?
![]() ![]() ![]() ![]() ![]() ![]()
|
wow. way to go. |
Realtime Last.fm feed. I have everything scrobbling to it.![]() It is possible to not understand without being confused. It is possible to be inaccessible without hiding. It is possible to be aware without being awake. | |
![]() |
|
| Jandurin | Monday Dec 6 2010, 02:34 PM Post #5 |
![]()
Monstrous Member
![]() ![]() ![]() ![]() ![]() ![]()
|
how does a fake antivirus program = new credit card? |
| Photobucket? More like fotophuckit | |
![]() |
|
| Jandurin | Monday Dec 6 2010, 02:34 PM Post #6 |
![]()
Monstrous Member
![]() ![]() ![]() ![]() ![]() ![]()
|
oh. ohhhh |
| Photobucket? More like fotophuckit | |
![]() |
|
| whoozwah | Monday Dec 6 2010, 02:34 PM Post #7 |
![]()
Is it live, or is it Dave-orex?
![]() ![]() ![]() ![]() ![]() ![]()
|
he had to cancel his current card and get a new one because the charge on the old one was a scam |
Realtime Last.fm feed. I have everything scrobbling to it.![]() It is possible to not understand without being confused. It is possible to be inaccessible without hiding. It is possible to be aware without being awake. | |
![]() |
|
| Jandurin | Monday Dec 6 2010, 02:35 PM Post #8 |
![]()
Monstrous Member
![]() ![]() ![]() ![]() ![]() ![]()
|
yeah, i figured it out right after i hit submit |
| Photobucket? More like fotophuckit | |
![]() |
|
| -SG- | Monday Dec 6 2010, 02:43 PM Post #9 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
Just for you, Whooz!!!!11
|
| |
![]() |
|
| whoozwah | Monday Dec 6 2010, 02:53 PM Post #10 |
![]()
Is it live, or is it Dave-orex?
![]() ![]() ![]() ![]() ![]() ![]()
|
you're a real funny guy Shaun. |
Realtime Last.fm feed. I have everything scrobbling to it.![]() It is possible to not understand without being confused. It is possible to be inaccessible without hiding. It is possible to be aware without being awake. | |
![]() |
|
| -SG- | Monday Dec 6 2010, 02:53 PM Post #11 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
Oh comeon... thought you would get a eloel out of it...
Edited by -SG-, Monday Dec 6 2010, 02:54 PM.
|
| |
![]() |
|
| whoozwah | Monday Dec 6 2010, 02:55 PM Post #12 |
![]()
Is it live, or is it Dave-orex?
![]() ![]() ![]() ![]() ![]() ![]()
|
o rly? |
Realtime Last.fm feed. I have everything scrobbling to it.![]() It is possible to not understand without being confused. It is possible to be inaccessible without hiding. It is possible to be aware without being awake. | |
![]() |
|
| -SG- | Monday Dec 6 2010, 02:55 PM Post #13 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
ya rly |
| |
![]() |
|
| whoozwah | Monday Dec 6 2010, 03:05 PM Post #14 |
![]()
Is it live, or is it Dave-orex?
![]() ![]() ![]() ![]() ![]() ![]()
|
I'm so glad he doesn't work in montgomery anymore. |
Realtime Last.fm feed. I have everything scrobbling to it.![]() It is possible to not understand without being confused. It is possible to be inaccessible without hiding. It is possible to be aware without being awake. | |
![]() |
|
| Necrotrophic | Monday Dec 6 2010, 03:05 PM Post #15 |
|
change molds name back in 2011
![]() ![]() ![]() ![]() ![]() ![]()
|
the biggest pain in the ass about those smitfraud programs is that you usually have to remove them manually. |
![]() |
|
| -SG- | Monday Dec 6 2010, 03:22 PM Post #16 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
@Whooz yeah but he had some great one liners: "Shut your ass buddy" It's getting to the point where most infections have to be removed manually, since they hide themselves from both Windows and AV apps. |
| |
![]() |
|
| Slayer706 | Monday Dec 6 2010, 06:22 PM Post #17 |
![]()
The best of the best of The Board.
![]() ![]() ![]() ![]() ![]()
|
I haven't seen the DDR3 thing, but we don't see many computers with DDR3 so that might be why. The rootkit MBR thing we are seeing a ton of though. The ones we have seen so far just do one or more of the following: *Cause the computer to boot to a black screen. *Reinfect the computer after a fresh install or image. *Prevent anti-virus websites and the Microsoft update page from loading. It's now standard that we run fixmbr from the recovery console on every infected computer we service. |
| |
![]() |
|
| -SG- | Monday Dec 6 2010, 06:28 PM Post #18 |
|
For the Lulz
![]() ![]() ![]() ![]() ![]()
|
I've been using this to fix the infected PCs: http://www2.gmer.net/mbr/mbr.exe Run the .exe, when it's done it creates a log file. Open the log and if the MBR is infected it will tell you to run the .exe again with -f. Saves time cause you don't have to boot to recovery console. |
| |
![]() |
|
| Slayer706 | Monday Dec 6 2010, 06:29 PM Post #19 |
![]()
The best of the best of The Board.
![]() ![]() ![]() ![]() ![]()
|
Nice, I will definitely check that out. |
| |
![]() |
|
| Slayer706 | Monday Dec 6 2010, 06:33 PM Post #20 |
![]()
The best of the best of The Board.
![]() ![]() ![]() ![]() ![]()
|
What exactly does the -f part do? Does it actually rebuild the MBR or just try to clean it? |
| |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
|
|
| Go to Next Page | |
| « Previous Topic · The Board · Next Topic » |
- Pages:
- 1
- 2





![]](http://z3.ifrm.com/static/1/pip_r.png)








12:49 PM Jul 11