| Apache | Date: Sunday, 04 March 12, 23:39 | Post # 1 |
 Sergeant
Group: Users
Messages: 31
Reputation: 0
Status: Offline
| WARNING: WALL OF TEXT, not strictly relevant but interesting, recommended but not required to use guide.
Greetings, how many of you have been infected over the course of your gaming history? Once? twice? 10 times? more?
After being infected for the umpteenth time, i eventually decided it was worth learning exactly HOW to fight viruses as oppose to simply reformatting. Having a decent knowledge of coding helped immensely as it turns out most viruses are distributed as source code (fun times) to be modified and compiled by an individual to hinder anti-virus programs.
Of course this suffers from one main flaw, the method of attack is often the same, along came heuristics the idea of using a detective like AI for antiviruses. This heuristics AI would seek viruses looking for common attack methods and then follow the clues to the culprit. Neat huh?
Virus 101:
A virus is often NOT malicious, 99% of the time it's spam or spyware, those popups you've been seeing? Not malicious but damn annoying.
The obvious thing to do is to uninstall the program that caused it, with no avail.
This is due to the average virus being packed with other programs. E.g. an install for say xfire could be botched with a virus, when ran it will run xfire, but a virus will also be installed on every run. This is called packing or binding. These viruses are why you see $150 super expensive anti viruses that claim to be amazing, yet frankly do bugger all. Binding is near undetectable if the attacker isn't a moron. This is NOT where you will fight viruses, however common sense is an effective method of preventing this type of infection.
There are other ways for you to be infected, but it's unlikely as frankly packing is the most common. As such this is what we will attempt to be defeating.
Up next: tools
TLDR START HERE
Tool 1: TDSS Killer
When a virus installs itself, if it wants to remain 100% unbeatable, it will install itself as a root kit. Root kits are invulnerable to the attacks of anti-viruses, anti-malware, hell anything. Why? Because a root kit installed itself on ring0, this is effectively making it more powerful than windows, thus windows can't stop it and by extension neither can your anti-virus.
TDSS Killer is made by Kaspersky labs (a VERY good company.) and was originally made to destroy the root kit TDSS, however presently it has become more of a generic up yours to the root kits.
ALWAYS RUN THIS FIRST. IF YOU DO NOT A VIRUS MAY PERSIST DESPITE ANYTHING ELSE YOU USE.
http://support.kaspersky.com/faq/?qid=208283363
Download, run delete. That's all there is to it. If your using emulation software you may see a false positive on it as emulation software works on the same principle as root kits.
Tool 2: Malware bytes anti-malware - the big gun.
99% of your advertising crap and general crap is killed off with this. Now it doesn't have a root kit to hide behind all viruses are vulnerable, now we begin the offensive.
http://download.cnet.com/Malware....=button
Download, scan kill.
There goes 99% of your virus worries.
Nothing else really to say, it's effective and it's got a free version.
Alternative is SuperAntiSpyware, but MBAM is preferred.
Tool 3+: The bigger guns
Still having problems? Hmm, time for the bigger guns then.
If your still having problems here, a generic signature anti-virus (MBAM) will not suffice. Now you need heuristics as you've been hit by an unknown virus. (Aka, we're not sure what it is.)
You have two choices. Neither are free but these really are the big screw you weapons.
NOD32
Kaspersky
NOD32 - Eset security
http://www.eset.co.uk/
NOD32 is my personal favorite. It's virus definition database is pathetic, but it's heuristics are insane. This WILL kill your problem.
Kaspersky - Kaspersky labs
http://www.kaspersky.co.uk/
Same guys who made TDSSKiller also made a sweet anti-virus, much stronger virus definitions, not as good heuristics, but still a very valid choice.
Tool 4: MOAG - Mother of all guns
If it's still not dead, roll out the biggest gun you've got.
Combofix.
I'm not linking this one as it's highly dangerous. DO NOT ATTEMPT THIS WITHOUT A SKILLED TECH GUY NEARBY. YOU CAN BRICK YOUR COMPUTER OR CAUSE PERMANENT DAMAGE. YOU HAVE BEEN WARNED.
This is the ultimate gun. There's nothing bigger, if this fails you need to reformat.
That's all folks. If your still struggling PM me.
Message edited by Apache - Sunday, 04 March 12, 23:39 |
| |
| |
| Mike | Date: Sunday, 04 March 12, 23:57 | Post # 2 |
 Major general
Group: GameMaster
Messages: 438
Reputation: 7
Status: Offline
| without knowing I just jumped to level 3 directly on tools since i have kaspersky and I love it. used malware bytes 4 a while but dont have it installed now and 1st time I see TDSSKiller or combofix.
good tutorial
PS: my noob antivirus experience:
-Norton Antivirus: I believe its only a gui and not an anti-virus.
-Bitdefender: powerful but heavy and slow
-AVG: too much annoying?
-Avira: free version is good.
PSS: if any of u are looking 4 kaspersky on thepiratebay, forget it, they have one of the best steal protection I've ever seen
Tnx to floffypus for the sign :D
Message edited by Mikey - Monday, 05 March 12, 00:09 |
| |
| |
| Apache | Date: Monday, 05 March 12, 00:04 | Post # 3 |
|
Sergeant
Group: Users
Messages: 31
Reputation: 0
Status: Offline
| Quote (Mikey) without knowing I just jumped to level 3 directly on tools since i have kaspersky and I love it. used malware bytes 4 a while but dont have it installed now and 1st time I see TDSSKiller or combofix.
good tutorial
If your running kaspersky the whole time you can ignore most of the guide. If Kaspersky fails you use combofix. I would recommend using TDSS killer as kaspersky is useless against rootkits, and you may have viruses/malware you didn't know about.
|
| |
| |
| Mike | Date: Monday, 05 March 12, 00:11 | Post # 4 |
|
Major general
Group: GameMaster
Messages: 438
Reputation: 7
Status: Offline
| why is combofix so dangerous anyway?
Tnx to floffypus for the sign :D
|
| |
| |
| Apache | Date: Monday, 05 March 12, 00:17 | Post # 5 |
|
Sergeant
Group: Users
Messages: 31
Reputation: 0
Status: Offline
| Quote (Mikey) why is combofix so dangerous anyway?
Combofix runs assembler (AKA Machine code) it talks DIRECTLY to the CPU and bypasses windows all safety systems and anything else. In effect it has the power to do ANYTHING to your machine. If you for example hinder it's running by closing it, whatever it was editing/doing is likely to become corrupted. If this is for example your master boot table, your hard drive is now dead. If it was fixing a windows driver, you need to reformat. And so on.
In effect a PC works upon this system:
CPU talks in assembler and has ultimate control >which controls> what goes into RAM, including windows >which controls> Safety checks from corruptions, loss of data etc.
You typically can't access machine code unless your very technically skilled, even most tech guys at your local store will have no idea how assembler works. It's beyond anything you've ever seen in terms of dangerousness. If you mistyped an assembler line, e.g. put a wrong symbol, you will BSOD, no exceptions (unless your using assembler on a program - in which case it will crash.), no excuses, your BSODing.
|
| |
| |
| Mike | Date: Monday, 05 March 12, 00:26 | Post # 6 |
|
Major general
Group: GameMaster
Messages: 438
Reputation: 7
Status: Offline
| and I bet u know how to work with it
Tnx to floffypus for the sign :D
|
| |
| |
| Apache | Date: Monday, 05 March 12, 00:30 | Post # 7 |
|
Sergeant
Group: Users
Messages: 31
Reputation: 0
Status: Offline
| Quote (Mikey) and I bet u know how to work with it
Somewhat, i can read and edit basic things in assembler, but more complex stuff i have no idea on. Beyond hello world and manipulating registers during a programs execution my knowledge is somewhat limited, ASM is remarkably hard. 
|
| |
| |
| Mike | Date: Monday, 05 March 12, 00:34 | Post # 8 |
|
Major general
Group: GameMaster
Messages: 438
Reputation: 7
Status: Offline
| Probably would jump to format without trying combofix since it looks an "Anonymous" weapon
Tnx to floffypus for the sign :D
|
| |
| |
| Apache | Date: Monday, 05 March 12, 00:36 | Post # 9 |
|
Sergeant
Group: Users
Messages: 31
Reputation: 0
Status: Offline
| Quote (Mikey) Probably would jump to format without trying combofix since it looks an "Anonymous" weapon
Lovely theory if only it was a weapon. If you check you'll find you can only download it from a rather respectable forum dedicated to anti-viruses and protecting your PC - not 4chan.
|
| |
| |
| Mike | Date: Monday, 05 March 12, 00:40 | Post # 10 |
|
Major general
Group: GameMaster
Messages: 438
Reputation: 7
Status: Offline
| Dangerous protection I would say
Tnx to floffypus for the sign :D
|
| |
| |
| Apache | Date: Monday, 05 March 12, 00:54 | Post # 11 |
|
Sergeant
Group: Users
Messages: 31
Reputation: 0
Status: Offline
| Quote (Mikey) Dangerous protection I would say
"The best defense is a good offense."
|
| |
| |
| |UTF| Gaming Community