tag:blogger.com,1999:blog-6322916946732811685.post5909939207693713685..comments2024-03-28T04:52:18.318-04:00Comments on Borepatch: Nasty Java malware is nastyBorepatchhttp://www.blogger.com/profile/05029434172945099693noreply@blogger.comBlogger21125tag:blogger.com,1999:blog-6322916946732811685.post-20069424024372144232012-09-05T20:47:28.932-04:002012-09-05T20:47:28.932-04:00I've been running Linux since 1996.
And I'...I've been running Linux since 1996.<br />And I'll keep on running it......drjimhttps://www.blogger.com/profile/05647484115197408897noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-76031939856497408462012-09-05T12:59:49.608-04:002012-09-05T12:59:49.608-04:00You forgot Step 8: Throw away that MS crap and ins...You forgot Step 8: Throw away that MS crap and install a real operating system on your regular computer too. :)lelnethttps://www.blogger.com/profile/08600824544185328505noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-91218726299723049392012-09-05T11:50:48.375-04:002012-09-05T11:50:48.375-04:00I only run windows as a virtual machine. I did a c...I only run windows as a virtual machine. I did a clean install, and then made a snapshot. I save any files I need outside the windows file system. Every week or so, instead of firing up as normal I just revert to the snapshot. Guaranteed clean and virus free in two clicks.<br />perfidyhttps://www.blogger.com/profile/14364011789707274954noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-21293415833135458172012-09-05T03:18:08.307-04:002012-09-05T03:18:08.307-04:00Jake, regarding your first question: Javascript ha...Jake, regarding your first question: Javascript has NOTHING to do with Java, despite the similarity in names. JAVA is a genuine programming language, full powered, fully capable, that runs real full size programs on your computer and can do anything that any other program can do. JavaSCRIPT is a "client-side" scripting language that runs only in your browser and is strictly limited in what it can do. It can manipulate web pages and send data back and forth to the server, and that's all. It can't even read or write to files on your hard drive.<br /><br />Borepatch, I downloaded and ran ComboFix after I first read this post. This in the quoted article:<br /><br />"Zeroaccess ... kills industrial-strength bleach Combofix (attempting to run this tool will freeze the system)"<br /><br />may be giving it too much credit. ComboFix's standard procedure includes setting a System Restore point, so its inability to run may be an unintended side effect of the malware's killing the System Restore function. <br />wolfwalkernoreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-85115609034094567242012-09-05T00:04:11.571-04:002012-09-05T00:04:11.571-04:00If this persists you will need to roll back your m...If this persists you will need to roll back your machine to the factory settings and reimage, which is why you will wish you had backups of everything and why you are about to spend an entire weekend rebuilding an XP machine that came with sp1. I already had java turned off in firefox it doesn't save you at all. My machine died three weeks ago and it sounds like it was this was the cr*p that did it.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-56325381103472805562012-09-04T23:02:55.810-04:002012-09-04T23:02:55.810-04:00"Jake, I did an update with a link to why you...<i>"Jake, I did an update with a link to why you shouldn't bank from your phone."</i><br /><br />Thanks. I think you actually did that update while I was writing my comment! :)<br /><br />I think I have balanced the convenience/risk equations on that to <i>my</i> satisfaction (YMMV, of course). My Android phone is pattern locked with 4+X points (with X being a number I won't reveal, for security reasons), USB debugging is set to "off" so it won't readily accept even physical connections, and the browser is set to not store passwords. On the bank side of things, my spending and bills accounts are separate, with an (admittedly small) emergency reserve kept in the bills account, so that even if one account is compromised (which <a href="http://cursesfoiledagain2.wordpress.com/2011/02/18/modern-education/" rel="nofollow">has happened before</a>), I'm not <i>totally</i> fsck'd (distributed assets - even if it's just two separate accounts at the same bank - is one of the better ways to secure your assets against criminals). As far as my home computer, I'm running Kubuntu linux, with the Java plugin disabled in Firefox - another risk balancing equation, there, needed for realtime account balancing.<br /><br />I am still curious about the Java/JavaScript thing though, especially since I may need to take action at work - I'm the "office geek" that the bosses look to before they call in the contracted IT guy ("Hey, Jake, my computer's acting funny, can you take a look at it?").<br /><br />Needless to say, I'll be emailing the paid IT guy in the morning, just in case he's not aware of this yet.Jake (formerly Riposte3)https://www.blogger.com/profile/02976718318892210404noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-25887276476206924152012-09-04T21:19:28.276-04:002012-09-04T21:19:28.276-04:00With a little research it looks like I"m prob...With a little research it looks like I"m probably safe from Zeroaccess. I did scan my computer and my wife's for Flashback, and they came up clean. B322https://www.blogger.com/profile/18257802768718375656noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-17655362065828706202012-09-04T20:55:24.018-04:002012-09-04T20:55:24.018-04:00Any opinions as to whether Mac users are in danger...Any opinions as to whether Mac users are in danger from this thing? I'm turning off Java as soon as I can get my mouse working again, just to be on the safe side.B322https://www.blogger.com/profile/18257802768718375656noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-6593966727811306192012-09-04T20:26:49.065-04:002012-09-04T20:26:49.065-04:00Erin, that's actually not a bad topic for a po...Erin, that's actually not a bad topic for a post, but I'm pretty slammed right now. Rebooting is the right thing to do right away.Borepatchhttps://www.blogger.com/profile/05029434172945099693noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-53130834211008381332012-09-04T20:00:05.180-04:002012-09-04T20:00:05.180-04:00-Downloaded ComboFix
-Installed ComboFix
-Turned o...-Downloaded ComboFix<br />-Installed ComboFix<br />-Turned off Avast (forgot malwareBytes)<br />-Ran ComboFix_after restarting came back as one bit of maleware to be deleted<br /><br />-FireFox, IE, Avast and everything else I tried to open had an error mssg saying a node was scheduled for deletion and do I want to delete this app?<br /><br />-Restored to sometime last month and everything is back to normal.KurtPhttps://www.blogger.com/profile/12205267944616413162noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-43962812863741187432012-09-04T19:03:37.374-04:002012-09-04T19:03:37.374-04:00Correction: the SOB will refuse to run in compati...Correction: the SOB will refuse to run in compatibility mode.Rick Cnoreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-78795054861166457142012-09-04T19:02:36.427-04:002012-09-04T19:02:36.427-04:00BTW, ComboFix will NOT run under Windows 8 because...BTW, ComboFix will NOT run under Windows 8 because they did stupid version-checking. ("sorry, we don't support windows 2000 any longer.") You must use compatibility mode to lie to it and let it think it's running Windows 7.Rick Cnoreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-60253947964543848802012-09-04T18:10:08.650-04:002012-09-04T18:10:08.650-04:00Oh bleh, I've not run into this one yet. Does...Oh bleh, I've not run into this one yet. Does anyone know if Malwarebytes will spot this one? <br /><br /><br />....I knew there was a reason why I didn't get a degree in IT....but somehow everyone asks me to fix the damn things anyway.....Ruthhttps://www.blogger.com/profile/11924993310937754220noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-14949106385341319462012-09-04T17:47:18.721-04:002012-09-04T17:47:18.721-04:00sort the processes by page faults
I have no idea ...<i>sort the processes by page faults</i><br /><br />I have no idea what these words mean. Erin Palettehttps://www.blogger.com/profile/09984632637166408245noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-90004681822906501502012-09-04T17:38:51.638-04:002012-09-04T17:38:51.638-04:00Erin, good that you didn't get a lock up. I w...Erin, good that you didn't get a lock up. I would re-enable your antivirus and reboot. If it's still running like this, fire up the task manager (ctrl-alt-del, select Task Manager) and sort the processes by page faults. That will show which process is grinding your disk.<br /><br />Jake, I did an update with a link to why you shouldn't bank from your phone.Borepatchhttps://www.blogger.com/profile/05029434172945099693noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-6090889609695478732012-09-04T16:42:40.273-04:002012-09-04T16:42:40.273-04:00A couple of questions, from one who is geeky but n...A couple of questions, from one who is geeky but not IT-level geeky. :)<br /><br />1) <i>"Turn Java OFF in Firefox."</i> Does this include JavaScript? I know they are different-but-related-somehow, but does JavaScript create the same vulnerabilities?<br /><br />2) <i>"Do not EVER do online banking from your smart phone."</i> On this I have to plead ignorance - what's the reasoning? (If you've covered it before, I've missed it.)Jake (formerly Riposte3)https://www.blogger.com/profile/02976718318892210404noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-9571100968144781322012-09-04T16:28:22.190-04:002012-09-04T16:28:22.190-04:00OK, on your recommendation I disabled my antivirus...OK, on your recommendation I disabled my antivirus and ran the program. <br /><br />Good news: Didn't lock up. <br /><br />Indifferent news: Now I have a report I don't understand. <br /><br />Bad news: Computer is now running noticeably slower, with much thrashing of hard drive. <br /><br />Now what?Erin Palettehttps://www.blogger.com/profile/09984632637166408245noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-87208976403064724242012-09-04T15:51:01.069-04:002012-09-04T15:51:01.069-04:00Off topic but...
http://nky.cincinnati.com/article...Off topic but...<br />http://nky.cincinnati.com/article/AB/20120903/NEWS010703/309030021/Verona-man-92-shoots-robber-home?odyssey=tab%7Ctopnews%7Ctext%7CFRONTPAGE<br />Good shot for an old man.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-81925366642344418252012-09-04T15:46:44.076-04:002012-09-04T15:46:44.076-04:00We're going to tell our grandkids all about th...We're going to tell our grandkids all about the amazing things we did with computers and they are going to call us crazy old coots because computers can no longer be connected to anything.Angus McThaghttps://www.blogger.com/profile/09295013525738248801noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-89956767679522431822012-09-04T15:16:44.007-04:002012-09-04T15:16:44.007-04:00Erin, Combofox has a reputation as being above boa...Erin, Combofox has a reputation as being above boards. It's not simple to use, but it's not malware.<br /><br />Chiefjaybob, sorry, but I just don't think it can be secured.Borepatchhttps://www.blogger.com/profile/05029434172945099693noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-3528038674620758702012-09-04T14:55:25.560-04:002012-09-04T14:55:25.560-04:00Damn you, Borepatch. Damn you. The ONLY reason I b...Damn you, Borepatch. Damn you. The ONLY reason I bought a smart phone was to make deposits. chiefjaybobnoreply@blogger.com