Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to Intentionally Infect My PC for Practice with Removal


  • Please log in to reply
11 replies to this topic

#1 jpfulton248

jpfulton248

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 18 November 2010 - 09:52 AM

First let me say that I understand if this topic is either in the wrong forum or against the TOS of the site. I understand if it is removed but this is a legitimate request.

TLDR... summary at the bottom

I do work on computers and within the last few years more and more of the work I do is with spyware/virus removal. For a couple years my tactic was simply to backup, format, reinstall, restore backup. This is time consuming and challenging to say the least... especially when working with customers that have little knowledge of computers and therefore can't tell me what to backup and get confused when the desktop is a different color.

Since then I have become a huge proponent of scanning and removing spyware and viruses rather than wipe and reinstall. I've become somewhat familiar with combofix and other quality programs but I have to rely on others in order to be confident that the job is complete and that I don't screw anything up.

Summary:
I want more practice with virus removal using combofix and the like. Does anyone have tips on how to infect one of my computers with various viruses for learning purposes?

Thanks in advance

Pete

BC AdBot (Login to Remove)

 


#2 irekkin

irekkin

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 18 November 2010 - 10:23 AM

just go to face book and hang out awhile and you'll get all the practice you want.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 18 November 2010 - 11:13 AM

Warez and crack sites are a good source and should only be used from a virtual machine. That's the best information and most specific information we can provide.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jpfulton248

jpfulton248
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 18 November 2010 - 11:17 AM

When you say virtual machine do you mean something like VMWare or Parallels? I do have multiple computers so can easily devote one for virus infection and removal purposes.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 18 November 2010 - 11:30 AM

I would use VMWare or Sandboxie.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jpfulton248

jpfulton248
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 18 November 2010 - 12:01 PM

Cool. Thanks.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:09 AM

Posted 18 November 2010 - 02:42 PM

How to get Malware/Virus/Trojans on your Home Windows computer

Also read and do the opposite of everything I say in How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.

If you want to infect your computer in order to test your security programs, there are safer alternatives. Take a look at the EICAR Anti-Virus test file. For a demonstration of the how the EICAR test file works, please refer to this instructional video

Edited by quietman7, 18 November 2010 - 02:47 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 20 November 2010 - 04:48 AM

I want more practice with virus removal using combofix and the like. Does anyone have tips on how to infect one of my computers with various viruses for learning purposes


You will need to practice on real machines, not virtual machines. Many malwares detect they are running inside a virtual machine, and change their behavior accordingly.
Once infected, never connect your machine to a network, not even directly to the Internet. You don't want your practice machine to start spreading malware on the Internet.

You're talking about customers, so I assume you're getting paid to do this. Why don't you offer a free service, this way, you'll get more infected machines to practice with?

boopme is correct, crack and keygen sites are full of malware.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 20 November 2010 - 04:57 AM

For a couple years my tactic was simply to backup, format, reinstall, restore backup.


Maybe you don't realize it, but you already have malware in your possession. Before you reinstall, scan the drives with an AV configured to quarantine malware. Recover the detected malware from the quarantine. Then use it to infect your practice machine.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 jpfulton248

jpfulton248
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 20 November 2010 - 09:09 AM

you already have malware in your possession


Next time I have an infected computer I will grab files from its quarantine. I haven't had an infected machine in my possession since deciding to infect one of my computers but that is a good point. I'll be sure to do that next time.

Why don't you offer a free service, this way, you'll get more infected machines to practice with?


Clever tip. I like that. Unfortunately I've got a full time job, a part-time job, night classes and a girlfriend to pack in. Increasing my load is not really advisable... or you can deal with my girlfriend. Right now I just take the occasional new referral and otherwise do work for customers that I've done work for over the past 8 years. And don't get me wrong, I usually am able to eradicate a virus on my own so it's not that I am not offering a service that isn't competitively priced, timely and effective. The thing that really piqued my interested is combofix and the fact that it says everywhere not to use it on your own. Only use with guidance. I thought to myself... I want to be a person that knows how to use it. Then I thought... I have an extra computer or two I can screw up, I'll install a fresh XP then get it infected and see if I can successfully get into using combofix without screwing anything up.

Thank you for the suggestions. If, god forbid, I am out of work at some point and looking for work the "free virus removal" idea is probably a great way to build a customer base.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:09 AM

Posted 20 November 2010 - 10:30 AM

The thing that really piqued my interested is combofix and the fact that it says everywhere not to use it on your own. Only use with guidance.

There is a reason for that. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

I want to be a person that knows how to use it.

There is little for you to learn by using the tool on your own. ComboFix is capable of doing much more than simply running it and allowing the tool to perform its standard routines. However, that information is only available in private forum areas for trained experts or those about to complete training in malware removal. Learning how to use DDS, RSIT, HijackThis, or advanced tools like ComboFix and GMER is conducted at various online Unite Schools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 jpfulton248

jpfulton248
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 20 November 2010 - 11:56 AM

Ahhh... the secret wealth of knowledge is revealed. That's basically what I've been looking for. Interesting and good to know. I'll read into it. Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users