Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How can i detect a backdoor exploit or FUD (Fully undetecable virus)?


  • Please log in to reply
4 replies to this topic

#1 Jay226

Jay226

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 05 October 2011 - 04:02 PM

Hello their,

Got a bit of a complicated question to ask,the other day i was playing around testing out how kaspersky internet security 2011 and malwarebytes pro stood up to malicious websites and stuff like that mostly becuase i was curiouse because i never done anything like that before,but some of the websites i tryed out were known for backdoor exploits but to my surprise kaspersky nor malwarebytes tryed to stop me going to these sites at all nor did they show any pop up messages warning me about the sites i was going on so this has left me a bit concerned for my security i have run scans with kaspersky, malwarebytes,kaspersky's TDSS killer,GMER and SUPERanti-spyware and they have found nothing at all.

But the sites i went to returned a 404 error message saying the page could not be displayed is it possible that i still could of been infected? Because the same thing happend on another site but then Malwarebytes blocked it even tho it retunred an error message. And before anyone says it yes i know i should of been doing this in a virtual machine so it is my own fault if i have been infected.

But my computer hasnt shown any really strange behaviour and i think all my processes are normal but im not sure as i didnt check them before i did it (stupid yes i know) maybe someone could take a look at them for me?. But today i had a pop-up message from zonealarm asking to allow a programe associated with kaspersky called avp.exe to connect to the internet which i thourght was odd coz its never asked for it before and i've used Kaspersky for years so i denyied it from connecting to the internet then i had a pop up from windows saying "windows defender has been turned off" and another one saying "kaspersky internet security has been tunred off" but when i went to check it was till on and then about a minute later it said protection was enabled again so why would that of happend?

So what i want to know is whats the best way of detecting a backdoor exploit or what programmes can i use to scan for one? Also im running Windows 7 home premium 64bit and it's all up to date with patches and stuff. If you want me to i can put up a Hijack this report in the other forum section.

Here is a list of all the security applications i have if it helps

Kaspersky Internet Security 2011
Malwarebytes Anti Malware PRO (Trail version)
SUPERanti-spyware (Free edition)
Zonealarm Firewall PRO
GMER
Kaspersky TDSS killer

I cant help but feel this could be FUD virus for some reason and if it is how do you remove them if there FUD?

Thanks in advance

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 AM

Posted 10 October 2011 - 12:05 PM

Mod Bump
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jay226

Jay226
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 11 October 2011 - 11:41 AM

Whats that?

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 12 October 2011 - 07:01 AM

But the sites i went to returned a 404 error message saying the page could not be displayed is it possible that i still could of been infected?

Yes, you can still get infected, because many sites return a real page that contains a 404 error message. Technically: the web server serves a page with HTTP status 200, the HTML of the server page contains texts that displays a 404 message.
If such a page contains malware, it can try to infect your machine.

So what i want to know is whats the best way of detecting a backdoor exploit or what programmes can i use to scan for one?

There is no 100% guaranteed way to do this. But I recommend you scan your machine with one or more AV Live CDs. Quietman7 has posted a list of such free CDs from AV vendors before:

Avira AntiVir Rescue System - Tutorial for Avira Rescue CD.
Dr.Web LiveCD - User Manual
F-Secure Rescue CD - Rescue CD 3.01 released
Video: How to Remove Malware with F-Secure Rescue CD
BitDefender LiveCD - Index of /rescue_cd
Kaspersky RescueDisk - download RescueDisk
Panda SafeCD

Take a look here for the links: http://www.bleepingcomputer.com/forums/topic390003.html/page__p__2200922#entry2200922

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Jay226

Jay226
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 17 October 2011 - 11:57 AM

Thank's for your reply didier,ill download some of those rescue cd's and scan with them it's bound to pick up something if there is anything there! Also thank you for pointing out that i can still get infected just from a web page returning a 404 error message it's good to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users