Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

REQ: URL sources for TDSS, Google Redirecter etc.


  • Please log in to reply
3 replies to this topic

#1 Inphekted

Inphekted

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 12 January 2012 - 08:02 PM

I got hit badly the other day. No idea what "bad" URL I had had hit and I can't see myself having clicked anything that typical users might (ie. OK/YES buttons.) I'd like to try and replicate what happened in a VM. I've gone through several blacklists but not been infected yet. Probably best to NOT post them here, in PM would be appreciated though... any know and up sites specifically with rootkit variants.

Thanks!

Edited by Orange Blossom, 13 January 2012 - 09:51 PM.
Moved to AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 lti

lti

  • Members
  • 583 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 12 January 2012 - 10:40 PM

If you didn't reinstall Windows on the infected computer, look in the browser's history.

#3 Inphekted

Inphekted
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 13 January 2012 - 07:19 PM

Whatever tools I used to disinfect cleared the history as well and/or I did that myself while troubleshooting. Thx tho.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 AM

Posted 14 January 2012 - 11:43 AM

One of the primary goals of Bleeping Computer is to assist victims of infection with removal and to prevent the spread of malicious programs, not encourage them. Therefore, we will not provide links to malware or malicious sites where infections have been contracted and spread. Others reading this topic may use the information for nefarious purposes or an unwitting novice user may accidentally click a link and end up infecting their computer.

For those and other obvious reasons, we are not going to provide specific information in a public forum and by policy, we don't provide assistance via PM. However, you can perform a Google search on "how to infect your computer on purpose" which will provide information such as this article.

You can also read this topic which explains the most common ways malware is contracted and identifies the types of sites where you can easily get infected by not following the advice provided to protect yourself.

If your intention is to infect a VM for the purposes of testing, be aware that not all malware will work in that environment. Malware writers have been able to create malicious files which can detect if it is running in a VM. When that detection is made, the malware is able to change its behavior by not running any malicious code which can infect the operating system. This is a deliberate technique to make analysis/detection more difficult for security researchers who use VMs to study infections in order to understand the methodology used and find disinfection solutions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users