Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Questions and misconceptions about security


  • Please log in to reply
53 replies to this topic

#1 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 18 September 2014 - 03:49 PM

For ages I have had some beliefs about how to keep a computer secure (some of which might be wrong hence the misconceptions of the title) and also some questions about that matter. Two lists, one of "i think but don't know" and one of "bleep i haven't a clue". If anyone can answer with certainty any one, or more of the questions or confirm/deny one of the beliefs then your advice is appreciated. These are primarily in reference to windows 8 computers(such as stuff about taskbars) but similar stuff applies to other types. Some of them are pretty specific to my situation, others are more general and could apply to anyone. It's a long list and i don't expect any one person to answer many of the questions(or confirm/deny many of the beliefs), or expect all of them answered very soon but this list is more or less all the questions/beliefs about security that i have ever had. Some of them might be close to exact repeats of each other, there are subtle differences between what I am asking in those which seem very similar.

Beliefs/Misconceptions:

1)It is safe to leave programs un-updated IF they do NOT ever go online (things like GIMP, blender, paint, vlc(?),CCleaner, 7 zip, speccy,printer drivers and software) 

2)Seeing any change, even minor, to the appearance of something on a computer is often a symptom of infection.

3)A new entry under the "processes" tab of task manager is often a symptom of infection

4)An infection can't be running if it has nothing in task manager, ofcourse one could copy the name of something legit like explorer.exe or svchost.exe but any infection that is active must be on the list somewhere even if it's identity is disguised.

5)An image file (jpg,png,gif,jpeg,bmp) cannot be a virus, a virus could try and pretend to be an image but such trickery would be revealed by making sure the user can see the full extension (and therefore notice it is actually sneakyimage.png.exe )

6)As a probability if you do have any virus aany given scaner is more likley NOT to see the virus than it is too detect it

7)An un-updated internet using program that is never run, but is still installed (like internet explorer), is not a security risk provided the user never uses it.

8)There is no single sign that always proves if a machine is infected or clean, without false positives/false negatives.

9)Even a small slowing of a computer system without a clear cause is probably a symptom of infection.

10)When saving a REALLY BIG file seeing a very short(momentary, blink and one misses it) duration whiting out of some parts of the screen is perfectly normal.

11)When browsing the web if a user sees a pop-up somewhere and the pop-up contains any mention of software the computer has been infected by the pop-up.

12) When browsing the web in the time it takes to see a "the page at ... says..." prompt appear in chrome that page (if the prompt talks of software,updates,plugins,special treats,fun content, "please don't leave") the computer has already been infected.

13)Even without opening the browser the mere act of connecting a computer to the internet (such as when an antivirus installer wants a connection so it can get itself up to date on definitions before installation) can and likely will cause the machine to be infected.

14)Running "noscript" is enough to protect  a computer from drive-bys(but it isn't practical at all times because it stops most pages from working).

15)Many. many viruses can evade detection by even multiple different scanners

16)If a downloaded file of any type passes a scan with an antivirus then unless it is an exe (or one of those other program file types, .bat .com .scr ) it cannot be a virus

17)If you are infected with something and you plug in a backup cd-rw or usb stick (even just to read content and not write anything to it) then the backup device will be itself infected.

18) Sudden semi-momentary disappearance of icons in the taskbar when installing a program, updating a program is NOT a sing of infection.

19)Any exe file executing out of C:\Users\(user name)\AppData or one of the subfolders in there is malicious.

20)Computer crashes and freezes that happen when there is not a memory/processor intensive program running are probably symptoms of infection.

21)Most virus spread by exploits/drive-bys and do not need any user interaction to install themselves into a victim machine.

22)Opening a spam email with gmail cannot infect you, but opening it's attachments or downloading them probably would infect you.

23)Most infections happen happen despite the victim machine being fully up-to-date and running an antivirus.

 

Questions:

1)If a virus gets into a file (lets say a video file but the same with all other file types) but the file still opens correctly is there a way to remove the virus from the file and restore the original file that the virus managed to infect? (this is a scenario where a video is on a pc  and then later the pc is infected, the video is backed up before the user knows that it or the machine is infected, the user keeps using the machine whilst infected, he doesn't know he is infected yet, and the video still plays. Then he discovers the infection and somehow removes it and cleans up the machine, destroying most of his files in the process. Then he copies the backup onto the newly cleaned machine (lets say it was in the cloud so that any infections are in the video not in the medium holding the video). Since he knows this video worked even while infected can he remove the infection from the video to get his file back?) 

2)A USB device which is infected is inserted into a computer which does NOT have autorun enabled but does do the thing where upon plugging in a usb it hasn't seen before a small "device setup" thing flashes on the taskbar, would the computer be infected by this? No files have been copied over yet.

3)Can a file show the digital signature of a reputable company and be an infection (i don't mean junk like the asktoolbar which is made by a semi-repuatable company, i mean virus "authors"(author implies talent, i prefer the terms "virus spreading thug" or "virus making scumbag") faking a digital signature)?

4)If an antivirus program itself( or windows itself) has been compromised by a virus how could the antivirus( or windows) ever know?

5)Are there particular folders where ALL viruses must execute out of one of these particular folders?

6)Could a virus exist whereby it fakes all the features normally expected on a windows computer, so a user will think they are running their normal computer and it will look and identically to before but infact everything they are interacting with is just a "skin" created by the virus to cover what it is doing deep inside the system?

7)If a zip or 7z or rar archive is password protected can any antivirus scanner see inside to tell whether there is an infection somewhere in it?

8)Combined together is AVG free antivirus, Malwarebytes free scanner, eset online scanner, rkill, securitycheck, minitoolbox, kaspersky virus removal tool,FSS,adwcleaner and malwarebytes anit-rootkit free enough to stand a good chance of detectig most viruses, or preventing them entirely?

9)Can those of us without gpedit.msc (the standard edition of windows 8 doesn't have it)prevent exe files from running out of particular folders? Or prevent new exe files running at all?

10)Is it a bad sign that when scanning the "spycar"   http://www.testmypcsecurity.com/securitytests/spycar_suite.html    virus test zip archive AVG only finds 12 or so of the 18 "viruses" that the archive contains?

11) Is there any reliable way to protect against drive-bys and  exploit kits?

12)Could a virus run without the need for any exe file?

13)When downloading a file in chrome is it normal for a "green bar" to move left to right across the icon (a green bar of this sort in windows 8 seems to mean a program is "doing something" Blender does it for example when it is rendering) on the taskbar BEFORE the user has actually accepted (as in chosen a location to save) the download or does seeing this bar before accepting mean that some other file (a drive-by) has been downloaded before the user chose where to save the real file?

14)When scanning with AVG and i see long lists of locked files it could not scan are they a normal thing or are they something to worry about, some sort of secret breeding ground for a virus to hide in?

15)Can a CD-rw be infected, i'm not talking about a file on it being infected in a way that would infect any machine opening that particular file, i'm talking about the CD-rw itself being infected such that merely plugging it in and looking at the list of files on it (or writing something to it) would infect the computer?

16)How good a protection does UAC (the thing that pops up asking for permission when i run something like security check, malwarebytes, windows task manager or the installer for a new program) actually offer, or can most viruses circumvent it entirely?

17)For the security of online accounts, is it possible that one which uses 2 step verification might get hacked or would the only way for an attacker to get in be to get our password AND steal your phone?

18)Is there any way to make backups that can be "absolutely,stake one's life on it,not a chance of otherwise " guaranteed not to let be infected and not to "take an infection along for the short ride into the backup"?

19) Is there any way to fully separate browsers from the rest of the system so that drive-bys become impossible, the only possible threat being from files the user deliberately downloads and runs? 

20)Could malware be spread by a video DVD, as in one from a video shop with a movie or TV series on it?

21)How common is it for flash-drives to have malware preinstalled on them by the manufacturers, especially in regard to those bought online?

22)Why are computer systems(and web browsers) not designed with a ground rule in the programming of "don't do anything without user authorization"? this would crush all viruses into a nasty little note from history.

23)Is it common for computers to have malware (not just bloatware) preinstalled upon them when first bought?

24)Can any phone with internet browsing capability get infected with malware or only the more advanced smart phones?

25)Is there any way to protect and backup data in such a way that it could never be lost, not even to the most sneaky of viruses and ransomware, in anything below the level of a planetary scale mass extinction level disaster?

 

 

I apologize for this but i also have a couple of other questions that are not security related but someone might see them and be able to answer them.

1)Is it normal to hear a whirring, buzzing, very high pitched hiss from a computer, getting louder when doing something memory/processor intensive like 3d modelling?

2)If(/when) i am at some point forced to update to windows 8.1 will anybody volunteer to help me to get 4 "programs" (two are programs, 1 is a plugin to a program, one is a batch script) working? i managed to make them function when i moved from windows xp to windows 8 but don't know how lucky i will be the second time around. Should i ever need this service from some skilled person on here i can provide all the programs within a zip archive, exactly what i used to install them onto windows 8. 

3)Is there an easy way to tell beforehand if hardware components are beginning to die (no false positives or false negatives)

4)Why is the world so obsessed with fancy looking, big picture tile, interfaces which have almost no true functionality in them (metro mode of windows 8, every touch screen device and bbc iplayer i am looking at you)? (i had to lighten the mood a little).

 

 

As i said if you can answer ANY ONE of those your help is appreciated, answer more and that's even better.

Thanks

If it weren't for this site preventing users editing their own posts after a certain amount of time then i would go back to this post and turn a question blue when i thought it answered (or a belief green or red when confirmed or denied).

 

Update: the beliefs have more or less all been confirmed or denied by now, yellow indicating the truth is more complex than either straight true or false. the questions section is still largely unanswered(although some of them regard similar matters to entries in the beliefs section), the other questions section has not been answered at all.


Edited by rp88, 19 September 2014 - 02:42 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:04:22 AM

Posted 18 September 2014 - 04:10 PM

 

Why are computer systems not designed with a ground rule in the programming of "don't do anything without user authorization"?

On Linux that's called root. Heck I can't even do a system update without entering the root password. My Music, Documents Photos folders are also protected in this way you need to enter a password to add anything to them, Without a password they are read only. USB stick's also get the same treatment.

 

 

Running "noscript" is enough to protect  a computer from drive-bys(but it isn't practical at all times because it stops most pages from working).

I run No Script, It's all about how you configure it. My whitelisted sites work just fine, As for sites I have never been too,  NoScript blocks stuff, Well yes that's its job.


Edited by NickAu1, 18 September 2014 - 04:16 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 18 September 2014 - 05:26 PM

Ok, thanks. So Linux is based on an architecture with a foundation of "don't do unless users says yes" but windows isn't, one still wonders why such a critical idea wasn't put into windows from the start.

 

 

With Noscript, do you mean it is enough to protect from all types of drive-by when at it's highest "paranoia plus"(no offence to anyone with that remark, being cautious is a good thing) setting? The problem is with sites like youtube you need to allow the video content but not the ads, or with amazon you need the logging in to work, but the ads to be stopped. Aren't the ads often using the same objects/scripts as the rest of the site. Doesn't allowing even one thing on the page then open the metaphorical flood gates and let all the content including drive-bys make it's way to your computer.

 

Thanks for (almost completely) answering two of my long list.


Edited by rp88, 18 September 2014 - 05:27 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:04:22 AM

Posted 18 September 2014 - 05:46 PM

 

With Noscript, do you mean it is enough to protect from all types of drive-by when at it's highest "paranoia plus"

No. And nothing is 100%.

 

 

The problem is with sites like youtube you need to allow the video content but not the ads, or with amazon you need the logging in to work, but the ads to be stopped.

This is why you need to configure it, I know its a pain, However you allow just enough so that the site is usable.

 

Also  try addblock plus and the popup blocker.

Adblock Plus - Surf the web without annoying ads!

 

Adblock Plus Pop-up Addon :: Add-ons for Firefox

 

You might like to read this. NoScript Configuration Guide

 

 

 

Ok, thanks. So Linux is based on an architecture with a foundation of "don't do unless users says yes"

 

Oh yes.

 

 

 

Discouraging users from running as root is one of the reason why Ubuntu uses sudo instead of su. By default, the root password is locked on Ubuntu, so average users can’t log in as root without going out of their way to re-enable the root account.

HTG Explains: Why You Shouldn't Log Into Your Linux ...


Edited by NickAu1, 18 September 2014 - 05:49 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#5 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:01:22 PM

Posted 18 September 2014 - 05:56 PM

1)It is safe to leave programs un-updated IF they do NOT ever go online (things like GIMP, blender, paint, vlc(?),CCleaner, 7 zip, speccy,printer drivers and software)

 
No. Even though that program doesn't go online, if a malware writer found a vulnerability in the program, they could use the program to go online (or just do other malicious things like install other malware). Imagine that I found out GIMP has a vulnerability with opening PSD files--If I enter some code in a PSD file, it will execute the code and install malware on your system. This happened with mp3 files once, where an infected mp3 player (that doesn't go online) got hijacked and would execute malicious code in an mp3 file. No source for that but you can always try Google.
 
 
 

2)Seeing any change, even minor, to the appearance of something on a computer is often a symptom of infection.

 
Your use of the word "often" is what makes this inaccurate. I don't think anyone can quantify how often a "change" is an infection. Here's a good BC article explaining "just because your computer is running differently doesn't mean it's definitely infected": http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/
 
 
 

3)A new entry under the "processes" tab of task manager is often a symptom of infection

 
Again, you can't just assume that it's probably an infection. You have to research the process (or ask someone experienced to help).
 
 
 

4)An infection can't be running if it has nothing in task manager, ofcourse one could copy the name of something legit like explorer.exe or svchost.exe but any infection that is active must be on the list somewhere even if it's identity is disguised.

 
This is the definition of a rootkit. It's a type of malware that actually "hijacks" the process list to hide it's process/es. Your second statement is true though.
 
 
 

5)An image file (jpg,png,gif,jpeg,bmp) cannot be a virus, a virus could try and pretend to be an image but such trickery would be revealed by making sure the user can see the full extension (and therefore notice it is actually sneakyimage.png.exe )

 
This goes back to the mp3 virus I mentioned earlier. Any file can have malicious code in it. But that code has to be executed. A normal mp3 player app will NOT execute any code in an mp3 file. You would have to have a malicious mp3 player app to execute the code. In a way you are correct, an image file can't execute itself to perform malicious activities. A (malicious) program has to execute the file.
 
 
 

6)As a probability if you do have any virus aany given scaner is more likley NOT to see the virus than it is too detect it

 
I'm not sure I understand. I believe you are saying that if you are infected with malware, a malware scanner is less likely to detect malware. This just depends on the type of infection. A nasty rootkit or other "strong" infection could prevent a scanner from detecting it. So I would say that your statement is true to an extent, a malware scanner is less likely to perform properly if you are already infected. But that doesn't mean malware scanner aren't useful, just a random statistic.
 
 
 

7)An un-updated internet using program that is never run, but is still installed (like internet explorer), is not a security risk provided the user never uses it.

 
What if you download some malware that exploits a vulnerability in Internet Explorer to send out spam? If you had updated Internet Explorer, that malware you downloaded wouldn't be able to carry out it's payload. So that is a misconception.
 
 
 

8)There is no single sign that always proves if a machine is infected or clean, without false positives/false negatives.

 
Well, not necessarily. If you start seeing unwanted popups, you know you have some form of adware, even if you chose to install it. But for the most part your logic is correct.
 
 
 

9)Even a small slowing of a computer system without a clear cause is probably a symptom of infection.

 
This contradicts the previous question. There is no guaranteed sign of an infection.
 
 
 

10)When saving a REALLY BIG file seeing a very short(momentary, blink and one misses it) duration whiting out of some parts of the screen is perfectly normal.

 
Anytime you are overloading a system, strange things can happen, which may or not be a sign of infection. Again, no guaranteed symptoms.
 
 
 

11)When browsing the web if a user sees a pop-up somewhere and the pop-up contains any mention of software the computer has been infected by the pop-up.

 
Not always true. If I go to a site that has popup ads and the ad is for a different product, that doesn't mean I'm infected with that product in the popup. It just means that the site I'm on uses popup ads, and they advertise that other product. Now, if you see popups on sites that normally do not have popups, like Google, that is a sign of an infection.
 
 
 

12) When browsing the web in the time it takes to see a "the page at ... says..." prompt appear in chrome that page (if the prompt talks of software,updates,plugins,special treats,fun content, "please don't leave") the computer has already been infected.

 
Not true. Some websites are programmed to display popup alerts in Chrome to warn you before leaving the website. This is normal behavior, and many legitimate sites use this feature to warn users who are closing a page like a blog post that hasn't been posted yet.
 
 
 

13)Even without opening the browser the mere act of connecting a computer to the internet (such as when an antivirus installer wants a connection so it can get itself up to date on definitions before installation) can and likely will cause the machine to be infected.

 
If you connect your computer directly to your modem, and no firewall is setup, then you could get infected. Eventually. Maybe. Most people are not connecting directly to modems anymore, they connect to a router which 99.9% of the time is setup by default to prevent unsolicited outside connections from reaching your computer (unless your computer requests the connection). This is a combination of NAT and the basic firewall rules almost every router comes with by default.
 
 
 

14)Running "noscript" is enough to protect  a computer from drive-bys(but it isn't practical at all times because it stops most pages from working).

 
"Drive-bys" is a pretty generic terms. Noscript protects you from a specific list of attacks, it does not protect from all possible attacks. Security is all about layers, you don't want to rely on any one layer to fully protect your system. It's a great layer to have but don't rely on it to fully protect you from browser attacks.
 
 
 

15)Many. many viruses can evade detection by even multiple different scanners

 
Yes. There is no scanner/combination of scanners that will detect every piece of malware.
 
 
 

16)If a downloaded file of any type passes a scan with an antivirus then unless it is an exe (or one of those other program file types, .bat .com .scr ) it cannot be a virus

 
Antivirus scanners scan a file by checking their database to see if they have any record of the file. If it's a brand new piece of malware the scanner might not have it in it's database yet, and will say it is clean. But I think you're going back to a previous question about image files etc. not being able to be infected. Any file can be infected, but the malicious code has to be executed by a program that will allow it to happen. An mp3 can be infected with malicious code, but you need a program that executes the code for it to work. This could either be a malicious/hijacked mp3 player or a mp3 player with a vulnerability. Which is why you always keep software updated!
 
 
 

17)If you are infected with something and you plug in a backup cd-rw or usb stick (even just to read content and not write anything to it) then the backup device will be itself infected.

 
That depends on the type of infection. If the malware is programmed to infect removable media it will. It won't do anything it isn't programmed to do. The correct statement would be the device CAN be infected.
 
 
 

18) Sudden semi-momentary disappearance of icons in the taskbar when installing a program, updating a program is NOT a sing of infection.

 
There are no guaranteed signs of infections. It may be, it may not. The idea is to learn when to suspect an infection and when to assume it was just a random bug. You have to build up a better understanding of Windows to be able to make judgement calls like that.
 
 
 

19)Any exe file executing out of C:\Users\(user name)\AppData or one of the subfolders in there is malicious.

 
Nope. You need to realize that you can't just make assumptions without researching what the file is and where it came from.
 
 
 

20)Computer crashes and freezes that happen when there is not a memory/processor intensive program running are probably symptoms of infection.

 
Don't make assumptions. Maybe the hard drive is dying? There are so many possible "legitimate" issues that can cause a system to act funny. You have to learn to troubleshoot a problem before making any assumptions.
 
 
 

21)Most virus spread by exploits/drive-bys and do not need any user interaction to install themselves into a victim machine.

 
All you or I can say is our experience or guesses. Only statistics could prove if that is true or not. The important point to remember is that there are infections that don't need user interaction. It doesn't matter what the ratio is.
 
 
 

22)Opening a spam email with gmail cannot infect you, but opening it's attachments or downloading them probably would infect you.

 
99% of the time this is true. But what if you accidentally logged into a fake gmail imposter site? Or a malicious browser extension runs whenever you open an email? Generally speaking it is always safe to open/read an email. It's the attachments or links that contain the malware.
 
 
 

23)Most infections happen happen despite the victim machine being fully up-to-date and running an antivirus.

 
Same answer as question 21.

 
I'll try and get to the other list/s tomorrow.

 
Disclaimer: I am not (yet) a member of the Bleeping Computer Malware Removal Team. Therefore none of my comments represent the views of the Malware Response Team, and are just my personal opinions.
 
Although if anyone disagrees with any of my comments feel free to let me know, I'd like to know if anyone has more experience on a certain topic!


Edited by kokomodrums, 18 September 2014 - 05:58 PM.

-- Matt


#6 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 18 September 2014 - 06:07 PM

NickAU1, Thanks. The first of your posts is annoying, but it's better to know the facts than think oneself invincible. I do use adblock plus alongside it in firefox, do both those extensions/plugins exist for google chrome aswell or not? I can call those two questions answered now.

 

Kokomodrums, 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 18 September 2014 - 06:31 PM

1) to be vulnerable to this attack i would have to download a particular exploit file you gave me? If I don't open downloaded files with the program i am safe with it though? It would be useful to know if there is a database somewhere that i can put the names and version numbers of such programs into and then see if any vulnerabilities exist in the versions i have.

 

2) Thanks but that link is more about slow computers than ones which have had a change if appearance and behaviour. I'm sorry for using that imprecise word "often", i can see the problems it causes when trying to decide the truth of the statement.

 

3) How can researching the process be done, what info does one need about a process to work out if it is legit or not? The sites that come up when i type a process name into google are usually unreliable rubbish pages which list all kinds of process names and have the same stock text every time to encourage one to buy a spammy product that the site is selling. The presence of such junk at the top of the search makes it difficult to find good info on whether a process is supposed to be running or not.

 

4)Thanks for verifying, i never realised a rootkit meant a virus masquerading as a legit process. I'm glad to know a virus must run under some name even if the name is disguised.

 

5)Regarding this you mean that for an image to infect you you either need the program that opens the image to have a severe vulnerability in it OR you have, in the past, been tricked into running some scam of an image editor/viewer and the malware thug is now giving out an image that will let him take advantage of the deliberately compromised software he has put on your system?

 

6)Sorry for bad phrasing, i wasn't trying to say scanning was useless procedure, i was trying to say for any given antivirus you use there is a more than 50% chance that even if you are infected it will report "clean". So just using one scanner isn't hugely reliable. With that rephrasing can you asses the accuracy of the statement? I do get the point you make about being infected making it harder for the scanner to do it's work.

 

7)How could the vulnerability be exploited if you don't use internet explorer? If IE doesn't get opened surely nothing can get at it's vulnerabilities to exploit them?

 

8)Thanks, it's an ugly truth but it's better to know it.

 

9)stupid me.

 

10)I don't know if i "overload" the system but i certainly us it more intensively sometimes than the average user would. If such behaviour to is to be expected in those cases it gives me one less thing to feel paranoid about.

 

11)I meant this specifically in regard to: when a pop-up opens how likely is it that the pop up was a drive-by executing it's payload and infecting you there and then? I know seeing pop-ups where they aren't usually indicates an infection has got onto your machine, in this question I'm talking about the moment it gets on, not the later symptoms though.

 

12)I know it can be legit, this is perhaps the only forum i've ever found which doesn't have it, what i mean is when the message the page wants to give says something like "please don't leave i have a special gift for you" or "your java plugin  is out of date RECOMMENDED UPDATE FOR FREE!!!"(i don't have java or it's plugin) or other such suspicious messages do they signal you have JUST BEEN infected or that the page wants you to stay or follow it's fake update so it CAN GET you infected?

 

13)I didn't fully understand that because throughout my life i've only known two ways of connecting: one is to plug a mobile broadband dongle into a USB port, the other is to plug an ethernet cable into a "telephone like" wall socket which i assume goes into a main relay inside my block of flats before heading out into the wider internet.

 

14)That's already been answered and you seem to be saying the same thing. By "drive-by" i refer to any type of attack which involves an automatic download of malware onto your machine without requiring any user interaction, any attack where the act of visiting a page is enough to infect a user rather than attacks that need a user to deliberately download and run a file.

 

15)that is depressing and concerning, good to know.

 

16)I sort of was going back but generalising over all files except exe (and other program type things). Your answers to the image file question have told me that anything can be an attack if the program which you open the file with is vulnerable, I dread to think how many times historically i have assumed a file safe because it is called so by the antivirus and because it isn't an exe.

 

Do antivirus scanners usually detect specially crafted images/audio/video which are deigned to attack vulnerabilities in the viewer/player? The answer to this also brings me to ask a new question: if an image/audio/video/pdf/3d model file/txt file   has been opened before and didn't give me an infection could it when opened at a later date (lets say i opened a file straight after scanning several years ago when i downloaded it first, and it didn't give me a virus back then, could the same file do so now?)?

 

17) What proportion of malware IS programmed to put itself onto USB, CD-RW and other removable devices?Is it common (especially with ransomware)?

 

18)It's these sort of matters that annoy me, this is the sort of thing i see from time to time and i'm not sure if it is something worrying or normal.

 

19)Thanks for the info.

 

20)More of these things like number 18 and numbers 2,3,9 and 10. I wish there were an easy way to know what these little things meant.

 

21)Yes i agree in some ways that question was a bit pointless, the mare fact that such attacks exist is terrifying, i was just wondering if they were VERY common.

 

22)I thought so, i do check the URL before login so the only way i can imagine an imposter site tricking me is if i'm already infected with something to make the imposter site appear where the real one should.

 

23)I can see that is similar.

 

what about the two lower sections of my first post (the "questions section" and the "other stuff" section).

Thanks to your help kokomodrums i can now say that the only questions/beliefs yet to answer/confirm/deny are 

the "questions" section

the "other questions"

and in the beliefs section 1, 3, 5, 6, 7, 11, 12,13, 16, 17 and 20 have some little bits left unanswered and some new questions raised by your answers.

 

Thanks


Edited by rp88, 18 September 2014 - 07:02 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:01:22 PM

Posted 18 September 2014 - 08:08 PM

1) to be vulnerable to this attack i would have to download a particular exploit file you gave me? If I don't open downloaded files with the program i am safe with it though? It would be useful to know if there is a database somewhere that i can put the names and version numbers of such programs into and then see if any vulnerabilities exist in the versions i have.

 
Not necessarily, another program on your computer could exploit the vulnerability. It's just general practice to keep your software updated. That doesn't necessarily mean you have to upgrade to a newer version of the program (like going from Adobe Reader X to Adobe Reader XI), it just means you are getting security updates for the program still. Once a program/particular version is unsupported and no longer provides security updates, it's time to find another program (or upgrade).
 
For the last part, that's why it's best to just keep everything updated. You don't need to worry about every possible vulnerability (unless you're a security researcher I suppose).
 
 
 

3) How can researching the process be done, what info does one need about a process to work out if it is legit or not? The sites that come up when i type a process name into google are usually unreliable rubbish pages which list all kinds of process names and have the same stock text every time to encourage one to buy a spammy product that the site is selling. The presence of such junk at the top of the search makes it difficult to find good info on whether a process is supposed to be running or not.

 
There are a few legitimate sites that you can search the process on. BC has it's own page for this: http://www.bleepingcomputer.com/startups/. Another good site is System Lookup: http://www.systemlookup.com/. You can also upload the file to a site like Virus Total (https://www.virustotal.com/) which will scan the file against dozens of different AV programs and will let you know if any detect it as malicious. Some are false positives of course, so you have to use your judgement as well.
 
 
 

4)Thanks for verifying, i never realised a rootkit meant a virus masquerading as a legit process. I'm glad to know a virus must run under some name even if the name is disguised.

 
That's not actually what a rootkit does. You will not see the rootkit's process. The process is completely hidden from you. There are infections that can hide their processes.
 
 
 

5)Regarding this you mean that for an image to infect you you either need the program that opens the image to have a severe vulnerability in it OR you have, in the past, been tricked into running some scam of an image editor/viewer and the malware thug is now giving out an image that will let him take advantage of the deliberately compromised software he has put on your system?

 
Yes. Once you understand the general concept that malware must be executed, and the different ways code can be executed on Windows, you'll be able to figure most scenarios.
 
 
 

6)Sorry for bad phrasing, i wasn't trying to say scanning was useless procedure, i was trying to say for any given antivirus you use there is a more than 50% chance that even if you are infected it will report "clean". So just using one scanner isn't hugely reliable. With that rephrasing can you asses the accuracy of the statement? I do get the point you make about being infected making it harder for the scanner to do it's work.

 
I would avoid using statistics like "50% chance", as you have no data to back that up. It all depends on the type of infection and the quality of the scanner. There are too many variables involved to make a claim other than your last sentence. But your second statement is correct, using one scanner isn't as reliable as using multiple.
 
 
 

7)How could the vulnerability be exploited if you don't use internet explorer? If IE doesn't get opened surely nothing can get at it's vulnerabilities to exploit them?

 
The malicious process opens Internet Explorer in the background and uses it to connect to the internet. Besides, there are quite a few programs that actually use IE in the background to connect to the internet legitimately.
 
 
 

9)stupid me.

 
Smart you. Smart for trying to learn :)
 
 
 

11)I meant this specifically in regard to: when a pop-up opens how likely is it that the pop up was a drive-by executing it's payload and infecting you there and then? I know seeing pop-ups where they aren't usually indicates an infection has got onto your machine, in this question I'm talking about the moment it gets on, not the later symptoms though.

 
Again, you are trying to get statistics. It's not about how often, it's about prevention, identification, troubleshooting etc. I think you are worrying too much about the statistics. Yes it can happen. Does it happen every time? No. How often does it happen? Sometimes. All that matters is that it can happen, and knowing how to prevent it or fix it.
 
 
 

12)I know it can be legit, this is perhaps the only forum i've ever found which doesn't have it, what i mean is when the message the page wants to give says something like "please don't leave i have a special gift for you" or "your java plugin  is out of date RECOMMENDED UPDATE FOR FREE!!!"(i don't have java or it's plugin) or other such suspicious messages do they signal you have JUST BEEN infected or that the page wants you to stay or follow it's fake update so it CAN GET you infected?

 
What you're describing sounds like a normal browser alert, not a sign of infection. Can you still be infected if you see that alert? Yes. Every time? No. Sometimes? Yes. Lol you have to quit thinking that every situation is going to be the same every time, or even most of the time. It's just part of being an educated computer user, knowing how to avoid suspicious websites and identifying legitimate messages from scams.
 
 
 

13)I didn't fully understand that because throughout my life i've only known two ways of connecting: one is to plug a mobile broadband dongle into a USB port, the other is to plug an ethernet cable into a "telephone like" wall socket which i assume goes into a main relay inside my block of flats before heading out into the wider internet.

 
If the mobile broadband you're referring to is something like a cellular data connection, that IS a direct connection to the internet. Even then, Windows has a built in firewall on by default blocking unsolicited incoming connections. It's unlikely to be compromised by an unsolicited internet attack unless you purposefully open up your system.
 
The second scenario you mention does sound like you would connect to a router at some point, but either way it's essential to have some sort of firewall running between you and the internet. Windows firewall is enough for basic protection against unsolicited attacks.
 
 
 

15)that is depressing and concerning, good to know.

 
The good news is that every piece of malware has an objective, and even if you can't detect the process, you will be able to detect the symptoms. What would be the point of an infection if it didn't DO anything? If it tries to connect to the internet, you can monitor your network traffic. If it tries to modify system files, things start acting funny. The nature of malware is that eventually it will get noticed by someone.
 
 
 

Do antivirus scanners usually detect specially crafted images/audio/video which are deigned to attack vulnerabilities in the viewer/player? The answer to this also brings me to ask a new question: if an image/audio/video/pdf/3d model file/txt file   has been opened before and didn't give me an infection could it when opened at a later date (lets say i opened a file straight after scanning several years ago when i downloaded it first, and it didn't give me a virus back then, could the same file do so now?)?

 
An antivirus would probably not be able to detect a random infected mp3, as there are billions of unique mp3 files, all with a different "digital signature", and their database just couldn't possibly know every possible combination. Again, you just have to understand that some program must execute the malicious code. If you don't have any malicious software to execute the code in the file, it is safe. Most likely, if the file has malicious code injected, it won't even work properly, as the file has been altered and therefore corrupted.
 
 
 

17) What proportion of malware IS programmed to put itself onto USB, CD-RW and other removable devices?Is it common (especially with ransomware)?

 
Again, you're focusing too hard on statistics. I'm sure there are statistics out there, but how would it benefit you to know them? The important thing to remember is that it can happen, and to remember to check removable devices if you suspect and infection.
 
 
 

18)It's these sort of matters that annoy me, this is the sort of thing i see from time to time and i'm not sure if it is something worrying or normal.

 
Generally speaking, if you only notice something funny one time, and don't see that same thing happen again, it was probably just a glitch. However, even if you see it all the time, it might not be an infection. Google is your friend, the best way to learn is to ask!
 
 
 

20)More of these things like number 18 and numbers 2,3,9 and 10. I wish there were an easy way to know what these little things meant.

 
There is a way. Lots of practice haha.  :thumbup2:
 
I'll try to get to your other lists sometime soon, my head hurts from computer screen overdose...
 
And you're welcome! I actually learn a lot from helping others, it's actually one of the reasons I choose to help out on this site. Dealing with real world scenarios broadens your outlook, so I really do enjoy working through your thought processes/scenarios.

Edited by kokomodrums, 18 September 2014 - 08:10 PM.

-- Matt


#9 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:04:22 AM

Posted 18 September 2014 - 08:20 PM

 

, do both those extensions/plugins exist for google chrome aswell or not?

Adblock Plus - Chrome Web Store

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 September 2014 - 08:46 PM

Hello,
 

4)An infection can't be running if it has nothing in task manager, ofcourse one could copy the name of something legit like explorer.exe or svchost.exe but any infection that is active must be on the list somewhere even if it's identity is disguised.

It's important to remember that an infection can inject its payload into a legitimate process. This is different to an infection copying the name of a legitimate file.


Posted Image

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 19 September 2014 - 08:38 AM

It's important to remember that an infection can inject its payload into a legitimate process. This is different to an infection copying the name of a legitimate file.

Very true and polymorphic file infectors are among the worst types of infection since file deletion is not a viable option as doing so often removes system files which are used in the bootup process of a computer. Further there is no guarantee infected files can be successfully repaired or the infection can be completely removed.

Another possibility is that a file could actually be an executable containing malicious code disguised as some other file. This is designed to trick users into opening a file type which can execute malicious code without the victim knowing. This can be done using double file extensions...adding an executable extension (.exe, .pif, .com, .vbs, etc) to the end of a file such as anyfile.jpg.exe so that it appears to be a jpg file. In some cases, you may not see the double extension because file extensions are hidden by default in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the file with extra spaces before the ".exe" extension such as shown here (click Figure 1 to enlarge). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 19 September 2014 - 09:59 AM

quietman7, ever since i learnt about false extensions (infact probably since before then) i have set windows to show the full extensions on all files (though when i run tfc(temp file cleaner form this site) it sets back to default and i have to reset to showing the extensions, weird that). Figure one shows something very sneaky, most people, myself included would assume the file name ended at gif because there is no reason to expect the scr extension so far to the right, if your column showing file names was narrow you wouldn't see it at all. Thanks for warning me that such a trick with spaces can be used. With your mention of "polymorphics" can antivirus scanners detect these or are they different for every victim they infect and therefore not recognisable to the av. 

 

NickAu1, to check if i run those two in chrome they won't interfere with gmail and anything else i need to log into as long as i set them up right? Actually preferable to that would be setting up chrome as if it were two programs. one with those extensions for most browsing, one without incase they interfere with particular sites that i know can be trusted. I only have one user account set up on this computer and i don't log into chrome when i open it (for keeping my accounts secure i only log into them when i check my emails i don't leave them "connected" to my machine). Can i almost have two different chromes (both the same really but one with extensions and one without) running on my computer without needing to log into chrome with my google account and without needing to set up another user on this pc?

 

Kokomodrums, quite true "the best way to learn something is to try and teach it". I do it myself from time to time, and helping people is strangely addictive.

 

1, that looks answered, i'll just make sure to check my programs for updates on a more frequent basis (not all of them can do it automatically), though most programs(sketchup.blender,gimp,CCleaner,vlc,firefox) do a full version update rather than updating in little bits. 

 

3, thanks for the links.

 

4, ok, i must have misinterpreted your previous answer. So it turns out that although all viruses need to run an exe file in some cases they can make that exe file not show up in task manager.

 

5,thanks

 

6,thanks

 

7, I have never seen internet explorer appear on my task manager process list unless i have it open

 

9, now i don't feel so bad about saying that.

 

11 and 12, yes i can see how stats aren't really much practical use here, merely info on what IS POSSIBLE. It can just be hard to work out when to suspect such things are due to infections and when they are just someone trying to infect you but failing because you are not foolish enough to accept their "offer".

 

13, I always have windows' firewall turned on, i just don't really know that much about routers.

 

15, that makes sense. If malware did nothing it wouldn't be malware. But what about lying in wait for long periods of nothing before trying something?

 

16, can't an antivirus scan the hypothetical mp3 file and look into it's code to see if any recognised ines of code are in there which are known to be lnes for exploits. rather than the antivirus comparing a hash of the whole file with known hashes for already made infected mp3 file couldn't it search through the code in the mp3. A user can search code, though not understand it, by opening such a file in notepad, can't an antivirus scan the code in a similar way for lines which are designed to perform some exploit? The other thing to think of here is files containing malicious code that DO work, malicious code specifically designed to make the mp3/video/pdf/image/other file type look like it is working while the malicious stuff happens unseen, can that sort of file exist?

 

17, sorry for asking a statistical question.

 

18, sometimes glitches are hard to describe in a way that google will be able to find relevant answers to. "green bar scrolling across chrome taskbar icon before download accepted" probably won't bring any relevant results, nor would "very sudden grey flash in right hand corner of screen accompanied by two UAC style bleeps".

 

20, practise, ouch, ouch, ouch. 

 

Thanks for the help

i'm in no rush here for answers, i just want them at some point.


Edited by rp88, 19 September 2014 - 10:10 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:01:22 PM

Posted 19 September 2014 - 11:35 AM

7, I have never seen internet explorer appear on my task manager process list unless i have it open


Do you watch your process list 24x7? Just because you've never seen it doesn't mean it doesn't happen here and there. Also, maybe none of the programs on your computer utilize IE. Your personal experience isn't enough to make factual statements about every other system.
 

15, that makes sense. If malware did nothing it wouldn't be malware. But what about lying in wait for long periods of nothing before trying something?


It's possible, but probably unlikely. The longer a malware is on a system the higher the chances that it gets detected by AV etc.
 

16, can't an antivirus scan the hypothetical mp3 file and look into it's code to see if any recognised ines of code are in there which are known to be lnes for exploits. rather than the antivirus comparing a hash of the whole file with known hashes for already made infected mp3 file couldn't it search through the code in the mp3. A user can search code, though not understand it, by opening such a file in notepad, can't an antivirus scan the code in a similar way for lines which are designed to perform some exploit? The other thing to think of here is files containing malicious code that DO work, malicious code specifically designed to make the mp3/video/pdf/image/other file type look like it is working while the malicious stuff happens unseen, can that sort of file exist?


I don't know of any antivirus scanner that has the ability to analyze the binary data of 100s of different filetypes, with all different types of compression, types of compiling, etc. You're basically asking why an antivirus scanner can't reverse engineer every file when it scans. Even if it could, it would take an exponentially longer time to scan an entire system.

Generally if you start modifying the binary data of a file, it's going to stop working. It may still work somewhat, but it won't function 100%. An mp3 will skip or have odd sections of noise, same with a video file. An image will be visually distorted etc. And that's only if you can figure out a way to add unrelated data to the file and the file still opens at all. I can't say for sure, but it seems highly unlikely that you could purposefully "corrupt" a file by adding malicious code, and the file still works. It's the same thing as a corrupted file essentially.

Also, again, the file has to be executed by a program that will allow the code (that shouldn't be there) in the file to be executed. This could be either a vulnerability in a legit program or a malicious program designed to do such a thing.
 

18, sometimes glitches are hard to describe in a way that google will be able to find relevant answers to. "green bar scrolling across chrome taskbar icon before download accepted" probably won't bring any relevant results, nor would "very sudden grey flash in right hand corner of screen accompanied by two UAC style bleeps".


Learning how to describe problems more accurately and more specifically is an acquired talent. You really have to know how the program works, what "lingo" the program uses, etc. Your two examples are too wordy. Besides, if you can't find an answer on google, you can always post to a forum or even try and contact tech support for that program.

Edited by kokomodrums, 19 September 2014 - 11:37 AM.

-- Matt


#14 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 19 September 2014 - 01:03 PM

Thanks for your tips kokomodrums. They seem to make sense, with number 7, no i don't watch it 24/7 but in the numerous times i've opened it i've never seen internet explorer's entry on the list, other computers of course i cannot comment on. Number 16 makes sense now you explain it like that, i had always assumed a piece of code could just be tossed into a file, not that doing so would automatically change everything else about the file. If it is a matter of reverse engineering being needed to generate a working file after a code has been slipped in i can see how hard that would be, i know that there are some mathematical operations and algorithms that are really easy to do forwards but working out an entry to correspond to a chosen output is nearly impossible.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 19 September 2014 - 01:49 PM

quietman7... With your mention of "polymorphics" can antivirus scanners detect these or are they different for every victim they infect and therefore not recognisable to the av.

Although most anti-virus software will detect file infectors, many anti-virus vendors have admitted that file infectors cannot properly be disinfected by their products.

File infectors are not on the top of their popularity nowadays (there’s not a wide variety of them ITW, but the few active – such as Sality or Virut – are difficult to defeat). One reason is the frequency of their updates and the complexity of their polymorphism, another reason is the fact, that these viruses are not perfectly tuned. If the file infector should be successful (and transparent to the normal system behavior), it simply should not produce corrupted files (the process crashes will quickly point out what’s going on). I will show you some examples of bugs in file infectors (below in this article). The problem is that these bugs often make the infected binaries uncurable...

avast: Buggy file infectors

...You can see some tools claiming they’re able to clean even the most complex infections, but believe me, there’s no guarantee to restore the system to its original state. A cleaned file (in my opinion) means a file that has no malicious functionality and does not contain any (even inactive) traces of the infection. My daily practice offers me many files cleaned from the Virut infection with some 3rd party tools, but they still contain significant parts of the infection and are thus detected by our engine....

avast: File infectors – part 2

...it is quite interesting to look at modern day polymorphic viruses and whether their propensity to junk files is wholly by accident or whether there is the occassional element of intent involved...a mass infection that leaves behind a large number of irreparably corrupt files can still be very damaging. Some members of the Virut/Vetor family will randomly choose not to leave an infection marker after infection. This leaves the way open to multiple infections (more headaches for anti virus companies) but also increases the chances that the end file will be corrupt...

Sophos: To Junk Or Not To Junk

...In many cases, files cannot simply be deleted as this would affect the stability or even basic functionality of the operating system and other software. Instead, the infected host program must be disinfected by removing the virus code from it and by carefully restoring the original contents and file structure if possible. This means detection and removal are still an issue for antivirus software....

Avira: Cleaning polymorphic infected files

...for infected users we have to offer no hope - fdisk - format and re-install is the only solution open to them...

avast: a file infector and why we cannot give false hope!

...it injects its code into running processes...The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files...unfortunately, some infections are corrupted beyond repair.

McAfee: polymorphic infector

The suggestions in this article are not intended to 100% guarantee removal of all threats...The file infector employs a technique to make sure its corrupted .DLL format will replace the targeted extensions found within the system. When the computer is rebooted it incidentally boots the infected file and continues its advancement throughout the system...

Norton (Symantec): File infector

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files...it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. Undetected, corrupted files (possibly still containing part of the viral code) can also be found. This is caused by incorrectly written and non-function viral code present in these files.

AVG: polymorphic infector

...you can try via rescue cd, or slave mounted hard drive. but there's no guarantee that some files won't get corrupted through the disinfection process.

Kaspersky: file infector
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users