Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SOME scanners won't update


  • Please log in to reply
8 replies to this topic

#1 LePatriote

LePatriote

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 23 June 2015 - 07:37 AM

Howdy all,

 

Got a strange one for you, I wouldn't bother you all if I could find out more about this kind of scenario.  Anyhow, we'll gloss over the fact that a machine important to a store was completely unsecured.  Not so much as MSSE was installed which is how this predictably was hit by Cryptowall and possibly a second type of ransomware AT THE SAME TIME.  This system is a Windows 7 Pro x64 box with SP1.  I was instructed to try to salvage the installation because apparently the cash drawer software is a PITA to reconfigure.  It now appears clean after running what I could, MBAM, EEK, Panda Cloud, MBAR, TDSSK, even Combofix.  This thing is behaving strangely.  Almost like the proxy server setting is set in Internet Options yet that box has been untouched.  Certain on-demand scanners fail to download definitions and indeed entire websites fail to load such as download.bitdefender.com.  I have repaired the installation of Windows with NO CHANGE to this behavior.  A thought just occurred, I may try older NIC drivers as I have seen new ones through WU bork things.  Anyhow, where would you guys look?

 

Thank you in advance!!

 

Update- Got it resolved, all negative behavior appears to have been cleared by Hitman Pro!!  The machine is being taken back to get the registers working again.  Then I will pitch the idea of backup imaging :D :D

 

Also of note: I believe this system was hit by both CryptoWall AND CTB-Locker!  The HELP_DECRYPT files were everywhere but then files had random extension subfixes!  Good thing the documents were not as important as the store software that doesn't have databases to encrypt.

 

Thanks to all who read my blathering!


Edited by LePatriote, 24 June 2015 - 07:05 AM.
Moved from Win 7 to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 dudeage

dudeage

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 June 2015 - 08:13 AM

The manufacturer's website is a good place to go for starters....I'm assuming this is an OEM machine if it's in a store? 



#3 LePatriote

LePatriote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 23 June 2015 - 08:30 AM

Good idea, it is an older OptiPlex 380 from Dell.  Mainly at a service shop, one that is just nuts about Dell to a fault.  This happens to be our firm's owner's WIFE's store computer.  I thought he cared about his wife more LOL.  I am dumbfounded at how many businesses raw dog it or use half-assed solutions.



#4 dudeage

dudeage

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 June 2015 - 08:42 AM

Good idea, it is an older OptiPlex 380 from Dell.  Mainly at a service shop, one that is just nuts about Dell to a fault.  This happens to be our firm's owner's WIFE's store computer.  I thought he cared about his wife more LOL.  I am dumbfounded at how many businesses raw dog it or use half-assed solutions.

 

LOL!!!  If it's an older PC, that explains it.  A lot of times those manufacturers will behave similar to Microsoft and just stop supporting the machines with driver updates at a certain point, just like Microsoft does with their OSs. 

 

Yeah, it's the nature of drivers.  It's rare, but sometimes new drivers will fudge up a machine - hence why MS includes a "rollback drivers" option with device manager. 

 

The Dell support website is support.dell.com.  If you can't find it there, then call Dell's tech support or better I believe they have a chat function on the aforementioned website now.  Driver libraries can be intimidating depending on the amount of drivers, especially when you're looking for older ones. 

 

If you want to look good to your bosses, suggest they start a procedure or get backup software to backup their precious cash drawer software (and any other data on that PC) if it's that important to them.  From my experience the average lifecycle of a PC is 4 years, although business machines are usually built to last longer even then like every piece of electronics there's always an expiry date on it. 


Edited by dudeage, 23 June 2015 - 08:43 AM.


#5 LePatriote

LePatriote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 23 June 2015 - 02:05 PM

All good ideas!  Yes, I learned by an encryption mishap (meaning "lost keys to really important data") that backups are essential.  I could have had the dang store software reinstalled by now but to give it my blessing for being clean, it is taking a lot of time.  I tried the Dell drivers and Broadcom drivers with no difference.  Tried flushing DNS, ran Hitman Pro which found a single executable that it marked suspicious.  Just now I believe Hitman Pro seems to have gotten it outta there.  Everything is updating fine now.  This is as clean as it's going to get methinks.  One last remnant, whatever is trying to run this produces this error and I just need to remove the reference:

 

Oh6Boyz.jpg

 

(edit- it was a Dell Protection program whose EXE I renamed during troubleshooting)


Edited by LePatriote, 23 June 2015 - 02:26 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 PM

Posted 23 June 2015 - 03:45 PM

The widespread emergence of crypto malware (ransomware) has brought attention to the importance of backing up all data on a regular basis. The only reliable way to effectively protect your data and limit the loss with this type of infection is user education and to have an effective backup strategy.

Backing up data is among the most important maintenance tasks that should be performed on a regular basis, yet it's one of the most neglected areas.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 dudeage

dudeage

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 June 2015 - 04:49 PM

The widespread emergence of crypto malware (ransomware) has brought attention to the importance of backing up all data on a regular basis. The only reliable way to effectively protect your data and limit the loss with this type of infection is user education and to have an effective backup strategy.

Backing up data is among the most important maintenance tasks that should be performed on a regular basis, yet it's one of the most neglected areas.

 

100% correct - and many companies who want to save money and nickel and dime their equipment won't spend the extra money until they have a problem and it's too late. 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 PM

Posted 23 June 2015 - 04:54 PM

And then they send their IT folks here looking for a magical fix.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 LePatriote

LePatriote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 23 June 2015 - 05:27 PM

And then they send their IT folks here looking for a magical fix.

Hence my position :(

 

Backup
  1. Nobody wants backup, everybody wants restore.
  2. To restore, you need a backup.
  3. Have a backup.
  4. RAID is not a backup.
  5. There's more to save than just the files.
  6. Devices need backup too.
  7. Even expensive hardware can fail catastrophically.
  8. Do not hit the enter key before thinking about it.
  9. Consistent against corruption.
  10. Secure from disasters.
  11. Protected from prying eyes.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users