Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Mugshot Gallery Of Malware Please.


  • Please log in to reply
14 replies to this topic

#1 fleamailman

fleamailman

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 27 August 2006 - 07:22 AM

"Victim sees his computer has malware, victim posts a hjt log, hjt log reader points out bad entries, victim removes bad entries, computer is clean, victim goes away, hjt log reader moves onto next log." is I believe more or less the situation at the moment at most malware removal sites.

This site already has one of the most wonderful lists of startup enties I have ever seen at a malware forum. The tuts are impressive and the hjt log readers really know their stuff. What I would like, and already it is part there between many sites, is a comprihensive mugshot galary of those malwares visible on the screen, not for the HJT log reader but for the gereral public that wants to know for themselves and show others, "yes, that is winfixer, that is RPC, etc.", why, because malware is like a large flock of birds where they hide in their numbers, whereas in fact some birds are common, some rare, some easy to kill, some not. The malware makers get away with it partly because of this then: the victims ignorance remains, this chance is missed.

This site would become the first on the Internet to have it, if a victim has some new malware up on the screen the first thing he will do is googling it from what he can make out from what he sees on the screen"ah, there is a little red icon on the task bar", or "there is a new toolbar" and because word of mouth will put the link ever up, the victim will be to come here and find out what he is looking at "ah, it says spyfalcon, lets see if Bleeping computer's mugshots list has it", then he may post a log like before or it may just say below the photo "can be removed with spybot, or add/remove programs" depending.

Anyway, I am an old hand but new here so rather than just put this up in comments and suggestions, I thought I would air it out here to see how others felt about the idea of a mugshot galary.

Last point, yes I understand that there is a lot of malware that has no visible trace on the screen, for those people the present way is still there.

Sorry about my inablity to post clearer and spell correctly, and it does not matter if this idea is dead in the water but I would like to know why.
everyday is a gift

BC AdBot (Login to Remove)

 


#2 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:08:20 AM

Posted 28 August 2006 - 07:33 PM

Hello, fleamailman:
I think we already have what you are looking for here.
JC

#3 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 17 September 2006 - 05:26 AM

Hi, sorry for my late reply here, I did not know that I was receiving no notifications but I have changed the settings now and stumbled on this reply today. It was not my being lazy or rude then, am I a zealot.

back to subject. No, that is exactly what I mean, that link goes by name, one has to open the link to find the mugshot, all I am suggesting is to also have a thread of thumbnail size pictures like a mugshot gallery, the picture expands to the big picture on the right page(linked to it then), agreed most are self evident but then some are less so. I promise that it would make victims feel much more comfortable and far more likely to come here rather than do the wrong thing which I hope you will agree of just looking up the name in goggle or being unsure so they think "well, I don't want to open up all these links on this thread so lets just do the HJT thing"

Honestly, it wouldn't be difficult and you would be the only place on the Internet where that mugshot gallery exists, and think of how it would cut the number of easy HJT log posters(no sorry probably my wishful thinking there)

Anyway hope this idea takes off as I think this site is really good at spreading the message.

Edited by fleamailman, 17 September 2006 - 05:29 AM.

everyday is a gift

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:20 PM

Posted 17 September 2006 - 02:00 PM

I can see the validity in what you are saying and yes i think it would be a good idea.
But.... more often than not peoples logs contain more than one type of malware etc.
A lot of it doesn't show on their screens, so i think they could be led into a false sense of security in thinking they only have what they can see.
Does this make sense?
The Hjt log is still the only real way of really dealing with an infected computer.
The experts can see and detect things that a normal user would normally not see.

BBPP6nz.png


#5 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 18 September 2006 - 05:11 AM

Starbuck, thanks, somehow I am not getting notification even though I am subscribed to this thread. The reason for the link given above in the first reply is I believe to help those posters who do not wish to wait to have the HJT log done but to remove the problem themselves, if in the case the malware persisted then nuturally the poster would go on to do the HJT log, but the idea of a malware mugshot gallery is not just that I will see if I can put the idea and reason clearer then.

1) victim gets infected by something on the screen, wants to find out quickly which malware it is(avoiding those long worded dyscriptions)
2) member would be able to see which infections he has and hasn't had and what they look like(general interest).
3) only place on the Internet where this gallery exists.
4) doesn't take much effort on the site's part to make this mugshot gallery
5) since each photo is either linked to its removal thread, it saves poster effort.
6) if there is no given removal thread, then a link to the canned HJT download and explanation could be linked.
7) it is just like those big posters of mushroom and toadstools one see in school, very educative I believe.

Anyway, I hope this idea meets with your approval as I really am a fan of this site, hope you don't think me a pest here then. Sorry about my English too.

Edited by fleamailman, 18 September 2006 - 05:15 AM.

everyday is a gift

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:20 AM

Posted 29 September 2006 - 01:52 PM

Interesting concept....problem is going to be finding all of these images. The problem is that the vast majority of malware does not have an image associated with it other than popups. The popups can be the same between many malware. Not sure how to approach this where it becomes feasible.

#7 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 29 September 2006 - 02:46 PM

Griner, total agreement there, but then again a lot of them do(show up on the screen), and a lot of them are so much easier to see than explain(photo above) and as I see you already have most of the visible ones in your tutorials by name it is only a small step to thumbnail them then.

The worse thing I notice about the present system is that the victim goes onto the Internet to search by word whereas I believe that through word of mouth, they will come here because they only have to look at a butch of photos, which when double clicked go to your tutorial and removal tool or, if there is not removal tool, directly links to your HJT removal thread, and the poster then says its spyaxe with certainty. Ball in your court then, I am passing this idea around so will not take it a miss if you are not the first site to adopt it, I just would like the victims to have somewhere on the internet that is clearly visible to them at their level.

btw and away from the above, I really appriciate the effort and the good work that has made BC one of the best malware removal sites going.

Edited by fleamailman, 29 September 2006 - 03:45 PM.

everyday is a gift

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:20 AM

Posted 29 September 2006 - 03:36 PM

Ok i will play around. What is that Useful links image?

#9 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 29 September 2006 - 03:50 PM

Ok, I will remove that photo, but I explain at the same time, I have that malware removed by a forum with fixwareout, I then asked the remover what the malware, and either he was honest and said he didn't know or he knew but wouldn't tell me. I am grateful but at the same time narked, and now I won't give up until I find out what exactly I had. Childish I know but where on the Internet can one find out, espically when it is not longer there. But then the rest of the idea hit me and I wondered how many victims actually know what they had or felt like me then. Anyway, I will stop here because there is nothing more I can say, and perhaps I have said too much.

Edited by fleamailman, 29 September 2006 - 03:57 PM.

everyday is a gift

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:20 AM

Posted 29 September 2006 - 04:16 PM

What is it exactly you want to know about wareout?

#11 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 29 September 2006 - 04:37 PM

I will sleep better if you just tell me that there is only one type of wareout and this was it, that is all. I won't worry next time.
everyday is a gift

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:20 AM

Posted 29 September 2006 - 04:43 PM

I guess I am a bit confused with what you want to know. There is a wareout that uses a rootkit to hide itself. To remove it we use Lonny's Fixwareout tool.

#13 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 29 September 2006 - 05:07 PM

Grinier, I think you have cleared it for me, the photo I posted was wareout was it not, the rest I can look up in the best databank on the Internet, yours. Thanks for helping me like this, now I must go back to following the posts, great site, hope one day to become a credit to it too.
everyday is a gift

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:20 AM

Posted 01 October 2006 - 10:38 PM

I am not sure if that was a wareout infection. I personally never played with that one. Can you post the image again and I will ask someone who knows better to take alook?

#15 fleamailman

fleamailman
  • Topic Starter

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:02:20 PM

Posted 02 October 2006 - 05:34 AM

Thanks, if am grateful, here is the photo http://i92.photobucket.com/albums/l18/flea...testmalware.jpg


Would you like the the old(sloved hjt log) how do I add a wordpad attatchment to the post? or I could just cut/paste it.

Edited by fleamailman, 02 October 2006 - 05:50 AM.

everyday is a gift




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users