Page 1 of 2 12 LastLast
Results 1 to 16 of 21

Thread: Just got Infected

  1. #1
    Pork & Beans Powerup Phage's Avatar
    Join Date
    May 2009
    Location
    Kent
    Posts
    6,108
    Thanks
    1,531
    Thanked
    581 times in 497 posts
    • Phage's system
      • Motherboard:
      • Asus Crosshair VI
      • CPU:
      • 1700x @ 3.9
      • Memory:
      • 16Gb Corsair LPX
      • Storage:
      • Samsung 960 512Gb + 2Tb Seagate SSHD
      • Graphics card(s):
      • EVGA 1080ti
      • PSU:
      • BeQuiet 850w
      • Case:
      • Fractal R4
      • Operating System:
      • W10 64
      • Monitor(s):
      • Agon Gsync

    Just got Infected

    With this Trojan.

    https://www.theregister.co.uk/2017/0...ner_downloads/

    Avast didn't pick it up at all, but Malwarebytes did.
    What's the current thinking on free AV ? Do I have to bite the bullet and pay ?

    If so, recommendations gratefully received.
    Society's to blame,
    Or possibly Atari.

  2. #2
    Studmuffin Flibb's Avatar
    Join Date
    Jul 2003
    Location
    Kent
    Posts
    4,904
    Thanks
    31
    Thanked
    324 times in 277 posts
    • Flibb's system
      • Motherboard:
      • Gigabyte GA-970A-UD3
      • CPU:
      • AMD FX-6300
      • Memory:
      • 16GB Crucial Ballistix DDR3 PC3-12800
      • Storage:
      • Samsung SSD 840 EVO 250G
      • Graphics card(s):
      • 3GB MSI Radeon HD 7950 Twin Frozr
      • PSU:
      • FSP
      • Operating System:
      • Win7 64bit
      • Monitor(s):
      • Deffl TFT thing

    Re: Just got Infected

    Some bank accounts offer free AV, think Barclays give free McAfee

    Sent from my SM-G950F using Tapatalk

  3. #3
    Pork & Beans Powerup Phage's Avatar
    Join Date
    May 2009
    Location
    Kent
    Posts
    6,108
    Thanks
    1,531
    Thanked
    581 times in 497 posts
    • Phage's system
      • Motherboard:
      • Asus Crosshair VI
      • CPU:
      • 1700x @ 3.9
      • Memory:
      • 16Gb Corsair LPX
      • Storage:
      • Samsung 960 512Gb + 2Tb Seagate SSHD
      • Graphics card(s):
      • EVGA 1080ti
      • PSU:
      • BeQuiet 850w
      • Case:
      • Fractal R4
      • Operating System:
      • W10 64
      • Monitor(s):
      • Agon Gsync

    Re: Just got Infected

    Good call. I'll check.
    (Lloyds btw)

    EDIT: Apparently not.
    Society's to blame,
    Or possibly Atari.

  4. #4
    Senior Member
    Join Date
    Jan 2009
    Posts
    272
    Thanks
    15
    Thanked
    15 times in 11 posts

    Re: Just got Infected

    This may not be too helpful (sorry) but many of the big AV names give very sizeable discounts over the Black Friday / Monday period coming up soon. But, lasts a year, do same again the next year.

    In the meantime there there a many good free alternatives. If you google Free AV reviews there will be a lot of information on the best ones.

  5. Received thanks from:

    Phage (19-09-2017)

  6. #5
    Senior Member
    Join Date
    Aug 2013
    Location
    North Wales
    Posts
    1,724
    Thanks
    159
    Thanked
    248 times in 183 posts
    • virtuo's system
      • Motherboard:
      • Asus GRYPHON Z87
      • CPU:
      • i7 4790K @4.8Ghz Corsair H100i GTX
      • Memory:
      • 32Gb G.Skill TridentX 2400 @ CAS9
      • Storage:
      • Samsung 840 EVO 120Gb + Many, many HDs
      • Graphics card(s):
      • EVGA 980Ti FTW
      • PSU:
      • EVGA Supernova G2 750W
      • Case:
      • be quiet! Dark Base Pro 900 (Orange)
      • Operating System:
      • Win10, Fedora
      • Monitor(s):
      • 2x Dell U2515H 1440p DELL U3415W Ultrawide for Work
      • Internet:
      • PlusNet Unlimited 80Mb

    Re: Just got Infected

    Can we ask what you were doing when you picked it up? I find the free AVs are good enough, especially combined with some common sense/best practice when browsing/downloading.

  7. #6
    Pork & Beans Powerup Phage's Avatar
    Join Date
    May 2009
    Location
    Kent
    Posts
    6,108
    Thanks
    1,531
    Thanked
    581 times in 497 posts
    • Phage's system
      • Motherboard:
      • Asus Crosshair VI
      • CPU:
      • 1700x @ 3.9
      • Memory:
      • 16Gb Corsair LPX
      • Storage:
      • Samsung 960 512Gb + 2Tb Seagate SSHD
      • Graphics card(s):
      • EVGA 1080ti
      • PSU:
      • BeQuiet 850w
      • Case:
      • Fractal R4
      • Operating System:
      • W10 64
      • Monitor(s):
      • Agon Gsync

    Re: Just got Infected

    It's in the article I linked to above. Essentially a software provider (now owned by Avast !) was compromised and it's servers dished out infected updates.
    Quite similar to the Ukrainian attack recently.
    Society's to blame,
    Or possibly Atari.

  8. #7
    Senior Member Jonj1611's Avatar
    Join Date
    Jun 2008
    Posts
    3,440
    Thanks
    836
    Thanked
    364 times in 302 posts
    • Jonj1611's system
      • Motherboard:
      • Gigabyte Gaming 5 X370
      • CPU:
      • Ryzen 7 1700X
      • Memory:
      • 16GB DDR4 3000Mhz
      • Storage:
      • 500GB Samsung 970 EVO, 1 x 1TB, 1 x 2TB
      • Graphics card(s):
      • 8GB EVGA GTX1080 FTW2
      • PSU:
      • EVGA 750W SuperNova G2
      • Case:
      • Coolermaster H500
      • Operating System:
      • Windows 10 Pro 64-Bit
      • Monitor(s):
      • Acer 31.5" QHD IPS LED
      • Internet:
      • Virgin Fibre

    Re: Just got Infected

    Barclays give Kaspersky

    Have Kaspersky running on the kids pc's and Norton on mine(laugh if you will)
    Jon

  9. #8
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    10,235
    Thanks
    520
    Thanked
    1,059 times in 903 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 16GB 3200MHz
      • Storage:
      • 1TB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 30 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Just got Infected

    Quote Originally Posted by Phage View Post
    If so, recommendations gratefully received.
    I think it is just a mess, to the point that some are saying you can be better off without it: https://arstechnica.co.uk/informatio...ivirus-is-bad/

    Until they messed up recently, I was tending towards "just use what Microsoft ships, at least it integrates properly".

    So bad luck this time, better luck next time, but AV seems to be a bit of a dice roll.

    Or you can switch to Linux, forget about AV and have a whole bunch of different problems

    My Windows boxes use Avast but I don't install any of the addons, so *hopefully* I got away with it this time.

  10. #9
    Registered User
    Join Date
    Sep 2017
    Posts
    1
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Just got Infected

    My advice would be get yourself Norton, I can't recommend many others as many others* install their own Certificate Authority which breaks various protections server admins add to their server (HPKP), and if you remember this is basically what the Lenovo Superfish was, so they could inject ads into encrypted sites.
    I also use the Premium version of Malwarebytes as it has Anti-Exploit (Like EMET) as a second layer of protection.

    *Kaspersky, BitDefender, AVG, Avast (from memory)

    Kind regards

    Lloyd

    (No I don't work for Norton lol)

  11. #10
    Senior Member Pob255's Avatar
    Join Date
    Apr 2007
    Location
    The land of Brum
    Posts
    9,945
    Thanks
    572
    Thanked
    1,196 times in 1,099 posts
    • Pob255's system
      • Motherboard:
      • Asus M5A99X EVO
      • CPU:
      • PhenomII x4 955 & CM Hyper 212+
      • Memory:
      • 2x 4gb Corsair Vengence 1600mhz cas9
      • Storage:
      • 250gb SATA Westerndigital + 500gb samsung +1tb Samsung
      • Graphics card(s):
      • Asus GTX560ti CuII
      • PSU:
      • Be Quiet E9 680w
      • Case:
      • HAF 912+
      • Operating System:
      • W7 Pro
      • Monitor(s):
      • Dell 21" ips something

    Re: Just got Infected

    I gave the free thing my bank keeps bugging me to use every time I log in (ibm trusteer rapport) . . . it increased the load time of every web page by 2-5 seconds.

    It could well of been conflicting with something else, I'd not be surprised, but that makes it worse and it didn't stay on my pc for long.

    when you say Avast didn't spot it, was that after a manual scan of your system, or just the active, running in the background

  12. #11
    Senior Member Smudger's Avatar
    Join Date
    Oct 2005
    Location
    St Albans
    Posts
    3,703
    Thanks
    585
    Thanked
    554 times in 409 posts
    • Smudger's system
      • Motherboard:
      • Gbyte GA-970A-UD3P
      • CPU:
      • AMD FX8320 Black Edition
      • Memory:
      • 16GB 2x8G CML16GX3M2A1600C10
      • Storage:
      • 1x240Gb Corsair M500, 2TB TOSHIBA DT01ACA200
      • Graphics card(s):
      • XFX Radeon HD4890 1GB
      • PSU:
      • Corsair HX520
      • Case:
      • Akasa Zen
      • Operating System:
      • Windows 10 Home
      • Monitor(s):
      • Dell 24"
      • Internet:
      • Virgin 200Mbit

    Re: Just got Infected

    I knew there was a reason I was ignoring the CCleaner update notifications... Looks like I might have dodged a bullet here, but I'll have to check when I get home. It comes to something when an AV company is delivering trojans to you...

  13. Received thanks from:

    Phage (19-09-2017)

  14. #12
    Pork & Beans Powerup Phage's Avatar
    Join Date
    May 2009
    Location
    Kent
    Posts
    6,108
    Thanks
    1,531
    Thanked
    581 times in 497 posts
    • Phage's system
      • Motherboard:
      • Asus Crosshair VI
      • CPU:
      • 1700x @ 3.9
      • Memory:
      • 16Gb Corsair LPX
      • Storage:
      • Samsung 960 512Gb + 2Tb Seagate SSHD
      • Graphics card(s):
      • EVGA 1080ti
      • PSU:
      • BeQuiet 850w
      • Case:
      • Fractal R4
      • Operating System:
      • W10 64
      • Monitor(s):
      • Agon Gsync

    Re: Just got Infected

    Quote Originally Posted by Pob255 View Post
    I gave the free thing my bank keeps bugging me to use every time I log in (ibm trusteer rapport) . . . it increased the load time of every web page by 2-5 seconds.

    It could well of been conflicting with something else, I'd not be surprised, but that makes it worse and it didn't stay on my pc for long.

    when you say Avast didn't spot it, was that after a manual scan of your system, or just the active, running in the background
    Neither I'm afraid. Not when running in the background, nor when I did a manual scan yesterday
    Last edited by Phage; 19-09-2017 at 02:01 PM.
    Society's to blame,
    Or possibly Atari.

  15. #13
    Senior Member Pob255's Avatar
    Join Date
    Apr 2007
    Location
    The land of Brum
    Posts
    9,945
    Thanks
    572
    Thanked
    1,196 times in 1,099 posts
    • Pob255's system
      • Motherboard:
      • Asus M5A99X EVO
      • CPU:
      • PhenomII x4 955 & CM Hyper 212+
      • Memory:
      • 2x 4gb Corsair Vengence 1600mhz cas9
      • Storage:
      • 250gb SATA Westerndigital + 500gb samsung +1tb Samsung
      • Graphics card(s):
      • Asus GTX560ti CuII
      • PSU:
      • Be Quiet E9 680w
      • Case:
      • HAF 912+
      • Operating System:
      • W7 Pro
      • Monitor(s):
      • Dell 21" ips something

    Re: Just got Infected

    Quote Originally Posted by Phage View Post
    Neither I'm afraid. Not when running in the background, or when I did a manual scan yesterday
    not great
    Still that's why I keep malwarebytes around the free manual scan only version.

    Although on a side note I updated malwarebytes recently and it automatically upgraded to a free trial of the paid for active version, it's easy to downgrade back, something too keep an eye out for.
    multiple active AV is a fast recipe to cripple the performance of any machine.

  16. #14
    Senior Member
    Join Date
    Dec 2013
    Location
    Cymru
    Posts
    309
    Thanks
    152
    Thanked
    47 times in 45 posts
    • satrow's system
      • Motherboard:
      • ASRock Z77E-ITX
      • CPU:
      • Ivy Xeon 1230 v2/Be Quiet Shadow Rock Topflow
      • Memory:
      • GSkill 2x8GB DDR3 2400Mhz
      • Storage:
      • 3x 256GB SSDs, 2x 1TB 2.5" HDDs.
      • Graphics card(s):
      • Asus blower GTX 1060 6GB
      • PSU:
      • Seasonic 360W Gold
      • Case:
      • BitFenix Prodigy/2x 120mm fans
      • Operating System:
      • W7x64 Pro
      • Monitor(s):
      • Dual (/triple) Dell U2412M 1900x1200
      • Internet:
      • TalkTalk FTTC ~14Mbps

    Re: Just got Infected

    Trusteer's Rapport can be a nightmare, esp. where any non-mainstream software/drivers are involved. Might be okay on managed corporate machines but I don't recommend it for home use.

    My understanding is that the Ccleaner infection only affected a proportion of x86 installs; only the Cloud version was auto-infected and only if the update check was connected to one compromised Piriform server. The manual update infections also required a download from the same infected server, though some 3rd party software hosting sites also had/have the infected version. x64 Windows installs were not infected.

    Nothing detected this infection for weeks; though a good firewall/HIPS should have prevented the connection being made to the C&C server. Free/paid AV/security is still a lottery, nothing will detect all Zero days and overall detection rates will vary according to how good the detection engine is and how good the latest definitions are. You can build a free security 'suite' that's as good as, maybe better than, a paid suite - but it takes a lot of time and experience to research the options and regular free time to ensure each piece of the jigsaw is updated at least once per day.

    For the companies that are now claiming their 'advanced heuristics' are the best thing since sliced bread - remember that heuristics = guesswork and watch out for unrelated false positives, esp. where non-mainstream software is flagged up.

  17. #15
    Pork & Beans Powerup Phage's Avatar
    Join Date
    May 2009
    Location
    Kent
    Posts
    6,108
    Thanks
    1,531
    Thanked
    581 times in 497 posts
    • Phage's system
      • Motherboard:
      • Asus Crosshair VI
      • CPU:
      • 1700x @ 3.9
      • Memory:
      • 16Gb Corsair LPX
      • Storage:
      • Samsung 960 512Gb + 2Tb Seagate SSHD
      • Graphics card(s):
      • EVGA 1080ti
      • PSU:
      • BeQuiet 850w
      • Case:
      • Fractal R4
      • Operating System:
      • W10 64
      • Monitor(s):
      • Agon Gsync

    Re: Just got Infected

    Ahem - This is a x64 machine
    Society's to blame,
    Or possibly Atari.

  18. #16
    Senior Member
    Join Date
    Dec 2013
    Location
    Cymru
    Posts
    309
    Thanks
    152
    Thanked
    47 times in 45 posts
    • satrow's system
      • Motherboard:
      • ASRock Z77E-ITX
      • CPU:
      • Ivy Xeon 1230 v2/Be Quiet Shadow Rock Topflow
      • Memory:
      • GSkill 2x8GB DDR3 2400Mhz
      • Storage:
      • 3x 256GB SSDs, 2x 1TB 2.5" HDDs.
      • Graphics card(s):
      • Asus blower GTX 1060 6GB
      • PSU:
      • Seasonic 360W Gold
      • Case:
      • BitFenix Prodigy/2x 120mm fans
      • Operating System:
      • W7x64 Pro
      • Monitor(s):
      • Dual (/triple) Dell U2412M 1900x1200
      • Internet:
      • TalkTalk FTTC ~14Mbps

    Re: Just got Infected

    Quote Originally Posted by Phage View Post
    Ahem - This is a x64 machine
    So the detection was of the installer, not the infection?

    Do you have an HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo key?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •