Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How I got infected last time thread
Message
<blockquote data-quote="ScandinavianFish" data-source="post: 1016740" data-attributes="member: 93786"><p>Im gonna admit something too, I (almost) got compromised by Agent Tesla.</p><p></p><p>I was being careless and shoulve done it in an VM (Im not honestly sure what I was thinking) and decided to install an torrented program that I wanted, it worked as expected, but my antivirus at the time (Symantec Endpoint) popped up saying it blocked ISBgeneric <em>(or something similarly named) </em>in Powershell, this happened on every restart, until I eventually decided to root around the folders that malware tends to hide in<em> (Temp, appdata Roaming, ProgramData, etc)</em>, but I didnt find anything, but the stupid thing is that I went right past it when looking for it, it was in C:\Users\(My username), called CRSS.exe which I actually looked at for a few seconds, but in that moment of panic I must have gone right past it.</p><p></p><p>I decided to uninstall Symantec as it wasnt finding anything<em> (which was pretty stupid of me to do)</em>, but seconds later after updating Windows Defender, it caught the malware that Symantec missed, the exact CRSS.exe file that I had gone right over, Symantec must have simply blocked the initial attempt of execution, but did not find the dropped payload.</p><p></p><p>Moral of the story, I screwed up and realized I am not as invulnerable as I previously thought, I was being too confident with my security which was eventually what resulted in myself almost getting compromised. I learnt my lesson and now understand what its like going trough something like this, not being able to think clearly and making stupid decisions when i already supposedly knew what to do in the event of malware on my system. Ever since then I have completely embraced the Zero Trust/Default Deny strategy using Hard_Configurator.</p><p></p><p>I figured its just nice knowing that we are not alone, everyone make mistakes, even people like Jim Browning.</p></blockquote><p></p>
[QUOTE="ScandinavianFish, post: 1016740, member: 93786"] Im gonna admit something too, I (almost) got compromised by Agent Tesla. I was being careless and shoulve done it in an VM (Im not honestly sure what I was thinking) and decided to install an torrented program that I wanted, it worked as expected, but my antivirus at the time (Symantec Endpoint) popped up saying it blocked ISBgeneric [I](or something similarly named) [/I]in Powershell, this happened on every restart, until I eventually decided to root around the folders that malware tends to hide in[I] (Temp, appdata Roaming, ProgramData, etc)[/I], but I didnt find anything, but the stupid thing is that I went right past it when looking for it, it was in C:\Users\(My username), called CRSS.exe which I actually looked at for a few seconds, but in that moment of panic I must have gone right past it. I decided to uninstall Symantec as it wasnt finding anything[I] (which was pretty stupid of me to do)[/I], but seconds later after updating Windows Defender, it caught the malware that Symantec missed, the exact CRSS.exe file that I had gone right over, Symantec must have simply blocked the initial attempt of execution, but did not find the dropped payload. Moral of the story, I screwed up and realized I am not as invulnerable as I previously thought, I was being too confident with my security which was eventually what resulted in myself almost getting compromised. I learnt my lesson and now understand what its like going trough something like this, not being able to think clearly and making stupid decisions when i already supposedly knew what to do in the event of malware on my system. Ever since then I have completely embraced the Zero Trust/Default Deny strategy using Hard_Configurator. I figured its just nice knowing that we are not alone, everyone make mistakes, even people like Jim Browning. [/QUOTE]
Insert quotes…
Verification
Post reply
Top