Anyone Remember Their First Infection?

[Tony Cole]

My brother is terrible, he clicks on everything and anything and has had loads of infection(s)

 

[Rahadian Putra]

My brother is terrible, he clicks on everything and anything and has had loads of infection(s)

In that case..no security suite can save him

 

[Deleted member 178]

if my memory is good; my only infection was on Win98 SE with Avast 4 or 5...then i switched to WinXP without Avast and never looked at it again , i installed Comodo FW and never got infected anymore.

In that case..no security suite can save him

Shadow Defender or/and Sandboxie , even he click on everything , nothing will be kept on the system when the computer is rebooted.

 

[Tony Cole]

Thank you UMBRA I never thought about that, I will install it today

 

[Rahadian Putra]

.
Shadow Defender or/and Sandboxie , even he click on everything , nothing will be kept on the system when the computer is rebooted.

Dang..you right, why I forgot that one
Correction : in that case no Av can save him

 

[Tony Cole]

Very true, he's 31 and thought he would have learnt his lesson by now. See, even doctors are stupid

 

[Cats-4_Owners-2]

Very true, he's 31 and thought he would have learnt his lesson by now. See, even doctors are stupid

*Laughing*
I really had a good laugh from this!

if my memory is good; my only infection was on Win98 SE with Avast 4 or 5...then i switched to WinXP without Avast and never looked at it again , i installed Comodo FW and never got infected anymore.

Shadow Defender or/and Sandboxie , even he click on everything , nothing will be kept on the system when the computer is rebooted.

Darth Umbra, even if you were just plain Umbra you'd still be knowledgeable and (yes) smart too!

That's an interesting story my friend, the way you described it make me feel like I was watching this scene by me self, unlike reading it from a post

Thank you, Rahadian. You honor me.
Your story was very moving, and transported me (the reader) beside you into your memories as a boy, and your father's lasting upset, and the life lesson you carried from then until now. Thank you for that too.

 

[Mateotis]

I can recall having two infections on two computers (the old one with Win XP and the current one with Win 8). Both of them were very persistent and hard to find, I'm guessing rootkits. The first one disabled my internet connection and slowed down the computer and because I've had no knowledge on security tools (only had avast! I think), we had to take it to the repair shop.

The second happened when I was getting into the whole security scene. I still had avast!, but with Malwarebytes this time. The malware would slow the computer and freeze it occasionally for a few seconds. Neither avast! nor MBAM could detect it with full scans. So again, we had to take it to the repair shop. I was fortunate enough that I could get all of my data back after it, the IT guys said it was a very serious infection.

In both of these cases, the malware was never identified. (dum, dum, DUM)

So yeah, ever since I've built up my security setup I have today, no infections.

 

[Deleted member 178]

it is why i don't believe in AVs , i prefer full virtualization , at least nothing is kept when i close my sandbox or reboot.

 

[Cowpipe]

Great stories, has brightened my morning to wake up and read them

Surprising how many of you have never had a virus, but maybe that's because I used to be the guy who, thinking a file looked a little dodgy, clicked it just to check that I was right

I remember as well, the incident in which I got 'hacked', analysed a suspicious looking file, unpacked it, reverse engineered it even, it was a nasty password stealer, copy and paste code... Knowing exactly what it did, I opened up sandboxie for the first time just to try it out... Checked the log.. Hmm, yes it does seem to have gathered my passwords and sent them off somewhere . . . uh oh ... And from that day forward I vowed never to play with malware using the default sandboxie settings

 

[Deleted member 178]

I remember as well, the incident in which I got 'hacked', analysed a suspicious looking file, unpacked it, reverse engineered it even, it was a nasty password stealer, copy and paste code... Knowing exactly what it did, I opened up sandboxie for the first time just to try it out... Checked the log.. Hmm, yes it does seem to have gathered my passwords and sent them off somewhere . . . uh oh ... And from that day forward I vowed never to play with malware using the default sandboxie settings

in fact many people misunderstand Sandboxie (in default settings) , it doesn't block malwares , it just contain them from infecting the system.
For example , in the scenario above, a keylogger will be contained but it will STILL run and call home, unless you start tweaking Sbie to block it correspondingly.

 

[Cowpipe]

in fact many people misunderstand Sandboxie (in default settings) , it doesn't block malwares , it just contain them from infecting the system.
For example , in the scenario above, a keylogger will be contained but it will STILL run and call home, unless you start tweaking Sbie to block it correspondingly.

Exactly, naive as I was back then and having never really analysed 'live malware' before, I assumed sandboxie would only grant the password stealer access to the 'sandbox' files, not my entire computer. Confusing the concept of a sandbox with a jail. Still I was wise enough to change a couple of passwords so wasn't a complete disaster, I still had access to my email and most everything was recoverable from there

 

[Striker]

I've probably been infected seven or eight times over about 10 years, hacked once (dumb mistake by me), so I take my hat off to you, envious What's your secret? (having to ask is probably a clue as to why I've been infected so much right..)

Only using windows os for gaming no other downloads and im not broswing the net with windows os(only official game sites from what im playing). for all the other stuff im using linux maybe thats the right way to go

 

[Striker]

it is why i don't believe in AVs , i prefer full virtualization , at least nothing is kept when i close my sandbox or reboot.

u have some layer of protection after the sandbox? these days u can easly buy a crypter with antisanbox etc on some popular forums like hf. antisandox/antihips and all this stuff becoming more widespread in the near future.

 

[Cowpipe]

Only using windows os for gaming no other downloads and im not broswing the net with windows os(only official game sites from what im playing). for all the other stuff im using linux maybe thats the right way to go

Gotcha, seems the perfect way to go

u have some layer of protection after the sandbox? these days u can easly buy a crypter with antisanbox etc on some popular forums like hf. antisandox/antihips and all this stuff becoming more widespread in the near future.

Yeah anti-sandboxie/vmware etc code has been flying about for years, way back when VB6 was the virus writers language of choice Some of the anti-sandboxie codes can be bypassed by executing scripts in your sandbox (ones that check hwid's, user behaviour etc), it gets more complicated to bypass the more advanced malware.

To be honest though, I'd much prefer a piece of malware to detect my sandbox and alter it's behaviour to be non malicious than to not detect it and through some unhappy misconfiguration end up breaking out

 

[Striker]

Gotcha, seems the perfect way to go



Yeah anti-sandboxie/vmware etc code has been flying about for years, way back when VB6 was the virus writers language of choice Some of the anti-sandboxie codes can be bypassed by executing scripts in your sandbox (ones that check hwid's, user behaviour etc), it gets more complicated to bypass the more advanced malware.

To be honest though, I'd much prefer a piece of malware to detect my sandbox and alter it's behaviour to be non malicious than to not detect it and through some unhappy misconfiguration end up breaking out

true, hackers/"bad" coders are always 1 steep further. av vendors need to catch them but its going harder and harder with all that stuff out there.. like cat and mouse play..

 

[Cowpipe]

true, hackers/"bad" coders are always 1 steep further. av vendors need to catch them but its going harder and harder with all that stuff out there.. like cat and mouse play..

It's always been that way, right back so far as viruses go. AVs started out using signature detection, and then 'behaviour monitoring' basically monitoring interrupts and the like on DOS. So virus writers adapted and found ways to tunnel under the detection, go under the radar. The point being the AVs were always reacting to threats. They let the virus writers reverse engineer the system and then they leapfrogged on that and patched it up.

And unfortunately it's still that way today, virus writers stopped being motivated by fame and the desire to impress with their coding skills and started to be motivated by money. With a simple rogue antivirus setup for example you can create an undetectable exe (just with byte patching and some string encryption) and that is a new threat, which for the cost of a couple of servers can make you anything upwards of $450,000 per month.

There is just no way the AV company can prevent it, all they can do is be on the lookout but just as you can't keep track of a wild bore until you plant a tag on it, the same is true of any new virus threat, and that is the unfortunate truth of why the bad guys always win.

 

[Striker]

It's always been that way, right back so far as viruses go. AVs started out using signature detection, and then 'behaviour monitoring' basically monitoring interrupts and the like on DOS. So virus writers adapted and found ways to tunnel under the detection, go under the radar. The point being the AVs were always reacting to threats. They let the virus writers reverse engineer the system and then they leapfrogged on that and patched it up.

And unfortunately it's still that way today, virus writers stopped being motivated by fame and the desire to impress with their coding skills and started to be motivated by money. With a simple rogue antivirus setup for example you can create an undetectable exe (just with byte patching and some string encryption) and that is a new threat, which for the cost of a couple of servers can make you anything upwards of $450,000 per month.

There is just no way the AV company can prevent it, all they can do is be on the lookout but just as you can't keep track of a wild bore until you plant a tag on it, the same is true of any new virus threat, and that is the unfortunate truth of why the bad guys always win.

dont know how it was in old days. only 22. luckly i was brained enough even in young years to not click on anything on the net and never put a usb stick from other ppls into my usb adapter . but from what i have read avs 1990 around are way better(effectiver) dont know how to say that than avs out there in this time and with all the technologie,programms,code lounges etc that exist. im loving it to see when a vendor have something new to prevent something that comes new out. dont know why im so fascinating from that First thing ill do is test it lol

 

[Cowpipe]

dont know how it was in old days. only 22. luckly i was brained enough even in young years to not click on anything on the net and never put a usb stick from other ppls into my usb adapter . but from what i have read avs 1990 around are way better(effectiver) dont know how to say that than avs out there in this time and with all the technologie,programms,code lounges etc that exist. im loving it to see when a vendor have something new to prevent something that comes new out. dont know why im so fascinating from that First thing ill do is test it lol

Only 20 myself but I grew up messing around with DOS and engaging with some of the splinter groups that were around at the time (it was only by chance that I came across it actually, a friend of mines dad was in the scene and got me into it too at a fairly young age, probably Win98 era).

You're right in some ways, the old AVs were much better than those of today, simply because they had less of a threat to deal with. Back in the 90s for example, you could program an AV based on signatures and on hooking interrupts, that kind of thing, it was all one set of techniques, for example you were blocking attacks from COM and EXE files, whereas now the AVs have to look for threats even in image files and MP3s, and of course browser exploits were never a problem back then, you couldn't dial into a BBS and get instantly attacked by some blackhole kit So the AVs essentially had a much more contained threat to deal with.

Of course I wasn't there right in the middle of the action, but that is my understanding from people who were in the scene back then. Would be interesting if anyone else reading this can shine some more light on it

 

[Deleted member 178]

u have some layer of protection after the sandbox? these days u can easly buy a crypter with antisanbox etc on some popular forums like hf. antisandox/antihips and all this stuff becoming more widespread in the near future.

Shadow Defender is not a sandbox and protect the MBR, so i dont see any crypto survive the reboot. none has done so yet.