Discuss How I got infected last time thread

[shmu26]

i Did not get any prompts from BD or Voodoo, when i installed. I did not get prompts. i was not offered a custom install. They did not offer me extra stuff.

thank you for replying.

Thanks for your interesting post, and I am looking forward to hearing what others have to say.
Just out of curiosity, what does VirusTotal say about the installation file and/or malware files?

 

[Brie]

Thanks for your interesting post, and I am looking forward to hearing what others have to say.
Just out of curiosity, what does VirusTotal say about the installation file and/or malware files?

virustotal said what bitdefender said was a malware, was indeed a malware.

the original installation file is ok, according to virustotal.

thank you for replying.

 

[shmu26]

virustotal said what bitdefender said was a malware, was indeed a malware.

the original installation file is ok, according to virustotal.

thank you for replying.

You should report it to support[at]voodooshield.com, this means that VS failed. You bypassed Voodooshield!

 

[roger_m]

hi

i just got a popup/malware, a couple of days ago. it got through bitdefender TS, voodooshield free, comodo and avira browser extensions and a router with a NAT and SPI firewall.

Are you sure its malware and not just a popup?

 

[Brie]

Are you sure its malware and not just a popup?

it could be a popup from 'price watch' opera extension. but there was a malware on my PC from 'hiren's boot CD' as well.

i reported it to voodooshield. they told me, no way.

 

[shmu26]

it could be a popup from 'price watch' opera extension. but there was a malware on my PC from 'hiren's boot CD', WHIch i got from this site.

i reported it to voodooshield. they told me, no way.

Just trying to understand what happened there: hiren's boot CD is a live CD,
right? So that means when Hiren's is running, Windows is not running. So now, let's say there was malware on the Hiren's CD. None of your Windows based security software, such as BD and VS, will be able to protect you at that point in time, because they are not running. The most your security softs can do is a static scan. And if VirusTotal says it's clean, they will probably say the same, in a static scan.

Please correct me if I am misunderstanding something.

 

[Brie]

i downloaded hiren's boot CD software on to my PC. i did a static scan with bitdefender. it said that there was a malware in hiren's boot CD software on my PC.

 

[illumination]

how do you operate a cable modem and/or a wifi?

Thank you @Brie for reminding some of the folks here this is a consumer forum and many users coming in are average users, and do not know how to manage a router or pi hole.

May i suggest posting this issue here: Malware Removal Assistance For Windows
And letting the community malware removal expert take a look under the hood to make sure you are good to go, he should be able to identify what it is and how you got it while helping you.

 

[shmu26]

i downloaded hiren's boot CD software on to my PC. i did a static scan with bitdefender. it said that there was a malware in hiren's boot CD software on my PC.

So did you actually install hiren software on your PC? Or the software file was just sitting there quietly and inertly on your hard disk, not doing anything?

 

[Klettern]

Also downloading. Would be better to learn from someone else's mistakes, but at least now I know better.

 

[Klettern]

I was also downloading something, learned a lesson for life. Would much rather learn from someone else's mistakes though.

 

[Brie]

So did you actually install hiren software on your PC? Or the software file was just sitting there quietly and inertly on your hard disk, not doing anything?

i made a hirens boot DVD. later i scanned with bitdefender. it found a malware from hirens
boot software iso file on my PC. it was called hiderun.jc

 

[shmu26]

i made a hirens boot DVD. later i scanned with bitdefender. it found a malware from hirens
boot software iso file on my PC. it was called hiderun.jc

Okay, so that doesn't mean your PC is infected. It does mean you have a potentially dangerous file sitting on your hard disk, but it is inert, it is not affecting your system.
So we can blame the AV, and the voodoo Ai, for failing in static detection, just like virus total apparently failed. But on the other hand, we cannot say that your system is infected.

 

[illumination]

i made a hirens boot DVD. later i scanned with bitdefender. it found a malware from hirens
boot software iso file on my PC. it was called hiderun.jc

Some legit tools can be flagged because they can be used for malicious purposes, although as an inert file or used correctly is harmless. It's forum policy to not post for infection/help on the open board, but letting the resident trained malware removal expert help in the section I pointed you to in my other post.

 

[lowdetection]

I am sorry for what happened to you, and I appreciate your time sharing your report even if you feel bad,

I have to admit I bought that program, but, from the developer I saw not much will to solve problems, main one is incompatibility with kernel drivers from ESET along all v9 and v10,

this was some years ago, nowadays seems that program is become abandonware, a sort that many security programs lately share unfortunately

I started become suspicious about that program, when I saw more time spent with graphic of the site, than real content,

well, anyway, I think is not easy for developers to keep in business nowadays,

or you have huge government contractors, or huge business, or if depending on normal citizens customer is really hard, so I partly understand the non said from the dev

 

[shmu26]

Some legit tools can be flagged because they can be used for malicious purposes, although as an inert file or used correctly is harmless.

I would agree with this. Maybe the supposedly malicious file is actually a IT tool that is good in the hands of good people, and bad in the hands of bad people. If it is on Hiren's, I would bet $50 that is what it is. (Not betting, just saying I would bet )

 

[illumination]

I would agree with this. Maybe the supposedly malicious file is actually a IT tool that is good in the hands of good people, and bad in the hands of bad people. If it is on Hiren's, I would bet $50 that is what it is. (Not betting, just saying I would bet )

Example: Kali Linux "popular penetration testing" used for testing networks, if you were to drop Eset's Linux version AV on it, and run a scan, i can guarantee it will flag many of the tools as malicious.

 

[shmu26]

Anyways, I think it is unrealistic to expect an AV, or voodoo Ai, or any other detection tool to check what is inside an ISO.
When you mount the ISO, or otherwise unpack it, then it can be checked. But before that, it is a cat in a sack. You don't know what's inside.

 

[illumination]

Anyways, I think it is unrealistic to expect an AV, or voodoo Ai, or any other detection tool to check what is inside an ISO.
When you mount the ISO, or otherwise unpack it, then it can be checked. But before that, it is a cat in a sack. You don't know what's inside.

Exactly what my point was to posting what i did. Just a few posts in a thread is not enough to diagnose a system/possible infection, the user needs to post in the help section to have a deeper examination of the system.

 

[Sophia Jan]

@Inkurax

it happens even to the best of us, and it's the very instructive story =)

Nicce thought with nice sketch