How I got infected last time thread

A

Ankh

Drunk downloading... A big no no as I learned the hard way:eek:
Had browser hijackers, adwares galore, and plenty of other stuff, most memorably Astromenda cos that was a nightmare to shift (had to use Revo to boot that one out in the end)

Lesson learned: Don't download when drunk!!:p:p:cool:

Too late my friend, but thanks for the advice. :p

My last infection, well the last infection in my home, was yesterday on a computer with ZoneAlarm Extreme 2016. My son wanted to download a game online and got many virus, it seemed an epidemic! :eek:
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Drunk downloading... A big no no as I learned the hard way:eek:
Had browser hijackers, adwares galore, and plenty of other stuff, most memorably Astromenda cos that was a nightmare to shift (had to use Revo to boot that one out in the end)

Lesson learned: Don't download when drunk!!:p:p:cool:
Almost the same i was testing in the Malware Hub and forgot to turn on Shadow Defender and yes alcohol was to blame not me. Macrium Reflect to the rescue. :D
 

nclr11111

Level 6
Verified
Well-known
Feb 25, 2011
277
PUP´s yes but actual malware i can´t remeber having (as far as i´m aware).
Had one incident though and i think i went here for help at the time. It was my sons computer which randomly started typing alot of eeeeeeeeeeeee´s in every place possible.
Could´nt get my head around, what i thought, was the most retarded malware ever created. I mean, what´s the point with a malware that types alot of eee´s?
After running basically every on demand scanner there is and finally a reinstall that did´nt solve the issue i remembered shifting my sons keyboard fron wireless till wired.
And to my surprise i found the old wireless sensor still plugged in and the keyboard stuffed highest upp in the closet with the keys agains the roof.
That was my malware. At the time i was so ashamed i actually wished it had been a real malware........:rolleyes:
 

Fuzzfas

Level 3
Verified
Well-known
Jan 8, 2013
109
I don't remember when it was the last time i got infected. I remember the last time i ALMOST got infected. About a year ago, a friend came with USB flash drive wanting to print something. I had Avira free at the time and Comodo with HIPS on. Avira didn't see a peep. Upon USB insertion, Comodo's D+ "barked" that a new registry entry wanted to be added. I blocked. As it turned out later, it was an auto-execution VBS french virus (judging from the name at least) that was trying to automatically infect using the autorun.inf of the USB stick. Upon further inspection, the friend's laptop had also been infected and her antivirus hadn't noticed anything either. I actually found 2 autostart registry entries on her laptop.

That's about it... I haven't seen another live malware for ages and certainly not while browsing. I 've seen a ransomware on an another's friend's laptop. There wasn't much to do, it wouldn't let you do anything in Windows. Also had an antivirus.

These are the 2 most recent experiences i 've had, which, combined with the inevitable performance degradation they cause, has led me to abbandon real time antivirus, despite a part of me wants on for the placebo effect. I kind of remember an old "Placebo antivirus" for such purposes. Just a GUI that sits on tray for psychological reasons. Maybe i should google for it again.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
Thanks a lot for sharing this. I have posted about my last infection one or two times in MT already at irrelevant threads, but seeing this post makes me want to share it again. The one and only time my own PC was infected was via some kind of exploit when visited a specific kind of unknown website (it provided software keys, promos, sth like that). It was a freshly formatted system and fully updated with both ESS and Webroot SA running. I reformatted my disk and reinstalled Windows, redid the same steps, and the system got infected again. Several Windows services were disabled, ESS crashed while Webroot SA did not react.

This incident reminds me that browser exploits can harm you even if everything is updated and such infection can easily occur to every single user who does not use an above-average security configuration. In order to minimize possibilities for something like that, the only way is using multi layered protection with extra measures like sandboxing/restriction software. I know, most of us here have heard about multiple layers of security, but it's good to remind it and put real examples to make the whole thing less theoretical and more realistic. :)
 

artek

Level 5
Verified
May 23, 2014
236
I'm not even sure if I was infected but here's my story -- was downloading tv shows from usenet, my client grabbed one particular episode, it was the right extension, name, etc., everything, but it was after exams and I was very tired and I ran the show without paying attention to the file size which was only a couple megs, which is odd for a 720p tv show. I had online armor installed at the time, and it didn't make a peep, so I deleted the file and didn't think much of it until I went into the OA firewall logs and noticed some windows services connection out to an odd IP range. I opened up task manager, didn't see any strange programs or scripts running, the media player wasn't in active tasks, and nothing else was running that would explain that many outbound connections. I ran scans with tons of different on demand scanners and they never found anything. The outbound connections to that weird IP range stopped once I rebooted, but I couldn't trust the system anymore so I Just wiped it.
 

Raheel99

Level 1
Verified
Sep 15, 2016
31
Thanks for sharing your experience. My last infection was result of using infected USB. My comodo AV was not uptodate and it did'nt catch malware.

I have tested some malware in VirtualBox. I mounted and share only one folder as READ ONLY during dynamic testing but never got files infected on read only mount folder.
Is it possible for malware from inside guest to change read only attribute of shared folder.?
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Kaspersky had that space in my Desktop in the very beginning.
Browsing torrents - it did all the advanced disinfection after-work
Games from friends' USB drives - it did the cleaning of 1000s of malware
Once, it wiped clean my partner's USB, just before he was gonna make the presentation for the Graduation ceremony!

But after a year, I choose to go for the tempting freeware.
Used 360 TS for a few months but left it because of the False Positives.

Here's the story -
The last freeware setup was Avira+Comodo Firewall+MBAE.
Once I noticed a suspicious account named 'wpnccnngcse' that used to get activated on my PC alongside my admin account.
Everytime I deleted it, it came back! That horror when you have an unidentified account on your PC again & again, and I still remember that weird account name :-/
Also, there were some anomalies while granting rights too. Disc usage abnormally high and no suspicious registries detected.
Once I tried entering that account out of curiosity, it turned to a black screen and a strange logo at the bottom.
Wiped clean my PC then.

My new lappy is leading a happy life with KIS + Crystal Security + MCShield + MBAE and sandboxie, accompanied with some good 2nd opinion toys :-D
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
Kaspersky had that space in my Desktop in the very beginning.
Browsing torrents - it did all the advanced disinfection after-work
Games from friends' USB drives - it did the cleaning of 1000s of malware
Once, it wiped clean my partner's USB, just before he was gonna make the presentation for the Graduation ceremony!

But after a year, I choose to go for the tempting freeware.
Used 360 TS for a few months but left it because of the False Positives.

Here's the story -
The last freeware setup was Avira+Comodo Firewall+MBAE.
Once I noticed a suspicious account named 'wpnccnngcse' that used to get activated on my PC alongside my admin account.
Everytime I deleted it, it came back! That horror when you have an unidentified account on your PC again & again, and I still remember that weird account name :-/
Also, there were some anomalies while granting rights too. Disc usage abnormally high and no suspicious registries detected.
Once I tried entering that account out of curiosity, it turned to a black screen and a strange logo at the bottom.
Wiped clean my PC then.

My new lappy is leading a happy life with KIS + Crystal Security + MCShield + MBAE and sandboxie, accompanied with some good 2nd opinion toys :-D
If I am correct, Malwarebytes will not offer a stable standalone MBAE from now on, as they integrated the product into MBAM. If you want MBAE alone, you can only use their beta. It's irrelevant with the thread but thought it would be useful info.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
If I am correct, Malwarebytes will not offer a stable standalone MBAE from now on, as they integrated the product into MBAM. If you want MBAE alone, you can only use their beta. It's irrelevant with the thread but thought it would be useful info.
Yes. The discontinued standalone MBAE is of worth only for the level of exploit protection it has provided till now. Not any further.
There are some apps that provide urgent update fixes in the name of 'anti-exploit' but hardly provide any layers of active defense.
I wouldn't even count on Microsoft's EMET anymore.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
Yes. The discontinued standalone MBAE is of worth only for the level of exploit protection it has provided till now. Not any further.
There are some apps that provide urgent update fixes in the name of 'anti-exploit' but hardly provide any layers of active defense.
I wouldn't even count on Microsoft's EMET anymore.
I agree. It's a bad absence from the portfolio of more specialized security tools. I 'm afraid adwcleaner will go the same way soon. Standalone solutions are being acquired by big vendors as time goes by and we need to use all in one solutions more and more.
By the way EMET is not that bad, it is actually an antiexploit.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Malware has changed dramatically over the last 20 years. Before 2005 or around there, most of it was destructive (boot and nuke) or gimmicks that nonetheless could crash a system. Starting in the late 90s, I would read the stories in the malware removal threads...countless of them, and I would focus on one and follow the procedures mostly to learn about Windows ironically. I saved one particular story in an word doc about a user who got a Tanatos.M and Win.32 trojan that was infecting all the system processes of Windows. He saved his own a$$ by being smart and taking matters into his own hands, while getting help. I used that as reminder to be on guard and to try to find a way to arrange for a backup option.

As far as malware, I have to go back to around 2000 when I had some sort of bug that caused the Recycle Bin to fill very quickly. I think it was GeekstoGo board that helped me get rid of the problem, but I don't recall what is was. I had no backup and no idea what was happening. I thought I was going to lose files and the PC, and I was scared as I had hoards of documents and collected thoughts and impressions on things.

I would love to hear the war stories of the malware fighters. I'm sure some of it had to be funny, but up until about 2007 I guess, backup wasn't on radar as something to absolutely do. In the old threads, people really were on the verge of losing everything they had on their computer. I remember the feeling when there was some weird corruption from Windows or .dll hell. It was fight for your life back 15 years ago and back beyond. A backup plan was just too expensive for me and many others. There have to be some unbelievably crazy and strange stories out there that malware writers have run into.

In the future I am more afraid of unseen malware than anything else. The threat of identity theft is so strong. Why else would these guys call from India or whereever they are seeking to fix your computer? Who knows how they get the information. On the dark web I guess. Also, I know of individuals who have or have come close to having 10/20/even $50K or more wiped from their bank accounts. Scams for getting a home improvement loan online and this kind of thing that really appear legit.

I don't know, but I do think the worst kind of malware would be the malware that is invisible.
 
Last edited:

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
Interesting topic and great advices! Last time I was infected was when WoW went from standalone to their blizzard launcher first phrase, It was so buggy and I hated the launcher, so went on the WoW forums found a launcher bypass and bam, Keylogger. Lost 20k gold during LK expansion and all my hard earned gear..... Ended up quitting WoW after that even when WoW restored my account.

Does self infecting count? if so then I get infected everyday =P

Edit: The WoW thing was the one that stands out the most, not my most recent infection, the most recent infection had to do with Black Desert Online. It was thru a link someone posted on Discord for world boss updates.
 
Last edited:

vemn

Level 6
Verified
Malware Hunter
Well-known
Feb 11, 2017
264
Instead of me, my mum's laptop got ransomware from a driveby download while surfing... unknowingly while she accidentally clicked on a side banner...
That was ~6months ago while the various vendors launched their v1.0 of ransomware decryption tools. No use at all.

All I could do is to help her format ~_~
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top