Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How I got infected last time thread
Message
<blockquote data-quote="Soulbound" data-source="post: 495635" data-attributes="member: 33155"><p><strong>The purpose of this thread is two fold: To share one's experience and to raise user awareness to both members of MT and guests.</strong></p><p></p><p>A few days ago, after being in contact with WinPatrol, I decided to test out their WinAntiRansom program against some nasties. I followed their guide for configuration, just to ensure I did not miss anything.</p><p></p><p>So I fired up the VM using VirtualBox and because I was moving stuff around, I had a partition from my host mapped to the VM. Once I done moving everything, I unmapped the connection to the D drive in this case and rebooted the VM twice, just to ensure it was fully isolated from Host.</p><p></p><p>I then fired up a variant of Tesla. VM was infected, and I was takings screenshots when I noticed that the folder that was previously mapped and unmapped was still mapped. I immediately disconnected the VM and halted the test. Sadly, nearly 70% of the D drive was infected. Sadly, the tesla variant I was testing cannot be decrypted.</p><p></p><p>This would be the first time in over 10 years an infection was present in my Host system, albeit partially.</p><p></p><p>The damage at first glance wasnt serious since D drive is actually backed up twice on my eHDDs, however a further inspection revealed that I did not backup work material (docx/xlsx files). Those files were gone. Other files were just random wallpapers and archive files.</p><p></p><p>The system itself has been isolated from Internet after the incident for 48 hours, so that I could be sure nothing was present/remaining.</p><p></p><p>Updated backups have been done, backup setup settings also done and system fully back online.</p><p></p><p>Moral of the story: due to a possible bug/glitch with VirtualBox + Human Error on my part, infection spread out to Host, due to a drive from host being mapped on the test VM. So, ensure that VM is fully isolated from Host prior to do any testing and always ensure you have up to date backups.</p><p></p><p><strong><em>I am not ashamed to tell what happened and I do encourage other users to share their stories on their last infection(s).</em></strong></p><p></p><p>Since then I have also retired from doing Malware Testing. I do test security products still but not their prevention/detection features anymore.</p><p></p><p>On a side note: I have documented the issue to WinPatrol via email accordingly.</p><p></p><p>Thank you in advance for reading and sharing your stories.</p><p></p><p>Inkurax</p></blockquote><p></p>
[QUOTE="Soulbound, post: 495635, member: 33155"] [B]The purpose of this thread is two fold: To share one's experience and to raise user awareness to both members of MT and guests.[/B] A few days ago, after being in contact with WinPatrol, I decided to test out their WinAntiRansom program against some nasties. I followed their guide for configuration, just to ensure I did not miss anything. So I fired up the VM using VirtualBox and because I was moving stuff around, I had a partition from my host mapped to the VM. Once I done moving everything, I unmapped the connection to the D drive in this case and rebooted the VM twice, just to ensure it was fully isolated from Host. I then fired up a variant of Tesla. VM was infected, and I was takings screenshots when I noticed that the folder that was previously mapped and unmapped was still mapped. I immediately disconnected the VM and halted the test. Sadly, nearly 70% of the D drive was infected. Sadly, the tesla variant I was testing cannot be decrypted. This would be the first time in over 10 years an infection was present in my Host system, albeit partially. The damage at first glance wasnt serious since D drive is actually backed up twice on my eHDDs, however a further inspection revealed that I did not backup work material (docx/xlsx files). Those files were gone. Other files were just random wallpapers and archive files. The system itself has been isolated from Internet after the incident for 48 hours, so that I could be sure nothing was present/remaining. Updated backups have been done, backup setup settings also done and system fully back online. Moral of the story: due to a possible bug/glitch with VirtualBox + Human Error on my part, infection spread out to Host, due to a drive from host being mapped on the test VM. So, ensure that VM is fully isolated from Host prior to do any testing and always ensure you have up to date backups. [B][I]I am not ashamed to tell what happened and I do encourage other users to share their stories on their last infection(s).[/I][/B] Since then I have also retired from doing Malware Testing. I do test security products still but not their prevention/detection features anymore. On a side note: I have documented the issue to WinPatrol via email accordingly. Thank you in advance for reading and sharing your stories. Inkurax [/QUOTE]
Insert quotes…
Verification
Post reply
Top
