October 29, 2012 at 8:31 am
Geez Tom, that's quite a bit of stuff you went through - hope I never have to do something like this. Sure am glad that you got it all fixed.
Long story short... had some issues, but ended up victorious! 😀
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
October 29, 2012 at 9:39 am
Slowly, but surely the entire northeast is shutting down today. Glad I decided to work from home, that means I can still put in a full day.
BTW, here's where I work:
Right on the water I'd be on the 6th floor, but if I went in I might not be able to go home again.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
October 29, 2012 at 10:00 am
Koen Verbeeck (10/29/2012)
Brandie Tarvin (10/29/2012)
This is the first I've heard of ransomware. Thanks for the heads up on it.They can be pretty nasty.
Most of them disable the task manager, regedit and your desktop.
Some of them also disable keyboard and/or mouse.
I hope Devil has a special place in Hell for people who write these things.
October 29, 2012 at 10:02 am
Stefan Krzywicki (10/29/2012)
Slowly, but surely the entire northeast is shutting down today. Glad I decided to work from home, that means I can still put in a full day.BTW, here's where I work:
Right on the water I'd be on the 6th floor, but if I went in I might not be able to go home again.
Yeah... Don't go in. And don't go fishin'.
October 29, 2012 at 10:05 am
Brandie Tarvin (10/29/2012)
Stefan Krzywicki (10/29/2012)
Slowly, but surely the entire northeast is shutting down today. Glad I decided to work from home, that means I can still put in a full day.BTW, here's where I work:
Right on the water I'd be on the 6th floor, but if I went in I might not be able to go home again.
Yeah... Don't go in. And don't go fishin'.
Have you seen the shots of Atlantic City? Streets are already underwater from the storm surge and the worst hasn't hit yet.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
October 29, 2012 at 10:24 am
Stefan Krzywicki (10/29/2012)
Brandie Tarvin (10/29/2012)
Stefan Krzywicki (10/29/2012)
Slowly, but surely the entire northeast is shutting down today. Glad I decided to work from home, that means I can still put in a full day.BTW, here's where I work:
Right on the water I'd be on the 6th floor, but if I went in I might not be able to go home again.
Yeah... Don't go in. And don't go fishin'.
Have you seen the shots of Atlantic City? Streets are already underwater from the storm surge and the worst hasn't hit yet.
This is the feed I'm watching. It looks pretty nasty.
http://news.blogs.cnn.com/2012/10/29/hurricane-sandy-strengthens-to-85-mph/?hpt=hp_t1
October 29, 2012 at 10:58 am
I just heard that Boston suspended public transport too.
October 29, 2012 at 11:03 am
Koen Verbeeck (10/29/2012)
ChrisM@home (10/28/2012)
L' Eomot Inversé (10/27/2012)
L' Eomot Inversé (10/26/2012)
WayneS (10/25/2012)
Anyone still alive out here? 3 days with no comments... that has to be a record for The Thread.Some malware has reduced my time for looking at the thread rather a lot, so I didn't notice the long gap; when I have time I'll post that story. I'm still dubious as to cleanness of my laptop, so still throwing tests and scans at it.
And now we have another long (about 30 hours) gap with no posts in the thread. What has happened? Is it a holiday in the USA? Or something worth watching on TV in the USA (I'd find that one hard to believe, but I guess it could happen).
Anyway, now I have solme time, so here's my somewhat bizarre horror story.
<<snip>>
Anyway, whatever it was that hit me, I hope it doesn't hit any of you.
Thanks for sharing, Tom. What a nightmare. <snip snip>
Three days absence from homework (including ssc) and a total cost of about £600.
I had some issues with malware as well in the last couple of weeks. In my case it was more obvious: twice I had ransomware which demanded me to pay up if I wanted my computer back. Luckily the malware wasn't smart enough to prevent me switching to another user and attacking it from there. I had found a pretty good anti-malware tool: combofix[/url]. It's a pretty straightforward tool. Just launch it and it will shut down your internet connection and it will remove every malware it can find. It got rid of my two infections pretty easily.
What's worrying is that both infections occured when visiting legitimate sites. Probably sites with minimal security which were hacked and malware placed upon.
Malware attacks have been getting more widespread of late. I have been getting warnings on my site because I have links to other sites that are legit that have been compromised.
For my personal system, I usually use a combo of malwarebytes, spybot, and superantispyware.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 29, 2012 at 11:04 am
Brandie Tarvin (10/29/2012)
I just heard that Boston suspended public transport too.
Yup, all closing down in an hour.
I'm expecting things will be back to normal here tomorrow since 90% of what we'll be getting is storm surge and the storm should be primarily over land by then.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
October 29, 2012 at 11:04 am
Revenant (10/29/2012)
Koen Verbeeck (10/29/2012)
Brandie Tarvin (10/29/2012)
This is the first I've heard of ransomware. Thanks for the heads up on it.They can be pretty nasty.
Most of them disable the task manager, regedit and your desktop.
Some of them also disable keyboard and/or mouse.
I hope Devil has a special place in Hell for people who write these things.
+100000000000000000000000000000000000000
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 29, 2012 at 11:06 am
SQLRNNR (10/29/2012)
Revenant (10/29/2012)
Koen Verbeeck (10/29/2012)
Brandie Tarvin (10/29/2012)
This is the first I've heard of ransomware. Thanks for the heads up on it.They can be pretty nasty.
Most of them disable the task manager, regedit and your desktop.
Some of them also disable keyboard and/or mouse.
I hope Devil has a special place in Hell for people who write these things.
+100000000000000000000000000000000000000
Great, you just caused a type overflow.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
October 29, 2012 at 12:53 pm
WayneS (10/29/2012)
Geez Tom, that's quite a bit of stuff you went through - hope I never have to do something like this. Sure am glad that you got it all fixed.Long story short... had some issues, but ended up victorious! 😀
Well, I wasn't that optimistic, which is why I said "maybe the machine is now clean" and "I have no reaon to be optimistic so I shall do everything possible to detect anything that may be there". And further scanning has turned up some more things.
Since then I've run mbam, it found a couple of strange registry entries that had to be fixed. Also the DrWeb cureit scanner, which found 14 things it reckoned were infected, but none of the infections it claimed were there would account for any of the symptoms I had (although either of two of them could have been the delivery vehicle for whatever hit me). Started doing a long overdue clean-out (you know the sort of thing - uninstalling stuff that I installed in 2007 and haven't used since 2009, and so on - some of the infections found by cureit were in things like that). Ran a full msert scan because I had only run a quick one before, it too detected some (harmless) registry corruption. Replaced my OpenDNScryptService.exe and OpenDNSInterface.exe with shiny new clean versions because some of my symptoms had appeared to be DNS interference, although there's no evidence at all that either of those was infected. Installed Trend Browserguard and will leave it in place for a few days to see if it detects anything (it's RTP only, no scan function); installed Trend RUBotted, and it says thinks the computer is not botted, but that's withing minutes of installation so doesn't yet mean anything, I'll leave that in place for a while too because bots phoning home is not a continuous thing (at least not if the malware writer knows anything about avoiding detection).
I'm still not prepared to use the machine to log into paypal, for example, because I haven't seen anything remove anything that would account for all the issues I had. I'm happy using it for things like browsing and (non-financial) email, though - different standards of security for different applications, as usual.
So next I'm going to run SUPERAntiSpyware I wasn't quite sure about that one because the name is so similar to some well-known fake anti-spyware rip-off packages - the authors of those are an even lower form of vermin than ransomware authors - but Jason's post above means I now have 3 apparently intelligent people who use it and reckon it's genuine, so I'll do it now. And I think I'll also install free AVG and run a scan with that (if I can work out how to do it without too much conflict with existing installed stuff) - I used to use AVG on my home desktop, but decided it was no longer up to scratch quite some time back; but it's been getting better and now it gets very good reports (not as good as MSE, but better than most other free things). If superantispyware detects nothing, and AVG detects nothing, and BrowserGuard and RUBotted still find nothing wrong after a week, I'll either trust the machine again or get all my data into a tin, format the laptop hard drive, and reinstall from scratch (depends how paranoid I'm feeling). If I do that I'll have a look and see if I can find a bios for the laptop that will support Windows 7 (I'll bet Toshiba won't be at all helpful on that, so I'll probably fail) so that I can run SQL 2012; using XP Pro I can't go beyond 2008 R2.
edit: Maybe I'll also try the combofix thing that Koen mentioned too. Haven't come across it before, so would do some checking first.
Tom
October 29, 2012 at 5:53 pm
You run those programs in "windows safe mode"?
October 29, 2012 at 6:26 pm
I'd recommend creating a boot disk or boot stick (usb) using Hirens tools
http://www.hirensbootcd.org/download/
There are directions for making a boot usb stick there. I might go as far as to make the stick, perform the signature updates (you can only update av signatures on the stick for obvious reasons) then create a boot cd from that updated boot stick.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 29, 2012 at 7:23 pm
Jo Pattyn (10/29/2012)
You run those programs in "windows safe mode"?
Mostly not. But some of them, yes.
Tom
Viewing 15 posts - 38,206 through 38,220 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply