PDA

View Full Version : Port Defense software?



Gloomrender
01-22-2011, 04:26
Anyone know of a port defense software, for lack of a better term, for windows? Something like Portsentry (cant use on windows)? Or something that does 'TCP wrapping'? Stuff that essentially secures your ports?

Kiyayne
01-22-2011, 04:29
I'd recommend a battle ship and anti-aircraft cannons, you'll be more secure then pearl harbor.

Napalm_Enema
01-22-2011, 04:32
Are you on a network with other people? Or is this just home use?

Need more details to advise you mang.

Gloomrender
01-22-2011, 04:33
Are you on a network with other people? Or is this just home use?

Need more details to advise you mang.

Just me. Although I might be on a network with significant others in the future, so all the info I can get is good.

Napalm_Enema
01-22-2011, 04:41
You really just need, for home use, a small Linksys router/firewall. That should really be sufficient for your needs. If you want a robust anti-virus, Sophos is a great product.

What are your concerns, or what is driving this inquiry? Are you worried about someone haxing you or what?

Gloomrender
01-22-2011, 04:54
You really just need, for home use, a small Linksys router/firewall. That should really be sufficient for your needs. If you want a robust anti-virus, Sophos is a great product.

What are your concerns, or what is driving this inquiry? Are you worried about someone haxing you or what?

Already happened. Total data loss (thank God I had backed most of it up).

My router failed me.

Do you mean Sophos antiroot? I just got that. You think it will help?

Napalm_Enema
01-22-2011, 05:19
Sophos is more like an anti-virus with actual detection capabilities. If you are saying you were hacked, and they wiped your machine, then yes firewalls etc.. is what you should look into.

Was it a virus or an actual person that prompted all this?

Gloomrender
01-22-2011, 05:20
Sophos is more like an anti-virus with actual detection capabilities. If you are saying you were hacked, and they wiped your machine, then yes firewalls etc.. is what you should look into.

Was it a virus or an actual person that prompted all this?

Which one on this page?

http://www.sophos.com/products/enterprise/free-trials/

It was an actual personal attack, I believe from someone who may have gotten my IP somehow.

Napalm_Enema
01-22-2011, 05:23
Sounds more likely that someone had physical access to your machine but if you are really concerned about someone coming over the wire, you just need to get a basic Linksys router, only this time change the default password to something actually difficult.

Then get Sophos Anti-virus to protect yourself from malicious netcode/viruses/anything else.

Sophos also has a firewall component which you could implement which would further secure you.

Depending on what OS you are running, you could be running more risks than necessary.

Gloomrender
01-22-2011, 05:29
Sounds more likely that someone had physical access to your machine but if you are really concerned about someone coming over the wire, you just need to get a basic Linksys router, only this time change the default password to something actually difficult.

Then get Sophos Anti-virus to protect yourself from malicious netcode/viruses/anything else.

Sophos also has a firewall component which you could implement which would further secure you.

Depending on what OS you are running, you could be running more risks than necessary.


Could you please link me to that specific software page for Sophos? The website has all kinds of different stuff which is not named "Sophos antivirus".

I run Windows 7 by the way, what do you mean?

How would I set up that password for a linksys?

Napalm_Enema
01-22-2011, 06:01
Could you please link me to that specific software page for Sophos? The website has all kinds of different stuff which is not named "Sophos antivirus".

I run Windows 7 by the way, what do you mean?

How would I set up that password for a linksys?

You really just need to work on securing your router, it's the only way someone could get to your computer.

Here is the sophos anti-virus, third one down?
https://secure.sophos.com/products/small-business/sophos-anti-virus/eval/

Changing your router password is easy, just log into it in a web browser and you can figure out the rest.

I would change your IP range
I would reset the default admin login and password

If you type 'ipconfig' at a command prompt, whatever it lists for your gateway = your router. Put that in a web browser, then log in. If you left it default, it's admin with a blank password.

Gloomrender
01-22-2011, 09:48
I'll do this. Thanks.

Gloomrender
01-22-2011, 09:56
Say, how much does the full version of sophos antivirus cost? And it will work with W7? Easy to use?

ZeroCool
01-22-2011, 09:57
Im not exactly sure why you would need a "port defense" software. Never even heard of one. If your worried someone might be stealing information then get anti keylogging software, make sure you password your computer, password wireless, network discovery off, etc.

The movie hackers, although amazing, really doesn't happen in RL. So as long as you take basic precautions you should be fine.

Gloomrender
01-24-2011, 02:24
Im not exactly sure why you would need a "port defense" software. Never even heard of one. If your worried someone might be stealing information then get anti keylogging software, make sure you password your computer, password wireless, network discovery off, etc.

The movie hackers, although amazing, really doesn't happen in RL. So as long as you take basic precautions you should be fine.

My computer is proof that I was hacked. I'm looking at it right now. I took every precaution including anti-keylogging software and none if it was enough to stop total data loss.

Gloomrender
01-24-2011, 02:25
Say, how much does the full version of sophos antivirus cost? And it will work with W7? Easy to use?

Also Napalm?

Napalm_Enema
01-24-2011, 02:49
Sorry bro, busy weekend.

Full version, not sure of, I got / get it through work so I'm not certain. Should be pretty reasonable however.

Works perfectly with Windows 7.

Brannoc
01-24-2011, 04:08
I'm just gonna put this out there, the odds that you were personally targeted for a data destruction attack "over the wire" are extremely low. The odds of making the Kessel run in less than nine parsecs are about the same.

Far more likely you contracted one of the many thousands of viruses that do Bad Things to Windows, I don't know that I would go all paranoid style and look for an over the top firewall protocol as you are far more likely to find it limiting and annoying. On top of that, like I said the odds that you were successfuly attacked over the interwebs after "someone got your IPz" are insanely low.

Your best bets remain a decent quality consumer grade router, if you feel that they aren't that great look into open source router software, there are many gnu router setups that make fantastic hardware firewalls out of standard Linksys, D-Link, etc devices.

After that local antivirus is your best bet. Sophos and ESET both make fantastic products in this regard, and are quite reasonably priced for your average consumer. They even have passable software firewalls in them! For browsing security most people seem to agree that you should either go the Firefox with NoScript route or the Chrome route with JavaScript controls enabled. The most recent IE iteration isn't so bad when it comes to security through their Protect Mode browsing, especially if you're using data execution prevention, but that takes a little more work and effort than the other two.

Above all, update Adobe products!

Gloomrender
01-24-2011, 04:32
Well I know some easy ways people could have gotten my IP address (ya, I was careless in retrospect). I would think that would make it easier to hack someone, a lot easier. All that happened was all of my data got deleted, in the span of a few minutes, with nothing unusual happening prior. That's it. That seems unusual for just a virus to me. Don't most malware just try to get personal information and such? Or make your computer a zombie? This did none of that. It just deleted stuff. It really seems like someone just came in and deleted stuff, using some kind of automated deletion program which ate itself...It was probably some script kiddie that didn't like something I said about his video game play somewhere. :rolleyes: It really doesn't seem random, and I've had some idiots angry at me for petty reasons a week or so prior to this incident. My newly installed avast! found something my cousin identified as a 'backdoor'. Which would also seem to be evidence of a hack.

I had regularly used FF with noscript, WOT, and ABP. Peerblock, and Comodo firewall. I scanned with malwarebytes and other scanners frequently. I would think I had pretty good defenses for those random kinds of viruses. This would lead me to believe this was not random.

I plan on getting ESET and Sophos on my new computer, and a good router. How does that "gnu router" stuff work? Got a good link explaining it by chance?

ZeroCool
01-24-2011, 06:09
My computer is proof that I was hacked. I'm looking at it right now. I took every precaution including anti-keylogging software and none if it was enough to stop total data loss.

How do you know you where hacked? If your computer was pass worded and only you knew it then that is a very unlikely chance. You probably had a trojan or another virus. Many things can trigger data loss.

Gloomrender
01-24-2011, 06:26
How do you know you where hacked? If your computer was pass worded and only you knew it then that is a very unlikely chance. You probably had a trojan or another virus. Many things can trigger data loss.

If you are gonna troll, at least read the whole post.

Tenebrion
01-24-2011, 06:26
I'm just gonna put this out there, the odds that you were personally targeted for a data destruction attack "over the wire" are extremely low. The odds of making the Kessel run in less than nine parsecs are about the same.

Far more likely you contracted one of the many thousands of viruses that do Bad Things to Windows, I don't know that I would go all paranoid style and look for an over the top firewall protocol as you are far more likely to find it limiting and annoying. On top of that, like I said the odds that you were successfuly attacked over the interwebs after "someone got your IPz" are insanely low.

Your best bets remain a decent quality consumer grade router, if you feel that they aren't that great look into open source router software, there are many gnu router setups that make fantastic hardware firewalls out of standard Linksys, D-Link, etc devices.

After that local antivirus is your best bet. Sophos and ESET both make fantastic products in this regard, and are quite reasonably priced for your average consumer. They even have passable software firewalls in them! For browsing security most people seem to agree that you should either go the Firefox with NoScript route or the Chrome route with JavaScript controls enabled. The most recent IE iteration isn't so bad when it comes to security through their Protect Mode browsing, especially if you're using data execution prevention, but that takes a little more work and effort than the other two.

Above all, update Adobe products!

Don't listen to this guy, Gloomy. He's a kook.

Somebody' targeting you, and you can bet your ass that shit's gonna get real if you don't get yourself some sort of NASA-grade protection.

Gloomrender
01-24-2011, 06:27
Don't listen to this guy, Gloomy. He's a kook.

Somebody' targeting you, and you can bet your ass that shit's gonna get real if you don't get yourself some sort of NASA-grade protection.

See, this is 5/10 at least right here.

Napalm_Enema
01-24-2011, 06:43
You don't need an expensive router, just secure what you have but if you insist on buying new, the most you should spend on a home solution is like $150 bucks.

Get the Sophos Anti-Virus with accompanying firewall if you want as well, however with an average router and something other than the default setup on it, and you should be pretty bulletproof for most low level tools.

In the end, if someone really wants to get to your shit, and they have the skills, nothing you do would matter. But seeing as you probably don't matter fuck all, as do I, we don't need to get massive defense grids in line to defend our meaningless little lives.

Sophos is great about catching things from the net you never would even see, so at least if it was something that was virus based, you should be protected from here on out.

ZeroCool
01-24-2011, 06:52
If you are gonna troll, at least read the whole post.

Dude if i were you I would take advice from someone who has much more experience in dealing with computers than you. Don't be an ass when someone tries to offer you some advice.

Scenario 1 : You go to a bad site or look at some weird porn and get a virus (happens all the time)

Scenario 2 : Someone has a vendetta against you and somehow gets you to install and set up and remote utility program to gain access to your computer and instead of fucking with you, they destroy all your data. Or they know your IP adress, username, password, and remote connection is enabled on your PC.

If scenario 2 is the case then your an idiot.

Viluin
01-24-2011, 06:53
Is it even possible to wipe someone's hard drive if you just know their IP address? It sounds far fetched, I thought a trojan had to be involved at the very least. Maybe you accidentally shift-deleted your porn stash, it happens to all of us!

Brannoc
01-24-2011, 07:04
Is it even possible to wipe someone's hard drive if you just know their IP address?

A very limited subset of the IT inclined population would have the means and capability to carry out an attack like that, say less than one tenth of one percent. Aside from that it would typically be highly time consuming and not result in limited data loss, think more "catastrophic device failure."

So, while it is technologically possible the odds that ol' Gloomy here had something like this happen and just lost a few files = zero. More likely, (based on descriptions here) I would say he actually has an issue with local data corruption or just lost his data himself, but that's just postulation based on facts at hand.

Gloomrender
01-24-2011, 07:36
Dude if i were you I would take advice from someone who has much more experience in dealing with computers than you. Don't be an ass when someone tries to offer you some advice.

Scenario 1 : You go to a bad site or look at some weird porn and get a virus (happens all the time)

Scenario 2 : Someone has a vendetta against you and somehow gets you to install and set up and remote utility program to gain access to your computer and instead of fucking with you, they destroy all your data. Or they know your IP adress, username, password, and remote connection is enabled on your PC.

If scenario 2 is the case then your an idiot.

Or they got my IP, hacked my user/pw, and remote connection was on by default and I didn't know? Where can I disable it? And how should I know about it?

I had no script, WOT, and ABP on FF. 1 is extremely improbable.

ZeroCool
01-24-2011, 07:52
Or they got my IP, hacked my user/pw, and remote connection was on by default and I didn't know? Where can I disable it? And how should I know about it?

I had no script, WOT, and ABP on FF. 1 is extremely improbable.

Getting an IP is not hard, but let me ask, how would they go about "hacking" your username and password? There are very few people on this planet with the capabilities that your thinking of, if any. And to take the time and effort to delete some stuff on your computer is improbable.

Anti virus programs and web shields like the one you listed dont block %100 percent of harmful things that can effect your PC. Every year i get around ~3 extremely annoying viruses that aren't detected by my web shield or anti virus, I have to probe around my processes and look for suspicious files and carry out the appropriate action to delete them.

To disable remote connection. Start> right click computer > properties > off to the left theres "remote settings" where you can disable it (should be off by default). But if anyone is using remote connection then its someone (family or friend) who most likely already knows your username/password and IP address.

Edit : If you still think your computers infected then screenshot your processes tab and upload them and ill have a look.

Gloomrender
01-24-2011, 08:15
Getting an IP is not hard, but let me ask, how would they go about "hacking" your username and password? There are very few people on this planet with the capabilities that your thinking of, if any. And to take the time and effort to delete some stuff on your computer is improbable.

Anti virus programs and web shields like the one you listed dont block %100 percent of harmful things that can effect your PC. Every year i get around ~3 extremely annoying viruses that aren't detected by my web shield or anti virus, I have to probe around my processes and look for suspicious files and carry out the appropriate action to delete them.

To disable remote connection. Start> right click computer > properties > off to the left theres "remote settings" where you can disable it (should be off by default). But if anyone is using remote connection then its someone (family or friend) who most likely already knows your username/password and IP address.

Edit : If you still think your computers infected then screenshot your processes tab and upload them and ill have a look.

Wtf? It was on. You're positive It's supposed to be OFF by default? I sure as fuck never put that on, and I'm the only one in my house with access to my PC. Fuck microsoft if it came in the box that way.

Are you familiar with WOT (web of trust)? It's a community/add on that categorizes sites by a rating, and auto blocks your entry into sites with the red rating. I practically never override it to go into a red site. The only exceptions are pornotube sites which are red just bc they have porn content ( I make sure that viruses aren't also listed). Do you think this add on can be overcome by a nasty enough website? There has been a time or two where there were attempted redirects which got blocked by WOT. If WOT had failed, I might have gotten a virus there. But I thought it blocks any entry into the site. Am I wrong?

Here's my tasks by the way:

http://img39.imageshack.us/img39/2502/tasksi.jpg

The erased portions are my user name, didn't want to share.

ZeroCool
01-24-2011, 08:33
Wtf? It was on. You're positive It's supposed to be OFF by default? I sure as fuck never put that on, and I'm the only one in my house with access to my PC. Fuck microsoft if it came in the box that way.

Are you familiar with WOT (web of trust)? It's a community/add on that categorizes sites by a rating, and auto blocks your entry into sites with the red rating. I practically never override it to go into a red site. The only exceptions are pornotube sites which are red just bc they have porn content ( I make sure that viruses aren't also listed). Do you think this add on can be overcome by a nasty enough website? There has been a time or two where there were attempted redirects which got blocked by WOT. If WOT had failed, I might have gotten a virus there. But I thought it blocks any entry into the site. Am I wrong?

Here's my tasks by the way:

http://img39.imageshack.us/img39/2502/tasksi.jpg

The erased portions are my user name, didn't want to share.

Your processes look clean, and it also looks like you formatted recently, or just don't install much. Im not familiar with Web of Trust but it seems pretty basic if it just rates sites by color and blocks entry. Most of the common viruses are installed upon entry into a site. I'm guessing you went to a site that wasn't rated by WOT and didnt block entry. Web shields and anti virus are good but they never block 100 percent of malware/viruses. You should probably get Avast instead of WOT for web/virus protection, it usually catches trojans as the site tries to install them, instead of just blocking known sites.

Also im pretty sure remote desktop is off by default. I could be wrong but the last versions (3) of windows 7 ive had installed have all had them off. Chances are if someone did remote desktop your PC then they knew a username/password combination that you lent them, and they turned remote desktop on (or it was on by default, but im pretty sure its off by default). But since your the only one with acess to your PC then i guess it was on by default. Then all someone would need is an IP adress ( not hard ) and a username /password.

Gloomrender
01-24-2011, 09:01
Your processes look clean, and it also looks like you formatted recently, or just don't install much. Im not familiar with Web of Trust but it seems pretty basic if it just rates sites by color and blocks entry. Most of the common viruses are installed upon entry into a site. I'm guessing you went to a site that wasn't rated by WOT and didnt block entry. Web shields and anti virus are good but they never block 100 percent of malware/viruses. You should probably get Avast instead of WOT for web/virus protection, it usually catches trojans as the site tries to install them, instead of just blocking known sites.

Also im pretty sure remote desktop is off by default. I could be wrong but the last versions (3) of windows 7 ive had installed have all had them off. Chances are if someone did remote desktop your PC then they knew a username/password combination that you lent them, and they turned remote desktop on (or it was on by default, but im pretty sure its off by default). But since your the only one with acess to your PC then i guess it was on by default. Then all someone would need is an IP adress ( not hard ) and a username /password.

It looks like I formatted because everything was erased =/. I had a lot of programs and data that are gone now (I'm still on the PC now).

I have Avast now, but didn't at the time of the incident, had Avira Antivir.

I suppose you're right that it would have been hard to hack the user/password. Maybe I did somehow get directed to a non-rated-by-WOT site. I still would have had Adblock plus and noscript at that point though. But I suppose those could fail me as well. What do you make of the "backdoor" I found? Path was 'C:\Windows\SysWOW64\WinFLdrv.sys'

ZeroCool
01-24-2011, 09:26
It looks like I formatted because everything was erased =/. I had a lot of programs and data that are gone now (I'm still on the PC now).

I have Avast now, but didn't at the time of the incident, had Avira Antivir.

I suppose you're right that it would have been hard to hack the user/password. Maybe I did somehow get directed to a non-rated-by-WOT site. I still would have had Adblock plus and noscript at that point though. But I suppose those could fail me as well. What do you make of the "backdoor" I found? Path was 'C:\Windows\SysWOW64\WinFLdrv.sys'

Its a windows system file on a 64 bit windows thats used to support 32 bit applications. The really nasty trojans infect your system files and are a royal pain in the ass to fix. The backdoor is just a generic term for a number of viruses, but you shouldn't be worried that someone is remotely accessing your computer, especially if you just visited a website that gave it to you and especially if you didn't personally install a remote utility program.

Gloomrender
01-24-2011, 09:56
Its a windows system file on a 64 bit windows thats used to support 32 bit applications. The really nasty trojans infect your system files and are a royal pain in the ass to fix. The backdoor is just a generic term for a number of viruses, but you shouldn't be worried that someone is remotely accessing your computer, especially if you just visited a website that gave it to you and especially if you didn't personally install a remote utility program.

Wait, that's not a virus then?

ZeroCool
01-24-2011, 10:25
Wait, that's not a virus then?

Eh no and yes. The nasty viruses infect and re-write your system files. The only option then is usually a format and reinstall of windows. There is a way to replace system files manually though I haven't used it, and i don't mind formatting since I usually keep little on my system HDD.

If I were you I would just format, if thats not an option do some goggling on how to replace system files, from the sound of the location of the infected file, it seems much more benign then if it were in the sys32 folder. Also that infected file might not of been what caused data loss, because again anti virus programs don't catch all the nasty ones. Last month I caught a virus that went to town on my system 32 folder (wininit.exe), I did everything I knew to do (ive caught and deleted tons of viruses for myself and peers) nothing would work but a format.

Gloomrender
01-24-2011, 11:34
Eh no and yes. The nasty viruses infect and re-write your system files. The only option then is usually a format and reinstall of windows. There is a way to replace system files manually though I haven't used it, and i don't mind formatting since I usually keep little on my system HDD.

If I were you I would just format, if thats not an option do some goggling on how to replace system files, from the sound of the location of the infected file, it seems much more benign then if it were in the sys32 folder. Also that infected file might not of been what caused data loss, because again anti virus programs don't catch all the nasty ones. Last month I caught a virus that went to town on my system 32 folder (wininit.exe), I did everything I knew to do (ive caught and deleted tons of viruses for myself and peers) nothing would work but a format.

I've heard that viruses can still be there even after a format, is that true?

Gloomrender
01-24-2011, 13:40
By the way, I figured you meant by saying "no yes" to mean it is a virus, but a weak one?

Aerias
01-24-2011, 14:15
This always warms my heart when random uneducated denizens of the intertubes claim they've been HAXXORED by some srs over the wire hacker. As has been said before do you HONESTLY, and I mean honestly believe that you, "gloomrender" were the unfortunate victim of one of these very complex and almost impossible attacks? Are you sure that you're not possibly blowing what is obviously a simple trojan attack way out of proportion?

I often wonder how these anti-virus companies and firewall companies stay in business with their ridiculously overpriced pieces of software and then realise it's people like Gloomrender who fork out hundreds of quid on them and still end up with a virus anyway.

http://images.whatport80.com/images/c/c9/Good_Luck_I'm_Behind_7_Proxies.jpg

Gloomrender
01-24-2011, 14:47
This always warms my heart when random uneducated denizens of the intertubes claim they've been HAXXORED by some srs over the wire hacker. As has been said before do you HONESTLY, and I mean honestly believe that you, "gloomrender" were the unfortunate victim of one of these very complex and almost impossible attacks? Are you sure that you're not possibly blowing what is obviously a simple trojan attack way out of proportion?

I often wonder how these anti-virus companies and firewall companies stay in business with their ridiculously overpriced pieces of software and then realise it's people like Gloomrender who fork out hundreds of quid on them and still end up with a virus anyway.

http://images.whatport80.com/images/c/c9/Good_Luck_I'm_Behind_7_Proxies.jpg

Troll, read thread. I haven't spent a dime on virus protection in all of my life. The programs I've used were freeware. I suppose you are going to now be a hypocrite to your position and mock that fact? Have fun with the muslims.

Aerias
01-24-2011, 17:05
Troll, read thread. I haven't spent a dime on virus protection in all of my life. The programs I've used were freeware. I suppose you are going to now be a hypocrite to your position and mock that fact? Have fun with the muslims.

It was all going well up until the "have fun with the muslims" part. Anyway, you should get behind 7 proxies that'll help you, honest.

BulletToothTony
01-24-2011, 17:16
I've heard that viruses can still be there even after a format, is that true?

"KINDA" there are a couple kickass (gotta give respect) keyloggers that sit in your keyboard buffer but believe a cold boot+format clears them.

To be honest, you will find most real security software makers will tell you no network/pc is safe if they really target you.

A safer option would be to just to use a hotswap HD with a disk image of your system, back up every few days and leave it unplug'd from your PC.

ZeroCool
01-24-2011, 22:20
I've heard that viruses can still be there even after a format, is that true?

Its possible but the virus would be wiped off of the formatted HDD, it would have to infect another HDD you have connected. Though I've never had a virus that survived a format, or went to my other HDD's. You should be safe after a format.

To your second question, the no "yes" mean that, yes it is a virus, but its a virus that infected a clean system file thats usually required to run windows properly. Those nasty viruses are almost like aids, your left with a few options but it usually leaves you screwed. Whether its benign or not depends on which system file it infected and what its doing to your PC, but a format is usually the safes and best option (unless you want to replace system files, but again ive never done this).

Makestro
01-24-2011, 23:02
If you are gonna troll, at least read the whole post.

His name is ZeroCool, haven't you ever seen hackers? this guy is a pro yo.

Viluin
01-25-2011, 03:20
Some rootkits can infect your BIOS and survive a hard drive format.

At that point you should probably perform exorcism on your computer, that might help.

shock223
01-25-2011, 19:06
Some rootkits can infect your BIOS and survive a hard drive format.

At that point you should probably perform exorcism on your computer, that might help.

can't you just download the support files for your BIOs from you motherboard's manufacture website and act like your updating your BIOs to clear and reinstall?

or maybe i misunderstand how complex that is..

Viluin
01-25-2011, 23:00
can't you just download the support files for your BIOs from you motherboard's manufacture website and act like your updating your BIOs to clear and reinstall?

or maybe i misunderstand how complex that is..

Yes, but exorcism is cooler.

Also, if your hard drive is infected as well, it'll just infect the new BIOS too. You'd have to format the hard drive and flash the BIOS at the same time.

Gloomrender
01-27-2011, 22:17
Yes, but exorcism is cooler.

Also, if your hard drive is infected as well, it'll just infect the new BIOS too. You'd have to format the hard drive and flash the BIOS at the same time.

Excuse me for not understanding this at face value.

So you mean to say that you can format the hard drive, and then flash the bios, and that will defeat the bios keylogger (if there is one)?

Napalm_Enema
01-27-2011, 22:46
Excuse me for not understanding this at face value.

So you mean to say that you can format the hard drive, and then flash the bios, and that will defeat the bios keylogger (if there is one)?

I think that's pretty extreme, but yes that would be the sequence to take.

Viluin
01-28-2011, 00:39
Excuse me for not understanding this at face value.

So you mean to say that you can format the hard drive, and then flash the bios, and that will defeat the bios keylogger (if there is one)?

Or the other way around. Just don't boot into the hard drive until you're done.

Gloomrender
01-28-2011, 12:58
Meh, I need to do clean this HD out of any bugs, so I'll do it the extreme way. So I just go to my motherboards website and there's a DL that I run to redo the bios? How does it work precisely?

Napalm_Enema
01-28-2011, 14:49
Meh, I need to do clean this HD out of any bugs, so I'll do it the extreme way. So I just go to my motherboards website and there's a DL that I run to redo the bios? How does it work precisely?

I seriously doubt you have some crazy root kit eat your children virus put out by the NSA. Honestly, if you're that concerned about it, wipe your drive and do a fresh install.

If you are trying to retain information that you have, but worry about it's state of cleanliness, invest in a second hard drive, or find a spare one lying around. Install OS on it. Then install Sophos anti-virus. Then power off the machine, and attach your second drive as a slave. Now run a full scan with Sophos against the drive, it will clean it.

Now either run from the current 'OS' drive with your old drive as a data / storage drive, or put your old drive as primary and re-install your OS to it.

I've been working with servers and PC's for over ten years. I've never had to go to the extreme Villun is suggesting to resolve a computers issues.

Flashing the BIOS can be very seamless or relegate your motherboard to a piece of scrap. I'd personally, if your machine is running fine other than this incident, leave it alone. You could flash to a newer version of your bios that has an unanticipated conflict with a piece of hardware you've been running that never had a problem before etc..

At any rate, good luck, but don't use an elephant gun to kill an ant.

Viluin
01-28-2011, 18:48
Meh, I need to do clean this HD out of any bugs, so I'll do it the extreme way. So I just go to my motherboards website and there's a DL that I run to redo the bios? How does it work precisely?

Yes, you should definitely do this just to be safe. It may not be enough though. I have read stories of viruses infecting the BIOS chip of a graphics card, the poor user just couldn't figure out why it kept reappearing after a format.

Also, unplug your LAN cables asap, there's a virus that will infect your router's firmware via the local network, and after you reformat it reinfects your computer immediately. You should switch internet providers too, like 9/10 times in these cases the virus will have infected a remote computer (while storing your IP address) for the sole purpose of re-infecting yours after you reformat. Their methods are a bit vague, but I heard the virus will start an MSN conversation with you pretending to be your best friend, then it sends you a file and *boom* you're back to where you started. If anyone talks to you on MSN and they refuse to show themselves on a webcam, block them immediately.

The only real solution is to replace all the parts of your computer (except the case, it is immune to viruses) and move to a different city. Change your last name as well, otherwise it can find you on social networking sites and find a way to infect you again.

Sorry to hear you're going through all this trouble. It happens to the best of us. I recommend Norton Antivirus, it'll prevent this in the future.

Gloomrender
01-28-2011, 19:24
Yes, you should definitely do this just to be safe. It may not be enough though. I have read stories of viruses infecting the BIOS chip of a graphics card, the poor user just couldn't figure out why it kept reappearing after a format.

Also, unplug your LAN cables asap, there's a virus that will infect your router's firmware via the local network, and after you reformat it reinfects your computer immediately. You should switch internet providers too, like 9/10 times in these cases the virus will have infected a remote computer (while storing your IP address) for the sole purpose of re-infecting yours after you reformat. Their methods are a bit vague, but I heard the virus will start an MSN conversation with you pretending to be your best friend, then it sends you a file and *boom* you're back to where you started. If anyone talks to you on MSN and they refuse to show themselves on a webcam, block them immediately.

The only real solution is to replace all the parts of your computer (except the case, it is immune to viruses) and move to a different city. Change your last name as well, otherwise it can find you on social networking sites and find a way to infect you again.

Sorry to hear you're going through all this trouble. It happens to the best of us. I recommend Norton Antivirus, it'll prevent this in the future.

Bored at work eh?

I actually probably will change my name eventually, though. But not because of this.

Napalm_Enema
01-28-2011, 20:03
Bored at work eh?

I actually probably will change my name eventually, though. But not because of this.

By suggesting Norton AntiVirus as a credible solution, Vill has lost all credibility.

That, and he's obviously been trolling you for the last page or more.

Maybe you're trolling me?

Fuck I don't know anymore, if you need help PM me I'm out of this thread. My last post prior to this still stands.