I (theoretically) cleaned of a /badly/ infected machine the other day
with ComboFix.
It's not a tool to play with, but what it does, it does well.
Eventually the machine will be wiped (this one gets re-imaged every 6
months or so anyways, and the network is pretty locked down *shrug*),
as the st
y
hand, good luck to you and depending on the nimber of computers you might
find it faster to write a script is all i am saying. If that doesn't seem
faster, also fine with me. I don't have a horse in this race
-Original Message-
From: Dana [mailto:dana.tier...@gmail.com]
>
ming profiles so there is nothing on the desktop to save.
>>>
>>> -Original Message-
>>> From: Dana [mailto:dana.tier...@gmail.com]
>>> Sent: Wednesday, September 02, 2009 12:22 PM
>>> To: cf-community
>>> Subject: Re: Fracking Hacking Sp
ith
>> real roaming profiles so there is nothing on the desktop to save.
>>
>> -Original Message-
>> From: Dana [mailto:dana.tier...@gmail.com]
>> Sent: Wednesday, September 02, 2009 12:22 PM
>> To: cf-community
>> Subject: Re: Fracking Hacking Sp
Original Message-
From: Dana [mailto:dana.tier...@gmail.com]
Sent: Wednesday, September 02, 2009 1:51 PM
To: cf-community
Subject: Re: Fracking Hacking Spammers!
yeah. Data wasn't really an issue for us and I guess I made an assumption
that it wasn't for you either. I
hing on the desktop to save.
>
> -Original Message-
> From: Dana [mailto:dana.tier...@gmail.com]
> Sent: Wednesday, September 02, 2009 12:22 PM
> To: cf-community
> Subject: Re: Fracking Hacking Spammers!
>
>
> I don't know how many machines you are talking about and you
Sent: Wednesday, September 02, 2009 12:22 PM
To: cf-community
Subject: Re: Fracking Hacking Spammers!
I don't know how many machines you are talking about and you have a newer
version (presumably nastier tho) but
the computers I worked on took a ridiculous amont of time to fix. There was
a manu
9 at 10:22 AM, Dana wrote:
> I don't know how many machines you are talking about and you have a newer
> version (presumably nastier tho) but
>
> the computers I worked on took a ridiculous amont of time to fix. There was
> a manual fix and it involved really long lists of
s on itself.
>
>
> -Original Message-
> From: Dana [mailto:dana.tier...@gmail.com]
> Sent: Wednesday, September 02, 2009 11:59 AM
> To: cf-community
> Subject: Re: Fracking Hacking Spammers!
>
>
> awesome :) It would have been better to re-image the machine
We are debating that now since the virus mutates on itself.
-Original Message-
From: Dana [mailto:dana.tier...@gmail.com]
Sent: Wednesday, September 02, 2009 11:59 AM
To: cf-community
Subject: Re: Fracking Hacking Spammers!
awesome :) It would have been better to re-image the
awesome :) It would have been better to re-image the machines I am talking
about, I was told not to, well, as a sympom of the madness there, is the
best way I can explain it. But based on what you just said it's pretty much
the only way to go any more?
On Wed, Sep 2, 2009 at 9:49 AM, Scott Raley
It is now Antivirus 2010 and there is a new version call Braviax which is
programmed to embed itself in a lot of spyware tools, spybot, malware bytes,
superantispyware, etc so you have to rename stuff to get it to work
correctly. It infects regedit and a lot of files in windows system so when
you
yes, I have seen a version of that. Are they still calling it, Antivirus
2009, is it? I also saw something that looked *just* like Windows security
alerts. But since Windows security had been turned off either by the user or
by the software, this would not have been the case.
I am not sure wheth
yes they do
On Wed, Sep 2, 2009 at 7:46 AM, Michael Grant wrote:
>
> >
> > What really got my goat was how well the site prevented a user from
> > closing or navigating away from it.
>
>
> Alt + F4 can be your greatest friend when this happens. Rarely does it not
> work. Also, some of these mal
>
> What really got my goat was how well the site prevented a user from
> closing or navigating away from it.
Alt + F4 can be your greatest friend when this happens. Rarely does it not
work. Also, some of these malware/virus guys make a graphical window where
the "X" is actually a button which i
Dana wrote:
> by the way, Ian, I would be interested in hearing any followup you have on
> this. Lest Erika think I think you're stupid, I'll just mention that I
> dealt with one of the early versions of that trojans at a former job site,
> and at the time serveral anti-virus softwares were not de
On Tue, Sep 1, 2009 at 7:32 PM, Michael Grant wrote:
>
> Let's everyone just calm down a speck.
> Dana: you kind of missed the point of the original thread.
>
yep, I did and said so.
Still don't see what she is upset about tho so I am apparently still missing
something. Is it talking down to s
you do look fantastic :)
On Tue, Sep 1, 2009 at 9:32 PM, Michael Grant wrote:
>
> Mike G: you look fantastic.
>
>
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion maili
can't claim credit but I have found it to be true.
On Tue, Sep 1, 2009 at 7:15 PM, Michael Grant wrote:
>
> > to a hammer, a lot of things look like a nail.
>
> This is an amazing expression. Never heard it before and hope I don't
> forget
> it.
>
>
>
~
Shit...how did I miss this opportunity..
GIRL FIGHT!!!
On Tue, Sep 1, 2009 at 9:32 PM, Michael Grant wrote:
>
> Let's everyone just calm down a speck.
> Dana: you kind of missed the point of the original thread.
> Erika; you're taking this all a little personal.
> Mike G: you look fanta
Let's everyone just calm down a speck.
Dana: you kind of missed the point of the original thread.
Erika; you're taking this all a little personal.
Mike G: you look fantastic.
On Tue, Sep 1, 2009 at 9:23 PM, Erika L. Rich wrote:
>
> For the record - I could care less about the apologies - unness
For the record - I could care less about the apologies - unnessary therefore
unacknowledged.
You still do not get my point.
And you still disregarded what I had to say.
Whatever.
On Tue, Sep 1, 2009 at 9:20 PM, Erika L. Rich wrote:
> Now I know why people are exasperated with you during politic
Now I know why people are exasperated with you during political discussions.
Dramas are ok there .. but I have a disagreement and you talk down to me?
no problem.
Carry on.
~|
Want to reach the ColdFusion community with somet
> to a hammer, a lot of things look like a nail.
This is an amazing expression. Never heard it before and hope I don't forget
it.
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House o
yeah I can tell you aren't upset or anything ;)
It's really not worth all this drama, Erika. Yes, I could have cross-checked
my finding with three different browsers and had someone proofread my answer
for potential unintended slights to Erika. I did not, not that browsers were
the issue (tho the
my typo:
"*I* replied and said it was hijacking,"
should of been " ... WASN'T "
On Tue, Sep 1, 2009 at 7:56 PM, Erika L. Rich wrote:
> Look.
>
>
~|
Want to reach the ColdFusion community with something they want? Let the
Look.
The ONLY point I was trying to make is that his browser was NOT hijacked
like you said it could be because his results didnt match your results.
You went off on a tangent about security and hijacking and do this and do
that. FINE for after the fact in case when he clicked on the link that
by the way, Ian, I would be interested in hearing any followup you have on
this. Lest Erika think I think you're stupid, I'll just mention that I
dealt with one of the early versions of that trojans at a former job site,
and at the time serveral anti-virus softwares were not detecting it. Work
put
huh ok, I will check everything I send for "how would I read this if I were
oversensitive" ::tickle::
I am sorry if I upset you, but really...
On Tue, Sep 1, 2009 at 11:56 AM, Erika L. Rich wrote:
>
> Then you need to reword the way you reply to things :P Or at least read
> over
> them again.
if you closed the window you should be fine then. There are a few javascript
thingies out there but not many and the standard story does not mention
them. Good thing to let operations now about tho. I am willing to bet that
you were not the only person who did that search.
On Tue, Sep 1, 2009 at
Dana wrote:
> did it start an automatic download?
No it did not, thankfully! But it really wanted me to one manually.
I let the operations people know yesterday. We use a corporate,
enterprise security tool here, so I don't get to start my own scans.
~
Then you need to reword the way you reply to things :P Or at least read over
them again. Or devote more time to our threads! :)
On Tue, Sep 1, 2009 at 1:45 PM, Dana wrote:
>
> whoa. It wouldn't matter, is all I am saying. Chill. I know I am talking to
> you and I am not saying you're dumb, naiv
did it start an automatic download?
On Tue, Sep 1, 2009 at 11:47 AM, Ian Skinner wrote:
>
> Erika L. Rich wrote:
> > It's simply black hat marketing taking advantage of current breaking news
> to
> > get traffic to their crap.
>
> Not only that, but their crap was the crappiest type of crap to
I saw that danelaldana link and wondered about it. I did not click it -- I
just got some wierd gamevance thing cleaned off my laptop. The other links
were domains that looked like newspapers and appeared to be those newspapers
when I clicked them, ie really (as far as I could tell) the San Jose,
Erika L. Rich wrote:
> It's simply black hat marketing taking advantage of current breaking news to
> get traffic to their crap.
Not only that, but their crap was the crappiest type of crap to be
tricking people to traffic towards.
The one site I clicked on was, oddly enough compared to your pr
whoa. It wouldn't matter, is all I am saying. Chill. I know I am talking to
you and I am not saying you're dumb, naive or anything else. It is possible
to take good precautions and not be protected against something simply
because you are one of the lucky first people to make contact with a given
Michael Grant wrote:
> I checked it out. Not a browser hijack. Just people making Googlebot bend to
> their will.
That as well as what the actual contents of the sites you ended up on.
The only one I tried, before I looked closely at the results, was a
"Virus Scan" spam site that was the worst
yeah I see that now, see my last post. I wonder how it was that I saw legit
newspapers? I am thinking Google is working on this maybe, but what is
blowing *my* mind is that this is not even the biggest fire they have in
California right now. Makes you wonder about scale.
On Tue, Sep 1, 2009 at 11
Do you really think I dont understand that? I mean really? As in you
really think *I'm* not setup to have adequate protection? I mean just
curious. As in - did I really have to spell out each and every security
program, virus protector, spyware check, registry check, etc that I have
running on my
I checked it out. Not a browser hijack. Just people making Googlebot bend to
their will.
On Tue, Sep 1, 2009 at 1:18 PM, Dana wrote:
>
> It's a couple of days later and I haven't looked yet. I will now, but I
> dunno if the state will be the same
>
> Being completely scanned is not necessa
It's a couple of days later and I haven't looked yet. I will now, but I
dunno if the state will be the same
Being completely scanned is not necessarily protection by the way - I
picked up some pretty serious malware once on a site that allegedly spelled
out the interactions for coumadin, and
ah. I clicked his link ::shrug:: But if you guys see the same thing then he
is correct and that is awful. Can you imagine what goes through the mind of
someone who sits around thinking of pages like that to make up?
On Mon, Aug 31, 2009 at 8:54 AM, Erika L. Rich wrote:
>
> I do believe he's tal
Dana wrote:
> um. When you say the first link that came up do you mean KCRA?
>
I now see that the first link is not constant. When I first did it, the
news results was not the first link the danielaldana.com link was.
Other searches has started with the news links, so Yes, that is *not*
t
Dana. Not to be cheeky here... but it's not a browser hijack.
How bout you take a screen shot searching on exactly what he did, in Google
and show us how good your results are.
Just so we're comparing apples and apples here and no apples and bananas.
Here's mine for the record. And now, I no lo
One day, I am gonna here a guy brag about how he is a hacker.
I will then walk up to him an kick him in the nuts.
If he asks why I did it I will say, 'I was just exploiting a vulnerability'
On Mon, Aug 31, 2009 at 10:42 AM, Ian Skinner wrote:
>
> For those who do not live in Northern California
Dana wrote:
> modesto bee, san jose mercury-news it all looks pretty legit to me.
P.S. The good news (relatively speaking) is that once I did find the
legitimate news site with a map, I could clearly see that the fire was
on the other side of the highway and a good couple of miles away from
Not the news articles, the search results return. All of those links
that say Auburn Fire Map when you go to link Ian sent.
On Mon, Aug 31, 2009 at 7:52 AM, Dana wrote:
>
> um. When you say the first link that came up do you mean KCRA? cause either
> I ma missing something or you are, possibly a
Did you search Auburn Fire Map, without quotes. When I first did this
search I don't recall the "News results for..." But these are the links
I got below that one.
danielaldana.com/.694ff/class.php?k=*auburn*-*fire*-*map
http://www.google.com/url?sa=t&source=web&ct=res&cd=2&url=http%3A%2F%2Fda
modesto bee, san jose mercury-news it all looks pretty legit to me.
If I were you I would download this.
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html.
Not sure if you are at work or on your own computer but you do not need
admin provileges to install it. Sorry if
No, i see the same thing.
The first 5 pages of results (except for the onebox result from News above
the organic search results) are all content spammers, where the search query
has zero to do with the content of the actual article.
On Mon, Aug 31, 2009 at 10:55 AM, Dana wrote:
>
> the first
the first few are the san francisco and la papers. How long ago did you
click? Just wondering if we are looking at the same links. goign down a bit.
You still see evil spam? You may have a browser hijack going...
On Mon, Aug 31, 2009 at 8:52 AM, Dana wrote:
> um. When you say the first link tha
I do believe he's talking about actual search results, not the secondary
News results... where if he had just searched the "news" instead of the
"web" he might have gotten closer to what he wanted.
For the record, he is correct.
The WEB search results are full of black hat spammers trying to mak
um. When you say the first link that came up do you mean KCRA? cause either
I ma missing something or you are, possibly ad-aware ;) By "on the list" are
you talking about "all 77 news articles'? I am going to click a few of those
now, for fun.
On Mon, Aug 31, 2009 at 8:42 AM, Ian Skinner wrote:
For those who do not live in Northern California, there was a pretty
large wild fire in the foothill community of Auburn California. I have
a friendly acquaintance I have worked with in the past who lives near
the area described in the news as where the fire was. So I wanted to
check up on e
54 matches
Mail list logo
