Fake Chromium Virus

[Jtalk4456]

4 hours ago, Amazonsucks said:

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows

 

It can do a lot of things. Repairing corrupted component stores is one of them.

 

Did you install the trial of malwarebytes premium, do the threat scan with rootkit detection enabled? A hyper scan wont be good enough. Do you have real time protection on?

 

If the answers are yes, did it remove the malware but you got reinfected or did MBAM not detect it at all?

 

If MBAM didnt get it at all, run this. Reboot if it tells you to.

 

https://www.malwarebytes.com/adwcleaner/

 

That almost certainly will obliterate it.

 

Ive been considering writing a basic cybersecurity guide and posting it but idk if itll get stickied. I can always point to it when people have these issues rather than re explain it i guess.

 

Also run this after Adwcleaner.

 

https://www.f-secure.com/en_US/web/home_us/online-scanner

 

You should not be using normal task manager if you wanna get 1337 into cybersecurity either. Microsoft makes a much more advanced version called Process Explorer.

 

How  to use: In file, select show details from all processes. In options turn on verify image signatures and virus total, and optionally, enable unknown executable submission if you want VT to get samples of unknown processes. 

 

It doesnt scan your proceses with 60 different antiviruses, but compares the MD5 hash of the running processes against VT(owned by google) database which does scan files with 60 different AV engines.

 

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

 

Youll be able to get much more detailed info using that.

 

DO NOT reinstall windows for something this simple. A nasty rootkit, sure, but this is probs just a low tech browser hijacker.

 

ALSO something to check once youve cleaned all the malware.

 

Hit Windows key + R. Type gpedit.msc and itll open your group policy editor. Go to computer configuration, administrative templates, system.

 

In the right pane, double click: specify settings for optional component installation and component repair.

 

Set it to Enabled. Then enable the contact windows update option, so you can just repair using windows update easily. 

 

Then run DISM and sfc again if you like.

 

P.S. This is NOT persistent malware. Persistent malware gets in your firmware and you have to discard the whole device

haven't been home to try anything. Also I'm focusing on networking first, so i haven't gotten into all the better tools, though I've heard of Process Explorer. Assuming work doesn't kill me today, I'm gonna try all this later tonight when i get home and let you know what happened in the morning. 

[Amazonsucks]

On 7/16/2018 at 11:23 AM, Jtalk4456 said:

haven't been home to try anything. Also I'm focusing on networking first, so i haven't gotten into all the better tools, though I've heard of Process Explorer. Assuming work doesn't kill me today, I'm gonna try all this later tonight when i get home and let you know what happened in the morning. 

Hows your malware hunting going?

[Jtalk4456]

4 hours ago, Amazonsucks said:

Hows your malware hunting going?

I'm sick, so not going as of yet, i haven't been back home on the computer since 2 days ago

[ScratchCat]

On 7/16/2018 at 12:33 AM, Tosa said:

Going by that logic, you should probably get rid of the entire computer, as the malware could theoretically have infected your BIOS, GPU firmware, the firmware of the harddrives and any USB devices connected. All possible, but very unlikely. I wouldn't worry.

Firmware related persistence isn't the prime target of malware developers unless you are a government agency, the targets are too varied and will require code to be executed on the host machine first. If I wanted my malware to spread with the least effort I would look at the most efficient ways, the internet and removable media (henceforth refered to by USB stick for simplicity).

 

The objective of malware distribution is to spread, the more it spreads the more impact of your choice it will have. The easiest and fastest ways are currently via the Internet and USB sticks (sorry Floppy Disks) as they are used to connect computers most often.

 

Infecting files on the USB stick produces an effective way to spread the malware to new computers - your Average Joe isn't going to run a scan on his friend's PowerPoint before running it with Macros enabled. A malware developer will almost be guaranteed that a connected USB stick will contain file candidates for infections and will be connected to another computer where the files will be used - a prime target to exploit to spread the malware.

 

Now if you download a disk image and write it to a USB stick, why wouldn't the malware be designed to spread to this medium? It still fulfills the target of spreading the malware i.e. by autoplay file to point to the malware on the Linux Live drive, when another computer or even the now clean computer connects the drive the malware may be able to spread.

 

You don't send an infected nurse to fetch medical equipment for a susceptible patient.

It may be extreme but why take the risk?