Jump to content

Recommended Posts

ummm sooo how do i prevent it from going through lan because i knoe fot autorun.inf you can edit in registry from not reading when usb loads etc... can you tell me other way to prevent it going throuh lan other than getting a anti-virus fire wall?? because when a person makes a virus they try to make it undectable

Link to post
Share on other sites

As I recall, certain patches Microsoft released recently after the massive Conficker worm outbreak, actually disable automatic autoplay functionality of removable storage devices which by itself should block the execution of such an infection. More info on this can be found here.

Aside from that, it is always a good idea to have a firewall installed on all the computers on a lan, simply for the sake of preventing any worm or other infection that jumps via lan (many use other methods of spreading besides just autorun/autoplay to do this) from getting to your other systems should one become infected. Antivirus relies on detection signatures, a firewall does not so it will simply block access from outside the PC in question over lan regardless of the program trying to connect, be it a detectable virus/worm or not.

Link to post
Share on other sites

A virus is traditionally (per its original definition) is a piece of software that replicates itself by infecting other files on a PC. A rootkit is simply a piece of software that hides a file/files and/or a registry entry or entries and/or running process from Windows so that it cannot be seen by other programs on the computer, including the Task Manager, Regedit, Windows Explorer and security software. That being said, not all rootkits are bad. Rootkits are used by security software to protect themselves from being disabled by malicious software (such as worms, viruses and malicious rootkits) and to gain low level access to the system to be able to detect malicious rootkits.

As for which is more powerful, it all depends on the code of the particular infection itself. These days, most modern infections are not standalone infections of a single type, but complex combinations of various types of infections, such as worms bundled with rootkits to hide them along with file infection capabilities (ie viruses).

If you really want to learn about the various types of threats out there and what they're capable of, as well as how to detect and remove them from users' systems on a voluntary basis then you should consider signing up for the free training offered at one of the schools listed on this page. The training is absolutely free and is provided by experienced volunteers for the sake of helping infected users on the web.

Link to post
Share on other sites

"hides a file/files and/or a registry entry or entries and/or running process from Windows so that it cannot be seen by other programs on the computer, including the Task Manager, Regedit, Windows Explorer and security software."

i think their is a rootkit on my pc because someone is threatenin me he has access to my files and can see what i am doing by remote and he proved it also i dont want to reformat my pc or anything is their a way out???........

Link to post
Share on other sites

i did some research this is what i found about the virus or rookit this same person sent me last time

File Behavior

NISSAN.EXE has been seen to perform the following behavior:

* Found on infected systems and resists interrogation by security products

* Executes a Process

* Writes to another Process's Virtual Memory (Process Hijacking)

* Registers a Dynamic Link Library File

* Uses DNS to retrieve the IP address for web sites

* Uses low level functions to hide itself from the user and from system/security processes

* The Process is packed and/or encrypted using a software packing process

* This Process Deletes Other Processes From Disk

* This process creates other processes on disk

* Injects code into other processes

* Creates new folders on the system

* Enables an In Process Object/Server - Common with DLL Injections

* Sets processes to start during user logon

* Looks at the contents of the autoexec.bat file

* Drops known malicious software during execution

* Reads email address and phone book details

* Visits web sites on your PC without you knowing

NISSAN.EXE has been the subject of the following behavior:

* Executed as a Process

* Has code inserted into its Virtual Memory space by other programs

* Copied to multiple locations on the system

* Created as a process on disk

* Deleted as a process from disk

Link to post
Share on other sites

Is it normal to have C:\AUTOEXEC.bat

can you guys see on your computer " hidden mode turned on"

I recently was effected by a roolkit and a hacker managed to so some damage and retrive some files from my pc and invade my privacy

Can you guys tell me if you have it yes or no

Link to post
Share on other sites

Malware could have modified this entry.

And I do have that file on my system, dated 2004.

I found these when searching:

http://en.wikipedia.org/wiki/AUTOEXEC.BAT
http://www.f-secure.com/v-descs/kak.shtml
http://www.f-secure.com/v-descs/opey.shtml
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=9589

(Please just READ these and do NOT do any fixes or any other info found in them; the information does NOT necessarily relate to your system or issue).

Looks like an older virus/malware infected this legitimate file on older operating systems (such as Windows 95 & Windows 98) but maybe it's re-emerging?

Link to post
Share on other sites

Hello kangaroo, :):D

Sounds to me like you may have malware running on your computer. Why don't you have an expert take a look at it.

Please read the following so that you can begin the cleaning process:

We don't work on Malware removal in the general forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Thank you :D

Link to post
Share on other sites

Regarding autoexec.bat, in my Windows XP Home that file is empty, with no content and filesize 0. File is dated to the day OS was installed.

HTH

Note: it is possible some software in your system has entered custom commands and environmental variables to autoexec.bat.

Link to post
Share on other sites

i got a virus called nissan.exe basically its a autorun.inf virus that spreads through usb into computers to usb etc....

I just wanted to know like is it a keylogger or wha it can be and its function i remember reading it somewere here but you guys didn't explain what it is or what it does etc.....

http://forums.malwarebytes.org/index.php?showtopic=32961

referring to that

i was wondering what are its capability's.

Link to post
Share on other sites

Hi i installed sooo much anti-virus back when i got infected with a rootkit virus and none detected it till 6 month later

http://www.virustotal.com/en/analisis/63c6...6b66-1267520912

and i have a feelin the same hacker has done it again i just want to knoe how i can confirm it i knoe no anti-viirus can help because rootkit is very hard to detect.

Link to post
Share on other sites

  • Root Admin

Hello Kangaroo,

Please stop creating posts all over the forum. Based on what you're posting your system is infected. You need to either follow the advice to have someone assist you in cleaning it up or format the drive and reinstall Windows if you don't want someone to help you.

Thank you.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Ron has given you advice on how to get guided help for your issues.

SEE http://forums.malwarebytes.org/index.php?s...st&p=252358

STOP adding more new posts in this area of the forum.

STOP self-medicating with trying tools on your own.

FYI Combofix does NOT run on 64-bit systems, and also does NOT run on Windows 7. And more than that, it should NOT be used without expert help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.