Jump to content

Malware Removal Experts


Mad Dog Vee

Recommended Posts

Im not considered an expert on this forum as Im a new member and all, how ever I have been removeing infection professionally now for over 2yrs. Worked for a remote computer company called http://www.plumchoice.com as a tier 1 engineer where I learned alot. Great tools do help in the process, along with understanding how malware works, most of the time its predictable, however infection are always changing and because of this, it does make it very hard. If every infection was the same there wouldnt be any issues, as anti-malware/virus/spyware protection would kill them all, its the makers of the infections that are the true software engineers, finding unknown exploits in browsers and OS is justa small piece of what makes a virus so nasty. I enjoy the challenge of infection detection and removal, and hope one day to be considered an expert on this forum.

Link to post
Share on other sites

  • Staff

Hi Mad Dog.

First off, let me state for the record, I'm nothing remotely close to any expert on anything. I have a hard enough time knowing and understanding myself, let alone anything so complex as Windows and malware.

That being said, yeah I can get thru most all logs without much trouble. I started out when most of the schools were barely starting out and before a couple even formed. I hung out over at cexx.org and watched Unzy take on logs along with sspears. I read for like 3 months and didn't do any logs at all. I'm an admin there now, but won't be doing much in so far as malware removal. Both have long since retired from malware removal.

I then began posting to users to scan with Ad-Aware and Spybot ans some other minor things. I'd say it was almost 6 months before I started taking logs on myself But those guys watched over me and I knew I could ask about things at any time. But of course the timeline could be off, I'm gettin old. :)

If you're interested in learning I'll tell you the same thing I tell everyone else; get ready to spend hours upon hours for weeks reading and researching. It may be 6 months, depending on how often you can get to the forums. And you can't really take much of any break either. The malware landscape changes too quickly. You can fall behind easily.

I had zero pc experience other than turning it on for some business related paperwork and mild surfing. Then I wasted a while in MSN chat rooms. Finally decided to do the security thing full time. Haven't looked back yet.

Some schools which you can learn the trade at:

Link to post
Share on other sites

Yeah, I'm no expert either (and not considered one here cuz I'm not that comfortable with the logs yet), but I have worked as a professional PC tech at some big box retailers and had to figure out ways to get rid of some nasty stuff before great tools like MBAM existed (and even if they did, I wasn't permitted to use them due to EULA's which I refuse to violate and I would have been fired for doing so anyway). Now I have an easy job that isn't computer related, so in my spare time at home and at work I've continued learning about PC security, tweaking, malware etc. because it's always fascinated me, which is why I became a tech in the first place. Now I'm looking into joining a HJT school (probably one of the ones mentioned by TeMerc) to advance my knowlege further and start working logs here on the MBAM forum.

Link to post
Share on other sites

@Tom, your a poet in your widsom in writing. good read.:)

Hello Mad Dog

Started noticing malware and its dangers back in 2003. I was a HJT trainee for about a year, I was about 1-2 months shy of gradudating and had to resign due to medical reasons. But I spend my time now in RD, writing tutorials/guides, testing, removing malware hands on only and always fine tuning my Bulldog search methods and now I"m "a grunt in the malware trenches". :) ok enough of this. :)

HJT training is hard work, its takes time to understand the methods used and once everything starts to fall into place it gets a wee bit easier. Always ask questions about something you may not understand, dont be shy. Create a search method for yourself, this will help you in your studies. Check out one/all of the schools in TeMerc post and take the plunge.

Link to post
Share on other sites

  • Staff

@Tom, your a poet in your widsom in writing. good read.:)
I better take a screen shot of that, ain't no one gonna believe me when I tell 'em someone told me that. :)
Link to post
Share on other sites

I started out in computing as a user when the Internet came online, so I've been around it from the beginning of all these little nasties since they started. Personally I've learned from just being a self taught geek, that loves the world of computing, anything and everything.

As users let's not put the cart before the horse as the saying goes, because a real expert here is going to first teach someone how to be proactive and not get into a mess in the first place, so when a problem does arise it shouldn't be that big of a deal to need an expert in the first place, and if it does, then you weren't very proactive to begin with, and should consider that, and getting some more education under your belt. Afterall, what are we talking about? Just going online and not dragging in a world of junk, and it's not that complicated.

In over 20 years I've never had any problems I couldn't deal with, and I don't think I was ever really caught with my pants down, simply because I just learned a few basic things, how to go online and do it safely, and for some reason, everyone is making this out to be some long lost black art, and it's not.

What real Malware Experts should be first, are people educating users how to stay safe, then cleaning second, not the other way around.

So I'm the Expert in showing you Safety first, cleaning second, and ALWAYS in that order! :)

PEACE

Link to post
Share on other sites

Thanks guys. Please feel free to continue sharing.

TeMerc - Schools? Random ppl on the net and we're calling them schools now? Whilst I think it is, they are, great ideas, you make it sound like formatting is a better option nearly every time. I acknowledge that sometimes formatting is just not an option.

BtW I'm guessing HJT is HiJackThis?

Exile, I commend you for reading and not violating EULAs, most ppl would and do. Upon reading a few EULAs though, most of them say, we take no blame or responsibility for anything regardless of whether you use our product or not. Doesn't that just make you feel safe and secure?

DasFox, you can lead a horse to water, but you can't make it drink. We can't hold people's hand's forever. Life is never that simple. Some people will never listen no matter what you say or what happens to their machines. Other than that I agree, prevention is better than cure.

Again, thanks for sharing & feel free to continue to do so.

Link to post
Share on other sites

  • Staff
TeMerc - Schools? Random ppl on the net and we're calling them schools now? Whilst I think it is, they are, great ideas, you make it sound like formatting is a better option nearly every time. I acknowledge that sometimes formatting is just not an option.

BtW I'm guessing HJT is HiJackThis?

They've been referring them as schools for many years now, would you suggest a different name?

I'm not sure how you get the inference that I think formating is better than cleaning. I'm merely saying that someone with minimum experience with alot of these infections can do more damage than good.

Reformatting is a last course of action, AFAIC.

And yes, HJT does mean HijackThis!

Link to post
Share on other sites

Talk about prevention, you guys have seen my signature right? I'm downright paranoid (a result of the nastiness I saw when I was a professional technician), I don't even install Java anymore, as I have no use for it, I always keep Windows up to date, I don't browse warez, pr0nz or use peer-to-peer applications and I stay far far away from myspace and facebook, oh yeah, and I don't open forwarded emails or emails from people I don't know either.

Link to post
Share on other sites

Thanks guys. Please feel free to continue sharing.

TeMerc - Schools? Random ppl on the net and we're calling them schools now? Whilst I think it is, they are, great ideas, you make it sound like formatting is a better option nearly every time. I acknowledge that sometimes formatting is just not an option.

BtW I'm guessing HJT is HiJackThis?

Exile, I commend you for reading and not violating EULAs, most ppl would and do. Upon reading a few EULAs though, most of them say, we take no blame or responsibility for anything regardless of whether you use our product or not. Doesn't that just make you feel safe and secure?

DasFox, you can lead a horse to water, but you can't make it drink. We can't hold people's hand's forever. Life is never that simple. Some people will never listen no matter what you say or what happens to their machines. Other than that I agree, prevention is better than cure.

Again, thanks for sharing & feel free to continue to do so.

Of course you can lead them, then it's up to them, but you have to start somewhere, and the first place you start is by education...

I'm taking this from a Tech perspective, but end-users should be doing the same things as well.

Put it this way, after dealing with enough BS getting their box really hosed and paying out the butt to get things fixed, they'll start learning to drink, LOL...

If not then their rich enough they don't care, but when their not rich, they'll learn, or as some have told me, their buying a Mac, LMAO, so I guess that's the other road their own, don't care to learn, just want to use the damm thing, and if it doesn't work I'm tossing it's sorry ass out and buying a MAc, oh I love this thought process people are in... LMAO... :)

Link to post
Share on other sites

How did you become a Malware Removal Expert?

Lots of lost time... peering over source code, dot matrix printouts, lots of jolt and later coffee.. a few years after, habitual smoker...

BBS, cb/ham radio... , more source code printouts... oh, my poor 286, hard she worked.

Was it years of trial and error? Are/Were you a software engineer?

trial and error? hmm, no. it's sort of like bomb building I guess. If you have many errors, you won't have many trials. *grin*

Software engineering does help, greatly. Writing code, loving code, yes.. Loving code, really helps. You can do it without the love for code, but you'll be limited in what you can do, and always forced to use someone elses tool to deal with it. If you can code, and your really good, and you understand, you

can write a tool, and do it yourself.

Did a mentor take you under their wing?

No. I learned by doing. much study of code, since I was a wee little one.

Link to post
Share on other sites

They've been referring them as schools for many years now, would you suggest a different name?

I guess you just got to be in the business. A school to me is something you get a formal qualification certificate at the end.

I'm not sure how you get the inference that I think formating is better than cleaning. I'm merely saying that someone with minimum experience with alot of these infections can do more damage than good.

Reformatting is a last course of action, AFAIC.

Just meant it'd be a lot easier. That's all.

Link to post
Share on other sites

I guess you just got to be in the business. A school to me is something you get a formal qualification certificate at the end.

ah me young lad, open your mind :wub:

You have the School of Hard Knocks, Life School, Brick & Motar and Online schools, learning the way is a continuous process throughout life :)

Link to post
Share on other sites

But a closed mind makes things so much easier to deal with.

Just kidding.

Here I'll contradict myself - I don't know which of you, if any are from the US but it bugs me when you guys call College or University, School.

School is your schooling right up to your senior year, or whatever other names you have for your final school years.

And on the subject Life Schools just teach you to be cynical. :wub:

Link to post
Share on other sites

Hang around the forums and you will get used to the different terms/slang used all around the world. Some are easy to catch on to while others might take a quick Google search :wub:

Frequent the malware removal forum(s) and follow what the helpers do, reading all of the logs, just like they do. If you start to catch on then you may have a knack for the whole process. It might come quick, then it may take months before you start catching on to the process. And there are many different processes to learn. Also as others have suggested it's a never ending journey. The title "Expert" is earned as well as deserved. But even the experts are learning every day. The malware makes sure of that! Or should I say the users who run into it.... :)

Link to post
Share on other sites

How did you become a Malware Removal Expert?

I do not consider myself an expert. I have had an interest in the security side of things for a while, I myself have been fortunate to have "graduated" through a known malware training forum which has taught me how to use the various tool needed to produce logs and how to analyze these log correctly and in turn issue fixes to the user in need.

Reformatting is a last course of action, AFAIC.

100% Agree! - Patience is a virtue

Some people think its the easy way out but people do tend to forget that by the time they have backed up, re-installed windows, updated windows/ installed service packs, reinstalled software and personal data its not the quick way out after all.

Link to post
Share on other sites

Reformatting is a last course of action, AFAIC.
reinstalled software and personal data its not the quick way out after all.

This is a complexe issue, for eight years I went with the clean install, flatten and rebuild, W98 was so unstable and

making a data partition safeguarded data somewhat. Two years ago I was personally hit by a very nasty driveby attack and

decided to try and fight it. I have learned a lot since but after shadowing enough logs/threads have realized a clean install can be the safest approach.

http://technet.microsoft.com/en-us/library/cc512587.aspx

http://miekiemoes.blogspot.com/2008/06/mal...-draw-line.html

http://www.dslreports.com/faq/10063

Fighting and beating an infection quickly is a lot more satisfying tho.

Link to post
Share on other sites

I started off doing a Tertiary course in Electronic and Computer engineering . I've had a small computer repair business , participated on a Anti Virus Help and Support Forum , and 3 Months ago took the plunge and started as a trainee at a reputable Malware removal University :) I love to fix stuff , since I was a kid . Ive also been a motor mechanic , but when they put computers into cars the whole thing lost its Art . I think a word like "passion" needs to be a major part of your makeup when considering any Technical undertaking , you'll sweat sweet tears of joy and mostly tears of frustration until the mind builds the pathways from student to fixer (Expert) in any field .

Link to post
Share on other sites

  • Staff
I guess you just got to be in the business. A school to me is something you get a formal qualification certificate at the end.
Ahh, I see, no wories.
Just meant it'd be a lot easier. That's all.
Easier for who? :)

Most end users think reformatting is the worse thing they have to do. For me and you it's cake. For them the prospect of trying to save all their valuable data and digging out the disk, blah, blah, blah... is daunting to say the least. And we're dealing with n00b end users here most of the time.

If you're in a corporate environment and an IT pro, you should have random boxes set up to just swap out for cubicle rats and reformat as it does indeed save time and it's easier.

Link to post
Share on other sites

  • 2 weeks later...
How did you become a Malware Removal Expert?

Was it years of trial and error? Are/Were you a software engineer?

Did a mentor take you under their wing?

If you have a moment to spare or need to relax from the issue you are working on.

Tell us your story.

Its not trial an error for sure, i went through training at Castlecops in 05. Training took about 6 months for me and it was a different time. Malware as expanded exceptionally and in a bad way. Infections have become so much harder to remove, even with custom tools. Removing malware is not the only thing us experts have to know. We must be knowledgeable in windows registry and have extensive experience with troubleshooting windows. Analyzing logs is in art for most of us and takes a year after training to really be proficient in. Malware Removal is not something that comes easy for any of us, we are constantly learning. I certainly don't know everything and i'm currently starting to become more proficient with batch programming. I think Scripting can be another useful feature to my techniques. I hope this thorough enough.

Link to post
Share on other sites

  • 2 months later...

Revisiting this thread.

A few of you are saying it is not trial and error.

What form of learning, besides spoon-fed learning, is not trial and error and learning from experience?

I have begun considering MRU, Geek U and wherever spywarewarrior boot camp has moved to but I question my own patience when I see 6-12 months training. I'm an information junkie but not usually on this particular topic.

Link to post
Share on other sites

Aside from the spoon fed stuff, there's also learning the internals of Windows itself as sjpritch25 mentioned. I have a bit of a leg up on batch files (not so much vb scripting yet) but a lot of it has to do with simply looking at the logs and understanding what's there, primarily because you aren't sitting in front of the computer so that's all the info you have to go on. Over time you start to memorize the benign entries which helps a lot in singling out the malicious stuff, but most modern infections these days don't show up in logs anyway. Over time, and with training, you learn which tools serve which purpose and are effective against different threats. This information is taught at the universities, but also by other experts. Fatdcuk's recent threads in the self help area are proof of this. For the longest time these threats were becoming a real problem since helpers couldn't use their normal set of tools, not even HijackThis, so they had to resort to other methods. Malware is ever evolving and new knowlege is always required, but there is a baseline of skills that need to be mastered to understand how to dig deeper and remove infections without doing irreversable damage to the system. I think that's a big part of the learning as well, and a critical one at that, especially since many users aren't willing to reformat (otherwise what would be the point in posting to a help forum?) and many don't even have Windows on disc. Experience (trial and error) does teach a lot about what works and what doesn't, but the malware changes so frequently that community knowlege and assistance from other users that specialize in dealing with certain threats is essential, otherwise all you'd ever have time to do is research, not help. That's another point where the schools come into play, as the members of the schools help each other out, not just from the school you attended, but all of them. Doing this sort of work solo would be pretty much impossible, the community has to work together because 100 heads are better than one :) . Not to mention the fact that you get insider info on more advanced tools and what they really do, much more than the general info you'd find around the net, partially because in the wrong hands they could cripple a system, and also because the knowlege must be kept from the enemy as much as possible (ie the makers of malware).

edit: another key point that I haven't seen mentioned yet: bbcode and how to respond with clear concise instructions for the user, an art I've not yet mastered (evidenced by the large blob of text seen above :D ). Knowing how to clean is major, but knowing how to tell someone else how to clean is just as major :D .

Link to post
Share on other sites

I haven't wrote a batch file since the 98 days so that's a minor inconvenience. Something I'd have to learn again still though.

The registry is much more scarier.

I have been reading a lot of logs on here of the various tools and the logs don't strike me as particularly difficult.

Troubleshooting windows itself is pretty routine these days.

Apologies for prattling but it helps my thought process.

I want to join one of the schools but I don't want to, if that makes any sense. I am leaning towards Geek U, since its got a nicer and cleaner looking forum than MRU, and it even informs you about Geek U, unlike what seems to be the more popular MRU.

Link to post
Share on other sites

You don't have to learn batch, but you will learn some by default in your training, along with how to create scripts for tools like ComboFix and Avenger. A thorough understanding of the registry can be essential in many cases because it's the loading point for most malware. That's why HJT and other tools report all/most of their info from there.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.