C
Capito
Banned
Term's before we get going:
Virus:
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.
Malware:
Malware, short for malicious software, (sometimes referred to as pestware[1]) is a software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
False Positive:
The erroneous identification of a threat or dangerous condition that turns out to be harmless. False positives often occur in intrusion detection systems.
Antivirus:
software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.
Crypt(Cryptology):
When code in a specific program is obfuscated to make the file undetected by antivirus.
Bind/Binded/Binding:
Binded is when 2 file's are put together and when its executed, both of the files are executed.
HJT(HiJackThis):
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
SandBoxie:
Sandboxie is a proprietary sandbox-based isolation program developed by Ronen Tzur, for 32- and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive.An isolated virtual environment allows controlled testing of untrusted programs and web surfing
Malware Bytes:
Malwarebytes' Anti-Malware (MBAM) is a computer application that finds and removes malware
Okay, now that we know our terms and our download link's we can get started.
Sign's of being infected:
- Random Pop-Up's (CMD starting at random times )
- Web Cam randomly starting
- Password's not working
- Fire Wall being disabled
- Suspicious Email's sent from your account
- Akward File's on your USB drive
Way's you can get infected:
YouTube: I recommend not downloading from YouTube. 9/10 of the time it will be an infected file. Especially: Crack's , Mod Tool's, Host Booter's With Bots , etc.Torrent's:
Torrent's, in my opinion are the 2nd most way of getting infected.
Example: Say your downloading an AVG crack. The file may run and install correctly but it may be binded and infect your PC with out you knowing.
Sign's to look for when downloading a file from Youtube:
- If the video has comments disabled.: This should raise a BIG FLAG that its unsafe.
- If the video has more dislike's than like's.
- If in the video, it only has text and not the program its self.
- If your trying to download a "HostBooter with bots", its not possible to get bots from downloading a file, the bots connect to a DNS which forwards to an IP.
Even if the video looks real, even if you can tell that they put time in it does not mean its clean. If you do fell like you need to download, run in Sandboxie.
I think I am infected! What should I do?
Do a full system scan with your antivirus. Remove the treats it give's you. Problems still not solved?Download HJT and do a full scan. Then Download and run Malware Bytes.Save both logs and post them in this section. I will be able to help you. I am an expert in analyzing HJT log's and Malware bytes logs.
Find a file you want, but you think it may contain a virus?
What you can do is download the file WITH OUT RUNNING IT and then upload it to Virus Total What is Virus Total? Virus total is a free site that allows you to upload a file, and have it scanned by over 40 Antivirus software in a matter of minutes. Or you can upload to NoVirusThanks
Or you can contact me on aim, and I will run in in a virtual machine.
Example: A file may seem harmless, but after I scan it we get the result's:
My Result's
NoVirusThanks:
File Info
Report date: 2011-02-17 21:35:20 (GMT 1)
File name: bot-exe
File size: 24576 bytes
MD5 Hash: 6d6a72ad3f76b117a52b0662775821d8
SHA1 Hash: ff24dc77bd9b0d674f48e40d6de94c91357c1787
Detection rate: 14 on 16 (88%)
Status: INFECTED
Detections
a-squared - Worm.Win32.Bybz!IK
Avast - Win32:Malware-gen
AVG - Generic19.CCCP
Avira AntiVir - TR/Hijacker.Gen
BitDefender - Generic.Malware.SBdld.C02564DC
ClamAV -
Comodo - Heur.Packed.Unknown
Dr.Web - Trojan.Siggen2.7481
F-PROT6 - W32/SelfStarterInternetTrojan!Maximus
Ikarus T3 - Worm.Win32.Bybz
Kaspersky - Worm.Win32.Bybz.ddw
NOD32 - Win32/Dewnad.AK
Panda - W32/Autorun.KNT
TrendMicro - PAK_Generic.001
VBA32 -
VirusBuster - Worm.Bybz!gWO3hagoXgo
Scan report generated by
NoVirusThanks.org
False Positive's:
Some programs by come up as a false positive. Meaning the AV detects text/code that is harmless and flag's it as a virus.Example:
I made a program to prove this.
Picture
Report
FAQ:
Q1. I have antivirus, I cant get infected right?
A1. No, just because you have antivirus does not mean you can't get infected.
Q2. Can a virus only be in an executable format?
A2. No, they can be binded to a image and have a .jpeg extension.
Q3. Which is better; Virus total or NVT?
A3. In my opinion, If your posting the results on a site, NVT. But if your scanning a file for personal use, I highly recommend virus total.
Q4. Which anti-virus do you recommend to use?
A4. I recommend using AVG. If your like me and are always on your computer, its a great investment.
Any other question's, post below!
If you know your infected, most people give the respone " Do a system restore or run malwarebytes. System restore is the LAST resort. I can remove ANY virus/threat/trojan/malware off of your computer. Just add me on aim [email protected]