I was assisting a neighbor in cleaning up her Windows-based laptop from blue-screening and redirecting Google searches. She had a Windows 7 64-bit Home Edition install.
The antivirus software on the laptop had expired and was nakedly vulnerable to becoming infected, which it did.
Most of the problem apps, toolbars and malware were easily cleaned by uninstalling them and running an Rkill/ComboFix/Malwarebytes Anti-Malware session on the laptop. There was a strange file in the HKLM\...WOW64\Run section. Finding that file gave me a good clue as to when the machine had downloaded some of the problem apps. Many of the installed malicious software was all installed on the same day, and that showed on file stamps and the date with the Programs and Apps in the Control Panel.
One of the problem apps was FlipToast. It would not uninstall properly. Instead of Uninstall, I used Change and then selected to delete the application when the Install program came up.
Cleaning up Alureon was a little more problematic. It seemed to have been adding the Sirefef.B trojan to the machine. If I used Microsoft Security Essentials to clean it up, the machine would not start properly and would cause the machine to go back to a restore point, where it was still infected.
After reading the experience of others on blogs and forums, this is how I was able to clean up the machine:
Note - Don't remove any Restore Points, yet. It may take longer to scan the machine, but you may need them to get back into the machine if something fails.
I had to run some of these utilities in Safe Mode, but am unsure which ones and in what sequence. Some utilities would not work in Safe Mode, so I had to switch back and forth.
So, in Safe Mode:
- Run RKill from Bleeping Computer - http://www.bleepingcomputer.com/download/anti-virus/rkill
-- This utility stops any processes that are related to malware
- Run ComboFix from Bleeping Computer - http://www.bleepingcomputer.com/download/anti-virus/combofix
-- ComboFix is a powerful utility to identify and correct many kinds of malware
- Install and Run Malwarebytes Anti-Malware - http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
-- This utility is very effective in identifying and removing toolbars, malware, spyware and other threats.
This cleaned up most of the issues. The next part was needed to get to the "root" of the issue.
Kapersky Labs has some good utilities available for assisting in cleaning up viruses, malware and root kits (including full Rescue CDs for when you need one).
The Utility used to assist in this case was TDSSKiller found here - http://support.kaspersky.com/viruses/utility
TDSS assisted in identifying and removing the root kit that kept causing problems.
Next, I had to run the Microsoft Safety Scanner and do a full scan, which took a couple of hours, but it was worth it. You can get the Safety scanner here: http://www.microsoft.com/security/scanner/en-us/default.aspx
I then manually installed the Microsoft Security Essentials from here: http://www.microsoft.com/download/en/details.aspx?id=5201 and performed a quick scan. All was clear.
To finish, I ran a Windows Update and Checked the C: Volume for errors and checked the fix issues option. Then, I removed all previous Restore Points.
It seemed to have worked, so far.
Function is the key!
16 April 2012
25 February 2012
Setting up Debian Squeeze, Goodbye Ubuntu
As a computer hobbyist, it is fun to try out various operating systems, including the many various flavors of Linux available to the community.
As a website administrator, setting up a LAMP (Linux-Apache-MySQL-PHP) box for the Joomla CMS (Content Management System) is part of the hobby.
I used to enjoy using Ubuntu as a platform to set all of this up. With Ubuntu 11, they changed the desktop interface to a system named Unity. It's awful!!! It would be fine if all I used was a small-screened tablet, but I use a full-sized desktop computer. The user interface is quite annoying. So, it is time to abandon Ubuntu and move onto a more satisfying distro. It's time to try out Debian, from which Ubuntu is based on.
Well, Debian has some secure features that needed to be modified in order to allow for root login to the Gnome desktop and via ftp. There are a million reasons why this is discouraged and a Google search on the topic will inundate you with a million posts against setting this up.
That's all fine, but it was still something that needed to be configured for whatever reason. So, here are the steps taken to use the root account to log into the Gnome desktop using gdm3 and ProFTP on Debian Squeeze.
To log into the Gnome desktop using gdm3:
1. Edit the /etc/gdm3/daemon.conf file
- add the line AllowRoot=true to the [security] section
.
.
[security]
AllowRoot=true
.
.
2. Edit the /etc/pam.d/gdm3 file
- comment out the line that reads auth required pam_succeed_if.so user != root quiet success
The file will look like this:
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
#auth required pam_succeed_if.so user != root quiet_success
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
session required pam_limits.so
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-passwordTo log into ProFTP as root:
1. Edit the /etc/ftpusers file
- comment out the line that says root
.
.
#root
.
.
2. Edit the /etc/proftpd/proftpd.conf file
- add the line RootLogin on to the file (can be placed at the end of the file)
.
.
# Put a comment to indicate why you added the line
RootLogin on
.
.
These file modifications allowed me to use the root account to log into the Debian machine for those services. I am posting the steps for those who need to make these modifications and do not wish to wade through pages and pages of opinions and pontifications.
Disclaimer: avoid logging into your machine as root. It is highly discouraged.
Subscribe to:
Posts (Atom)