Malware, how does it get on these days?

Soldato
Joined
27 Oct 2005
Posts
13,804
Location
Netherlands
Hello,


In the past 6 months I've gotten random Malware on my pc without any logical reason. Yes I don't run a real time A/V protection (why don't I use a realtime av you ask? tl:dr version, it slows the pc down) ( but scan on demand once in a while, also use AdwCleaner and malwarebytes once in a while to check if I missed stuff).

It usually manifests with a random browser hijacker/ad extension that is suddenly there or an odd process. Examining my programdata, system32 and program files folders further often reveals the culprit.

For example from last 7 days:

I was doing nothing ''odd'' last thursday the 23rd, at 8.01 am, some rubbish called ''Zealous Salary'' installed itself, I was doing nothing but browsing my work pc from home with LogmeIn or Teamviewer ( can't remember which, I use both) at that time. I noticed this odd process on a random check of my running processes. It was taken up abotu 40 mb of ram, and when I open the binary ( 7829kb) in notepad I notice plain text from what seems to be a python tutorial in it. I renamed this binary, moved it into a rar and removed all rights for it ( so only I can access it if needed). ( of course after killing the process)

Today, the 27th, while I was at work, at 12.51 in the midday, some browser hijacker/adware crap got on, ''ExstoraCouponi'' ( it infected both FF and Chrome), I was literally doing nothing at the moment, I was at work, pc was ''locked'' and that's all. I come back and bam, my chrome is infected/redirecting me to a site. (Examining the rubbish, it installed at 12.51)

Before this week all was fine for 2 months, I regularly check all my running processes and find nothing odd and scanned my SSD in those 2 months once too ( bar some false positives, nothing) but before that I had the same ''wave'' of crud in a week or so.

I'll be doing a full system scan tomorrow when at work when it doesn't bother me to see if some crud was missed by me ( I doubt it though).

What I'm wondering, is how does this **** get on my pc in the first place, it's been years since I used cracks ( and even then I used well known release groups only), I have both a router to pass through and a software firewall, and 99% of ads are blocked by ABP ( I don't even allow the ''unintrusive'' ones). I don't run any executables I don't know or visit any dodgy websites.

Is the only real way to prevent this having an active realtime antivirus ( slows down computer a lot, for example avast slows Steam downloads from 24 to 10 ish mb/sec with 25 or 50% cpu use on the the Avast process, it also noticeably slowed down installing programs, moving files around and even rendering websites). My experience is with a lot of antivirus apps, and they all slow down one or the other. Only ones that were barely noticeable were bitdefender and Kaspersky, but both of them slightly slowed down some specific things too.

Is there a way to trace a file has come from, I still have the ''zealous salary'' binary and .dat. in a rar file now if anyone wants to take a peek, because I'm curious how this crap got on in the first place ?
 
Last edited:
Nope, never, my job for years has been to remove that kind of crap from pc's of the (mostly) elderly. I only download of ''trusted'' websites.

I pretty much only download of Steam these days. Looking in my downloads folder, only some PDF's recently, some video's I grabbed of Youtube (I use a FF plugin, which is clean), some RAR files ( which contain .srt subs) and some binaries downloaded of official sites ( Logmein client, cpu-z, silverlight, wireshark, audcity, etc).
 
I use Avast usually as it's easy to download with Ninite unattandedly and easy to remove after, and free. For customers I use a bootable Kaspersky CD, If i'd be forced to sue an AV it'd be Kaspersky, but it's a paid AV :( ( and being the greedy sod I am :p). As the only thing it slows down a little bit is installing of new apps, but only slightly and it has one of the best detection rates.

CPU-z installer has malware ? That's disgusting. I have downloaded cpu-z_1.72.1-en.exe quite recently.


Gave up on many av's, Eset seems rubbish, not only does it drastically slow down the pc ( more than many free AV's), how often I came accross people with an updated Eset, and still got a desktop hijacker ( Police ''virus''). MSE also often allows a pc to be completely breached. AVG seems very buggy and crashes after a while, especially on slower/older pc's I often come across this A/V disabled or in Error. F-secure ( many big dutch ISP's bundle this with internet subscriptions so often come across it) is also a bit of a hog, McAfee which seems like malware as it comes with so many OEM installations, but I must admit, it improved greatly, and Avast, which drastically slows I/O ops along with hogging the CPU during i/o ops)
 
Last edited:
Avast is one of the worst. especially when allocating space for downloads or when downloading at higher speeds (20+ mb/sec) I always got slowdown on my downloads in Steam. Generally Avast slows any i/o ops down a lot.

Have you compared copying times of large amounts of data ( 500 gb or so) with and without the Avast shields ? Avast causes about 1.25-1.5 times a long copying time.
 
I haven't really noticed any difference, but then again my FTTC speed is only 44Mb (5.5MB). And Steam easily reaches that speed even with the shields on. Maybe if I had faster broadband then I may start to notice the difference you're seeing. And the only time I move large amounts of data is to my external, which is capped by USB :p.

What is your system specs?
4.5ghz i7 (2600k), 16gb, 240 gb SSD + ~8TB hdd's, internet is 200mbit and ISP is rolling out 500mb in the next year :D)...

I know it's still fast enough, but with real time protection, it feels noticeably slower with most A/V's. And I'm kind of obsessed with it needing to be as fast as possible. :D

Since I've dropped using realtime protection on A/V's on my own machines, I actually can't stand working on pc's that do have em enabled, everything feels slightly more sluggish, even compared to my lappy ( first gen i5 2.6 ghz, 6gb, 120gb ssd)...
 
Last edited:
Back
Top Bottom