and how do you know you dont have a rootkit sending out spam all the time?
NOD32 missed a virus, should I be disappointed?
- Thread starter radderfire
- Start date
and how do you know you dont have a rootkit sending out spam all the time?
I have a firewall with outbound filtering and I do the occasional manual scan with hitman pro or malwarebytes.....
Malware is 'malicious software' and is the blanket term used for software that does stuff you don't want it to do. You then get subtypes of malware like trojans, keyloggers, scareware etc.
I personally just say 'malware' and cut out the jargon. Some people make a distinction between malware and spyware, but I don't, and in cases where anyone gets picky about it I just resort to calling it all crapware.
There is more to this thread than meets the eye. I need more convincing that this was able to do a drive by install. I'm not saying it is impossible, but malware in the user space is typically quite easy to get rid of - whereas the OP suggests it was quite difficult to remove.
We need more info really.
Man of Honour
- Joined
- 17 Nov 2003
- Posts
- 36,747
- Location
- Southampton, UK
As long as you have all Windows updates it can't.
Because my static IP would get blacklisted and I wouldn't be able to connect to IRC anymore (i.e. get K-lined).
Happened once before when an XP box in the household got infected. Was K-lined for a week.
There are also websites which report it such as http://cbl.abuseat.org/lookup.cgi
Pretty much all spam filters are wired in to these IP address black lists.
Of course this isn't a concrete way to detect all rootkits. Because not all rootkits send out spam. But it is one way of many.
Prevention is better than cure. UAC and common sense are preventative measures. Anti-virus is a rather crappy form of "cure".
Soldato
- Joined
- 18 Oct 2002
- Posts
- 12,227
- Location
- England
Nod32 was lovely back in the day and still is with its awesome low memory usage, but it just misses many bugs so now adays I find either kaspersky 2010 internet security or Avira premium along with malwarebytes/superantispyware the best programs to counter anything that comes along along with full windows updates of course.
All my windows updates are updated. Believe what you want, actually why don't you go to gamecopyworld and prove me wrong. You won't be a very happy bunny when your machine, which has all the latest updates, running MS Essentials, automatically installs a malicous script and renders your machine useless.
I always felt safe cos i knew I'd never accept anything, except this time it got one over me.
Nod is still pretty damn good, top three I reckon, along with Kasperski and Avira.
The problem is viruses and malware are so easy to make and hide that it's impossible to catch even 50%+ of nasty softwares. Before the AV companies can update their definitions they need to "catch" the new virus and analyse it. Luckily most of the viruses you catch/will get exposed to will be ones that spread like mad and come to the attention of AV companies very quickly (such as blaster etc). There will however be thousands of virusues that only have a few hundred/thousand infections that are much less likely to be detected, however it's much less likely you will catch one.
That is why the best form of defence is not to have to rely on an AV in the first place, don't click on dodgy links or download dodgy files and also be wary of the yellow activeX banners that come up asking you to click them, they are a favourite way of installing things without your knowledge, just clicking on it (not saying yes to anything) can end up downloading things.
Last edited:
Associate
- Joined
- 10 Dec 2006
- Posts
- 197
Why don't you use the inbuilt imaging program in Windows 7. I own an Acronis True Image 2010 licence, but it is buggy and therefore prefer to use the Microsoft version. It works well although you don't have the flexibility of Ghost or ATI.
You are correct Burnsy. If you are using a patched browser and putting any 0-day attacks aside, things like cross-site scripting cant execute machine level code to dump malware on your machine. They are limited to javascript injection & browser manipulation resulting in things like cookie theft, you would still have to pwn the browser to get malware installed. Unless you're stupid and download any plugin/file thrown at you, using a well patched browser you're pretty safe.
Last edited:
Listen up ladies.. It doesn't matter how many time you guys think you know better. It frickin installed itself on a Win7 64-bit machine via I.E 8 patched up to the eyeballs, being used by someone who has been an advanced user for the last 15yrs. You may think you are right, but trust me you are not. I now beg you with all your confidence, go to gamecopy world have a click around and come back to me, and say hey you know what maybe you are correct.
This is coming from someone who up until last week, did not believe you can download a scripted virus without accepting a scan box or whatever tricks they use..
Good luck in your findings. Enjoy.
Bad analogy.
UAC in Admin Approval Mode is like wearing a bullet proof vest. It protects your body. But your head (i.e. common sense) etc are still exposed.
UAC as a Standard User is like wearing a suit of armor. Full coverage of the body.
Anti-Virus is like going to a bunch of tribes people in the jungle and they prescribe you with some herbal remedy to make your headache go away. It could work. But it probably just won't. Oh and in order to get that remedy you have to give them your sugarcane, tobacco and spices as payment.
Ok I agree to disagree with you. It is ridiculously complex to successfully exploit IE 8 under Windows 7, not something you will see on gamecopyworld...
Do you have UAC (and hence Protected Mode) enabled?
Is your Adobe Acrobat up to date? As in February 2010 or newer?
Is your Adobe Flash up to date? As in February 2010 or newer?
Yes
Yes
& finally Yes
and UAC was on, even though I despise it, with all the recent nasties out there i thought best to leave it on.
None of which helped.
