News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Anatomy of a malware

    Home Forums AskWoody blog Anatomy of a malware

    Viewing 7 reply threads
    • Author
      Posts
      • #2363812
        Ben Myers
        AskWoody Plus

        ISSUE 18.17 • 2021-05-10 SAFETY By Ben Myers Things are not always as they seem. What might appear to be a devastating, PC-destroying piece of malware
        [See the full post at: Anatomy of a malware]

        2 users thanked author for this post.
      • #2363815
        erbkaiser
        AskWoody Plus

        For the record, the ‘new’ way to get to the Folder Options and make it so that Windows shows hidden files and extensions is to click File on top of a file explorer window, then selecting Change folder and search options.
        This will bring up the same Folder Options dialog where you can opt to show everything.
        I also recommend turning at least Hide protected operating systems back on after it is no longer needed for any casual user, as otherwise they will see multiple files and folders they cannot and should not interact with.

        1 user thanked author for this post.
      • #2363849
        anonymous
        Guest

        Great Article.  Thank you for sharing it.  I hope I never have to use what you presented.

         

        Ramsesvi

      • #2363863
        anonymous
        Guest

        This is  the  infamous    Micro Soft Tech Support  scam.     One of many internet scams out  of India.   For more information please go to You Tube and search   Scam Baiting,   also see:   Jim Browning, Kitboga, scammer payback.    Yes,  there is a group of people fighting back.   Also see:   Scammer.info .     Billions have been lost to these scammers.

      • #2363885
        RetiredGeek
        AskWoody MVP

        You forgot to mention the No. 1 tool (IMHO) in the fight against malware/ransomeware Image Backups. You never have to fear if you have recent Images of your drives. Just boot from a USB drive and restore the C: drive done! HTH 😎

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

        3 users thanked author for this post.
        • #2364700
          Ben Myers
          AskWoody Plus

          As in many cases when a client’s system shows up here, they did not ever do any backup.  And, doing regular image backups are often beyond the abilities of many people who simply think of their computers as appliances to do what they need to do and no more.  To put it less delicately, the level of know-how for many computer owners is pretty low.

          2 users thanked author for this post.
      • #2363895
        bmeacham
        AskWoody Plus

        I can’t get to c:\windows\temp in file explorer. I can get to C:\windows, but when I click on Temp, nothing happens.

        I can get to it via command prompt with admin privileges.

        How come I can’t get to it in Windows explorer?

        • #2363899
          PKCano
          Manager

          If you can get to it with Admin privileges in the Command Prompt, and you can’t get to it with File Explorer using your ID, I have to ask – Is your ID a Standard User or a member of the Administrators Group?

          If you right click on Explorer and “Run as Admin,” can you access it?

          1 user thanked author for this post.
      • #2363948
        ve2mrx
        AskWoody Plus

        WARNING: Improperly editing file rights can trash your system, make sure you have a backup or other recovery methods before doing the following!

        One tip for harder to remove malware processes: Remove SYSTEM rights from the bad files after adding your user full rights. Reboot!

        After booting, Windows won’t have access to the bad files, but you can go back and then delete them! I’ve used this trick a few times in the past.

        Today, I prefer to wipe the system as what you see could only be the tip of the security iceberg: There could be multiple layers of malware installed and you can’t always see all of them. Technology makes it easy to make custom malware on-the-fly, making such malware undetected by normal security software.

        I prefer to see security malware as an alarm system: If you see something, the system is now compromised and under someone else’s control. Only a complete forensic analysis can reveal the extent of the compromise, something most users can’t do.

        So, if you find something, burn it and start over!

        Martin

        • This reply was modified 1 month, 1 week ago by ve2mrx. Reason: Clarity
        1 user thanked author for this post.
      • #2364007
        anonymous
        Guest

        Thank you for this post. I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them (Word files, music files like “la Tempesta di Mare”…)

        1 user thanked author for this post.
        • #2364702
          Ben Myers
          AskWoody Plus

          The temp string is not an issue.  I cannot ever recall an issue with doing a Select All followed by a Delete from the %temp% folder.  If a file is in use, the Delete function will tell you and you can skip its deletion.

          Further, one needs to ask how music, Word, Excel or other files have found their way into %temp%, and whether or not there are more permanent files elsewhere.  After all, the %temp% folder is for files and folders that are temporary.

        • #2364707
          b
          AskWoody MVP

          I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them

          It’s not a filename search. %temp% is a folder, as the article explains.

          Windows 10 Pro version 21H1 build 19043.1081 + Microsoft 365 (group ASAP)

          2 users thanked author for this post.
    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Anatomy of a malware

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.