• Anatomy of a malware

    Home » Forums » Newsletter and Homepage topics » Anatomy of a malware

    • This topic has 11 replies, 8 voices, and was last updated 4 years ago.

    Tags:

    Author
    Topic
    Ben Myers
    AskWoody Plus
    May 10, 2021 at 1:08 am #2363812

    ISSUE 18.17 โ€ข 2021-05-10 SAFETY By Ben Myers Things are not always as they seem. What might appear to be a devastating, PC-destroying piece of malware
    [See the full post at: Anatomy of a malware]

    2 users thanked author for this post.
    Chuckwrite, abbodi86
    Reply | Quote
    Viewing 6 reply threads
    Author
    Replies
    • erbkaiser
      AskWoody Plus
      May 10, 2021 at 1:57 am #2363815

      For the record, the ‘new’ way to get to the Folder Options and make it so that Windows shows hidden files and extensions is to click File on top of a file explorer window, then selecting Change folder and search options.
      This will bring up the same Folder Options dialog where you can opt to show everything.
      I also recommend turning at least Hide protected operating systems back on after it is no longer needed for any casual user, as otherwise they will see multiple files and folders they cannot and should not interact with.

      1 user thanked author for this post.
      ve2mrx
      Reply | Quote
    • anonymous
      Guest
      May 10, 2021 at 7:25 am #2363849

      Great Article.ย  Thank you for sharing it.ย  I hope I never have to use what you presented.

       

      Ramsesvi

      Reply | Quote
    • anonymous
      Guest
      May 10, 2021 at 8:07 am #2363863

      This isย  theย  infamousย  ย  Micro Soft Tech Supportย  scam.ย  ย  ย One of many internet scams outย  of India.ย  ย For more information please go to You Tube and searchย  ย Scam Baiting,ย  ย also see:ย  ย Jim Browning, Kitboga, scammer payback.ย  ย  Yes,ย  there is a group of people fighting back.ย  ย Also see:ย  ย Scammer.info .ย  ย  ย Billions have been lost to these scammers.

      Reply | Quote
    • RetiredGeek
      AskWoody_MVP
      May 10, 2021 at 9:20 am #2363885

      You forgot to mention the No. 1 tool (IMHO) in the fight against malware/ransomeware Image Backups. You never have to fear if you have recent Images of your drives. Just boot from a USB drive and restore the C: drive done! HTH ๐Ÿ˜Ž

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      3 users thanked author for this post.
      ve2mrx, wavy, Ascaris
      Reply | Quote
      • Ben Myers
        AskWoody Plus
        May 13, 2021 at 9:07 am #2364700

        As in many cases when a client’s system shows up here, they did not ever do any backup.ย  And, doing regular image backups are often beyond the abilities of many people who simply think of their computers as appliances to do what they need to do and no more.ย  To put it less delicately, the level of know-how for many computer owners is pretty low.

        2 users thanked author for this post.
        Chuckwrite, ve2mrx
        Reply | Quote
    • bmeacham
      AskWoody Plus
      May 10, 2021 at 10:02 am #2363895

      I can’t get to c:\windows\temp in file explorer. I can get to C:\windows, but when I click on Temp, nothing happens.

      I can get to it via command prompt with admin privileges.

      How come I can’t get to it in Windows explorer?

      Reply | Quote
      • PKCano
        Manager
        May 10, 2021 at 10:14 am #2363899

        If you can get to it with Admin privileges in the Command Prompt, and you can’t get to it with File Explorer using your ID, I have to ask – Is your ID a Standard User or a member of the Administrators Group?

        If you right click on Explorer and “Run as Admin,” can you access it?

        1 user thanked author for this post.
        Ben Myers
        Reply | Quote
    • ve2mrx
      AskWoody Plus
      May 10, 2021 at 12:56 pm #2363948

      WARNING: Improperly editing file rights can trash your system, make sure you have a backup or other recovery methods before doing the following!

      One tip for harder to remove malware processes: Remove SYSTEM rights from the bad files after adding your user full rights. Reboot!

      After booting, Windows won’t have access to the bad files, but you can go back and then delete them! I’ve used this trick a few times in the past.

      Today, I prefer to wipe the system as what you see could only be the tip of the security iceberg: There could be multiple layers of malware installed and you can’t always see all of them. Technology makes it easy to make custom malware on-the-fly, making such malware undetected by normal security software.

      I prefer to see security malware as an alarm system: If you see something, the system is now compromised and under someone else’s control. Only a complete forensic analysis can reveal the extent of the compromise, something most users can’t do.

      So, if you find something, burn it and start over!

      Martin

      • This reply was modified 4 years ago by ve2mrx. Reason: Clarity
      1 user thanked author for this post.
      erbkaiser
      Reply | Quote
    • anonymous
      Guest
      May 10, 2021 at 3:40 pm #2364007

      Thank you for this post. I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them (Word files, music files like “la Tempesta di Mare”…)

      1 user thanked author for this post.
      SueW
      Reply | Quote
      • Ben Myers
        AskWoody Plus
        May 13, 2021 at 9:10 am #2364702

        The temp string is not an issue.ย  I cannot ever recall an issue with doing a Select All followed by a Delete from the %temp% folder.ย  If a file is in use, the Delete function will tell you and you can skip its deletion.

        Further, one needs to ask how music, Word, Excel or other files have found their way into %temp%, and whether or not there are more permanent files elsewhere.ย  After all, the %temp% folder is for files and folders that are temporary.

        Reply | Quote
      • b
        AskWoody_MVP
        May 13, 2021 at 9:32 am #2364707
        anonymous wrote:

        Iโ€™d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the โ€œtempโ€ string in them

        It’s not a filename search. %temp% is a folder, as the article explains.

        2 users thanked author for this post.
        ve2mrx, SueW
        Reply | Quote
    Viewing 6 reply threads
    Reply To: Reply #2363899 in Anatomy of a malware

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




    Cancel
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.