homepage Welcome to WebmasterWorld Guest from 54.226.230.76
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 54 message thread spans 2 pages: 54 ( [1] 2 > >     
Malware Attacks
How do non-techie people cope?
Jane_Doe




msg:3436839
 5:28 pm on Aug 30, 2007 (gmt 0)

Our neighbors computer got infected with malware. They had weird cookies being set, their wall paper changed and popups all over the place. They had tons of security alerts popping up - half of them real and half from the malware. The malware even substituted their own DNS server so it had control over their Internet access.

Norton, Spybot, Adaware and the rest were ineffective. I found a program fix on a tech forum, but it required downloading a program and running the computer in safe mode to execute it. It took me a couple of hours and one of my teenagers help for another hour to get everything back to normal.

Lots of people have computers, however I don't think most of them hang out at tech forums or know how to run their computers in safe mode. Many of the people I know don't even know about Adaware.

For people like my neighbors it was really hard to even figure out which security messages were bogus and which were real, which is of course what the malware writers want to have happen.

So what do people who don't work with computers for a living, or have friends who work with computers, do when stuff like this happens? Just curious. I don't see a lot of advertising for malware removal services but it seems like there has to be a big need for that kind of service.

 

Samizdata




msg:3436856
 5:46 pm on Aug 30, 2007 (gmt 0)

A lot of people just seem to keep going, often innocently spamming everybody else, until the machine grinds to a halt. The more adventurous might format the hard drive and start again (usually repeating the cycle).

The lucky ones are put in touch with me, and I do for them what you did for your neighbour.

jdMorgan




msg:3436892
 6:27 pm on Aug 30, 2007 (gmt 0)

Some just buy new computers... It's amazing!

I'd be interested to know the names of the malware, and the name of the program that successfully removed it (no links, please).

Jim

rocknbil




msg:3436911
 7:01 pm on Aug 30, 2007 (gmt 0)

^ ^ ^ That was exactly my answer! :-) "My computer is messed up, I need a new one." Consequently a lot of these problems get blamed on Dell and Compaq. :-)

The really *bad* part of this is just like a driver who knows nothing about cars taking it to a mechanic and getting a new engine when all they need is a tune up. I had one friend who had a hard drive replaced, I asked him to give it to me. That crashed hard drive now sits, reformatted, in one of my computers.

Pat of the problem is people are looking for a simple solution and just don't want to deal with it. People say Norton is the best AVG, so that's what they use. IMO it's *not* the best, it's bloated and intrusive and can create quantum problems when things go wrong.

As long as people refuse to "do the work" there will always be problems like this.

Jane_Doe




msg:3436916
 7:08 pm on Aug 30, 2007 (gmt 0)

I'd be interested to know the names of the malware, and the name of the program that successfully removed it (no links, please).

The names of the stuff popping up on their computer were softwarereferral.com, safewebnavigate, confidentsurf, SecurePC Cleaner, Spy-shredder among others. At least I think these were the fake ones. They had some security software programs I wasn't familiar with also running so it took me a bit to try to figure out which messages were real and which were fake.

The fix was running a program called smitfraudfix.

While I'm glad to help out my neighbor, it just seems to me that people with just basic computer knowledge should be able to go to a corporate site like Microsoft or Norton for help with these kinds of problems and not have to root through tech forums for fixes written by individual white hat hacker types. If the fixes are not on major corporate sites, then it is difficult, if not impossible, for the average person to even know which fixes are real and which are scams. The whole process itself seems severely dysfunctional and in need of repair.

[edited by: Jane_Doe at 7:11 pm (utc) on Aug. 30, 2007]

Jane_Doe




msg:3436944
 7:31 pm on Aug 30, 2007 (gmt 0)

As long as people refuse to "do the work" there will always be problems like this.

I'm not sure that is being fair to expect people with non-technical backgrounds to be able to get rid of really sophisticated malware. On my neighbor's computer she even had fake bubble messages coming out of the Norton icon on the lower right side of her PC screen, giving her fake instructions that if followed would have downloaded more malware (at a hefty cost I'm sure) instead of getting rid of what was there already.

Samizdata




msg:3436970
 8:06 pm on Aug 30, 2007 (gmt 0)

people with just basic computer knowledge should be able to go to a corporate site like Microsoft or Norton for help

In fairness to Microsoft (whose products I am no fan of) the malware you mentioned would probably not have got anywhere if your neighbour had ever run Windows Update, which I believe patched that particular exploit a long time ago, and which these days seems to nag users constantly.

In fairness to Norton (whose products I am no fan of) their website provides free fixes for a vast number of exploits - though not the one in question - without the need to purchase any product.

I have never come across a malware or virus problem that could not be fixed for free, though I agree that the SmitFraud/SmitRem fix was hard to find amongst a lot of inaccurate information on the web.

I enjoy the fact that people buy a new PC when things go wrong as some of them give me the old one, which I repair and use to test my websites in various browsers - I have never paid for a PC, and now have several.

Of course, as a Mac user I mostly forget about them...

tim222




msg:3436974
 8:10 pm on Aug 30, 2007 (gmt 0)

Here at work when someone gets a bug, if it's not easy to fix I will do a System Restore:

[microsoft.com...]

It's kind of a shotgun approach and it will overwrite any legitimate software you installed since the rollback date. But it's usually easier than trying to clean out the mess that's caused by malware. Here at work, I don't care if it overwrites someone's happy face toolbar because they weren't supposed to install it anyway.

Unfortunately some malware will infect your System Restore files, and that makes it trickier. However I haven't seen that happen during the past couple of years, so maybe Microsoft addressed that issue.

If a System Restore doesn't work, and it's too time consuming to clean out, my last resort is Norton Ghost. When I set up a PC in our office, I make an image of the clean installation (including Office and our business software). Ghost will copy that image to their disk so it's as if the machine had a fresh installation. After that, it usually takes about an hour to apply all the updates and patches that were released since the image was made. But it saves several hours of installing the O/S, Office and other software. This method will wipe out local documents, but their documents are *supposed to be* saved on the network, and people know better than to whine when they lose documents that were saved locally because they know that I don't care :)

wyweb




msg:3436999
 8:36 pm on Aug 30, 2007 (gmt 0)

System Restore has become one of my best friends.

GoogleGuy




msg:3437300
 4:53 am on Aug 31, 2007 (gmt 0)

Seems like a lot of people end up spending visits home and holidays cleaning off malware from relatives' computers. I have heard of people buying new computers though.

weeks




msg:3437657
 2:12 pm on Aug 31, 2007 (gmt 0)

Best Buy (Geek Squad) and Circuit City (Firedog) have launched services with major ad campaigns to help people with their computers. The CEO of Circuit City has said they expect their service to contribute a big hunk of change to their bottom line.

ytswy




msg:3437898
 5:24 pm on Aug 31, 2007 (gmt 0)

GoogleGuy

Wow, that takes me back.

While I'm glad to help out my neighbor, it just seems to me that people with just basic computer knowledge should be able to go to a corporate site like Microsoft or Norton for help with these kinds of problems and not have to root through tech forums for fixes written by individual white hat hacker types.

The problem as I see it is that there aren't any perfect solutions once the machine is badly infected.

Trying to go after the problems you can see doesn't help long term since you'll miss a few, and they'll log on to an irc channel or something and download it all again.

Even an expert has real problems sorting out a seriously compromised installation, I really don't think there is any way that a novice has a hope no matter how much help is provided.

The real solution has to be stopping them from getting infected to start with - which really only takes a decent firewall and an understanding of what not to click on. However the latter is not going to happen anytime soon.

I'd advise never charging anyone for clearing crap off their PC. A couple of months down the line they'll have just as much crap, and now it's your fault.

Jane_Doe




msg:3437947
 6:05 pm on Aug 31, 2007 (gmt 0)

The real solution has to be stopping them from getting infected to start with - which really only takes a decent firewall and an understanding of what not to click on. However the latter is not going to happen anytime soon.

Our neighbors do have a firewall. I installed one for them after the last time I had to clean up their PC. :)

If you look at the tech forums, there are some pretty knowledgeable people who end with malware on their computers, so I don't agree that a blame the victim approach is the fundamental flaw in the whole dysfunctional process. I personally think PCs are just too easy to hack into.

In fairness to Microsoft (whose products I am no fan of) the malware you mentioned would probably not have got anywhere if your neighbour had ever run Windows Update, which I believe patched that particular exploit a long time ago, and which these days seems to nag users constantly.

That is a good point. We did not run a Windows update this time after we cleaned the computer, so I need to check for that.

Seems like a lot of people end up spending visits home and holidays cleaning off malware from relatives' computers. I have heard of people buying new computers though.

Nice to see you posting again Googleguy. :)

I suspect if people do buy new computers after malware attacks then there is little business incentive for Microsoft to make their PCs more bullet-proof. I think my neighbor's long term solution is going to be to buy a Mac.

tim222




msg:3437990
 6:38 pm on Aug 31, 2007 (gmt 0)

I think my neighbor's long term solution is going to be to buy a Mac.

That's a short-term solution, but not necessarily a long term solution. As Macs become more popular, so will Mac malware. Check out this article from earlier this year:

[macnewsworld.com...]

Exceprt from the article: "As secure as OS X may be, one of its greatest protections against hacker attack may be its small market share."

ytswy




msg:3438032
 7:14 pm on Aug 31, 2007 (gmt 0)

That's a short-term solution, but not necessarily a long term solution. As Macs become more popular, so will Mac malware. Check out this article from earlier this year:

Actually I reckon it's a pretty good medium term solution at least. OSX doesn't work on commodity hardware, and so long as that is true it will always be the minority OS I think. Maybe Apple will one day launch an assault on Windows, but it won't be today.

Which means for the current generation of Macs anyway, security by obscurity works just fine.

If you look at the tech forums, there are some pretty knowledgeable people who end with malware on their computers, so I don't agree that a blame the victim approach is the fundamental flaw in the whole dysfunctional process. I personally think PCs are just too easy to hack into.

The problem as I see it is that a modern computer with a broadband connection is a very powerful and complicated device. I agree that the current OSs (all of them) do not provide an acceptable way for novice users to manage their systems against these sort of threats; I just don't see a way it can actually be improved - at the end of the day, if the user says do x, the OS has to do x. If it pops up three warning windows first, a novice user will just click ok on all of them, and will just learn that if you want to do something on your computer, you have to click ok a lot.

Personally I think it is a chronic problem, which will be with us for many decades. I don't have any ideas towards a solution.

Jane_Doe




msg:3438049
 7:28 pm on Aug 31, 2007 (gmt 0)

may be its small market share

She understands that concept. That is why she was asking us about it. She realizes that it probably would not be cost effective for most of the malware hackers to write code for such a small market share.

I think it may be a long term solution. Apple has consistently maintained a pretty small market share for many years now so it seems a pretty safe bet they are not going to be taking over the market anytime soon. They lost their window of opportunity on that front many years ago.

g1smd




msg:3438062
 7:36 pm on Aug 31, 2007 (gmt 0)

Ah yes, SmitFraud, a criminally driven extortion racket.

Fake malware error messages to entice you to pay money for a fake cleaner that installs more junk.

I think the original people involved with that went to jail for it.

SpyBot Search and Destroy can spot it, but can't always get rid of all of it.

.

Also be aware of the Gromozon Removal Tool from PrevX for dealing with another very nasty set of junk going around with those fake weather alert and fake PDF-file emails. Gromozon is a rootkit virus and malware system that installs a hidden user into windows. The hidden user has admin rights and can do whatever it likes on the machine - and none of the other admins have enough privileges to alter or close down that fake user.

[edited by: g1smd at 7:41 pm (utc) on Aug. 31, 2007]

g1smd




msg:3438071
 7:45 pm on Aug 31, 2007 (gmt 0)

I am very wary of System Restore.

I use Vista, and when I had some trouble with the Mozilla browser, I used system restore to go back a few weeks.

I found that all of the data, documents, and files that I had downloaded and saved from Mozilla also disappeared.

Vista was treating all those files as if they were a part of the program rather than as unattached data.

ceestand




msg:3438073
 7:47 pm on Aug 31, 2007 (gmt 0)

...people who don't work with computers for a living, or have friends who work with computers.

I find this to be a surprisingly small group of people.

The proposed Mac solution is similar to running Linux. Eventually if that's what a significant number of people do, malware will start being written for them. A possible conclusion would be a diversified OS market that would make support more expensive/less available. The current silver lining is that at least when a Windows box is infected, we know how to solve it...

WiseWebDude




msg:3438101
 8:05 pm on Aug 31, 2007 (gmt 0)

Vista was treating all those files as if they were a part of the program rather than as unattached data.

Oh no, you've got to be kidding me. I seriously might not ever get Vista. I try and tell people to backup their documents and most ignore me, their computer gets malware, they reformat and lose it all. Let's just say Microsoft has created a huge, miserable user base, LOL.

I used to think that services like Geek Squad really make a lot of money off people who are not computer savvy (computer chasers, LOL), but they saved my butt one time when I couldn't figure out what was wrong with my computer...took it to Geek Squad and they found it in minutes (took a day to confirm with more tests though), it was one RAM stick that went bad; Talk about frustrating! Bad RAM is one of the hardest things to find and they did me a good service. So while I think they are opportunists at times, they have a good side too.

Let's just say as malware gets better (and it will), and Microsoft gets worse (and it will, if the recent past is any indication), Geek Squad and the others stand to make bucket loads of $$$. Fact is, you cannot tell most people anything...they will not listen and will continue to click on that pretty little glittering doohickey. OOOO-AHHH.

PS, don't let your friends or family know you are good with computers...that is advice you can take to the bank!

:)

g1smd




msg:3438108
 8:11 pm on Aug 31, 2007 (gmt 0)

Vista is so good that it can randomly rename files as you copy them from one folder to another.

One day I started out with:
picasa-install.exe
install.seamonkey.win32.en.114.exe
xenu.linksleuth.install.zip

and after copying to another folder I had:
install.seamonkey.win32.en.114.exe with the picasa icon
install.seamonkey.win32.en.114 (2).exe with the mozilla icon
install.seamonkey.win32.en.114.zip with the ZIP icon

I identified which one was which, uisng the file size and date/time stamps as verification and renamed them back to what they should have been.

I have "lost" several documents in the past. Now I suspect they are somewhere on the drive but with the wrong name. I might never find them again.

WiseWebDude




msg:3438111
 8:16 pm on Aug 31, 2007 (gmt 0)

Oh Lord, I am nutty enough as it is, I don't need Vista's help. I have thought of an Apple, but the problem is, I don't want to have to buy all my programs again or the compatibility crap they have. Sigh. If I would have seen that happen on my computer, I might have threw it down the stairs.

:)

Rugles




msg:3438132
 8:46 pm on Aug 31, 2007 (gmt 0)

I had some serious malware on a computer in my home. I would clean it off and everything would work fine for a few months and then it would show up again. It seemed smart enough to know when I was fixing to the computer and would hide for a while (ok, it was my conspiracy theory). After spending too many hours chasing down this malware on a 4 year old computer ... Hello new Dual Core Processor and 2 gig of Ram!

I dont regret it, I needed a new box anyways.

But man, if I go to a relatives house, I am designated malware diagnosis guy. Which usually involves spending a max of one hour before I tell them to take it in for service. I have about a 50% success rate.

(good to see GG around)

zCat




msg:3438168
 9:11 pm on Aug 31, 2007 (gmt 0)

I'm the guy who "knows" about computers in my circle of relatives and friends. I often have a hard time explaining that I can't help them in any meaningful way with whatever malaise is affecting their (Windows) computer because - although I'd genuinely like to help - I have no Windows expertise (beyond what I need to check my sites in IE), and I could very well end up making things worse, and / or deleting all their data.

It's not a snobbery thing (I use OS X, Linux and used to have an OpenBSD router), I just haven't worked with Windows for years and it's now so totally outside my experience. (OK, give me a week or two and I could get back into the swing of things, but I have better ways of using that time).

hutcheson




msg:3438206
 10:03 pm on Aug 31, 2007 (gmt 0)

>Eventually if that's what a significant number of people do, malware will start being written for them.

Well, this is certainly the Microsoft party line.

But Apple's kernel is based on BSD, and its user interface is not kludged in underneath the real kernel functionality. Similarly, Linux is a kernel, and whatever GUI you choose runs on top as an application.

Both of these designs were based, almost from the beginning, on multi-user, distributed networks. And so there are whole classes of "features" (ActiveX, you know who we mean) that even a brain-dead moron wouldn't put into application space. And in innumerable ways both of these designs are inherently more secure than anything based on MS-Windows could ever be. And they accomplish this without the avalanche of "need your permission to sneeze" messages as in Vista.

Anyone interested in facts will look at, say, Netscape Navigator a few years ago, or the Apache web server today: products not defective-by-design which could dominate their niche without turning over all of the machines running them to the script kiddy mafia.

And would note the security credentials being obtained by the current unix-class operating systems, and ... would expect the demise of Microsoft to be quickly followed by the demise of many other parasitic evils.

ytswy




msg:3438215
 10:19 pm on Aug 31, 2007 (gmt 0)

But Apple's kernel is based on BSD, and its user interface is not kludged in underneath the real kernel functionality. Similarly, Linux is a kernel, and whatever GUI you choose runs on top as an application.

I'd love to believe, I really would.. But while it may be fair to criticise Windows in terms of its architecture, the fact is that all complex programs - whether they are operating systems or applications - have security bugs. And even if they didn't, you can't stop a user from installing teencoeds.exe if that's what he or she wants.

I don't have any easy solutions, but I am sure that the point to prevent malware is before it is installed.

techrealm




msg:3438250
 11:04 pm on Aug 31, 2007 (gmt 0)

I've supported all types of users and no one should believe they can't be hacked, tricked into clicking a window, being played for sensitive info, or one of the many other schemes, scams and crimes against other people. History tells us that those things can happen to ANYONE even the best in their field let alone a non-techie.

My experience has shown that the non-techies will be good for a period of time and then gather up more spyware / malware and repeat the cycle. Most non-techies abandon the machine as dead unless they spend cash or trade to resolve the issue, or they get a three day weekend to mess around with it. Most resolutions are either through a service or a techie with time to reformat and install.

Techies never get spyware they just get "bad updates".... Most techies will attempt to resolve the issue even if it takes great amounts of personal or business time (anyone been paid to fix their own machine lately?). Downside to this method is that the techie may assume they removed the spyware / malware and not completely rebuild the system from a set of good media thereby achieving the true purpose of the spyware, to put and keep a rootkit in service by sacrificing the spyware / malware.

Wlauzon




msg:3438259
 11:13 pm on Aug 31, 2007 (gmt 0)

There is a wide range of problems out there, one of the most common is simply not keeping windows updated.

But the default configuration - especially on computers sold more than a couple years ago - was no firewall, no automatic updates, and only some crappy free version of Nortons.

I have seen far few problems on newer computers, and none with Vista (despite it's other problems).

But by far the biggest problem is peoples ignorance - opening email attachments even though the red warning is flashing, downloading totally unknown files, installing totally unknown "toolbars", and the like.

It is because of that that Vista went overboard on security - which can be pretty annoying at times, but in fact does do a much better job of protecting the non-guru's.

BTW, Windows Live is what I use for malware/virus (I long ago removed any traces of Norton). I have installed it on a couple of relatives computers, and it seemed to take care of just about anything except one or two of the mal-toolbars, which needed some registry editing.

weeks




msg:3438295
 12:54 am on Sep 1, 2007 (gmt 0)

Well, this is certainly the Microsoft party line.

But Apple's kernel is based on BSD, and its user interface is not kludged in underneath the real kernel functionality. Similarly, Linux is a kernel, and whatever GUI you choose runs on top as an application.

Both of these designs were based, almost from the beginning, on multi-user, distributed networks. And so there are whole classes of "features" (ActiveX, you know who we mean) that even a brain-dead moron wouldn't put into application space. And in innumerable ways both of these designs are inherently more secure than anything based on MS-Windows could ever be. And they accomplish this without the avalanche of "need your permission to sneeze" messages as in Vista.

Anyone interested in facts will look at, say, Netscape Navigator a few years ago, or the Apache web server today: products not defective-by-design which could dominate their niche without turning over all of the machines running them to the script kiddy mafia.

And would note the security credentials being obtained by the current unix-class operating systems, and ... would expect the demise of Microsoft to be quickly followed by the demise of many other parasitic evils.

Thank you, hutch!

Yeah, probably a part of it is that Mac's OS is hard and Windows is easy, so easy pulls the pressure off of Mac. But that is a small part of it. Hutch can explain it better than I. But, the idea that MS' security problems are simply from a lot of hackers looking for market share is bogus.

D_Blackwell




msg:3438314
 2:03 am on Sep 1, 2007 (gmt 0)

I'm the 'family tech guy' and sometimes one just has to look even their relatives in the eye and tell them that they deserved exactly what they got. Sure, the novice mother, father, or grandparent who just uses a computer for email, family pictures, and whatnot can be excused from not knowing any better (and typically welcomes a quick and effective education), but most people do know better, understand the risks, personally know people who have lost all of their data..... Yet they they still don't run the most basic updates, minimal firewall, FREE anti-virus software, FREE anti-malware software - no backups of any data.....

Most family problems that I've seen have been from those that absolutely know better - but insist upon being reckless.

I spent a chunk of a Christmas weekend rescuing a nieces computer that had been hacked to pieces; barely ran at all after startup. Fortunately I keep Hijack-This on a micro-drive and was able to clean out the machine. Some nasty 'self replicating' stuff on there too; had to call in some extra help to get at the root of that one, which was way beyond my capability.

And yes - anybody can get caught out at any time. I update and run several security programs daily (Doesn't take any time! - backup the entire system daily to an external hard drive, which is swapped no less than weekly with another external hard drive stored at an 'undisclosed location', keep multiple encrypted micro-drives with copies of 'life and livlihood' files in a very safe place - and still worry for my data.

Doesn't help anybody that 'reputable' companies install all kinds of garbage (harmful or not) beyond what somebody thinks that they've gotten. Almost makes some of the bad guys look good:((

This 54 message thread spans 2 pages: 54 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved