Go Back   Web User Forums > Security > Malware Removal Help & Analysis

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #11  
Old 26-05-18, 09:01
Moonshine Moonshine is offline
Passionate member
 
Join Date: Aug 2012
Posts: 1,007
Default Re: Suspect Files

Best of luck with PC River.
From 'their' website:

Quote:
Disclaimer

References to “PCRIVER”, “pcriver.com” and “this site” refer to the www.pcriver.com website and all related websites, it’s owners and any related companies. By using the information, services and products available through this site and downloading any software, you are agreeing to the terms and conditions contained herein. This site provides the information, services and products available “AS IS”, with no warranties whatsoever. All express warranties and all implied warranties and non-infringement of proprietary rights are hereby disclaimed to the fullest extent permitted by law. This site is not associated with the software it provides for download and cannot be held liable for issues or faults that arise from the download or use of the software.
This getting embarrassing now.
I'm done with you and you won't see me around much in the future. I suppose that pleases you.
By the way - it's not advisable to ask strangers to go on the internet with an unpatched, not updated XP operating system that has no antivirus. You just don't know what is going to happen. In or out bound.
  #12  
Old 26-05-18, 09:13
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 11,038
Default Re: Suspect Files

He'll still have Windows Firewall and I've known some who have just used that on Win 7 and have never been infected - I guess it depends upon where you mooch.

Whether you go or not will not have any emotional aspect for me whatsoever.
  #13  
Old 26-05-18, 09:28
Moonshine Moonshine is offline
Passionate member
 
Join Date: Aug 2012
Posts: 1,007
Default Re: Suspect Files

The hole you are digging for yourself is getting deeper by the post.
You’ve already said elsewhere that XP passed you by and you know very little about it.
FYI
The XP Firewall – yes the one that Microsoft tried to learn lessons from.
The XP Firewall that doesn’t/can’t stop outbound connections.
The XP Firewall that will allow a program, malicious or otherwise, to phone home and do its thing.
A firewall should monitor, inspect, and proxy outbound communication—and this is where Windows Firewall fails. Any program on a computer can initiate any type of connection to any IP address on the Internet, and the Windows Firewall will sit by passively and let it happen!

You appear to trying and shut the stable door after the horse has potentially bolted – you couldn’t make this up.
It's all very worrying - except for you.
  #14  
Old 26-05-18, 09:32
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 11,038
Default Re: Suspect Files

No need to worry - Scooby is going to copy MBAM across from his 8.1 machine.

You haven't answered my question about my VirusTotal scan on the ISO URL.
  #15  
Old 26-05-18, 09:41
kevinf80's Avatar
kevinf80 kevinf80 is offline
Global Moderator
 
Join Date: Feb 2008
Location: Sunderland.UK.
Posts: 2,951
Default Re: Suspect Files

Come on guys lets not get dragged into heated discussion here. As far as i`m concerned the only place, link or website for Windows OS is Microsoft. There is no way you can trust any versions of Windows from anywhere else...

The following link to MS will give ISO for 7 through to 10, you will need a licence key...!!

https://www.microsoft.com/en-gb/soft...nload/windows7

Select the "Windows" tab, from there you will see the version you require...

Cracked or Pirated versions or even versions from anywhere other than MS are all probably exploited for the writers own purpose. If you have a similar version installed run the following to see if there any hidden windows doing dirty deeds:

Download GUIPropView from either of the following links, ensure to get the correct version for your system

https://www.nirsoft.net/utils/guipropview-x64.zip

https://www.nirsoft.net/utils/guipropview.zip

Unzip GUIPropView to its own folder on Desktop (preferred place) open the folder and double click on GUIPropView.exe to run the tool.

Once opened the tool window populates, from the tool bar select "TopLevel" make sure "Display Hidden Windows" is checkmarked, once done the tool window repopulates to include hidden windows.

Not all hidden windows are malicious, but they should all be checked out...

Be nice guys, all advice should be taken onboard, the choice to use it or not is down to the listener....

Thank you,

Kevin..
  #16  
Old 26-05-18, 10:09
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 11,038
Default Re: Suspect Files

Thanks for that, Kevin - I'll ask Scooby to have a look at those links but it will be dependent upon him installing Norton and connecting to the Internet which he is loathe to do - although he'll probably be able to copy the .zip across to the XP machine.

I've given him an alternative to find the missing drivers he needs.

I said at the start of Scooby's thread that it is difficult to get hold of a XP ISO and MS will not release the download unless you have a valid retail key.

OEM machines only have the COA sticker key as you know and which it won't accept and it no longer has a download for XP anyway.

I did as much as I could to ensure the download was safe and that a bootable disk could be created from it before passing its location on.
  #17  
Old 26-05-18, 10:28
Moonshine Moonshine is offline
Passionate member
 
Join Date: Aug 2012
Posts: 1,007
Default Re: Suspect Files

Cantrel

You have said in the other thread that "ISOs don't contain drivers"

FYI - ISOs are containers and can contain anything the creator of the ISO wants to put in it.
That maybe a folder called Extras as in the ISO you recommend and could contain a driver or drivers, it could easily be Ransomware.
That what this is about - you just don't know what is going to happen.

This is a comparison of the genuine, untouched ISO (on the left) that I had offered and the one I believe has been used from your recommendation.
Look at the difference.
Note the dates on the files (modified)
Note how many items on the disc.
Note the Extra folder (excuse the pun).
That folder could contain anything. I know what it contains.


Click to enlarge
  #18  
Old 26-05-18, 10:39
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 11,038
Default Re: Suspect Files

Well what was Scooby to do when your ISO wouldn't install.

As I've said, I did what I could to ensure the download was safe.

I haven't gotten around to trying VirtualBox yet, but when I put the ISO URL into a VirusTotal search, there was only ESET that snagged it as definite malware and one other which viewed it as suspicious - have you looked at the link I posted and given there were more green lights than red ones - who do you believe ?

I ran the ESET Fee Online Scanner on the laptop and after about 1hr 19mins it reported no infections.
  #19  
Old 26-05-18, 10:51
Moonshine Moonshine is offline
Passionate member
 
Join Date: Aug 2012
Posts: 1,007
Default Re: Suspect Files

". . . . when your ISO wouldn't install" - That has already been addressed in the other post and you know it has.
If a forum member can't use a genuine MS, XP ISO, you seriously recommend using a pirate version instead to see what happens! Nice one.

This is Malwarebytes take on the ISO contents that you can't see with your set up:



The VirusTotal reports in post No 1 are generated from those 3 files.
Next time I'll keep my mouth shut.
  #20  
Old 26-05-18, 11:11
tornado's Avatar
tornado tornado is offline
Highly valued member
 
Join Date: Jun 2014
Location: Stirlingshire
Posts: 1,777
Default Re: Suspect Files

Quote:
Originally Posted by Moonshine View Post
This getting embarrassing now.
I'm done with you and you won't see me around much in the future. I suppose that pleases you.
Our WU forums are very fortunate to have members such as Moonshine who is very knowledgeable in many fields of computing.
IMO, Moonshine is our top problem solver, and I have personally learned a lot from his replies to others seeking help.
I hope that he continues to contribute here; the withdrawal of his input would be a big loss to our members.

I'd hate to see the above exchanges escalate further until we all become losers. There's no need for anyone to insist on "having the last word".

Spit
Closed Thread

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Search the forum

Search

© Dennis Publishing Limited Licensed by Felden





All times are GMT. The time now is 13:57.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright Dennis Publishing 2010, All rights reserved