I thought my PC was clean???

LHC's social forum for all topics not hermit crab-related. Get to know your fellow LHC members here!
Locked
User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

I thought my PC was clean???

Post by Crabber85 » Fri Jul 17, 2015 3:53 pm

I have been operating under the false assumption that my laptop has been pretty clean as far as junk programs and general clutter but after running scans with HitmanPro, Junkware Removal Tool, ADW-Cleaner and ESET online scanner I was very disturbed to find out that my laptop was pretty far from clean.All in all between the four scanners they found and removed four hundred suspicious items associated with Potentially Unwanted Programs or PUP's which are often bundled with free software and are downloaded without the users knowledge and can be very tricky to remove once they have been discovered and these characteristics mark these PUP's as potentially or downright illegal.What disturbed me most was that when ADW-Cleaner scanned my system is actually generated a warning stating that it had found several illegal or potentially illegal programs which had been installed without my knowledge these included unwanted and unneeded browser addons and hijackers like Conduit, Crossrider, Search Scopes for Internet Explorer and a fake Ask toolbar.Conduit is technically spyware and thus very unwanted and highly illegal and often comes bundled with legitimate free software.These programs found their way onto my system back when this computer was the family computer and my parents were not very security or safety conscious so they tended to just click on links whether they knew the source or not and Google Chrome was there poison I mean browser of choice and they managed to get it so overloaded with fake addons, toolbars and helpers that it quickly became useless and a huge security risk to the system.After giving the computer a thorough cleaning I uninstalled Google Chrome and deleted all of its registry and file remnants because I want nothing to do with it.I was taken to an official uninstall page for Chrome and was asked several questions as to why I was uninstalling it and because one of the answers was it caused too many virus or malware issues I specifically chose that for my reason and left it at that.I don't recommend using the cleaning utilities I mentioned earlier unless you are an experienced PC user and know what your doing as inexperienced users run the risk of deleting needed registry or file entries which will quickly render an operating system useless.The nice thing about all of the cleaning utilities that I use is that they do make a fresh system restore point before they actually delete anything so if something happens to slip by that should not have been deleted and your system stops responding you can easily restore to the last restore point and have no damage done.CCLEANER is a cleaning utility I use to keep my temp folders cleared out and to keep my start-up entries managed, this program does offer the ability to fix your registry but that particular tool should not be used because it can cause more damage than it actually fixes.I also have another program called Unchecky installed that actually unchecks the hidden boxes when downloading free software to help prevent these nasty little pieces of adware, bloatware and spyware from being accidentally or unknowingly downloaded when you download the program you want.Most users never know that they have been unknowingly duped into downloading these useless and illegal addons, helpers, toolbars, search assistants and search engines which makes this a huge and very real issue because they often change your browsers homepage to a malware distributing page which can't easily be changed back, they often setup proxy connections that are not your actual internet settings and the use of a proxy without your consent is very characteristic of malware type behavior, they will redirect your searches to fake infection links or to useless links, they slow down your browser to a crawl, they are generally nearly impossible to uninstall because they are setup to just reinstall themselves or deny any attempt to uninstall at all and are just a general nuisance all of these behaviors actually qualify them to be classified as malware because they behave exactly as malware.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.

User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

I thought my PC was clean???

Post by Crabber85 » Sat Jul 18, 2015 2:01 pm

Point in case I just found out today that my brother had his World of Warcraft account hacked because somebody installed a keylogger on his computer and stole his password for his game account and then went in and stole everything they completely cleaned him out so the game host had to restore everything that was taken but this just proves my point he didn't have any kind of security programs to prevent the intrusion of his system, if he'd had a good anti-virus with real time protection, anti-malware and a good firewall the keylogger wouldn't have ended up on his computer but because he refuses to use any kind of security software he fell victim to a simple keylogger drop and execute infection.Keyloggers are very common pieces of malware that are used on a regular basis to steal log-in information and banking info because they actively record your keystrokes as they happen they can log every password for every account you have which totally compromises your identity and safety but a good firewall with built-in default deny protection will block the program from installing at all.Keyloggers get onto your system through one of several ways and the most popular method is for the hacker to use a drive by exploit kit that drops its active payload the Keylogger when you hit on an infected link or webpage it executes a dropper that drops a file containing the Keylogger in most instances a run file dialog box wont appear like if you were intentionally trying to download a program you would get the download start box which would ask you if you want to download this file with a security prompt with Keyloggers you rarely ever get this which makes the dropper and its payload invisible to you so you'd never know you actually downloaded it.There are security programs that are outfitted with an anti-keylogger option which will scan for or detect active keyloggers on your system and will give you the option to remove them but the unfortunate reality is once you've had a keylogger on your system its often too late by the time you've found and removed them because they have already had enough time to steal your passwords and other sensitive data.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.

User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

I thought my PC was clean???

Post by Crabber85 » Sat Jul 18, 2015 4:35 pm

Most firewalls with a built in HIPS option will protect you against keyloggers which just one more reason why I use Comodo's Free Firewall.With the way malware is evolving the days when firewalls and anti-virus programs were optional are gone and are now more than ever a necessity and should be on the computer the minute it comes out of the box but unfortunately the security software that comes standard with most computers is very lacking and in some instances completely useless.Windows has a built in firewall that's pretty good for your basic routing and denial tasks but is completely ineffective at controlling malware auto-download and execution on the system because the basic firewall is just not robust enough to handle these kinds of attacks you need to have something that actually allows the user to customize the inbound and outbound rule sets and it should include a HIPS feature by default as there are plenty of good free firewalls available that include these things but sadly I don't see that happening because we are talking about adding things that would cost the software designer more money than they think its worth so Microsoft will continue to push out the most basic generic security software they can with no regard for the consumers best interest.The basic anti-virus that comes bundled with the Windows OS is usually either Windows Defender on Windows XP and early versions of Windows 7, Defender was replaced by Microsoft's Security Essentials which does have a built in active monitoring feature unfortunately its almost as useless as Windows Defender at stopping Zero Day threats and does not have an adequate detection rate so using it as a stand alone scanner to check your computer for infections usually yields no detections because the heuristics and engine that the program uses are weak and almost worse than useless.I believe that Security Essentials only scored a 57% detection ratio on Virus Bulletin's Detection test and a good anti-virus will have a detection ratio of at least 90% any less than that and I would not recommend using the program especially if your paying for it because you are not being protected.Avast free antivirus, AVG Free, Kaspersky and Bit-Defender are mot top recommended antivirus programs Avast and AVG both offer free versions of their products offer excellent protection and Kaspersky and Bit-Defender offer only paid programs.Herd Protect is a fairly decent antivirus meanwhile Norton, McAfee, Baidu, Viper and Quick Heal are all low level protection and are not worth the money you'd spend on them.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.


Geranium
Posts: 416
Joined: Mon Jun 06, 2011 3:09 pm
Location: Connecticut

I thought my PC was clean???

Post by Geranium » Sun Jul 19, 2015 1:34 am

Have you considered doing this kind of work? I would imagine finding problems like the ones you describe for others would bring customers to your door.

User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

I thought my PC was clean???

Post by Crabber85 » Sun Jul 19, 2015 10:06 am

@Geranium, I have thought about in the past but hadn't really seriously considered it but you do have a very great point I could theoretically run a PC repair shop out of my house though to be a legitimate shop I would need to be licensed and insured by the state and that would require that I have at least a bachelors degree in Computer Science or Informations Technology(IT) but if I wanted to just do it as a hobby and still get paid I wouldn't need to have the degree or anything else and I would get paid under the table. I could use the same cleaning utilities that I use on my personal system which would cut down on the work for me and make the process a lot easier.I think I might use this to make some extra cash once I get moved. I've been doing work on PC's that belonged to friends and family for years and hadn't even thought about charging for it because I just like the challenge and money hadn't been an issue for me until a year ago when my dad died.You wouldn't believe the issues I've encountered on other peoples computers because the refused to use any kind of security software and wouldn't practice good browsing habits.I had to work on a neighbors computer several years ago he was running Windows 98 so yes this was a while ago and his computer was so ate up with viruses and worms that I had to do a factory re-install of his Operating System so he lost all of his data and I hated that but at the time there were no real options on a system so heavily infected but today I can use a thumb drive or blank disk to create a rescue disk that the computer will boot off of instead of the hard drive and because the pc is starting up in a completely different and sterile environment so the infections don't get the option to start up with the system which allows me the opportunity to do an initial scan and removal of most of them which helps to return the system to a more useable state.Starting the computer up in Safe-mode with networking is another option that you can use to gain access to your computer because the only things that are allowed to run in safe mode are items that are critical to the core system function which means the infections are disabled by default in this situation which will allow you to install and run the necessary cleaning utilities, using the Safe-mode with networking option one of my go-to methods because it is so easy.Now there are a few types of infections that will actually prevent you from being able to access Safe-mode at all and some of the nastier variants will also block you from accessing the Net Bios during the initial start-up process because using the Net Bios and Safe-mode options are two very popular ways of removing a lot of different viruses and other malware.I've had to use the Safe-mode with networking option several times on heavily infested systems because one or more of the infections was designed to lock the system down preventing the execution of any program including any cleaning utilities these infections usually present with some kind of message banner that seems to cover the entire screen or they completely delete or hide the user interface so all you get to see is a blank white or black screen those are the absolute worst kinds of infections in my opinion because without having a user interface to work from you can't really do anything with the computer this kind of infection is known as an obfuscator and is designed to hide everything.With an obfuscation infection you really only have one option if Safe mode has been infected and also presents with a blank screen and that is to do a complete reformat of the hard drive which means the unit is wiped clean all traces of any data are removed and then you have to do a re-install of the Operating system so having a good re-install disk ready to go is a must.In this case you would need a clean protected machine to do the reformat of the hard drive and the re-install of the OS once that has been accomplished and your sure the Hard drive is clean you can then place it back into the original computer and then download all pertinent OS updates and patches and re-install all missing secondary programs like web browsers from a trusted download source.If a clean wipe of the hard drive is necessary then having a recent clean system image backup will help to put things back in order quicker than if the image backup is not available.An image backup is basically where you use a imaging program that takes a picture of your computer and all of its settings and then saves that image for future use if you need to revert back to a clean state the unfortunate reality is that few basic PC users actually know how to do a system image backup and fewer yet think it a necessary must so it rarely if ever gets done which makes restoring a heavily obfuscated system a bit harder on the technician who is working on it.I have a pretty recent system image backup on one of my external memory units in case I need to restore my system to a clean state and can't do it via system restore in the control panel.I just recently had to work on my mother's Windows 8 desktop computer, she was having some issues with it and wasn't sure what to do about it so I ran a couple scans and found a few things that needed to be removed from the system and once I got it cleaned out and sufficiently protected it quit having problems.Most PC users don't even understand why their systems are behaving so slow and unresponsive they just think that its the way things are supposed to be when in fact a properly maintained system will run like new from the time its purchased on up until you decide to replace it all it takes is regularly scheduled maintenance and upkeep.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.

User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

I thought my PC was clean???

Post by Crabber85 » Mon Jul 20, 2015 4:29 am

I would provide download links for the programs I use but they are not really for the novice user so I will refrain if you want them and are sure you know what your doing just PM me and I'll give them to you.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.

User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

I thought my PC was clean???

Post by Crabber85 » Mon Jul 20, 2015 4:14 pm

Did so more digging around in the registry and file system today and found a Back-door access kit and some Gamevance ad-ware remnants and the instal date on them was back in 2009 that would have been around the time we got the computer, I think they were leftovers from the first time it got infected with a nasty ransom-ware infection.The ransom-ware infection was a fake Anti-Virus that had the whole computer locked down demanding that we buy the product to delete the threats that it had supposedly found and since I know that this kind of infection uses a back-door access kit to allow the attacker remote access to the system it seems likely that that is where this back-door access kit came from.The kit was only partially intact so it wasn't like it was allowing any kind of remote access to my system, the run.dll files and it's executable command file had already been previously deleted and without these it couldn't do anything anymore but I went on ahead and removed it anyway just to further clean the system up and tighten the security up a little more.The Gamevance.adware files were from a set of games that had been installed on the system from Face-Book who were involved with distributing the adware in question, this ad-ware works to spam your desktop with product ads and offer banners that completely cover the screen and can't be removed through conventional means.The deeper I get into this system the more traces I'm finding of previous infections and that is actually pretty normal because no one anti-virus/anti-malware program will completely remove all traces of the infections they are deleting so using multiple cleaning programs that utilize different cleaning methods give you the best chance of eliminating all traces of malware infections after initial removal of the threats.I've done quite a bit of research into how anti-virus/anti-malware(AV)programs remove infections and one of the methods of killing the infections so that they can be quarantined is by file name disassociation whereby the file names of the multiple parts of the infection are changed this actually works to confuse the infection crippling it because it if can't find the other parts of itself to access it can't run.One program contains multiple sub-folders and those sub-folders contain sub-files which consist of program architecture and commands that are necessary for the main program to be able to run successfully, when the core or main program attempts to start-up and run it needs to access its sub-folders and sub-files by looking them up by name and if the names any of these sub folders or sub-files are changed the main program file wont be able to recognize them they become disassociated from the main program file which causes the main program to fail when it tries to run. That' why file name disassociation works so well with a variety of infections.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.

User avatar

Jackolope
Posts: 172
Joined: Sun Oct 02, 2011 7:20 pm
Location: NJ

Re: I thought my PC was clean???

Post by Jackolope » Fri Sep 25, 2015 7:32 pm

Conduit is the devil. I had it on my computer once after downloading a program. Malwarebytes and CCleaner got rid of it, but it ripped through my software and made my Photoshop, which I use for work, completely corrupted. So I had to system restore. Took 3 weeks to completely find and delete ever file it had corrupted and stuck itself in. Never download from CNet. Also word of caution if you ever need an FTP site file sharer, download Firefox and then Add-ons, FireFTP works great, but DO NOT use Filezilla their site will give you a nasty virus, and that's on their site. Never download from third parties, torrent, piratebay, or any free stuff kids.

My brother introduced me to CCleaner long ago and I run it once a month. Cleans up Firefox and IE real good since those browsers eat bytes like M&Ms!
You've got it all wrong....we are the pets, not them!

User avatar

Laurie LeAnn
Posts: 989
Joined: Wed Sep 16, 2015 12:31 am

Re: I thought my PC was clean???

Post by Laurie LeAnn » Mon Sep 28, 2015 1:19 am

You just can't go work for someone that has already been licenced

User avatar

Topic author
Crabber85
Posts: 1911
Joined: Tue Dec 29, 2009 1:04 pm
Location: The Matrix, it has us all.

Re: I thought my PC was clean???

Post by Crabber85 » Tue Sep 29, 2015 2:02 am

@Laurie Leann, No I've tried that and the shops that I have near me all want at least twelve months of in-store experience and an associates degree in either IT or Computer Sciences which really stinks.

@Jackolope, I typically only download from File Hippo or CNET but have seen a huge uptick in the number of PUM or PUP related infections from CNET so I don't use that site unless I absolutely have to.

I agree Conduit is the devil and completely cleaning it out of an infected system is a hassle, I've been there and done that, even with using CCLEANER, Malwarebytes and HitmanPro it took three reboot cycles to get it all on my mothers Windows 8 system.
Hi I have autism so I tend to answer questions very directly and with little emotion so please don't think I'm being rude.
#Autism Speaks.

Locked