Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Reply
 
Thread Tools Display Modes
Old 15. Feb 2014, 03:40 AM   #1 (permalink)
Full Member
 
Join Date: Nov 2013
Posts: 86
Default malware?

I ran a scan with Emsisoft and my computer came out clean a week ago , decided to run it again and it found the below , don't know how serious it is though.

Unfortunately for me I accidently hit one of those terrible banner ads thingies while looking at a website (and yes I know they are no good) for 7 Zip , I immediately hit the back button and got out of there .

I'm just wondering how likely is it that I got infected by doing that , or do you have to download and open to get infected .

Thanks
Attached Images
File Type: jpg Untitled.jpg (75.5 KB, 13 views)
herbc is offline   Reply With Quote
Old 15. Feb 2014, 05:24 AM   #2 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Aja, why are you browsing out of the sandbox? Just kidding.

I am not so sure that you are infected. Don't delete nothing yet. The picture shows something about "settings". I would run HMP and MBAM, if you are infected they ll find something. MBAM is good at detecting changes in settings that malware changes sometimes. And it will tell if a setting is not as its supposed to be. But keep in mind that maybe you made that change, not malware.
http://www.filehippo.com/download_ma..._anti_malware/

http://www.surfright.nl/en

Bo
bo.elam is offline   Reply With Quote
Old 15. Feb 2014, 03:28 PM   #3 (permalink)
Senior Member
 
sicknero's Avatar
 
Join Date: Mar 2012
Location: England
Posts: 657
Default

Difficult call without seeing exactly what the suspect registry entry is and what it does. Some malware scans do flag harmless registry edits simply because they are potentially unwelcome.

For example if you set another program (System Explorer for instance) as your default CTRL-ALT-DELETE task manager then many AVs will flag this as a system hijack. And quite rightly so, the only difference is that it's one you've done yourself. Similarly, editing the registry to replace the default Windows notepad will trigger system hijack alerts with some AV scanners.

Having said that though, I use the Emsisoft scanner and it doesn't flag the "system hijacks" that I've performed myself so I would be concerned if it did alert me to a registry entry.

If it were me I would research the registry key in question and find out exactly what it does. You could also export it (using Regedit) and then delete the original from the registry. That way if it turns out to be something you need you can replace it easily. It might not be related to your browsing.

To answer your other question, yes it is possible to get infected merely by visiting a webpage. I think that's what is known as "drive-by malware".

This is why browser add-ons like Noscript and Request Policy are used (they use a default-deny policy to prevent unwelcome code being executed when you visit a page) and also why so many people keep their browsers sandboxed ... the effect of that, is that any changes that might occur on your PC via your browser can be easily reversed and don't effect the whole system.
sicknero is offline   Reply With Quote
Old 15. Feb 2014, 06:04 PM   #4 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by sicknero View Post
This is why browser add-ons like Noscript and Request Policy are used (they use a default-deny policy to prevent unwelcome code being executed when you visit a page) and also why so many people keep their browsers sandboxed ... the effect of that, is that any changes that might occur on your PC via your browser can be easily reversed and don't effect the whole system.
Very nice post Nick. I like to say something about NoScript. I have been using NoScript for as long as Sandboxie, started using it maybe a month or two after discovering SBIE five and a half years ago. Ever since I have been using NoScript, I have never seen anything that looks or acts like malware while browsing. Not once.

Thats pretty strong. I dont take NoScript for granted, its there and its doing something, perhaps quietly but its protection its powerfull. I wouldn't trade it for nothing. And it is the main reason why Firefox is my browser.

Bo
bo.elam is offline   Reply With Quote
Old 15. Feb 2014, 06:56 PM   #5 (permalink)
Senior Member
 
sicknero's Avatar
 
Join Date: Mar 2012
Location: England
Posts: 657
Default

Thanks, I agree I wouldn't be without Noscript now even if it is a bit of a pain until you get the hang of it and get a personalised whitelist established.

Request Policy is one I've added quite recently and although it's even more of a pain than Noscript initially, I really like it and it's fascinating to watch it in action ... it makes a lot of browser activity very transparent such as the way that websites communicate with each other and also how much of that is unnecessary for a site to work.

My only reservation really with these kind of default-deny measures is that I suspect many people would just get fed up with the amount of blocks and warnings and end up just allowing everything as can happen with a lot of the more active HIPS/BB anti-malware software.
sicknero is offline   Reply With Quote
Old 15. Feb 2014, 08:32 PM   #6 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

For me, NoScrript has never been a pain. Not even on day 1.

I took a no nonsense approach to it and before I knew it, things started making sense. About the whitelist/blacklist. Personally, I don't use a whitelist (only have 4 sites in there) and I might get about one or two popups from NoScript a year. That is nothing, thats why I used the word "quietly" to describe its protection. But I do use a Blacklist to block trackers. Its funny how people always talk about the whitelist and hardly ever talk about the blacklist for untrusted sites. My approach on how I use NoScript is totally different than how most people use the program.

Bo
bo.elam is offline   Reply With Quote
Old 15. Feb 2014, 09:18 PM   #7 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,335
Default

Quote:
My approach on how I use NoScript is totally different than how most people use the program.
I can certainly see a brief article by Bo on how to use NoScript's blacklisting abilities!!

Anyone else see this possibility as well?!
__________________
Been here since the beginning.
kendall.a is offline   Reply With Quote
Old 15. Feb 2014, 10:13 PM   #8 (permalink)
Full Member
 
Join Date: Nov 2013
Posts: 86
Default

Thanks guys, will try the tips you provided, should of used Sandboxie for sure, dumb mistake.
herbc is offline   Reply With Quote
Old 15. Feb 2014, 11:04 PM   #9 (permalink)
Senior Member
 
sicknero's Avatar
 
Join Date: Mar 2012
Location: England
Posts: 657
Default

I'd be interested to hear more ... I was thinking that the reason people don't really talk about blacklisting in relation to Noscript is that it works on a principle of default-deny, i.e. anything unknown is automatically blocked, therefore user input focuses on adding items to the whitelist. What blacklisting ability it does have is solely to remove items from the whitelist, or at least that's how I've always understood it.

Apologies if we've derailed your thread a bit Herbc.
sicknero is offline   Reply With Quote
Old 16. Feb 2014, 12:20 AM   #10 (permalink)
Full Member
 
Join Date: Nov 2013
Posts: 86
Default

No problem , feel free to derail at anytime , I do it myself all the time, actually ads to a threads helpfulness actually .

Here's another screenshot , malwarebytes and hitman pro coming up empty.
Attached Images
File Type: jpg Untitled.jpg (82.0 KB, 6 views)
herbc is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 08:46 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.