As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Oh wonderful, a fake virus program (that's a virus)

never dienever die Registered User regular
edited July 2010 in Help / Advice Forum
So to my great enjoyment (sarcasm) today on my laptop (posting this on a different laptop, so no worries there) I got to find out that I have the Mal/FakeAvHm-A malware, which essentially fucks with my system, not allowing me to do anything, while it bombards me with pop-ups and encouragements to buy their "software." I've done some research with my anti-virus software, and found this on their site :http://community.sophos.com/t5/Sophos-Endpoint-Security-and/MAL-FAKEAVHM-A-IS-in-the-heart-of-my-computer/m-p/3726

and another:

http://community.sophos.com/t5/Sophos-Endpoint-Security-and/Mal-FakeAvHm-A-infection/m-p/3223

So it sounds like I might have to delete my user account on my computer, after running an external computer's virus protection, or maybe just delete the account. Then I get to back-up my files (which I don't have much back up stuff for, my fault I know) and create a new account. What I want to know is there any other way to get rid of it other than this? Or am I basically fucked, and will just have to wipe my computer clean?

never die on

Posts

  • Options
    ThanatosThanatos Registered User regular
    edited July 2010
    Here's what works for me the vast majority of the time when stuff like this shows up on computers at my office:

    1. Start your computer in Safe Mode with Networking (hit F8 as the computer logs in; if you're on a work network, I would suggest starting it in regular safe mode, not with networking). Log in as an admin.

    2. Download, install, and update Spybot Search & Destroy and MalwareBytes Anti-Malware (if you're on a work network, download the software and the updates on a different computer, burn them to a CD, and install from there).

    3. Log out as admin (if you need to), log in with the originally infected account.

    4. Scan with Spybot then MBAM. Let them delete everything (I've never run into any problem with them deleting anything important).

    5. If they prompt you to restart, do so.

    If that does it, I'd suggest backing up your files now, just in case they didn't clean off any installed rootkits or anything. If that doesn't do it, you're probably fucked.

    Thanatos on
  • Options
    DaebunzDaebunz Registered User regular
    edited July 2010
    I had to do a similar process as that, except repeatedly because it kept coming back. I eventually said fuck it and went for the nuclear option after it started acting differently on one occasion. Wasn't taking any chances.

    It worked out in my case as I really don't keep a lot that I need to back up or couldn't reinstall easily, but if you do then your mileage may vary.

    Daebunz on
    7yh4xczljsym.png
  • Options
    never dienever die Registered User regular
    edited July 2010
    I'm starting to think I might be fucked. I only have one account on the laptop, which I'm pretty sure is the Admin account (can't think of what else it could be). I can maybe do an external virus scan and have it get rid of the stuff, and then see where I can go from there. If the account is fubar'd, then I guess I'll just have to figure out how to get rid of the account, and then used the back-up program files that came with the laptop, which should cover everything but Word and Sophos that I use. The only things I'll lose that'll annoy me, that I can remember are my game saves, and the original Fallout games (which I don't have the discs for, borrowed from a friend). Steam should be fine, and most of my documents I have hard copies of. I'll post in here later to see what works.

    And thanks for the help!

    never die on
  • Options
    ThanatosThanatos Registered User regular
    edited July 2010
    never die wrote: »
    I'm starting to think I might be fucked. I only have one account on the laptop, which I'm pretty sure is the Admin account (can't think of what else it could be). I can maybe do an external virus scan and have it get rid of the stuff, and then see where I can go from there. If the account is fubar'd, then I guess I'll just have to figure out how to get rid of the account, and then used the back-up program files that came with the laptop, which should cover everything but Word and Sophos that I use. The only things I'll lose that'll annoy me, that I can remember are my game saves, and the original Fallout games (which I don't have the discs for, borrowed from a friend). Steam should be fine, and most of my documents I have hard copies of. I'll post in here later to see what works.

    And thanks for the help!
    You should at least try the restarting in safe mode w/networking thing, and running Spybot and MBAM. It'll probably take a couple of hours, but it's easier than reformatting, and will probably clean things up at least enough for you to easily save a few files.

    Thanatos on
  • Options
    never dienever die Registered User regular
    edited July 2010
    Thanatos wrote: »
    never die wrote: »
    I'm starting to think I might be fucked. I only have one account on the laptop, which I'm pretty sure is the Admin account (can't think of what else it could be). I can maybe do an external virus scan and have it get rid of the stuff, and then see where I can go from there. If the account is fubar'd, then I guess I'll just have to figure out how to get rid of the account, and then used the back-up program files that came with the laptop, which should cover everything but Word and Sophos that I use. The only things I'll lose that'll annoy me, that I can remember are my game saves, and the original Fallout games (which I don't have the discs for, borrowed from a friend). Steam should be fine, and most of my documents I have hard copies of. I'll post in here later to see what works.

    And thanks for the help!
    You should at least try the restarting in safe mode w/networking thing, and running Spybot and MBAM. It'll probably take a couple of hours, but it's easier than reformatting, and will probably clean things up at least enough for you to easily save a few files.

    I've restarted in safe mode before and ran the virus scan on my computer, which didn't work. I also can't access the internet, even with my connection for some reason, so I'll have to wait until tomorrow when I have someone who will let me use their comp as an external virus scanner.

    never die on
  • Options
    jungleroomxjungleroomx It's never too many graves, it's always not enough shovels Registered User regular
    edited July 2010
    These things are extremely difficult to get rid of. I have gone through and manually removed anything that could be associated with it (Registry entries, files, directories, etc), and remnants of them still pop up. I got it off a friends computer when it was called AntiVirus 360 or something similar and the web browser redirects still popped up, despite deleting the plugin and infected files. These things also seem to pacify virus scanners and spyware scanners.

    Your best bet is to take all the irreplaceable info and put it on some sort of rewritable media like an SD card or a USB stick. Reformat then reinstall Windows. Secure your comp with Spybot/Adaware and Avast! Antivirus, then plug in your USB stick and try it from there.

    I wouldn't suggest hooking another comp up to it, as their computer may also get infected unless the security on them is set very high.

    jungleroomx on
  • Options
    Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    edited July 2010
    With stuff like this, sometimes the fastest and easiest solution is just to format. Not saying you shouldn't do the safe mode/antimalware routine, but you can spend much less time than it would take to scrub out a malicious rootkit by just wiping the drive (assuming you can back up the stuff you need.)

    In the future, you should create a second user account that does not have admin privileges and use that for everyday activity. It's much harder (or impossible) to remove a virus when you get infected in full admin mode and it has access to all your settings.

    Eat it You Nasty Pig. on
    NREqxl5.jpg
    it was the smallest on the list but
    Pluto was a planet and I'll never forget
  • Options
    JaysonFourJaysonFour Classy Monster Kitteh Registered User regular
    edited July 2010
    Echoing the call to format.

    You can either spend a long time dicking around with it and not be totally sure you got rid of it, or you can get rid of it and have a chance to start fresh with your computer.

    Chalk the data loss up to experience and move on, more the wiser.

    JaysonFour on
    steam_sig.png
    I can has cheezburger, yes?
  • Options
    ThanatosThanatos Registered User regular
    edited July 2010
    never die wrote: »
    Thanatos wrote: »
    never die wrote: »
    I'm starting to think I might be fucked. I only have one account on the laptop, which I'm pretty sure is the Admin account (can't think of what else it could be). I can maybe do an external virus scan and have it get rid of the stuff, and then see where I can go from there. If the account is fubar'd, then I guess I'll just have to figure out how to get rid of the account, and then used the back-up program files that came with the laptop, which should cover everything but Word and Sophos that I use. The only things I'll lose that'll annoy me, that I can remember are my game saves, and the original Fallout games (which I don't have the discs for, borrowed from a friend). Steam should be fine, and most of my documents I have hard copies of. I'll post in here later to see what works.

    And thanks for the help!
    You should at least try the restarting in safe mode w/networking thing, and running Spybot and MBAM. It'll probably take a couple of hours, but it's easier than reformatting, and will probably clean things up at least enough for you to easily save a few files.
    I've restarted in safe mode before and ran the virus scan on my computer, which didn't work. I also can't access the internet, even with my connection for some reason, so I'll have to wait until tomorrow when I have someone who will let me use their comp as an external virus scanner.
    It probably changed your connection setting to include a proxy server. What version of what browser are you using?

    Thanatos on
  • Options
    SipexSipex Registered User regular
    edited July 2010
    I'm always iffy to wipe a hard drive just because it's the easiest solution. My friends used to do it all the time and you really start to notice the hard drive degradation (things run slower, hard drives crap out sooner, data gets corrupted easily).

    Mind, as long as you don't resort to formatting one every other month you'll be okay.

    Sipex on
  • Options
    never dienever die Registered User regular
    edited July 2010
    Thanatos wrote: »
    never die wrote: »
    Thanatos wrote: »
    never die wrote: »
    I'm starting to think I might be fucked. I only have one account on the laptop, which I'm pretty sure is the Admin account (can't think of what else it could be). I can maybe do an external virus scan and have it get rid of the stuff, and then see where I can go from there. If the account is fubar'd, then I guess I'll just have to figure out how to get rid of the account, and then used the back-up program files that came with the laptop, which should cover everything but Word and Sophos that I use. The only things I'll lose that'll annoy me, that I can remember are my game saves, and the original Fallout games (which I don't have the discs for, borrowed from a friend). Steam should be fine, and most of my documents I have hard copies of. I'll post in here later to see what works.

    And thanks for the help!
    You should at least try the restarting in safe mode w/networking thing, and running Spybot and MBAM. It'll probably take a couple of hours, but it's easier than reformatting, and will probably clean things up at least enough for you to easily save a few files.
    I've restarted in safe mode before and ran the virus scan on my computer, which didn't work. I also can't access the internet, even with my connection for some reason, so I'll have to wait until tomorrow when I have someone who will let me use their comp as an external virus scanner.
    It probably changed your connection setting to include a proxy server. What version of what browser are you using?

    Internet Explorer 7 or 8, not sure at the moment.

    Also, I've never had to reformat a computer before, how exactly would I go about doing it?

    Edit: Also, would it be possible to take my documents off with a usb stick? It wouldn't get infected?

    never die on
  • Options
    AtomBombAtomBomb Registered User regular
    edited July 2010
    Thanatos wrote: »
    It probably changed your connection setting to include a proxy server. What version of what browser are you using?

    Also check to see if it changed your DNS server settings. I saw one recently where it set the DNS servers to somewhere in the Ukraine. They were able to get to some sites, but most things were redirected.

    I've had some luck cleaning with Malwarebytes and Superantispyware (that sounds so fake). One infection was pretty aggressive like you describe, throwing up tons of pop ups, locking the internet down and claiming anything you tried to open was infected (taskmanager is infected, really?). It actually came out in one pass without me having to do anything extra. I've see others that seemed more mild, just occasionally putting up a Windows-like popup, that wouldn't die until I finally nuked the machine.

    I say give Spybot, Malwarebytes and Superantispyware a shot, but if you see any signs of it after giving them each a pass go ahead and nuke it.

    AtomBomb on
    I just got a 3DS XL. Add me! 2879-0925-7162
  • Options
    RuckusRuckus Registered User regular
    edited July 2010
    Sipex wrote: »
    I'm always iffy to wipe a hard drive just because it's the easiest solution. My friends used to do it all the time and you really start to notice the hard drive degradation (things run slower, hard drives crap out sooner, data gets corrupted easily).

    Mind, as long as you don't resort to formatting one every other month you'll be okay.

    Formatting a hard drive repeatedly won't degrade it's performance. Not anymore than using it normally does anyway. If your friend had to format that often he was probably doing something horribly wrong.

    Ruckus on
  • Options
    3drage3drage Registered User regular
    edited July 2010
    Losing personal files is rough, but that's why you should always keep a backup in a reliable place. Being in the security industry I always recommend formatting and reinstalling (if there's a risk of a boot sector virus, then complete repartition and wipe). You can just never know for sure that you have the crap off your system.

    3drage on
  • Options
    EndEnd Registered User regular
    edited July 2010
    AtomBomb wrote: »
    Thanatos wrote: »
    It probably changed your connection setting to include a proxy server. What version of what browser are you using?

    Also check to see if it changed your DNS server settings. I saw one recently where it set the DNS servers to somewhere in the Ukraine. They were able to get to some sites, but most things were redirected.

    Sometimes the methods they use aren't even that obvious. I've seen a rootkit that rewired things on an even more fundamental level, so that the only reason I was able to detect it was that the wrong DNS results were being returned.

    Anyhow, while I'd echo your recommendation of Malwarebytes, re-formatting is the only sure way to make sure a system really gets cleaned.

    End on
    I wish that someway, somehow, that I could save every one of us
    zaleiria-by-lexxy-sig.jpg
  • Options
    never dienever die Registered User regular
    edited July 2010
    So essentially my option are reformat the computer, then get these antivirus and antispyware stuff to run on my comp cause my anti-viruse are compromised?

    never die on
  • Options
    RuckusRuckus Registered User regular
    edited July 2010
    never die wrote: »
    So essentially my option are reformat the computer, then get these antivirus and antispyware stuff to run on my comp cause my anti-viruse are compromised?

    Reformatting is a "Nuke it from Orbit" solution. You probably don't need to scan after you've reformatted (except for regularly scheduled scans to detect future unrelated infections).

    Ruckus on
  • Options
    3drage3drage Registered User regular
    edited July 2010
    Also modify your computer use behavior so that you don't muck up your computer again.

    3drage on
  • Options
    never dienever die Registered User regular
    edited July 2010
    Ruckus wrote: »
    never die wrote: »
    So essentially my option are reformat the computer, then get these antivirus and antispyware stuff to run on my comp cause my anti-viruse are compromised?

    Reformatting is a "Nuke it from Orbit" solution. You probably don't need to scan after you've reformatted (except for regularly scheduled scans to detect future unrelated infections).

    Okay. I'm still confused about how I caught the damn thing, as I do do weekly scans.

    I'll see how the nuking option goes.

    never die on
  • Options
    RuckusRuckus Registered User regular
    edited July 2010
    never die wrote: »
    Ruckus wrote: »
    never die wrote: »
    So essentially my option are reformat the computer, then get these antivirus and antispyware stuff to run on my comp cause my anti-viruse are compromised?

    Reformatting is a "Nuke it from Orbit" solution. You probably don't need to scan after you've reformatted (except for regularly scheduled scans to detect future unrelated infections).

    Okay. I'm still confused about how I caught the damn thing, as I do do weekly scans.

    I'll see how the nuking option goes.

    Typically, there are 3 avenues of infection for viruses and malware:
    (1) You, or another of the users of this computer, visited a compromised or intentionally malicious website that performed a drive-by installation of the virus or malware.

    (2) You, or another of the users of this computer, opened a compromised or intentionally malicious email attachment and/or clicked a link to a website as described in (1).

    (3) You, or another of the users of this computer, failed to keep your Operating System up to date and firewall in place, allowing a compromised computer on your network to exploit a vulnerability on the system and infect it.

    Ruckus on
  • Options
    never dienever die Registered User regular
    edited July 2010
    I think it was one, cause I got it not long after going to the fallout.wiki site.

    Also, I just ran a system restore on my computer, and rebooted it to a month ago. It seems to have worked, but I'm not 100% sure. I'm running a virus scan right now. So Than, you said to download Spybot Search & Destroy and MalwareBytes Anti-Malware right? So I'll need to shut my own antivirus off to do this, won't I? So they don't end up killing each other?

    never die on
  • Options
    RuckusRuckus Registered User regular
    edited July 2010
    Depends on your antivirus. If it's just an Antivirus, you should be able to install Spybot or Malwarebytes and run a scan without your AV interfering. If your AV package has a malware protection component, it may interfere, and should be temporarily disabled.

    Ruckus on
  • Options
    OnTheLastCastleOnTheLastCastle let's keep it haimish for the peripatetic Registered User regular
    edited July 2010
    MalwareBytes is so great. I just fixed a computer that I was pretty sure needed a full on wipe with an un-updated version of it.

    edit: MalwareBytes ran w/o update. Microsoft Security Essentials wouldn't without being able to check the internet. Grumble mumble. I didn't think to burn the updates onto the cd also.

    OnTheLastCastle on
  • Options
    never dienever die Registered User regular
    edited July 2010
    Alright. As soon as my anti-virus is done scanning it, I'll download those and run it. Hopefully my last post on this thread should be my last!

    never die on
  • Options
    ThanatosThanatos Registered User regular
    edited July 2010
    Even if it comes up clean, you should still back up anything you'd want to save, in case the restore just got rid of the symptoms rather than the root cause.

    Thanatos on
  • Options
    UncleChetUncleChet N00b Lancaster, PARegistered User regular
    edited July 2010
    I just fixed one of these this weekend. McAffee just put out a free to download fix called McAffee stinger. Log in as admin in safe mode, Search for, save and run McAffee stinger, (my scan took about 30 minutes). Then I suggest installing MS Security Essentials and Malware Bytes. It's better ifyou pay for MB for the realtime scanning, it's like 25 bucks. Run your scans in admin mode, then reboot into normal user and go in to IE, go to Tools>Internet Options>Connection and uncheck "use a proxy server.

    UncleChet on
    I'm sometimes grumpy and random, feel free to overlook the strange man in the corner.
  • Options
    RuckusRuckus Registered User regular
    edited July 2010
    UncleChet wrote: »
    I just fixed one of these this weekend. McAffee just put out a free to download fix called McAffee stinger. Log in as admin in safe mode, Search for, save and run McAffee stinger, (my scan took about 30 minutes). Then I suggest installing MS Security Essentials and Malware Bytes. It's better ifyou pay for MB for the realtime scanning, it's like 25 bucks. Run your scans in admin mode, then reboot into normal user and go in to IE, go to Tools>Internet Options>Connection and uncheck "use a proxy server.

    McAfee Stinger is an free utility that they update and re-release when major new annoyances crop up.

    Ruckus on
  • Options
    Jealous DevaJealous Deva Registered User regular
    edited July 2010
    I had a similar virus one time. What I ended up having to do was reboot into safe mode and manually edit the registry to disassociate exe files from the virus, then restore the normal run default action and run as administrator, etc right click options. I remember that I had to actually manually make up a reg file in notepad and merge it to do this because regedit.exe wasn't loading from the command prompt. Also deleted the startup file from the registry run entry and location on the hard drive.

    How the hell I did this I can't remember, but there were instructions online. Also I obviously ran av programs once I got exe functionality back.

    I also don't know that I'd recommend doing all this if you have an easier option available, I'm sure there are automated programs to do it somewhere.

    Jealous Deva on
  • Options
    never dienever die Registered User regular
    edited July 2010
    Thanatos wrote: »
    Even if it comes up clean, you should still back up anything you'd want to save, in case the restore just got rid of the symptoms rather than the root cause.

    I thought of that, but won't that bring it into the back-up?

    never die on
  • Options
    Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    edited July 2010
    (most) data files can't carry executable code, so no, backing up data won't re-infect your next installation.

    Eat it You Nasty Pig. on
    NREqxl5.jpg
    it was the smallest on the list but
    Pluto was a planet and I'll never forget
  • Options
    never dienever die Registered User regular
    edited July 2010
    (most) data files can't carry executable code, so no, backing up data won't re-infect your next installation.

    Sweet!

    As of right now, I think my computer is fine, so I'm backing up stuff on Dell's Data Safe thing.

    Thanks for all of your help! I'mnot gonna ask that this be closed yet, i wanna give it a few days to see if things are fine for sure.

    never die on
  • Options
    Steel-AngelSteel-Angel Registered User regular
    edited July 2010
    i'd run a combofix scan

    i lost my wow account to some keylogger that embedded itself inside a system file which AVG couldn't detect

    Steel-Angel on
    signaturep.jpg
  • Options
    MuddBuddMuddBudd Registered User regular
    edited July 2010
    I got this a few months ago, from an infected ad banner. Never even clicked it.

    I was able to eventually disable it. If it's similar, here's the trick.

    It usually runs itself as a file called av.exe or something similar. When it installed itself, it altered your registry to make all executable files launch av.exe instead of what they are supposed to do.

    1. So first thing is to use the task manager to shut down any process that looks suspicious until it goes away.
    2. Next, run a FixEXE.reg file, you can find in the link or just make your own.

    To make a fixexe.reg file, open a text file and paste this in. Then rename to fixexe.reg and run it.
    REGEDIT4
    
    [HKEY_CLASSES_ROOT\.exe]
    "Content Type"="application/x-msdownload"
    @="exefile"
    
    [HKEY_CLASSES_ROOT\exefile]
    "EditFlags"=hex:d8,07,00,00
    @="Application"
    
    [HKEY_CLASSES_ROOT\exefile\shell]
    @=""
    
    [HKEY_CLASSES_ROOT\exefile\shell\open]
    @=""
    "EditFlags"=hex:00,00,00,00
    
    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"
    
    [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
    @="%1"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
    "Content Type"="application/x-msdownload"
    @="exefile"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile]
    "EditFlags"=hex:d8,07,00,00
    @="Application"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell]
    @=""
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open]
    @=""
    "EditFlags"=hex:00,00,00,00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
    @="\"%1\" %*"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon]
    @="%1"
    

    That should give you enough control over your computer to run spybot and malwarebytes, but it will reassert itself if you reboot before you fully remove it.

    MuddBudd on
    There's no plan, there's no race to be run
    The harder the rain, honey, the sweeter the sun.
  • Options
    mifune_sanmifune_san Registered User new member
    edited July 2010
    Just FYI - I had a nasty rootkit situation similar to this. If you're backing up to any external hard drives or USB sticks, be aware - some of these fuckers will install autorun files on any removable drives you plug in. USB stick gets plugged in - USB stick gets stuck with an autorun - you plug it back in to your clean computer to restore your files, and blammo: rootkit reinstalled.

    mifune_san on
  • Options
    mcdermottmcdermott Registered User regular
    edited July 2010
    mifune_san wrote: »
    Just FYI - I had a nasty rootkit situation similar to this. If you're backing up to any external hard drives or USB sticks, be aware - some of these fuckers will install autorun files on any removable drives you plug in. USB stick gets plugged in - USB stick gets stuck with an autorun - you plug it back in to your clean computer to restore your files, and blammo: rootkit reinstalled.

    Which is why it's smart to disable autorun.

    mcdermott on
  • Options
    HachfaceHachface Not the Minister Farrakhan you're thinking of Dammit, Shepard!Registered User regular
    edited July 2010
    If you intend to back up and reformat, you should at least try ComboFix (after the back up, before the reformat). It is an extremely powerful tool that has never failed to get rid of any malware problem I've had. It can fuck up your OS if you're not careful, but since your only other option is reformatting anyway...

    Hachface on
  • Options
    DisrupterDisrupter Registered User regular
    edited July 2010
    Comboxfix is where its at.

    I have heard you can f up your OS with it, but Ive never seen it happen. Pretty much my last 6 months working at geek squad consisted of me just running combofix on any infected PC and curing the shit out of everything way faster then "actual geeksquad approved tools"

    Disrupter on
    616610-1.png
  • Options
    HachfaceHachface Not the Minister Farrakhan you're thinking of Dammit, Shepard!Registered User regular
    edited July 2010
    Disrupter wrote: »
    Comboxfix is where its at.

    I have heard you can f up your OS with it, but Ive never seen it happen. Pretty much my last 6 months working at geek squad consisted of me just running combofix on any infected PC and curing the shit out of everything way faster then "actual geeksquad approved tools"

    I, too, am unclear how Combofix can fuck your system up, but apparently it can. But that hardly matters if the alternative is a reformat.

    Hachface on
  • Options
    Jebus314Jebus314 Registered User regular
    edited July 2010
    mcdermott wrote: »
    mifune_san wrote: »
    Just FYI - I had a nasty rootkit situation similar to this. If you're backing up to any external hard drives or USB sticks, be aware - some of these fuckers will install autorun files on any removable drives you plug in. USB stick gets plugged in - USB stick gets stuck with an autorun - you plug it back in to your clean computer to restore your files, and blammo: rootkit reinstalled.

    Which is why it's smart to disable autorun.

    I'm pretty sure autorun is disabled by default in Vista and 7.

    Jebus314 on
    "The world is a mess, and I just need to rule it" - Dr Horrible
Sign In or Register to comment.