OKAY, Unix/Linux users aside (and don't say Macs as they are not immune to viruses).

So I consider myself decent with computers. Not great, but decent.

Here's the setup:

Dell laptop running Windows 7
Fully up-to-date on patches
Zonealarm firewall running and up-to-date, set pretty strict
For AV, Microsoft Security Essentials running and up-to-date
Windows set to ask permissions to make any changes
Using Firefox, up-to-date

Nothing else running, visited a normal, popular geeky forums site. No porn, no cracked stuff, no file shares, nothing out of the ordinary.

Someone must have posted something or had something in their sig because BAM, my system went nuts. Must have been HTML script or javascript. The virus was one of the "Sirefef" family, embeds deep, replaces APIs, downloads more of its kind. Zonealarm semi-blocked part of it, MSE was killed completely. Researched the virus using my other laptop - its a bad one and some variants are pretty much unremoveable.

Burned the few new files (pics, music) since the last backup and started a factory restore. Hours wasted.

I've been reading some virus stories on here and noticed a pattern:

1) OP takes blame for not having AV software or it being out-of-date. Not the case here, and before you tell me MSE sucks and to use Avira, or Kapersky or whatever - MSE won the poll on these forums for most used. It gets great reviews and scores and let's face it, no matter which of the big dog AV I use, the users of the other ones would blame it. Can't use them all. PLUS I had everything patched and Zonealarm running.

2) OP takes the blame for opening files or visiting shady sites - again, not the case here. This was a mainstream Site, forums like these. Just reading as I'd done 10000 times before. Sigs and such are on all forums.

3) Browser blame - I use Firefox and Chrome. I'll admit I don't have no-script running anymore because it crippled so many sites and drove my family mad. Is that what we've come to? "If you do everything else right but don't run no-script then you deserve a fried pc"?

Have the virus writers just gotten so advanced that none of us are immune, unless you absolutely go to town (2 major AV suites, solid firewall, no-script, etc etc)?


So my question: what was I doing wrong or failing to do right? How do I better avoid this stuff happening again?

unfortunately Sirefef virus is often contracted from downloading files that were infected or installed onto your computer directly through trojans.
Firewalls aren't the best things to prevent trojan because of API hijacking + kernel access can bypass any type of those detections. Firewall is simply used to block third grade trojan, website related infections and harmless software's network access.
especially when the firewall isn't integrated into OS network socket API directly, it makes them even more useless.

as for AV, MSE is one of the most useless anti-virus on the market as in it only removes very specific virus variant with matching hashing signature.

you still have no one else but yourself to blame on this one, sorry

Many of what you call viruses aren't that at all. Many times, annoying code is malware that is targeting some weakness in the OS. Running programs like Malwarebytes usually gets rid of it. Sometimes it's an ad that also exploits weaknesses in the OS. For those, I use Rkill and Malwarebytes or Hitman Pro. Nothing out of the ordinary running on my desktop at the moment. Been that way for a long time now...

Could also have been a rotating ad banner. PDF reader, Java Runtime, Flash plugins are all big culprits. Either always keep them up to date or don't install them at all. On another note, in their standard configurations, I'd say Chrome is more secure than Firefox.

Personally, I don't put much faith into anti-virus software. Programs that rely on signatures and heuristics can only do so much. Perhaps you can look into something like sandboxie (http://www.sandboxie.com) or Bufferzone (http://trustware.com/)

as for AV, MSE is one of the most useless anti-virus on the market as in it only removes very specific virus variant with matching hashing signature.
you still have no one else but yourself to blame on this one, sorry

+1+1+1
4) MSE sucks. Use at your own risk. When will folks learn?

I also faced a big problem, I have got a virus which is name autorun but whenever I try to delete that, it comes again and again and also not giving any chance to setup anything even, so what can I do now ???

Go to Majorgeeks and see what they say. Good luck...

1. Would recommend full scan with Malwarebytes
2. As others said, switch to a more reliable AV...even the free Avast version works, or if you can afford it pay one year for something like Norton 360
3. Install Adblock for firefox

You forget something very important

Secunia PSI.

There is a lot of virus that use unupdated program to attack your computer.

Run Secunia every 1-2 week and alway be up to date.

You probably can't avoid viruses unless never online and never install/play anything. But a much better way to avoid most problems is to run all day-to-day activities in a non-admin account.Win7 made this much easier now, you need to run your admin account very rarely.

Does the OP take blame for using admin account?

The anti-virus s/w makers will always be behind the hackers. They are always playing catchup.
(These virus/malware developers are brilliant guys.)

The only way to be safe is with a daily backup image of the hard disk - for restore at a later date. I do not know of a 100% method to be virus free, unless one doesn't do emails, browse the the web or download files (as stated by another poster).

There's no way to avoid malware completely. It can sneak into advertising banners even on sites like RFD. Manufacturers can let it accidentally slip into their legit software.

1st line of defence: run up-to-date antivirus software. It definitely won't pick up everything, but it will pick up some things. It's also good to have a firewall like ZoneAlarm that notifies you and blocks unrecognized outgoing internet connections, just so you will be aware that your system has been infected.

2nd line of defence: keep your operating system and other software up to date with the latest security patches. But to be honest, I don't personally do this any more because there are just too many to keep up with them, and the patches often cause unwanted disruptions and side effects.

3rd line of defence: system restore gets rid of a lot of malware. Make sure you have plenty of disk space dedicated to system checkpoints and that you generate one regularly. Restore doesn't always eliminate the problem, as trickier malware can hide. Also, system restore itself doesn't always work due to its many limitations and bugs. But it's faster than wiping and restoring the whole drive.

4th line of defence: restore the whole system drive from a backup. With dirt cheap backup drives and effective backup software like Acronis True Image, there's simply no excuse for being caught without a backup. If you do fairly frequent backups you can easily identify the few things that have been added since the last backup and preserve them when you wipe the drive and restore the last backup.

If we talk about malware in general then we need to determine what we want to protect: privacy of the personal data, preservation of the personal data or the stability of the operating system and programs?

Does the OP take blame for using admin account?

+1

OP here - thanks for the advice and input so far folks. And good call on that I was using the administration account, that's one of my lessons learned (I'm just so used to being my own system's admin).

I have backups so the solution is that I've run a full system restore to factory. I think the chances of the manufacturer's factory image having somehow been infected by this latest virus are very slim.

I'm also probably going to spring for either Norton AV or 360 as I've been reading good things about the 2012 versions running lite but effective.

i want to know
can a free version of antivirus can protect my pc from virus. i am using windows xp sp1 version?

i want to know
can a free version of antivirus can protect my pc from virus. i am using windows xp sp1 version?

Well I'm getting kind of roasted for using free Microsoft Security Essentials, but I believe the free versions of Avast and Avira are fairly well respected as Antivirus software...

I'm just so used to being my own system's adminEven if you login as regular user, you are still the admin. You just need to supply the admin password whenever you need to use you admin powers.

drove my family madIf you are not the only user of your computer, how can you be completely sure about what other people might or might not be doing on it? Just sayin'.


Could also have been a rotating ad banner. PDF reader, Java Runtime, Flash plugins are all big culprits. Either always keep them up to date or don't install them at all.This. At the very least, keep Java disabled; I find very little use for it nowadays.


i want to know
can a free version of antivirus can protect my pc from virus. i am using windows xp sp1 version?Why the heck are you running such an outdated system? Installing SP3 will probably do much more to keep your system safe than any free antivirus out there.

applications have 2 levels, SYSTEM / USER level
if an application requires admin / SYSTEM access, that's where UAC pops up and ask you about it.
user level application does not post any danger to your system because it simply does not have permission to access the system file.
windows 7 abused ownership of the folder that usually the vairus that can post problems to your critical system files already obtained SYSTEM access.
in this situation doesn't matter you used admin or non admin account, they are pretty much the same.

in regular programming, for typical programmers it is not that obvious in how to run an application in SYSTEM permission without user's consent, however there are countless technique to use to obtain that access without user's consent.

using a non-admin account is generally a method only to prevent people from changing your system setting, nothing else. It will make your computer experiences more difficult with win7's security system.

in regular programming, for typical programmers it is not that obvious in how to run an application in SYSTEM permission without user's consent, however there are countless technique to use to obtain that access without user's consent.

using a non-admin account is generally a method only to prevent people from changing your system setting, nothing else. It will make your computer experiences more difficult with win7's security system.
Supply references please.

Supply references please.

reference is myself being a windows / linux kernel driver programmer + 8 years of reverse engineering experience on packer/packet encryption/virtualization/various type of software.
feel free to take it however the way you wanted.

reference is myself being a windows / linux kernel driver programmer + 8 years of reverse engineering experience on packer/packet encryption/virtualization/various type of software.
feel free to take it however the way you wanted.You know the routine then: post the code/binary.

You know the routine then: post the code/binary.

why would I want to post my personal work on a public forum, my work is already widely distributed over internet.
this ain't a post-secondary homework assignment forum where it's ok to post student codes.
if you want to prove me wrong then first disprove the use of userlevel bypass with Z API functions (this is for beginner, and this is used in various memory editing software too)

commercially, I already proved my point.

why would I want to post my personal work on a public forum, my work is already widely distributed over internet.
this ain't a post-secondary homework assignment forum where it's ok to post student codes.
if you want to prove me wrong then first disprove the use of userlevel bypass with Z API functions (this is for beginner, and this is used in various memory editing software too)

commercially, I already proved my point.

pretty sure he was joking, however i agree with your previous points.

why would I want to post my personal work on a public forum, my work is already widely distributed over internet.
commercially, I already proved my point.
Well, it's either references or the code. So post reference to your widely distributed commercial work.

Well, it's either references or the code. So post reference to your widely distributed commercial work.

feel free to search for an article that has been reference many places regarding unpacking of UPX without the usage of UPX unpacker itself,
and the unpacking script for themida 2.0.0.6 that has been used across the internet.
but unless you can disprove my first claimed Z API usage (which is impossible consider you probably don't even know what I'm talking about, and you will know it's impossible if you do know what i'm talking about), you should probably stop being a troll.

Z API usageDoes it have an official name?

windows 7 abused ownership of the folder that usually the vairus that can post problems to your critical system files already obtained SYSTEM access.

you probably don't even know what I'm talking aboutI wonder why.

Does it have an official name?

and this proved my point.

and this proved my point.Failure to provide accessible evidence does not constitute proof.

Back on topic: aeolus811, what do you recommend to secure a PC for normal Internet use?

1) Firefox up to date
-set to never allow cookies
-never remember any history
-0mb set aside for cache or whatever that setting is
3) Remove IE from the computer
4) Kapersky up to date
-use "additional tools" to clear unwanted and unused data. Do this daily.
5) Auto update of windows but I make it ask for permission to install and do not allow the IE updates

This has worked flawlessly for me and trust me when I say I have seen a fair share of horse units. Ahem...

-set to never allow cookiesIt's commendable how you managed to post here with this.

1) Firefox up to date
-set to never allow cookies
-never remember any history
-0mb set aside for cache or whatever that setting is
3) Remove IE from the computer
4) Kapersky up to date
-use "additional tools" to clear unwanted and unused data. Do this daily.
5) Auto update of windows but I make it ask for permission to install and do not allow the IE updates

This has worked flawlessly for me and trust me when I say I have seen a fair share of horse units. Ahem...
#1 and #3 ( # 2?) are useless. If you do what you say with Firefox you'll have a very poor Internet experience. And IE is not a problem in itself, I got viruses from Firefox too.

feel free to search for an article that has been reference many places regarding unpacking of UPX without the usage of UPX unpacker itself,
and the unpacking script for themida 2.0.0.6 that has been used across the internet.
but unless you can disprove my first claimed Z API usage (which is impossible consider you probably don't even know what I'm talking about, and you will know it's impossible if you do know what i'm talking about), you should probably stop being a troll.

You may have some valid points but you also seem to hide behind some very technical terms. xales0 is right about asking for public references, I'm interested too. So, are there any links , with your work or others, that can prove what you are saying here?

For normal internet security, you can use kapersky / bitdefender / nod32 / other ones you feel is secure enough
on the rating side I would give bitdefender a slight higher rating with nod32 being the lowest.
I don't usually recommend avast or other free ones because they normally only do pattern matching to see whether you are infected or not, with packers that contains SMC, this type of detection is basically useless, hence you can see why most AV mark high level packers such as Themida / Encrypto as a variant of virus (simply cuz the programmer who made those detection algorithm does not know how to handle packed application with advanced level protection)

I would also recommend take the Internet Security version of those AV so you don't have to install a Firewall and an AV from different company.
As I said before, Win 7 abused the ownership of the folders, applications from different company will have different ownership permission, so your AV would not necessary be able to protect your Firewall application. And with firewall application failing, your AV being a passive protection wouldn't help a squat until it's too late.

turning off cookie n' don't remember history would be useless. These actions only effect the user experience you will have on your computer because when your browser reads a page, it already load the page context into your memory n' as a temporary cached local copy. This effectively infects your computer will virus already.

One of the way to prevent 99% of direct virus infection from application would be running application in a sandboxed environment first, be it VMWare or VirtualBox or SandBoxie as someone suggested above, if there is a virus, it will be fairly easy to spot, and sandbox environment won't effect your actual computer since it is being virtualized.
but a downside of this is that the last 1% of the viruses can detect virtualization of the environment and decide not to show itself when ran under those environment. In this case, you would need reverse engineering skills to even know this type of virus exist before they are active.

I know not everyone can run every application and debug the heck out of it to see whether it's safe to use or not, hence if you want to secure your computer, you just have to keep an eye out for the files you downloaded.
But the bottom line is, don't accept files from people/sites you are not sure whether it's safe or not, unless you have ways to verify it's safe or are willing to take a risk. Even image downloaded off from internet (by browsing into the site) can get viruses into your computer. And don't be discouraged if one or two viruses get into your computer every couple of years, no one is perfect on this.

---------------

and responde to arm2000:
I do not want to disclose my works because I had people plagiarized my work. And I did not hide behind technical term. the terminology is simply what I used when communicating with "private" members that worked on projects with me. I have gave two fairly distinctive example of my works which can now be found on google easily (those that worked in cracking/hacking online game, softwares, OS many RFDer probably downloaded / torrented off will know what I'm talking about).
this isn't a technical forum and worst this is a public forum. the first barrier of actually try to disprove my knowledge would be knowing the items I'm refering to without even providing a link.

So take my word as however the way you wanted.

There's a way to prevent viruses, don't connect computer to internet and forbid USB sticks, floppies, cds, dvds anywhere near the PC.

As I said before, Win 7 abused the ownership of the folders, applications from different company will have different ownership permissionI do not understand what you mean here. Ownership of folders is done on a per-user basis. I suppose some antivirus and firewall applications install themselves to run under their own special user accounts, but not all of them.

I do not want to disclose my works because I had people plagiarized my work
So much for "countless technique to use to obtain that access without user's consent" :(



And I did not hide behind technical term. the terminology is simply what I used when communicating with "private" members that worked on projects with me. That's the definition of technical terms (or probably even esoteric).



I have gave two fairly distinctive example of my works which can now be found on google easily
Let's see:
http://lmgtfy.com/?q=%22unpack+UPX+without+UPX+unpacker%22 (the version without quotes mainly returns UPX unpackers)
http://lmgtfy.com/?q=%22themida+2.0.0.6%22 And what would disassembly protection have to do with UAC anyway?
http://lmgtfy.com/?q=%22Z+API%22 ZEDO API lolwut?



this isn't a technical forum and worst this is a public forum. the first barrier of actually try to disprove my knowledge would be knowing the items I'm refering to without even providing a link.
You felt it was appropriate to mention the "countless technique" here, so please finish what you have started. My goal is not disprove but to get enough information to be able to judge it myself.

Come On GUY

Dont be so paranoid, don't give up user experience for security.

Just use a regular AV (check with your internet provider if they offer you a free one) and just use a regular Browser (no need to use no script or block cookies).

+ Updates your windows and all your software (Secunia is useful for this)

You will be fine, Oh And dont install every program you see, and when you install it, make sure they come from a reliable source too.

If you have kid dont trust them if they tell you they won't go on porn website (youporn is safe) or small crap flash web site : They will and this is why you got a virus

FInaly the most important: Use your Brain.

Dont be so paranoid, don't give up user experience for security.
That what separates people that complain about viruses from the people whom they are complaining to.



If you have kid dont trust them if they tell you they won't go on porn website (youporn is safe) I imagine: son, you are old enough now, so we need to have a talk. :lol:

to xalex0:
you continue to demonstrate your lack of technical knowledge in the field yet displayed a very ignorant attitude towards something you have no idea of.
even when you attempt to insult others, you still failed to do so by providing a pathetic effort towards a fake search information.
your search result while sarcastic, proved that you are probably incapable of learning something that you have never encountered before.
also the failing to comprehend how much ingenuity is required in software level just made yourself look even more ridiculous.
if you have no constructive answers to provide to the OP, you may stop your trolling.
your response may be amusing to non-technical personnels, but are moronic at least to people that understand the references and information i pointed to.

To others:
if you want to understand more about the win7 security holes, feel free to pm me.
my apology in failing to understand this isn't a technical forum where that I would normally assume majority of people have enough knowledge in the field my responses were related to.
to understand everything i talked about is essentially books worthy length because they required the understanding of OS structure, file structures, PE formats & system, kernel structure + IRQL stacks + Scheduling + Security (otherwise known as Ring levels) and user mode interrupts at the very least.

providing a pathetic effort towards a fake search information.
your search result while sarcasticWhat's sarcastic? I just used lmgtfy to show what results I get when searching with your suggestions. What, have you never encountered this website before?



if you have no constructive answers to provide to the OP, you may stop your trolling.
I'm not the one who waltzed in with the suggestion to turn off the integrated security feature of the OS (despite everyone else saying otherwise), ostensibly because it's completely useless, while refusing to provide any proof and resorting to gibberish (http://school.maths.uwa.edu.au/~berwin/humour/invalid.proofs.html#1.7Proofbyobfuscation) and referencing arcane sources (http://school.maths.uwa.edu.au/~berwin/humour/invalid.proofs.html#1.13Proofbyreferencetoinaccess ibleliterature).



the references and information i pointed to.You didn't provide any.



to understand everything i talked about is essentially books worthy length because they required the understanding of OS structure, file structures, PE formats & system, kernel structure + IRQL stacks + Scheduling + Security (otherwise known as Ring levels) and user mode interrupts at the very least.More technobabble. If you can't formulate a topic so that you can explain it to your mom, then you don't understand it well enough.

Can you at least confirm that exe disassembly has anything to do with UAC bypass? Because the only exploit I heard of was via a regular buffer overflow from 2 years ago, which got fixed right away.

and as usual, you go with your useless pov without any understanding of the topic you are arguing with me.
for a good will gesture i'll point you to a direction where PE reverse engineering can bypass UAC.
also that reverse engineering does not mean dissemble PE files only, so try not to be too ignorant when trying to reference this term.

to bypass UAC you have to understand how Win7 use it to protect your system.
you have to understand the kernel mode switch that will take place during an UAC aurotization, from Ring 3 to Ring 1 or Ring 0.
all the exploits out there that regular user would know are ones that are big enough to stir up community attention, and has been purposely made known to non-technical personnels.

if I ask you, do you know what buffer overflow exploit means? would you be able to explain it? think not.
buffer overflow will trigger an exception being thrown, and exception handling is kernel Ring 0 action. This means that buffer overflow if you can catch the exception and detour the exception handling system, you will successfully obtain kernel access which permits your program to do anything it wishs on your system and nothing on your computer would be able to detect it. Why? that's because that's how windows works.

And there are many more exceptions that can be abused. commonly known ones are divide by zero, zero flag reset and jump flag redirect. and I doubt 99.9% of people on RFD has ever heard more than 1 of them.
however these techniques are only the well known ones, the unknown ones that we do not want to let public know, or let MS know are there. It's in the APIs microsoft provides, it's in the kernel system design microsoft used to create windows and it's also there with some predictable user interaction with the applications.

to find them, you need to be able to reverse engineer the OS itself, have some creative brain that can think outside the box and not rely on google, espeically with the pathetic let me google that for you sarcasm you denied of using (often use this site on people that kept on asking me question that does not require any effort to solve anyway).

from your action, your response and your display of ignorance, it is obvious that you don't have what it takes to even remotely understand the things I talked about. now if you can stop trolling and let the topic go back to original track i will be appreciated.

and as usual, you go with your useless pov without any understanding of the topic you are arguing with me.
for a good will gesture i'll point you to a direction where PE reverse engineering can bypass UAC.
also that reverse engineering does not mean dissemble PE files only, so try not to be too ignorant when trying to reference this term.

to bypass UAC you have to understand how Win7 use it to protect your system.
you have to understand the kernel mode switch that will take place during an UAC aurotization, from Ring 3 to Ring 1 or Ring 0.
all the exploits out there that regular user would know are ones that are big enough to stir up community attention, and has been purposely made known to non-technical personnels.

if I ask you, do you know what buffer overflow exploit means? would you be able to explain it? think not.
buffer overflow will trigger an exception being thrown, and exception handling is kernel Ring 0 action. This means that buffer overflow if you can catch the exception and detour the exception handling system, you will successfully obtain kernel access which permits your program to do anything it wishs on your system and nothing on your computer would be able to detect it. Why? that's because that's how windows works.

And there are many more exceptions that can be abused. commonly known ones are divide by zero, zero flag reset and jump flag redirect. and I doubt 99.9% of people on RFD has ever heard more than 1 of them.
however these techniques are only the well known ones, the unknown ones that we do not want to let public know, or let MS know are there. It's in the APIs microsoft provides, it's in the kernel system design microsoft used to create windows and it's also there with some predictable user interaction with the applications.

to find them, you need to be able to reverse engineer the OS itself, have some creative brain that can think outside the box and not rely on google, espeically with the pathetic let me google that for you sarcasm you denied of using (often use this site on people that kept on asking me question that does not require any effort to solve anyway).

from your action, your response and your display of ignorance, it is obvious that you don't have what it takes to even remotely understand the things I talked about. now if you can stop trolling and let the topic go back to original track i will be appreciated.

Some of us may know what is a buffer overflow exploit so why don't you try us. Btw, the way you explained it here makes me feel you are the one that you don't exactly know what is it, but maybe this is because of the English language. Anyway, I asked you to provide some links because I am genuinely interested in this. I understand you don't want to make public your work but direct us to some sites with more info about it, why is so hard to do it? Don't just tell us to use google but give us links.
Also, if you say that is so easy to break Win7 security, UAC in particular, can you tell us some viruses/malware/whatever that took advantage of this?

reverse engineering does not mean dissemble PE files only, so try not to be too ignorant when trying to reference this term.
I'm only working with what you are giving me: UPX unpacking and themida.



all the exploits out there that regular user would know are ones that are big enough to stir up community attention, and has been purposely made known to non-technical personnels.BS. The exploits that are known to the public (and subsequently promptly fixed) are the ones that have been used up, since it's a one-shot weapon. Nobody would waste an exploit just to stir up attention (aside from and academic papers).



the unknown ones that we do not want to let public know, or let MS know are there.That's typical. So all you have got is a zero day exploit. Now tell me how that invalidates UAC? The OP has proved that plenty of people still use admin accounts for casual use. So would you waste an exploit on a regular trojan when the door is wide open? You would make more by just selling it.

and as usual, you go with your useless pov without any understanding of the topic you are arguing with me.
for a good will gesture i'll point you to a direction where PE reverse engineering can bypass UAC.
also that reverse engineering does not mean dissemble PE files only, so try not to be too ignorant when trying to reference this term.

to bypass UAC you have to understand how Win7 use it to protect your system.
you have to understand the kernel mode switch that will take place during an UAC aurotization, from Ring 3 to Ring 1 or Ring 0.
all the exploits out there that regular user would know are ones that are big enough to stir up community attention, and has been purposely made known to non-technical personnels.

if I ask you, do you know what buffer overflow exploit means? would you be able to explain it? think not.
buffer overflow will trigger an exception being thrown, and exception handling is kernel Ring 0 action. This means that buffer overflow if you can catch the exception and detour the exception handling system, you will successfully obtain kernel access which permits your program to do anything it wishs on your system and nothing on your computer would be able to detect it. Why? that's because that's how windows works.

And there are many more exceptions that can be abused. commonly known ones are divide by zero, zero flag reset and jump flag redirect. and I doubt 99.9% of people on RFD has ever heard more than 1 of them.
however these techniques are only the well known ones, the unknown ones that we do not want to let public know, or let MS know are there. It's in the APIs microsoft provides, it's in the kernel system design microsoft used to create windows and it's also there with some predictable user interaction with the applications.

to find them, you need to be able to reverse engineer the OS itself, have some creative brain that can think outside the box and not rely on google, espeically with the pathetic let me google that for you sarcasm you denied of using (often use this site on people that kept on asking me question that does not require any effort to solve anyway).

from your action, your response and your display of ignorance, it is obvious that you don't have what it takes to even remotely understand the things I talked about. now if you can stop trolling and let the topic go back to original track i will be appreciated.

That's a BIG IF. Windows wasn't programmed by a single monkey you know. They don't just expose vital subroutines.

On a similar topic, has anyone seen some of the neat security features coming in Windows 8? Randomized memory address relocation looks just awesome.

http://i.qkme.me/35c04r.jpg

On a side note, ZoneAlarm is rubbish. Use Comodo.

Been using MSE only for 2 years and never found a virus. I thought they stopped making viruses for win 7?

didn't want to reinstate an already known public info, but since you guys are so ignorant to believe in the security provided by win 7, here are two fairly famous UAC bypasses, and surprisingly both still work in the present day Win 7 SP1 (just a little different technique to execute).
1. UAC whitelist (back in 2009) and 2. piggy back attack (back in 2009 as well)
* by stating this info, I have already provided resources for intentional script kiddy to attack other's people's system, i apologize for this.
It was fun to use these exploits ever since the discovery of them back in vista. has to be one of the easiest attack there is to date.

since you claimed to know what BO exploit is, why not pm me the 2 key things needed in executing such an attack.
or is your information limited to public release ;)? cuz every release or even tutorial site out there never mentioned them due to the fact that we never told anyone about them.

and xalex0, even with specific information provided, you still failed to find relevant information, this only shows how incompetent you are at searching for public information.

over the years i've seen enough "genuine interested" people that ended being just interested in hacking because of the movie induced hacking fantasy, so unless you can even prove yourself to be capable of doing one of the easiest thing there is
just take my word however the way you want it.
there are no official names for the tool that we coded to utilized those known exploit because they were never found even to the present date.
hence sorry that I do not wish to disclose the name of the tools that utilized the techniques, it will only jeopardize my zombie network if the name of the tools are known.


but if you think you have what it takes and would like to gain an access to the "private" member area I am part of, least show you can unpack themida 1.9.5.0 (level 4, not 1).
the crackme & tutorials are online, don't tell me you can't find them. althought able to find a tutorial and able to actually perform the action are two unrelated things...
until then, enjoy your lil computer fantasy:razz:

It was fun to use these exploits ever since the discovery of them back in vista. has to be one of the easiest attack there is to date.

since you claimed to know what BO exploit is, why not pm me the 2 key things needed in executing such an attack.
or is your information limited to public release ;)? cuz every release or even tutorial site out there never mentioned them due to the fact that we never told anyone about them.

and xalex0, even with specific information provided, you still failed to find relevant information, this only shows how incompetent you are at searching for public information.

over the years i've seen enough "genuine interested" people that ended being just interested in hacking because of the movie induced hacking fantasy, so unless you can even prove yourself to be capable of doing one of the easiest thing there is
just take my word however the way you want it.
there are no official names for the tool that we coded to utilized those known exploit because they were never found even to the present date.
hence sorry that I do not wish to disclose the name of the tools that utilized the techniques, it will only jeopardize my zombie network if the name of the tools are known.


but if you think you have what it takes and would like to gain an access to the "private" member area I am part of, least show you can unpack themida 1.9.5.0 (level 4, not 1).
the crackme & tutorials are online, don't tell me you can't find them. althought able to find a tutorial and able to actually perform the action are two unrelated things...
until then, enjoy your lil computer fantasy:razz:


Ok, what you say here, as the guy you quoted said, is general public info, 'it's part of the general moving called hacking. But I thought you are talking about some specific stuff unknown to most of us but easily achievable and readily available using "countless" (your word) techniques. You mentioned them but didn't provide any info you just posted old hacks that achieve something related. Yes, there are holes in Win security and probably they will be for ever. That's why I never said it's 100% safe. But they are rather exceptions, doesn't always work, require a significant amount of work and knowledge to make them run successfully, if ever, can be detected at the entry point and so on. To dismiss the whole security system based on this is foolish

UAC whitelist (back in 2009) and 2.

http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
Didn't work for me (asks for elevation anyway). Might have to do with the fact that it doesn't work with non-admin users, as explained here:



Win 7 UAC Code-Injection: The good news
All of this only affects the default account type and UAC level of Windows 7 (builds 7000 & 7022, but probably also the retail given Microsoft's stance so far). If you go against the defaults and run as a non-admin user or turn UAC up to the Always Prompt level, so it behaves like it did in Vista, then it is no longer possible for code-injection from unelevated processes to bypass UAC prompts. So the advice remains as before:
If you are using Windows 7 and want to be protected against silent elevation then turn UAC up to the highest level.





piggy back attack (back in 2009 as well)Couldn't find.

By the way, was it a quote from someone or is that just your style?



but if you think you have what it takes and would like to gain an access to the "private" member area I am part of

You misunderstood. My only interest in this area is to be aware of the risks and to take necessary measures to protect myself from most of them. While college kids can have fun cracking computers, other people have more useful stuff to do.

Even image downloaded off from internet (by browsing into the site) can get viruses into your computer.

aeolus811tw,

Would you please explain how an image or a video file can get a virus into your computer?

I'm probably incorrect, but I had assumed that if you use an application, let's say just for example, VLC for video, or Irfanview for images, that if there was a virus hiding in the video or image, that the application would either ignore the virus or the application would crash if it didn't know how to handle it.

Are you saying an image or video can contain a virus which the application can process successfuly?

Thanks.

There was actually a pretty famous exploit a couple of years ago involving the fairly-obscure .wmf image file format, but the .wmf format had some rather exotic legacy features and that particular exploit has been patched into oblivion, in theory.

More generally, I suppose it might be possible for a particular image viewer or media player to be vulnerable such that a carefully-crafted image or video might cause, say, a buffer overflow that will cause the application to start executing virus code embedded in the image or video. In theory. (One of the earlier methods for getting custom firmware onto a PSP involved using a carefully-crafted .tif image in the PSP's built-in viewer, for instance.)

I'm probably incorrect, but I had assumed that if you use an application, let's say just for example, VLC for video, or Irfanview for images, that if there was a virus hiding in the video or image, that the application would either ignore the virus or the application would crash if it didn't know how to handle it.
When knowing that program will be used to open the media file, it's possible to construct sequences that could exploit vulnerabilities specific to that program. I would say, with Irfanview you are safer than with the viewer integrated with the OS.

I'm trying to secure my pc from viruses, I heard some free softwares that you download online can't fully protect you. Even having anti virus is not enough nowadays, you need malware software, but I'm no expert!