Jump to content

John Graham

  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About John Graham

  • Rank
  1. Hi, I'm not a moderator but I have had this problem with computers that I manage and friend's computers with Windows OS 7 Pro (and 8/10). The best method is to do a complete OFFLINE backup (I would recommend Clonezilla Live - https://clonezilla.org/downloads.php) that could restore your computer (with or without bots/malware/etc) in case something goes wrong. If you are unfamiliar with doing image backups, please read the documentation but it is simple and self explanatory (Basically: Boot from Live CD or USB, follow prompts, choose defaults, use a large enough external USB HDD to store all your HDD(s) - and presto you have an image of your computer that you can restore again. It will take time so be patient). Download and burn CDs or DVDs (as the case may be for the following OFFLINE malware scan/detect/repair programs (I have included the ones I have used in the past with success but there could be a lot more). the list is in alphabetical order - not as recommended. Comodo Rescue Disc - https://www.comodo.com/business-security/network-protection/rescue-disk.php Dr Web Live Disc - https://free.drweb.com/aid_admin/ ESET SysRescue Live - https://www.eset.com/us/download/tools-and-utilities/sysrescue/#c29308 Kaspersky Rescue disc and USB - https://support.kaspersky.com/14226 Trend Micro Rescue Disc - https://downloadcenter.trendmicro.com/index.php?regs=nabu&prodid=1654 Windows Defender Offline - https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d528-64bf-4668-5b80-ff533f183d6c Notes: (1) All the Live disks/USBs you boot from will need your computer to be on the internet so they can download and update their signature database. The database will be in memory so it will be lost (when you power down your computer) as there is no "persistence", the Live disks/USB will not write to your computer disk(s). (2) Some sites have a USB download as well but you can convert the *.iso (Live disc download) to a bootable USB with Rufus - https://rufus.ie/en/ has both an installer and a portable version - please see documentation on the Rufus site. In addition, all the links above have documentation on creating a bootable USB (since some of the USB downloads are an "image" file) (3) Please download from the manufacturer site ONLY - don't do a google/DDG search and download form any other site. CHECK the downloaded file with it's published manufacturer signature (example for the Trend Micro Rescue Disc: Filename: RescueDisk.exe SHA256 checksum: e8db68a87cf9646cdb4ae4546b54b0a7c058fa51d423b7db473bac84a88e7ff4 You don't want to introduce other malware into your already compromised computer! (4) All the download urls above have documentation links - please read them! Example - for ESET SysRescue Live - https://support.eset.com/en/kb3509-how-do-i-use-eset-sysrescue-live-to-clean-my-computer?page=content&id=SOLN3509 (5) There are other Offline malware Rescue Discs/USBs (like Norton Rescue Disk or F-Secure, but they will not update their virus signatures so are significantly worthless). You also pay for having a GUI interface by a large download. I have not included Avira and AVG rescue Discs/USBs for their bloat (large) downloads. There are other smaller excellent offline sys rescue discs/USBs but they are all CLI (Command Line Interface) - so you may not be comfortable with them unless you are an oldtimer (like me) when there were only mainframes around and the PC wasn't even though about! (6) All of the GUIs have options for a "Smart Scan", "Full Scan" and "Custom Scan" - use the full scan, even though it will take time. (7) Use multiple Rescue Discs/USBs since some will not detect ALL malware (That's why I use an IDS/HIPS - a virus scan is like locking the barn door after the horse has bolted/stolen - it depends on having detection signatures - and the best of heuristics are only guesses! But IDS/HIPS is another topic!) Hope this helps in getting you up and running again. REMEMBER - always have a current FULL backup before you install a new program or just get into the habit of doing a regular (image) backup.
  2. Hi, Every time I go back to a post that I have read, I keep getting this screen - see screenshot attached. Browser I'm using is Firefox (98.0.1) Any help is appreciated - I have my profile and other setting in their default mode. JG.
  3. @tankace: I'm not a moderator, but I faced this problem before. You do not mention what OS you are using but I will presume that you are using some sort of Windows 7/8/10 OS. The Quarantine is located in C:\Program Files\Immunet\Quarantine\ In the Quarantine folder, the files that Immunet has detected as malicious will NOT have their original name but will be in the format of hash and hash.dat. So if you want to submit the file(s) to another Virus program or VirusTotal, then you need to restore them (from the Immunet UI) - see "restore" below. If you need to mass delete, go to C:\Program Files\Immunet\Quarantine and delete all (remember to disable protection while deleting to avoid "multi detection" of old threats) The expression "Remove a file from quarantine" is a bit tricky! If you choose "delete" (in the UI) the file is removed from the quarantine and from the computer! If you choose "restore" (in the UI) the file is removed from the quarantine but restored to its original location in the computer! Hope this helps.
  4. My 2 bits: I wholeheartedly agree with @zombunny2. " Secondly, this is of no use to the OP now, but for future readers: A backup is not a backup until it's 1. Offline; and 2. Redundant. A couple of permanently-connected hard disks, and/or a permanently-synchronised cloud storage system is not a backup - because a piece of ransomware or a malfunctioning antivirus can take out your main filestore, plus all your "backups" in one go " I used Acronis once (a long time ago) but realized that "it does telephone home" (Wireshark proves it). Stuck with my linux dd command to do backups (I'm used to the CLI or terminal from the early linux 0.99 days) until I stumbled on Clonezilla in 2008. I use Clonzilla exclusively now and it has served me well - I don't try to use a "restore point" anymore - I just restore my last image. It will even backup my (embedded) thinclients (BSD and WES7) - not really needed since they are read-only systems, but I sleep well at night. I don't trust "cloud storage" - even encrypted cloud storage isn't hack proof (examples are numerous: Apple iCloud "sex tape" hack, Google Drive, etc) - the Man-In-The-Middle is ever prevalent. especially with increasing reliance on WiFi - me, I'm old fashioned, I have ethernet on a closed network. Only 1 computer is connected to the internet (Windoze 7) for my wife.
  5. Hi, This is the first time I am using Immunet (v7.5.0.20795). I chose it because of Cisco's reputation and because it uses ClamAV (also it's excellent reputation). I had ClamAV installed before but Immunet includes ClamAV so I have discontinued (uninstalled) it. On my last download of some Rescue Discs (MediCat USB, and All in One – System Rescue Toolkit - see url links below for ref) purely as to see how well they performs, Immunet detected 4 files as malicious - see screenshots attached (for MediCat as example). Here's the quandry: There is a difference between VirusTotal and Immunet - specifically the ClamAV engine. In one ClamAv does not recognize the file yet Immunet and VirusTotal detected malicious content. In another, ClamAV did NOT detect any malicious content but yet Immunet detected a malicious content. Can someone let me know what's going on and if there is a "quirk" in Immunet? I'd like to have some confidence in Immunet's behavior. I assume that the files have been uploaded to the Cloud Community as I have checked the share with community box (Cloud Notifications = On). Ref links: https://www.geckoandfly.com/32030/bootable-windows-pe-recovery-repair/ MediCat USB: https://gbatemp.net/threads/medicat-usb-a-multiboot-linux-usb-for-pc-repair.361577/ All in One - System Rescue Toolkit (AiO_SRT): https://paul.is-a-geek.org/aio-srt/ Thanks in advance. (FYI: I use System Rescue CD, UBCD, Knoppix, Ubuntu 10.04 thru 16.04 Live purely for i386 compatibility - any other suggestions are welcome) JG.
  • Create New...