Saturday, January 24, 2015

Malware Infection Prevention...

If you have been following along with this DW dllhost issue you'll know that we have been testing all the software and drivers to determine what could be causing this issue.

We have tested multiple machines in and out of our network and still we can reproduce this dllhost issue 10 times out of 10 on any machine we test.

In the middle of testing and just recently we saw a memory increase. The first time we saw it, we didn't see it for too long so we thought it was just a DW update issue, but not anymore.

The recent sighting of this memory increase has stayed constant this time and after uncounted reinstalls the memory increase came back over and over again.

As for the dllhost issue with DW there isn't a cure yet, and the most recent #25 eventually failed and takes us back to square one of this issue.

Recently as you know we installed Chrome to try to determine where the memory increase is coming from and Chrome proved to us that it wasn't Adobe.

The memory increase is coming from IE and IE only.

We recently just had to reinstall because after loading Chrome we were attacked by the Trojan/Chroject.D!dll which installs itself in the Chrome Directory.

For one year we have only loaded Microsoft OS, MSE and DW. No Office, no CCleaner, just MS OS, MSE and DW to isolate this dllhost issue and we never were attacked.

However, as soon as we loaded Chrome an attack came in just days after we loaded this browser and confirms that Chrome is not secure.

It's a third party application and as such is the direct reason why systems get infected.

People get a virus and they instantly blame MS, but that isn't the case kiddies, it's the 3rd party application that you got that virus from.

You can have the best defense system in the World, but if you give the keys and codes to the robber, you'll come home to an empty house, which is the case with Chrome.

example: If they wouldn't have let the "Trojan Horse" into the Castle of Troy, they wouldn't have fallen.

Now, we didn't get infected by the Trojan/Chroject.D!dll and it's a good thing we didn't because it's a nasty one and level "Severe".

To come in contact with a Virus is common place in computers because a Virus is like a cold, but like a cold can be prevented and can be cured.

We use an analogy about the Seatbelts and Airbags in a car, sure they can save your life in an event of an accident, but if you are prepared you'll avoid the accident all together.

A virus is an old way of infecting people and unfortunately are still sitting dormant on zombie servers that are triggered to initiate at different times.

What does that mean...it means that they already have a solution in place to stop these threats. Sure they can change their names to hide their identities, but their methods are the same.

The #1 way to get infected on a computer is by watching Porn, but even Porn Watchers can prevent getting infected if they just follow these easy steps.

These steps are not limited to only porn watchers, these steps are to be used in all situations when attacked by a computer threat...

The first thing we do is get a BIG SMILE on our face when an attack comes in, because for us it's fun :-), so make sure you put a BIG SMILE on your face when it happens to you as well :-)

Second thing you'll do is turn off your internet, or disable your Wifi Card to get you off the internet as fast as possible.

The reason for this is because the attack sends troops in and starts to fill up your systems memory and CPU to the point that you can't access your computer and locks it up.

If you can't access your systems resources the system will be forced to shut down, which is the WORST POSSIBLE THING YOU CAN DO!!!

NEVER NEVER NEVER Shut down or restart/reboot same thing, your computer if you are being attacked!

A virus can't load itself into your computer while system processes are running, they need to have them disabled first before they can load, which is why they want you to restart ;-)

NEVER NEVER NEVER Shut down or restart/reboot same thing, your computer when you are being attacked!

If you are using DW, you'll need to choose "Stop Attack" which can be accessed by right clicking on the icon in the systray (by your time) the little arrow ;-)

Now MSE is what we use, and is not the best Antivirus, but good enough for us because we use DW for the rest.

MSE caught this virus and quarantined it, DW Killed the virus and it's troops, and windows Disk Cleanup swept it away.

Once you have chosen stop attack in DW disable it, it's okay, because you are no longer on the Internet, so disable it and then open up your Browsers.

DW if running will prevent a thorough clean of your browsers, so make sure you disable it before you delete the history in your browsers close when done.

You'll need to do a Full Scan of your computer with your MSE or whatever you use to clean up anything left over from this attack.

If your system is clean already you shouldn't find anything in the scan, but do it anyway because you have to do it.

Once the scan is done, remove all threats from your "Quarantine" folder and make sure this area is clean.

Now run a Disk Cleanup with CCleaner or Windows Disk Cleanup or whatever you use for cleaning your system with.

At this point you have stopped any threat that could be installed on reboot/restart same thing, that can load on startup, but before you restart make sure you shut down your system first.

SHUT DOWN YOUR COMPUTER NOW, you have to shut down your computer, because a virus can still be resident in your memory and could potentially infect your computer on startup.

SHUT DOWN YOUR COMPUTER NOW, for 1 minute NO less to allow the system to discharge any elements that are left of this virus.

That's it, it's that simple folks to prevent yourself from getting infected on a computer, don't overthink it, because that is all you have to do.

Now, if you loaded a program from this Malware program you are already infected, regardless of the steps above.

"You can have the best defense system in the World, but if you give the keys and codes to the robber, you'll come home to an empty house, which is the case with Chrome." V

So in our case we loaded the Malware program already "CHROME" so we know that we infected our computer already and are already infected which means the symptoms will show up again and again.

Microsoft Office is also a 3rd party program, yes it is! and as such needs to be treated as such and coincidentally is why we haven't loaded Office in these tests that we have done.

Microsoft Office and Microsoft OS developers don't get along, why...it's simple, Office thinks with emotion and MSOS thinks with logic...and that's the difference between being secure and not being secure...and that's a fact!

No comments:

Post a Comment