Malware cleaner.

Subjects that don't have their own home
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#1 Malware cleaner.

Post by pre65 »

I seem to have some malware on my laptop. :shock:

It pops up now and then on Chrome, and it's "bywinners.men".

I've searched for all files containing those words, and deleted them, but after a few days it pops up again.

Malwarebytes can't find anything amiss. :(

Can anyone recommend a more effective malware cleaner ? Even paid for ones if they do the job.
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
Ali Tait
Eternally single
Posts: 4374
Joined: Fri Jun 08, 2007 8:10 pm
Location: Galashiels

#2 Re: Malware cleaner.

Post by Ali Tait »

Googling how to get rid of it throws up this site amongst others-

http://pcfixhelp.net/hijackers/3809-how ... inners-men
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#3 Re: Malware cleaner.

Post by pre65 »

Thanks Ali.

I had read that, but "spyhunter" seems to not be very safe, depending on where one looks for reviews.
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
DSJR
User
Posts: 193
Joined: Mon Jan 11, 2010 11:11 am
Location: Suffolk Coastal

#4 Re: Malware cleaner.

Post by DSJR »

Can removing Chrome's cache history help here? I use C-Cleaner every so often for ' a proper clear-out' and it seems to work well, for me anyway.
Hemmo
User
Posts: 8
Joined: Sun Sep 24, 2017 8:22 am

#5 Re: Malware cleaner.

Post by Hemmo »

A clean reinstall of Windows would be in order and would probably perk up your laptop in terms of speed.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#6 Re: Malware cleaner.

Post by jack »

Hemmo wrote: Fri Dec 08, 2017 9:18 am A clean reinstall of Windows would be in order and would probably perk up your laptop in terms of speed.
No. Don't do this - in all my years of supporting Lord alone knows how many computers (in the 1000s), my teams have rarely if ever needed to do a re-install. It's a cop-out and never identifies the underlying issue. Moreover, for certain classes of infections, it won't even resolve the problems.
Vivitur ingenio, caetera mortis erunt
Hemmo
User
Posts: 8
Joined: Sun Sep 24, 2017 8:22 am

#7 Re: Malware cleaner.

Post by Hemmo »

jack wrote: Fri Dec 08, 2017 11:11 am
Hemmo wrote: Fri Dec 08, 2017 9:18 am A clean reinstall of Windows would be in order and would probably perk up your laptop in terms of speed.
No. Don't do this - in all my years of supporting Lord alone knows how many computers (in the 1000s), my teams have rarely if ever needed to do a re-install. It's a cop-out and never identifies the underlying issue. Moreover, for certain classes of infections, it won't even resolve the problems.
Give over fella.... yes if you were supporting 1000's of computers then the usual 'IT support' principals were probably in place, 'do as little as possible to correct the issue then on to the next machine'

What infections still exist if you do a full deep wipe of a hard drive ??

The underlying issue is poor user interaction, either opening a spam e-mail or downloading porn !!! Eduction is the key to address it not happening again.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#8 Re: Malware cleaner.

Post by jack »

Hemmo wrote: Thu Dec 14, 2017 3:33 pm .... yes if you were supporting 1000's of computers then the usual 'IT support' principals were probably in place, 'do as little as possible to correct the issue then on to the next machine'

What infections still exist if you do a full deep wipe of a hard drive ??

The underlying issue is poor user interaction, either opening a spam e-mail or downloading porn !!! Eduction is the key to address it not happening again.
I agree with the last part that education is important, but it's far from being the only underlying issue.

I'm not at all sure where you get the idea that my teams would "do as little as possible". If you worked for me with that attitude you'd be straight out the door.

As most of my career I've been an FSA/FCA regulated person in large financial institutions, I'd be in jail if I let that happen. We isolate & analyse each infection. In recent years we also use AI tools to protect against most zero-day attacks. As a CTO, I'd be failing everyone if we failed to identify each attack and impose appropriate mitigations.

It's all about risk management.

There many attacks that don't live on the hard drive - they can hide in the hard drive firmware, the motherboard BIOS, the GPU or even DMA, LAN and RAM controllers etc. - disks are old hat for serious infections.

Further, when talking about hard drives, a "full deep wipe" is largely a thing of the past - any suspect hard drive we now shred (they get turned into tiny granules) - the drive's controller is as much of a risk (firmware gets compromised) and wiping simply does not work with SSDs which have a completely different MO - read up about wear leveling and you'll get the idea why that's the case.
Last edited by jack on Thu Dec 14, 2017 6:26 pm, edited 1 time in total.
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15708
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#9 Re: Malware cleaner.

Post by Nick »

Nick (jack), whats you view on what looks like a can of worms, Intel's Active Management Technology?
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#10 Re: Malware cleaner.

Post by jack »

CVE-2017-5689 ? The whole AMT issue is, as you correctly say, a can of worms.

Intel have posted an advisory on where the various motherboard manufacturers are in this at https://security-center.intel.com/advis ... geid=en-fr.

We've followed the mitigation advice and disabled AMT for now.

The lot I'm with use a single h/w vendor and they don't have a fix yet.
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15708
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#11 Re: Malware cleaner.

Post by Nick »

We've followed the mitigation advice and disabled AMT for now.
<tinfoil_hat>Or at least that’s what you think...</tinfoil_hat>
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#12 Re: Malware cleaner.

Post by jack »

Should have mentioned that AMT is only enabled on fairly recent Intel CPUs, which means pretty much all the ones we have.

Download and run the GUI tool - it pops up a Window which tells you immediately if your host is vulnerable.
Vivitur ingenio, caetera mortis erunt
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#13 Re: Malware cleaner.

Post by jack »

Nick wrote: Thu Dec 14, 2017 8:29 pm
We've followed the mitigation advice and disabled AMT for now.
<tinfoil_hat>Or at least that’s what you think...</tinfoil_hat>
AMT version 11.8.50.3425 or later fixes the problem. Lenovo have a version on their site - you should check your own motherboard manufacturers' sites for their ones.

Nasty, nasty bug.
Vivitur ingenio, caetera mortis erunt
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#14 Re: Malware cleaner.

Post by pre65 »

My Laptop is a Lenovo ThinkPad T540p, seems that download you linked to is not for my model.
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#15 Re: Malware cleaner.

Post by jack »

pre65 wrote: Wed Jan 03, 2018 2:56 pm My Laptop is a Lenovo ThinkPad T540p, seems that download you linked to is not for my model.
Is your model vulnerable in the first place? Run the tool I linked to above and check first !

(https://downloadcenter.intel.com/download/26755)
Vivitur ingenio, caetera mortis erunt
Post Reply