Skip to main content

Questions tagged [malware]

Malware is any software application which subverts the will of the legitimate owner of a computer, by means of force or subterfuge, with or without personal or monetary gain on the part of the creator.

Filter by
Sorted by
Tagged with
69 votes
8 answers
15k views

A previous IT worker probably left some backdoors. How can I eliminate them? [duplicate]

I started working for a company that fired a previous IT worker for leaking data. I can only say the following things: We use a Firebird DB with an application written by another company, Proxmox, ...
user2265690's user avatar
61 votes
3 answers
16k views

Unusual HEAD requests to nonsense URLs from Chrome

I have noticed unusual traffic coming from my workstation the last couple of days. I am seeing HEAD requests sent to random character URLs, usually three or four within a second, and they appear to be ...
JeremyDWill's user avatar
49 votes
8 answers
8k views

Are zipped EXE files harmless for Linux servers?

I ran a malware scanner on my site, and it marked a bunch of zipped EXE files as potential risk files (these files got uploaded by users). Since I'm able to uncompress the files on my Mac I assume ...
Xavin's user avatar
  • 592
27 votes
3 answers
15k views

Why are NginX and Lighttpd not affected by Slowloris?

I am investigating the vulnerability to Slowloris and I think I understand how and why this sort of attack works. What I don't understand is why Lighttpd and NginX are not affected (according to the ...
The Shurrican's user avatar
13 votes
4 answers
2k views

How do I deal with the removal/eradication of an unknown worm on our network?

TL;DR I'm pretty sure our small network has been infected by some sort of worm/virus. It seems to only be afflicting our Windows XP machines, however. Windows 7 machines and Linux (well, yea) ...
Mr. Shickadance's user avatar
13 votes
7 answers
21k views

What are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?

While researching ways to prevent CryptoLocker, I saw a forum post that advised using Group Policy Objects (GPO) and/or antivirus software to block run access in the following locations: %appdata% %...
poke's user avatar
  • 1,079
13 votes
3 answers
2k views

Postfix sending and receiving the same e-mail every 5 minutes for 4+ months

Back in June I sent myself the EICAR test signature to make sure my postfix/amavis/spamassassin etc setup was working properly. I didn't notice at the time, but this somehow created a tear in the ...
James Carppe's user avatar
12 votes
13 answers
6k views

Make browsing safe for porn surfers

At several places I've done some work at, I have a suspicion that some of the executives browse porn on their work computers. It appears this porn surfing has lead to virus infections on their ...
Brett G's user avatar
  • 2,013
12 votes
5 answers
4k views

Prevent execution of Windows executables

Is there any way to tell Windows (XP and above) not to execute files (*.exe files), which are present in drives/folders other than certain folders, that I mention? In short I want executables from ...
user avatar
12 votes
5 answers
103k views

how to find out what created a file?

I have some virus files being randomly created on root of a c: disk of one of my servers. How can I find out what created it? Some 3rd party software maybe?
Boris Vezmar's user avatar
11 votes
4 answers
817 views

Updating Malware cleaning skills

I have seen some sites offering 'Malware University', training classes on getting rid of malware. Do you think that updating your malware removal skills (or arsenal) is necessary from time to time? ...
Terry's user avatar
  • 1,073
11 votes
3 answers
3k views

Windows 2012 R2 - Search for Files using MD5 Hash?

My organization recently discovered malware that was sent to some users via email that managed to get past our email security in a sophisticated, targeted attack. The names of the files vary from user ...
Brandon Wetter's user avatar
11 votes
6 answers
27k views

What is the best way to find Conficker infected PCs in company networks remotely?

What is the best way remotely to find Conficker infected PCs in company/ISP networks?
Kazimieras Aliulis's user avatar
10 votes
4 answers
7k views

ClamAV detected Kaiji malware on Ubuntu instance

Today clamAV scanned my AWS instances and detect 24 infected files on each. It looks like false positive due to several reasons: All these files are created in October 2022 (why were they detected ...
Rougher's user avatar
  • 203
9 votes
1 answer
2k views

Is it possible to hide a malicious alias in Bash on Linux?

Is it possible to conceal the existence of a malicious alias in Bash on a Linux system and have it executed by the user without their knowledge?
Dennis Williamson's user avatar
8 votes
2 answers
6k views

Rootkit Revealer is failing to run, why? [duplicate]

On a user's laptop (Windows 7 x64), terrible performance led me to suspect a rootkit after ruling almost everything else out. I checked boot entries with Autoruns and ran a full scan with Malwarebytes,...
Bigbio2002's user avatar
  • 2,833
8 votes
5 answers
330 views

Securing Acrobat Reader to mitigate viruses

Aside from patch updates, is there any way to mitigate the risks with adobe reader exploits? Frankly, I don't know how most reader exploits work. However, is there any functionality that I can ...
Brett G's user avatar
  • 2,013
8 votes
3 answers
4k views

Can "wannacrypt" (wcrypt) spread via Linux server serving over SMB?

Is it possible, or will this only spread via a Windows machine serving over SMB? If Linux serving over SMB can spread wannacrypt, what's the approach to take?
fredrik's user avatar
  • 761
7 votes
5 answers
361 views

Kids + older computers + our network at the office: Security risk?

On occasion, some of my coworkers feel compelled to bring their children to work with them. (I feel compelled to smack them, but that's probably a topic for Parenting.SE.) To ensure that the brats^H^H^...
eckza's user avatar
  • 283
7 votes
1 answer
4k views

How to identify this mysterious Windows service

The name of the service is a 32-digit hex number. It might be randomly generated, since a Google search on the number did not find anything. It points to an EXE file which also has a hex number as ...
JacquesB's user avatar
  • 173
7 votes
1 answer
2k views

Does anyone recognize this e-mail sniffer or malware using ROT13 encoding?

I have a private website that every week sends e-mails with two different http links to a group of around 30 people. When a link is clicked, the answer is registered in a database. Starting last week, ...
Anlo's user avatar
  • 281
7 votes
4 answers
13k views

Is it possible to check the progress of of a currently running clamAV scan?

I have searched around but not found a possible solution to this so far. I have an ongoing scan which I thought would've been finished at certain time, but unfortunately it has not. So I am wondering ...
Dark Star1's user avatar
  • 1,445
7 votes
3 answers
8k views

Virus that tries to brute force attack Active Directory users (in alphabetical order)?

Users started complaining about slow network speed so I fired up Wireshark. Did some checking and found many PCs sending packets similar to the following (screenshot): I blurred out the text for the ...
Nate Pinchot's user avatar
7 votes
3 answers
5k views

Can a virus spread through a network share used by an RDP connection?

When connecting to a Windows Server (2003 or 2008) desktop through RDP from a local Windows (7 or XP) PC with networks shares enabled (usually, the local C: disk will be shared with the remote server),...
Olaf's user avatar
  • 901
6 votes
12 answers
987 views

Hardening a financially critical Windows computer

One of the risks to small and medium businesses is losing your bank credentials to bad guys by use of a key logger or other malware as Bruce Schneier blogs about. A particular threat is real-time key ...
Knox's user avatar
  • 2,491
6 votes
4 answers
3k views

Is this is a malware invocation of Powershell?

I got a file that was .avi at the fist glance, but then I found out that in fact this is a .lnk file, but it was too late. And the target element attribute of that file is C:\Windows\System32\...
Yoda's user avatar
  • 201
5 votes
3 answers
1k views

Some questions about the Microsoft Windows Malicious Software Removal Tool (MRT)

Does this program automatically run? If so, when and how often? Is it automatically updated? How do you disable it? How can you tell if it is running? What versions of Windows is it installed on?
Charles Faiga's user avatar
5 votes
8 answers
4k views

How can I test if a website is infected with malware?

Some friends of mine have a website (www.kennelsoffie.dk) and I'm trying to help them when there is any trouble. However this time I, can't figure it out. When I visit the site using Google Chrome, I'...
CruelIO's user avatar
  • 153
5 votes
2 answers
17k views

High CPU load on Centos with process sync_supers

My centos server has high cpu load right now. Please see the Htop output below. sync_supers is very suspected but I don't know how to kill it. Any suggestions?
Tester's user avatar
  • 177
5 votes
1 answer
6k views

How to scan uploaded file for virus on linux?

Just like the title, is there any antivirus that i can run from command prompt on linux to make sure user uploaded files are virus free? Thank you!
Patrick's user avatar
  • 455
5 votes
1 answer
1k views

Server side antivirus or not?

We have basic server-side virus scanning in our datacenter, but it's expensive, uses a considerable amount of CPU cycles, and is annoying to maintain. I'm not looking for a sales-pitch on "better" AV ...
user207411's user avatar
5 votes
1 answer
7k views

ClamAV and MalDet - Are these quarantined or infected?

Learning about hardening my VPS, I installed ClamAV and MalDet, using both for a few months. Tonight, I decided that, instead of just checking home I'd check the entire VPS other than "/sys". This ...
Steven Ventimiglia's user avatar
5 votes
1 answer
4k views

How to scan for Windows viruses on Linux servers?

I have a CentOS server storing files for windows users. How do I scan for windows viruses in these files, and meanwhile prevent quarantine and other measures? I do not want the files altered in any ...
DannyZB's user avatar
  • 289
4 votes
4 answers
1k views

Should I upgrade to Symantec Endpoint Protection? [closed]

I'm the IT manager at an animal shelter in Upstate New York. We have a Windows network with about 50 desktops running Windows XP Pro. We used to use CA eTrust Antivirus, but that product didn't work ...
Alex C.'s user avatar
  • 121
4 votes
5 answers
6k views

Best Open Source or Freeware Malware/Spyware/Antivirus with centralized management? [closed]

What are the best Malware/Spyware/Antivirus solutions? Several requirements for the solution: Open Source or Freeware Centralized Management Reporting and Remote Installation Think spybot / ...
JJ01's user avatar
  • 461
4 votes
1 answer
321 views

Will preventing POST requests stop the spread of a remote access trojan?

I like the acronym RAT (remote access trojan), because it resembles another type of thing you need to get rid of from your kitchen, and because when you get rid of one and find the hole it made and ...
hazymat's user avatar
  • 390
4 votes
5 answers
1k views

Conficker: Should steps taken in group policy to secure against virus remain?

We got nailed two weeks ago by Conficker, I ran through the 26 step checklist from Mircrosoft on my own computer, as well as on our domain server. It says near the end to reverse all the changes, but ...
Peter Turner's user avatar
  • 2,350
4 votes
3 answers
2k views

Debian webserver malware scanner

I was wondering if there was a malware scanner for websites with up to date exploits for use on a Debian webs server with Apache2.2? Vulnerability scanners are great, but I also want to be sure that ...
Cudos's user avatar
  • 539
4 votes
2 answers
3k views

Privoxy rule to block Facebook spying

Recently, my server's Privoxy rules to block Facebook's spying have failed. How can I block current Facebook spying links? Since soon after the inception of Facebook's so-called “Open Graph” cross-...
bignose's user avatar
  • 1,082
4 votes
2 answers
857 views

Possible malware on my server, how to search the source?

Some users of one of our blogs have detected that when loading the page under Windows with antivirus such as Avast or NOD32 a message appears. The message is something like "The remote address has ...
javipas's user avatar
  • 1,372
4 votes
1 answer
2k views

Slowloris on Apache: is mod_reqtimeout + mod_qos enough?

I detected few days ago that my server was under slowloris attack (I found a lot of "-" 408 0 "-" "-" values in my access.log). I changed my configuration like this: In mod_reqtimeout: ...
lucas47's user avatar
  • 41
3 votes
10 answers
1k views

google result redirect virus

I'm not so sure if this is the appropriate place for this, however I accidentally clicked this link which opened a video and infected my windows 2003 std server with this virus which not only creates ...
phill's user avatar
  • 327
3 votes
5 answers
2k views

Google is blocking our requests due to "automated queries"; what's the best way to find out why?

This started a few weeks ago and we thought it was a virus so we checked every computer and all though 50%(Yeah, that's right) were infected once they were cleaned the problem didn't go away. It's ...
Ryan Detzel's user avatar
3 votes
2 answers
1k views

How do I repair dhcp service after conficker infection on Windows 2003 Server?

How do I repair dhcp service after conficker infection on Windows 2003 Server? If the server is restarted with DHCP then it keeps attempting to acquire a network address. It seems to work fine if ...
Thomas Bratt's user avatar
3 votes
2 answers
328 views

My website is infected, I restored a backup of the uninfected files, how long will it take to un-mark as dangerous?

My website www.sagamountain.com was recently infected by a malware distributor (or at least I think it may have been). I have removed all external content, google ads, firefly chat, etc. I uploaded ...
Cyclone's user avatar
  • 206
3 votes
1 answer
705 views

Can hidden shares be discovered programmatically without network admin permissions?

I work in an IT department and we would like a network accessible folder to read and write data using our internal applications. So permissions need to be open to all users. But if a user gets malware ...
Joe Gayetty's user avatar
3 votes
1 answer
920 views

I have many strange requests in my httpd access_log, does it mean I have a virus?

I have httpd log information as such which goes on and on forever. Firstly, does this mean I have a virus? is my server part of a botnet? My server is Linux Centos 5. tail -f /var/log/httpd/...
Phil's user avatar
  • 275
3 votes
3 answers
174 views

Training High School Students on Security - What harmless "viruses" can I install that they can find? [closed]

I'm training some high school students interested in OS security (specifically, Windows Server 2003/2008), and though I've gone over a lot of the "in-theory" stuff, some hands on would be great. They'...
Brandon's user avatar
  • 2,817
3 votes
2 answers
14k views

Strange scheduled tasks on Windows Server 2003

A few days ago, I noticed that our Windows Server 2003 system has strange scheduled tasks. I do not know where they came from or who set them up. I deleted them and they came up again today. They have ...
adopilot's user avatar
  • 1,531
3 votes
1 answer
306 views

Google Web History shows

Google Web History Trends is showing URLs such as the following for 4 out of 10 of my Top Clicks (including the top 2): http://ocean2-4979731.org/page/0.volume http://ocean2-6610805.org/page/0.volume ...
user avatar

1
2 3 4 5
7