Escaping major Win virus. It nearly got into Linux Mint via Update

Welcome to newcomers! Don't hesitate to introduce yourself.
Forum rules
Topics in this forum are automatically closed 6 months after creation.
User avatar
NM64
Level 4
Level 4
Posts: 323
Joined: Sat Feb 04, 2017 11:34 pm

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by NM64 »

Maor wrote: Fri Aug 02, 2024 12:32 pm No anti-virus would touch it. Ultimately, years later, after the virus appeared long gone,
I hooked up my two original 2010 hard drives...air-gapped for 8+ years for protection,
only to watch them self destruct dramatically.
The real question is, were the hard drives wiped while setting in storage for 8+ years? Also, when you reconnected them to a PC, was said PC also similarly air-gapped, or was said PC connected to your network?

Maor wrote: Fri Aug 02, 2024 12:32 pmOn the flip side of the coin, being experienced in scientific programming util the mid-1990's,
This at least means that you'd probably be skilled enough to even try some super-unconventional "PCs" like running Linux on a jailbroken PlayStation 4. :P (the idea being that super-unconventional "PCs" would be more hardened against malware unless it truly is just something running within the OS that gets infected from an external disk or network).

Of course, a PS4 (non-pro of course as the pro is worse for jailbreaking) has single-threaded performance more akin to mid-2000s laptop, and its 8 CPU cores aren't all that useful for day-to-day tasks.
CPU: Xeon E3-1246 v3 (4c/8t Haswell/Intel 4th gen) — core & cache @ 3.9GHz via multicore enhancement
GPU: Intel integrated HD Graphics P4600
RAM: 4x8GB Corsair Vengence @ DDR3-1600
OS: Linux Mint 20.3 Xfce + [VM] Win7 SP1 x64 
Maor
Level 1
Level 1
Posts: 9
Joined: Fri Mar 29, 2024 3:17 pm
Location: Maine

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by Maor »

The drives sat in my file cabinet for the 8 years...They had not been touched...

I am through with anything windows related unless it is in a VM, and even then, only for necessity, such as ensuring a file is clean...but I think that is impossible...I sent out a seriously infected laptop to Best Buy for the third time, requesting specifically that the old unused version of Powershell V2 be eliminated and group policies be modified. Seemed to work well enough at first, when I got it back, ...no obvious power shell changes occurred on bootup....but I could not add a password to the local user account provided...then when I tried an offline root kit detection by Windows Defender...Ironically, I clearly saw a non-normal powershell window before and after the Defender statement indicating nothing was found.
Go figure.....I have decided to cage the virus at its pro-level in the firmware within Linux Mint or move to the Mac World.

Thank you very much for your reply.
User avatar
NM64
Level 4
Level 4
Posts: 323
Joined: Sat Feb 04, 2017 11:34 pm

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by NM64 »

Maor wrote: Wed Sep 04, 2024 11:13 pm The drives sat in my file cabinet for the 8 years...They had not been touched...
Maybe you already know this (it's unclear), but leaving infected drives sit around gathering dust does not make their own infection(s) go away.
CPU: Xeon E3-1246 v3 (4c/8t Haswell/Intel 4th gen) — core & cache @ 3.9GHz via multicore enhancement
GPU: Intel integrated HD Graphics P4600
RAM: 4x8GB Corsair Vengence @ DDR3-1600
OS: Linux Mint 20.3 Xfce + [VM] Win7 SP1 x64 
Maor
Level 1
Level 1
Posts: 9
Joined: Fri Mar 29, 2024 3:17 pm
Location: Maine

Re: Escaping major Win virus. It nearly got into Linux Mint via Update

Post by Maor »

To coffee412...thanks for clarifying the concept of using another computer for full router control.

Very interesting....My issue is that I have a persistent inside attacker.
If I understand correctly, the 2nd computer router really does not become useful
until I have the firmware proto-virus caged...unable to get to its external servers for some muscle building...
...or does it??? If I can determine the port or ports it tries to access, maybe I can cage it...given that it is
going to have very limited capability.

Is that what you were thinking?
I was thinking of doing something similar in trying to identify its external servers addresses
and block it in a hosts file....but Wireshark is intimidating to an old guy with sleep apnea like me.

Interesting...If I boot a fully developed LM installation from a Nexcopy USB-R, using other drives for swap, cache, and storage, and can control the virus from getting to its servers, I "might" have accomplished something.
The LM installation could not be tampered with, as Read-Only protection of the USB stick occurs at the sticks USB controller level. ...This requires a text-based BIOS computer...Some do exist today...
Throw on a security focused virtual keyboard as well, and I would have another level of protection.
The first sign that something i amiss in LM is when you have to repeatedly type in 4-5 times the encryption password,
and then the same again for the login password.

The router I have is a Pepwave Surf Soho MK3...which has vlan capabilty which could be useful to ensure the infection does not spread inside our lan, if it gets out...It also has VPN capability...which is nice to have up and running before one heads out on the net...There is the advantage of a separate computer router....

This all feels like wishful thinking on some level, as the situation is very very complex, and people and machines that can run circles around me in most areas.

Thanks again though, It was an excellent response and I appreciated it.

JAL
Post Reply

Return to “Introduce Yourself”