Slitherine

quote:

ORIGINAL: moore4807
I was reading on another AAR, where someone made a comment about "imposter" AAR's where people were trying to "style" thier AAR's like the one I was reading.

quote:

ORIGINAL: moore4807
My response is Ummm- DUH! Isn't imitation the sincerest form of flattery? I have my favorite AAR's and have used comments and knowledge gained from them to improve my skills in this AAR. I always try to give credit where its due, and I faithfully read between 5-10 other AAR's here. Now I wasn't called out or named as doing this - but it struck me as weird since I'm a newbie AAR player, ego wise wouldn't you want someone to like what you do enough to copy your "style"?

quote:

ORIGINAL: moore4807
Larry,

I've been hacked! Some rotten S.O.B got past my firewalls and Norton 360 Premier antivirus! A nonremovable screen appears using the FBI's header "alleging" I was viewing porn on my computer and the Federal Bureau of Investigation will "accept" a fine of $200 to free my computer in one to 48 hours using ONLY Greendot something or other payment method. . . Ya like sure, if it wasnt written so badly and a government agency would use a private credit card firm to process payment .

quote:

ORIGINAL: moore4807
My biggest worry is they got to my e-mail list and are spamming it too. Use caution opening any e-mails from me until I get this sorted out.

quote:

ORIGINAL: moore4807
So until I can clear up this mess - I'm down and out. I'm using my wife's computer to access this site since I cannot use my computer at all right now.

quote:

ORIGINAL: moore4807
In reply to your question above - I believe the sub location is not "where" the symbol is in the hex. The hex has designated areas where you would look ie; lower left for enemy troops lower right for your troops then as the symbols fill in the move to a preferred open hex side. It's 46 miles across for each hex, so anywhere in those approx 196 sq miles you will find your huckleberry!

Thanks
Jim

quote:

ORIGINAL: moore4807

Larry,
After a little over 6 hours, it appears Symantec and I have cleared the virus... We have not found the file by sweeping but there were two programs installed on 9/27/12 that did not appear to be related to any program on my computer...copied them to Symantec & deleted both of those - ran a full scan that found 8 tracking cookies ... FBI screen is gone for now. The files did not seem to affect my e-mail, but use caution if one looks "different" or generates a warning - Delete it!

I should have your turn back to you tonight.

Thanks
Jim

quote:

ORIGINAL: witpqs

Sorry that happened to you, I hate the B*stards that do that sort of thing.

Thanks witpqs, I consider myself a midrange experienced computer person - I am much better at hardware/configurations than software...

Symantec stuff is not one of the better ones today. They are all fallible for various reasons, among them being what are called 'zero-day exploits'. There are weaknesses (often downright bugs) discovered in code that are privately communicated to the software companies so they can fix them. Unfortunately, some are discovered by the bad guys first, and only discovered by the good guys because the bad guys are already using them. That's where the term 'zero-day exploit' comes from - they are already being used by bad guys in the wild on the day of their discovery by good guys. That means that sometimes your anti-virus, etc CAN'T know about a thing because the people who wrote that anti-virus don't know about it yet. There are other ways they try to protect you, but nothing works all the time.

You are exactly correct, however in my experience one of the best defenses is not so much "names" of antivirus, but is how they are applied. 90% of antivirus users, make NO changes to the out-of-the-box configuration, which makes it very easy for hackers to circumvent.
I use the Norton 360 Premier as my primary antivirus because the simple fact is tracking of code changes is something that Symantec is excellent at. The time it took to track the code changes from my weekly backup was less than an hour, GETTING to the Norton was difficult because the hack program didnt allow a complete boot up of Windows... That was a new one to the Symantec tech.

A major problem is those discovered vulnerabilities that I mentioned. Browsers obviously can allow you to get infected, but so can Java (and there have been some bad Java exploits found recently), Adobe Reader, Flash Player, and so many others. Keep all of your software up to date. Using the auto-updaters like Microsoft has for Windows and their other software, Adobe has for their software, Oracle for Java, and so on is a great idea and pretty much essential these days!

You obviously have some experience in the field! Yes I do! As I said above I have Norton 360 Premier, and I have PC Pitstop's antivirus as my redundant backup. How it got past those AND Windows defender, is what I'm scratching my head at. . .

What motivated me to write this post is actually another facet of the issue - cleaning the PC afterward. The big problem is knowing when you have found and killed the culprit. In short, you pretty much can't. The only way to be sure is to, as they say, nuke it from orbit. Keep regular backups and that process is easier. Note that you can still make backups of your data from a suspect system. It's the software that you don't trust at that point. re-load Windows (yes I know how much that sucks!), re-load the software that you use. Make sure it all gets back up to date. That's the best approach.

GOOD POINT, and the $64K question... According to the Tech, and what I did, was restore the computer to 9/23/12 (last backup date). After that we did a line by line search using Norton of EACH change to the startup and then the code line changes from 9/23/12. (ugghhh!) Thats where we found the changes on the 27th. Once we copied them & emailed them to Symantec - we deleted them and rebooted the system twice. After the reboots it stayed clean. I'm putting my faith into my external HDD (which has its own security access hardware) where I store my backups... Otherwise I'm as dumb as any other user...

What I suggest is a whole lot of trouble to do. Let me ask you this: do you do online banking from that PC? How much do you trust it right now?

Yes I do online banking from this computer, but through a blind IP address - I have to log in twice to two different https. sites, instead of a straight login. I thought of a keylogging program might be a part of the hack, but cannot find any known traces/filters for one.

Great suggestions and thanks for your post, witpqs, I'll go with this for right now, because I have turns backed up on both games... But be ready to tell me you told me so!

quote:

ORIGINAL: moore4807
Larry,
After a little over 6 hours, it appears Symantec and I have cleared the virus...

quote:

ORIGINAL: moore4807
I should have your turn back to you tonight.

quote:

ORIGINAL: btbw

http://www.2-spyware.com/remove-fbi-green-dot-moneypak-virus.html
find bootable CD with antivirus and own operating system for boot from it and clean your HDD.
Im using DrWeb LiveCD.
For future use try Avira Antivir (it free) and Comodo Firewall. Also run LiveCd with AV check each month or after any sense you got virus.
Be safe.