Malware cleaner.
- pre65
- Amstrad Tower of Power
- Posts: 21399
- Joined: Wed Aug 22, 2007 11:13 pm
- Location: North Essex/Suffolk border.
#1 Malware cleaner.
I seem to have some malware on my laptop.
It pops up now and then on Chrome, and it's "bywinners.men".
I've searched for all files containing those words, and deleted them, but after a few days it pops up again.
Malwarebytes can't find anything amiss.
Can anyone recommend a more effective malware cleaner ? Even paid for ones if they do the job.
It pops up now and then on Chrome, and it's "bywinners.men".
I've searched for all files containing those words, and deleted them, but after a few days it pops up again.
Malwarebytes can't find anything amiss.
Can anyone recommend a more effective malware cleaner ? Even paid for ones if they do the job.
The only thing necessary for the triumph of evil is for good men to do nothing.
Edmund Burke
G-Popz THE easy listening connoisseur. (Philip)
Edmund Burke
G-Popz THE easy listening connoisseur. (Philip)
#2 Re: Malware cleaner.
Googling how to get rid of it throws up this site amongst others-
http://pcfixhelp.net/hijackers/3809-how ... inners-men
http://pcfixhelp.net/hijackers/3809-how ... inners-men
- pre65
- Amstrad Tower of Power
- Posts: 21399
- Joined: Wed Aug 22, 2007 11:13 pm
- Location: North Essex/Suffolk border.
#3 Re: Malware cleaner.
Thanks Ali.
I had read that, but "spyhunter" seems to not be very safe, depending on where one looks for reviews.
I had read that, but "spyhunter" seems to not be very safe, depending on where one looks for reviews.
The only thing necessary for the triumph of evil is for good men to do nothing.
Edmund Burke
G-Popz THE easy listening connoisseur. (Philip)
Edmund Burke
G-Popz THE easy listening connoisseur. (Philip)
#4 Re: Malware cleaner.
Can removing Chrome's cache history help here? I use C-Cleaner every so often for ' a proper clear-out' and it seems to work well, for me anyway.
#5 Re: Malware cleaner.
A clean reinstall of Windows would be in order and would probably perk up your laptop in terms of speed.
- jack
- Thermionic Monk Status
- Posts: 5502
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#6 Re: Malware cleaner.
No. Don't do this - in all my years of supporting Lord alone knows how many computers (in the 1000s), my teams have rarely if ever needed to do a re-install. It's a cop-out and never identifies the underlying issue. Moreover, for certain classes of infections, it won't even resolve the problems.
Vivitur ingenio, caetera mortis erunt
#7 Re: Malware cleaner.
Give over fella.... yes if you were supporting 1000's of computers then the usual 'IT support' principals were probably in place, 'do as little as possible to correct the issue then on to the next machine'jack wrote: ↑Fri Dec 08, 2017 11:11 amNo. Don't do this - in all my years of supporting Lord alone knows how many computers (in the 1000s), my teams have rarely if ever needed to do a re-install. It's a cop-out and never identifies the underlying issue. Moreover, for certain classes of infections, it won't even resolve the problems.
What infections still exist if you do a full deep wipe of a hard drive ??
The underlying issue is poor user interaction, either opening a spam e-mail or downloading porn !!! Eduction is the key to address it not happening again.
- jack
- Thermionic Monk Status
- Posts: 5502
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#8 Re: Malware cleaner.
I agree with the last part that education is important, but it's far from being the only underlying issue.Hemmo wrote: ↑Thu Dec 14, 2017 3:33 pm .... yes if you were supporting 1000's of computers then the usual 'IT support' principals were probably in place, 'do as little as possible to correct the issue then on to the next machine'
What infections still exist if you do a full deep wipe of a hard drive ??
The underlying issue is poor user interaction, either opening a spam e-mail or downloading porn !!! Eduction is the key to address it not happening again.
I'm not at all sure where you get the idea that my teams would "do as little as possible". If you worked for me with that attitude you'd be straight out the door.
As most of my career I've been an FSA/FCA regulated person in large financial institutions, I'd be in jail if I let that happen. We isolate & analyse each infection. In recent years we also use AI tools to protect against most zero-day attacks. As a CTO, I'd be failing everyone if we failed to identify each attack and impose appropriate mitigations.
It's all about risk management.
There many attacks that don't live on the hard drive - they can hide in the hard drive firmware, the motherboard BIOS, the GPU or even DMA, LAN and RAM controllers etc. - disks are old hat for serious infections.
Further, when talking about hard drives, a "full deep wipe" is largely a thing of the past - any suspect hard drive we now shred (they get turned into tiny granules) - the drive's controller is as much of a risk (firmware gets compromised) and wiping simply does not work with SSDs which have a completely different MO - read up about wear leveling and you'll get the idea why that's the case.
Last edited by jack on Thu Dec 14, 2017 6:26 pm, edited 1 time in total.
Vivitur ingenio, caetera mortis erunt
#9 Re: Malware cleaner.
Nick (jack), whats you view on what looks like a can of worms, Intel's Active Management Technology?
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
- jack
- Thermionic Monk Status
- Posts: 5502
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#10 Re: Malware cleaner.
CVE-2017-5689 ? The whole AMT issue is, as you correctly say, a can of worms.
Intel have posted an advisory on where the various motherboard manufacturers are in this at https://security-center.intel.com/advis ... geid=en-fr.
We've followed the mitigation advice and disabled AMT for now.
The lot I'm with use a single h/w vendor and they don't have a fix yet.
Intel have posted an advisory on where the various motherboard manufacturers are in this at https://security-center.intel.com/advis ... geid=en-fr.
We've followed the mitigation advice and disabled AMT for now.
The lot I'm with use a single h/w vendor and they don't have a fix yet.
Vivitur ingenio, caetera mortis erunt
#11 Re: Malware cleaner.
<tinfoil_hat>Or at least that’s what you think...</tinfoil_hat>We've followed the mitigation advice and disabled AMT for now.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
- jack
- Thermionic Monk Status
- Posts: 5502
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#12 Re: Malware cleaner.
Should have mentioned that AMT is only enabled on fairly recent Intel CPUs, which means pretty much all the ones we have.
Download and run the GUI tool - it pops up a Window which tells you immediately if your host is vulnerable.
Download and run the GUI tool - it pops up a Window which tells you immediately if your host is vulnerable.
Vivitur ingenio, caetera mortis erunt
- jack
- Thermionic Monk Status
- Posts: 5502
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#13 Re: Malware cleaner.
AMT version 11.8.50.3425 or later fixes the problem. Lenovo have a version on their site - you should check your own motherboard manufacturers' sites for their ones.
Nasty, nasty bug.
Vivitur ingenio, caetera mortis erunt
- pre65
- Amstrad Tower of Power
- Posts: 21399
- Joined: Wed Aug 22, 2007 11:13 pm
- Location: North Essex/Suffolk border.
#14 Re: Malware cleaner.
My Laptop is a Lenovo ThinkPad T540p, seems that download you linked to is not for my model.
The only thing necessary for the triumph of evil is for good men to do nothing.
Edmund Burke
G-Popz THE easy listening connoisseur. (Philip)
Edmund Burke
G-Popz THE easy listening connoisseur. (Philip)
- jack
- Thermionic Monk Status
- Posts: 5502
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#15 Re: Malware cleaner.
Is your model vulnerable in the first place? Run the tool I linked to above and check first !
(https://downloadcenter.intel.com/download/26755)
Vivitur ingenio, caetera mortis erunt