1. Kanakops

    OP Kanakops GBAtemp Fan
    Member

    Joined:
    Aug 14, 2016
    Messages:
    301
    Country:
    Canada
    Hi, i'm not posting a lot and I don't know if I post this in the good place but I have try to execute a virus in a vm but the virus escape in my real vm

    The basic one have been blocked and put in quarantine but the other one was not blocked by windows for some reason and now I stress a lot.

    I didn't have the symptom of cisum.exe (https://www.helpnetsecurity.com/200...-it-has-been-infected-by-the-new-cisuma-worm/

    https://www.sophos.com/en-us/threat...nd-spyware/W32~Cisum-A/detailed-analysis.aspx)

    But I don't know what mikatz.gen!f is supposed to do

    The virus I have try to execute was "cisum.a or cisum.exe" I don't know ( it said state : failure , this program can't be fully fixed )

    [​IMG]

    Now i'm on hiren's and I do a malwarebyte scan, so far it's detecting nothing but i'm really stressed, if someone can help me it would be great.
     
  2. Jeffreyz

    Jeffreyz Newbie
    Newcomer

    Joined:
    Jul 10, 2020
    Messages:
    7
    Country:
    United Kingdom
    Good luck
     
    Kanakops and MeAndHax like this.
  3. CactusMan

    CactusMan GBAtemp Regular
    Member

    Joined:
    Nov 18, 2019
    Messages:
    134
    Country:
    Netherlands
    Make back ups of the things you love and instal Linux Mint. You´ll be virus free.
     
    Kanakops likes this.
  4. zxr750j

    zxr750j GBAtemp Fan
    Member

    Joined:
    Sep 29, 2003
    Messages:
    371
    Country:
    Netherlands
    If you're running VM's trying to execute viruses you are really on the wrong forum...
     
    Kanakops and CactusMan like this.
  5. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,430
    Country:
    United States
    Why would you test malware in a VM if you don't know what you're doing? Most malware has the ability to detect if it's in a VM or not, thus requiring extra steps to prevent this. If you plan to test and analyze malware, it should be on an air gapped system with Deep Freeze installed.

    To answer your question, the detection here is a heuristic signature (hence the "gen", or "generic"). Disconnect from the internet and run a full scan. Malware likes to hide in %appdata% so it can execute without invoking a UAC prompt, so check there first for anything suspicious.
     
  6. TheCasualties

    TheCasualties Just trying to be helpful
    Member

    Joined:
    May 11, 2020
    Messages:
    412
    Country:
    Netherlands
    This guide should help you. Take your time and you'll eventually get rid of it.
    https://www.reddit.com/r/techsuppor...ested_reading_official_malware_removal_guide/

    Revo Uninstaller is a great tool for removing stubborn things too. Might help. Good luck!

    Worst case scenario: format your drives and reinstall windows.

    Edit: just realized how old that reddit post is.. Hopefully it's still useful. It helped me a while ago. Also noticed this is a pretty old thread, did you already get this cleared up, OP?
     
    Last edited by TheCasualties, Jul 16, 2020
    Kanakops likes this.
  7. Kanakops

    OP Kanakops GBAtemp Fan
    Member

    Joined:
    Aug 14, 2016
    Messages:
    301
    Country:
    Canada
    Hey thanks for all the answers, i'm the type of person who connect one time per several months so sorry if I didn't reply anyone here

    I was curious to test virus on the vm because in my school we was used to try it on vm and remove them/fixing the problem they caused. But teachers was giving the same thing over and over, a virus who change your password and corrupt the explorer, after those I was too confident and was thinking nothing will happen outside my vm so I have download an archive from virus, I have execute a couple of them and nothing was happening at all even on the task manager, and one of them finally worked [​IMG].

    The thing is that I have forgot to remove the shared folder, so the virus have create a version of himself on every drive on the vm (and the shared folder was considered like one of them)

    Now I think the virus just got detected and blocked before anything happen but I was just not able to be quiet because I didn't really know what THIS virus was doing/how it's supposed to act.


    At the end I have make a backup from a couple of stuff (and I forgot my schools works rip) and I have installed Manjaro. But I'm really not confortable with linux even if I have used ubuntu and lubuntu before, this is just not for me, also I like to play some online game sometimes, so I have format everything except the few thing I have backup and have reinstall windows. I have do several malware analysis with malware byte premium (trial) and windows defender and nothing got detected, so now I think it's over with this story
     
    Last edited by Kanakops, Aug 12, 2020
  8. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,430
    Country:
    United States
    A lot of malware uses a technique called running process injection. They often times will inject themselves into the memory of common Windows components (svchost, taskhost, etc.), or if they're primitive/unsophisticated, they'll just mimic a process name of something that is usually benign. This is to avoid easy detection through the Task Manager. This also helps in evading anti-virus detection. So, just because you don't see a process for the binary you executed doesn't mean that it's not running. And, like I mentioned, most malware has VM detection, so if it detects that it's being ran in a VM, it won't execute at all (anti-debugging measure), or it'll use something to break out of the VM and infect the host instead.
     
    Kanakops likes this.
  9. Gon Freecss

    Gon Freecss Privacy Advocate
    Member

    Joined:
    Nov 14, 2013
    Messages:
    310
    Country:
    Venezuela
    I think you just had a bad dream...
     
    Kanakops likes this.
  10. Kanakops

    OP Kanakops GBAtemp Fan
    Member

    Joined:
    Aug 14, 2016
    Messages:
    301
    Country:
    Canada
    I wish even today it was just a bad dream

    Ohh ok so that explain what happen, Like I said I have execute a lot of them and "nothing" was happening and two virus got detected
    [​IMG] (I didn't show this one because it was blocked without any problem)

    and this [​IMG]

    I didn't know anything about mikatz.gen!f (and I don't know anything about it now either, I didn't find this exact version on internet)

    so my theory is mikatz.gen!F understood the fact he was inside my vm and escape, why it was not blocked properly ? I don't know. Anyway this story is still stressful for me, I have wipe windows, put manjaro linux, remove it and reput windows but in the process I still keept somes files on the backup (nothing related to windows but movies/games..) and even if I have do some scans with malwarebyte and windows defender i'm still thinking there is a chance it's still on my computer in some way (for exemple if the virus have infect/corrupt other files on my backup)
     
    Last edited by Kanakops, Aug 13, 2020
  11. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,430
    Country:
    United States
    It's rather uncommon for malware to "worm" your personal files, especially videos and music. It tends to lead to data corruption, thus making the infection fruitless. This isn't the 90s where malware operators act like malicious pranksters. Malware is all about making money off of harvested data these days, so preserving that data and staying as low key as possible is the goal. It's more common to download an infected video or song file that was specially crafted to have a payload in the header data of the container. This said, worming is still a practice, but it's more network focused. Operators will infect network shares on a corporate network, for example, thus spreading the malware to every networked computer with access to those shares.
     
    Kanakops likes this.
  12. Zyvyn

    Zyvyn GBAtemp Advanced Maniac
    Member

    Joined:
    Aug 9, 2017
    Messages:
    1,943
    Country:
    United States
    Im honestly hoping the linux community stays small because I enjoy not having to worry about viruses
     
  13. Mythical

    Mythical GBAtemp Advanced Maniac
    Member

    Joined:
    May 11, 2017
    Messages:
    1,939
    Country:
    United States
    You could just reinstall windows. Would probably fix your problems
     
    Kanakops likes this.
  14. Kanakops

    OP Kanakops GBAtemp Fan
    Member

    Joined:
    Aug 14, 2016
    Messages:
    301
    Country:
    Canada
    I already did it, I was on windows, I was thinking "hey, I would just profit of this situation and go on linux" but I didn't like it and because I play a lot of games/use somes type of software I didn't want to hit my head on the table for searching a way to make everything compatible so I came back on a fresh installation of windows, I probably don't have any virus and i'm just paranoid for nothing right now
     
  15. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    11,205
    Country:
    United States
    I once got a virus that would crash the computer if I tried to remove it. what I did to fix it was reflash an old disk image. you can try to reinstall windows fresh as I think the serial number is part of the mobo or injected into it anyway from the factory. that's what dell told me anyway as it won't ask for it if you download the reinstaller from say dell or the manufacturer of your computer to get windows back from being messed up. it will erase everything though, which is why I always suggest making a disk image every few months. don't put it on auto in case something goes wrong and you have an infected disk image as well.
     
    Kanakops likes this.
  16. linuxares

    linuxares I'm not a generous god!
    Moderator

    Joined:
    Aug 5, 2007
    Messages:
    7,898
    Country:
    Sweden
    If you wanna test viruses, I would recommend you put it on it's own LAN that doesn't have any access to the internet or anything. That way if it's a worm it won't run amoc.

    Also try using Hitman Pro
     
    Kanakops likes this.
  17. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    11,205
    Country:
    United States
    I also did this in case I have to start over. I have everything mirrored in directories named after them and each install exe (some might be old but you can usually update from within the app):

    [ upload_2020-8-12_21-25-10.png upload_2020-8-12_21-25-29.png upload_2020-8-12_21-25-53.png
    it takes about an hour and a half to get everything back from nothing this way.
     
    Last edited by godreborn, Aug 13, 2020
    Kanakops likes this.
  18. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,430
    Country:
    United States
    Hate to burst your bubble, but there are exploits that come out for Linux software all the time. There's plenty of viruses. The userbase of Linux is actually quite large, too, thanks to Android (which is riddled with malware). Not to mention most of the Internet is ran by Linux, so there's that. That kinda makes it a common target.
     
  19. linuxares

    linuxares I'm not a generous god!
    Moderator

    Joined:
    Aug 5, 2007
    Messages:
    7,898
    Country:
    Sweden
    Correct but a lot of the viruses either get patched quickly or they even never reach outside of the home folder.
     
  20. Zyvyn

    Zyvyn GBAtemp Advanced Maniac
    Member

    Joined:
    Aug 9, 2017
    Messages:
    1,943
    Country:
    United States
    I more meant in the desktop scene most the stuff by google is basically already malware
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - virus,