J
JustonBlack
Guest
I have been dealing with a nasty Trojan for some time. After a clean install I don't connect to the internet. The owner is trusted installer.
So I attempt to take over along the way there are files like page.sys or swap file dump stack log etc certain folders that I still don't have full control over! I tried to load Ubuntu I don't like windows they make it easy even for the most inexperienced user can navigate. I'm trying to rid my system of windows and go to Linux but there is some thing in the bootlog I'm guessing that on startup it loads these default settings and soon as I get connected to the internet. Bam he's got control and running scripts on port 80 Nmap is my scanner I use. I ultimately wanted to learn the other half.
I am learning the ways, I don't claim to know a lot and probably get my self in trouble as I learn about software vulnerabilities and what not. I caught this Trojan doing just that.
Since I'm not that far advanced I need to understand how this Trojan operates how I can cut the head off this snake before I connect to the internet. Can I get a list of registry keys that are loaded at time of install so I can compare and see where the one script is that starts the whole thing going?
Same with the bootlog how do I look at what is actually being loaded. I even went as far as total format wipe clean re partition everything clean slate. I haven't looked at the logs but I am guessing it is in my cloud. As soon as I sign in to Microsoft. Bam edge sucks. That's the field I'm going into cloud security server less scripts. That's the goal I know enough to get my self into trouble That's it so far.
Any suggestions on where to start I would even connect so someone that knows can see what I'm talking about. It's the worst root kit I have encountered and believe me when I tell you I thought I had seen them all. This guy is tricky and pushing me to throw this whole laptop in the lake.
I promise I'll be good if someone can just give me some guidance on how to rid my system or delete my Microsoft account I'm torn. Thanks
Juston black
More...
So I attempt to take over along the way there are files like page.sys or swap file dump stack log etc certain folders that I still don't have full control over! I tried to load Ubuntu I don't like windows they make it easy even for the most inexperienced user can navigate. I'm trying to rid my system of windows and go to Linux but there is some thing in the bootlog I'm guessing that on startup it loads these default settings and soon as I get connected to the internet. Bam he's got control and running scripts on port 80 Nmap is my scanner I use. I ultimately wanted to learn the other half.
I am learning the ways, I don't claim to know a lot and probably get my self in trouble as I learn about software vulnerabilities and what not. I caught this Trojan doing just that.
Since I'm not that far advanced I need to understand how this Trojan operates how I can cut the head off this snake before I connect to the internet. Can I get a list of registry keys that are loaded at time of install so I can compare and see where the one script is that starts the whole thing going?
Same with the bootlog how do I look at what is actually being loaded. I even went as far as total format wipe clean re partition everything clean slate. I haven't looked at the logs but I am guessing it is in my cloud. As soon as I sign in to Microsoft. Bam edge sucks. That's the field I'm going into cloud security server less scripts. That's the goal I know enough to get my self into trouble That's it so far.
Any suggestions on where to start I would even connect so someone that knows can see what I'm talking about. It's the worst root kit I have encountered and believe me when I tell you I thought I had seen them all. This guy is tricky and pushing me to throw this whole laptop in the lake.
I promise I'll be good if someone can just give me some guidance on how to rid my system or delete my Microsoft account I'm torn. Thanks
Juston black
More...
