Don’t forget, we’re back today @ 2pm ET! www.d7xtech.com/live
Today we’re going to have yesterday’s planned special guest who couldn’t make it — perhaps — and I’ll discuss the ideas I’ve been brewing (a direct result of yesterday’s content packed mini-show!)
Question for the Techs out there (from show #6):
Do you have any special tips or tricks at locating and recovering the specific source of a malware/virus infection (typically a trojan dropper)? So far, we know most droppers will delete themselves (rather a subsequent binary will delete the original,) and we’re really faced with hoping to get lucky with a .zip file still in their default download directory, because they probably didn’t actually extract the dropper before execution, so only the extracted copy in %temp% or wherever would delete itself.
As a tech most of the time, it never matters to you and rarely to your client because they don’t listen anyway. Here at Foolish IT however, gathering data on these droppers can lead to new prevention techniques as well as new removal strategies! Quite often at Foolish IT we are asked how to remove xxx with our tools — or to improve our tools for xxx — well since we’re not benchin’ every day like our clients, we the dropper so we can study it ourselves in live environments, and repeat the experiment. Many would send us samples of the infection files, but they don’t really do us any good because we don’t know how to manually install them (like the dropper would) so that they become a full infection. This probably has something to do with why droppers delete themselves — they contain useful information for the good guys!
So basically, we need working droppers that actually infect the system to effectively study not only prevention but also removal. It would be great, with your help, to tell others how to retrieve them effectively if they exist, and prior to removal from some automated scanner, so they can get them to us or others for study.
Episode 6 video link: http://youtu.be/ZBOOkuGm_Yc
Episode 6 Show Notes:
Short show yesterday with an unplanned surprise guest (taking the place of a planned surprise guest!) my mom is visiting from out of town, so by show time I was dressed and ready for the coming grandkid go-kart extravaganza. Not much planned today, so we should have some additional time to stay late (meaning after 5pm ET)
Cryptolocker Honeypot Script – Basically this idea was proposed to me last year by several techs, the old “make a huge file that would take xxxx time to encrypt and watch for the change” and I shot it down pretty quick for a few good reasons that don’t seem that important anymore; now after talking with Tim from Squatting Dog Development (from next note below, he gets the link credit for this one too) I’m starting to realize just how NON-futile some of this is especially for server systems, and very soon we’ll be exploring just how far we can go to improve these ideas for CryptoPrevent!
Squatting Dog Development’s dUninstaller Labtech plugin – Tim from Squatting Dog Development joined us to discuss dUninstaller usage with the Labtech RMM solution and his dUninstaller plugin for Labtech, a possible collaboration between our circles of techs on building some centralized list of definitions that work well for fully automated/silent uninstalls, and Tim made the request for dUninstaller to self-download remote definitions (which should be easy enough!)
Free Tech Tools and Free Software for casual users – I finally decided to put up some of the small free utilities we had on the old website in the new site’s navigation system so ppl can find stuff. yay!
Michael also talked ad nauseam about privacy and something, I don’t know I blocked that out.
Previous, but very important notes for our techs:
http://1drv.ms/1GP1lyr – Foolish IT Drawing Board (Public view of our ideas and plans – read-only access)
http://1drv.ms/1Vc9S6t – Foolishly deep Conversations Manuals Stuff – community fueled wiki-styled manuals for Foolish IT customers – read/write access! Come contribute your ideas, how-to guides, techniques, tips, and more for Foolish IT products in this public OneNote!
www.d7xtech.com/upgrade – dCloud subscribers for d7 Premium, starting now you get a free d7II upgrade! We greatly appreciate your long standing loyalty, and part of our commitment to you is to ensure you are supported with the best and most current tools in the industry! Must have an active subscription to the dCloud service (a recurring billing account in good standing) or a one-time lifetime subscription purchase to qualify for the upgrade.
d7II subscribers without dMZ access should request their complementary Starter access at this link: https://www.d7xtech.com/dmz/request-dmz-access/
dMZ Starter access is a complimentary membership now included with all d7II subscriptions, which contains an introductory training video series and all d7II additional downloads available at the dMZ! If you subscribed prior to June 2015 to an Annual subscription (and in other cases) you were not automatically issued dMZ login credentials unless you purchased dMZ Standard or above.
www.d7xtech.com/tech-directory – The new Tech Directory is a public searchable database designed to introduce the best PC repair and IT service providers in the industry to our millions of free and paid CryptoPrevent users who wind up here in need of assistance. “Powered by d7II” these professionals are provided with the best tools in the industry to ensure the job gets done properly. Not in the directory? Login to your dMZ account head here: https://www.d7xtech.com/dmz/tech-signup/