Everyday Windows

[ph0bYx]

A few hours ago I've decided to take a look at a few hacking games websites that are listed in a thread in the Gaming section of the board. I came across the hackit.de (or something like that) site, registered and started browsing the forum. I stumbled upon a thread where a member posted a Mozilla addon, I think its name was Developer Tool or something. I downloaded and installed that addon onto my FireFox and restarted FF as usual after adding a new addon. I’ve opened FireFox and noticed a new tray in it with a lot of buttons ( buttons like CSS, JavaScript, Cookies and similar) and clicked on one. After clicking on it the music that was playing in Winamp suddenly started to skip and a few seconds after it my computer restarted. I was surprised but not too much, I thought it was a Windows bug but I turned off my modem while booting, just in case… So I was calmly waiting for Windows to boot up, and it did, but just when NOD32 was about to power up, my computer restarted again, and I was like OMFG something’s wrong O_O
During booting I’ve hit the F8 button, a blue screen appears (not BSD don’t worry ) with 3 options:
- booting from Floppy Disc
- booting from HDD
- booting from CD

I clicked on booting from HDD and started praying. Fortunately it booted normally this time, and I hit ctrl alt del and killed all the processes that didn’t look familiar. Right after that I started scanning my comp, first with SpywareTerminator, then NOD32 (both latest updates), Spybot Terminator and Portable Kaspersky AV. None of them showed anything, so I considered reinstalling FireFox, but had to export the bookmarks. I’ve tried to do so with IE7 and Opera but failed (gotta find a tutorial on the net about that), so I couldn’t risk losing all the bookmarks (my sweet pron bookmarks). After thinking a while on what to do, I decided to risk and open FF. Realizing that nothing happens I’ve uninstalled the addon, just in case and everything was back to normal.

I’m writing this offline, and I’m about to turn my modem on to post it. I’ll be monitoring the connections with TCPview and the processes with process manager for any strange activity, just to be sure, hope there won’t be any.
I realized that it’s 99% a Windows bug, but also realized that when in situations like that (virus infection, hacker penetration or like in this case an OS bug) I have no idea what to do. The best thing I know is to start lots of scans and kill a process or two, but that’s not enough.
So my next goal is to learn as much as possible how to act in those situations, and about computer diagnostics and forensics.
The reason why I’m posting this in the Newbie section is because I know that a lot of you think this is silly (“One Windows bug and he opens a thread about it OMG!” and similar) but I want the newbies (myself included) to realize what I have, that it’s important to know how to behave in situations like that and not to freak out and be on the verge of a heart attack like me.
Well, modem powered up and I’m online once again. Now going on a hunt for e-books and tutorials, if you could recommend me some that would be awesome.

Oh, and sorry for wasting your time if I did. Wasn’t my attention.

[computathug]

Well there's no better way of gaining knowledge than hands on experience. The most of the time i have come across errors like this are usually down to a bad install. You seem to have done everything you can in this situation to minimize the damage. The first think i do if i feel i have a bad file on the computer is to take the computer off my network and go into safe mode and remove the last installation. There is no perfect way to deal with any problem as this all comes down to the root of the problem which is what you need to be finding. Get to the root of the problem and work from there as every problem could be different.

Good work any way

[ph0bYx]

Thanks!

Here are some of the methods I believe are used in those situations, and the parts that I'm missing:

- review the processes (missing: knowledge about most of the common processes, eg what program, what does it do, what will happen if it's terminated)

- explore the WINDOWS, system32, Program Files folders and sort them by date to see the most recent changes (missing: knowledge about the common files in those folders, therefor risking serious damage by deleting some of them)

- check the logs (have NO idea how to do that, and what to look for)

- enabling network and monitoring behavior

Those are the methods that I know about and are not mass scanning. Obviously I'm missing a lot of knowledge about them so I can't preform them correctly. But I'm in a learning process, so I'll gain that knowledge (hopefully).

[Lyecdevf]

Use De.lic.us bookmarks. I have been using them for a while now and I have nothing to complain over. Your bookmarks get stored safely online and you do not have to worry about losing them!

[DNR]

Ph0
you are on the right track, the way you are thinking is very good. While most people seem to believe there is a magic tool that one can press a single button for a complete system health check, you understand there are several layers and different areas to look in to.

I use Process Explorer to monitor my system, it is handy because you can close it down to a active icon in the taskman. It also drills down a list of all the processes that are running to provide service to an application on your desktop. After a while you get to understand the services that run on the windows box.

This is the reason I am not so eager to switch to linux, I have used windows since MS-DOS and I have gotten to know it well.

The important part of performing a system health check is you have to have a baseline to measure against. When you do a clean install of a OS, you want to do a health check then. Most people don't do a baseline because "Hey! Nothing is wrong!", but it gives you the measure of how your computer runs before you connect it to the internet and start visiting websites, let alone download an application from the internet.

In my computer lab I use removeable HDDs on my systems, they have a pull-out tray in the front of the computer to swap out HDDs. I kept one HDD with just a fresh install of the OS - this helped to compare Process Explorer results between a clean OS and one that has been online for a while.

With Process Explorer you can use a drop down menu to perform a live search on anything you click on, so its real handy to get informed on what is going on. Back in the older days it wasn't that easy and we had to learn by books and hands on.

Oh lastly, Logs, you are talking about Event Viewer - another must-learn skill you should work on. Again, play with Event Viewer while you have a clean computer - so you can see what logs are created during normal behavior. You can also play hack attack and then review the logs to see what is posted. You can also get a third party tool, if you don't like Event Viewer, to log your computer and network activity - maybe a third party tool would be easier to understand and get you started.

The more you do hands-on with your OS you become better at reconizing unusual behaviors or processes that are not supposed to be running.

DNR