Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Infecting virtual box lead to my router being infected with wanna cry
#11
If i want to test viruses out make sure to do it in a virtual box that is installed on a linux os or stay disconnected from the internet while testing viruses in a virtual box on a windows os?

How would i go about fixing the issue?
Reply

#12
(07-21-2017, 03:00 AM)smirk24 Wrote:  https://www.backup-utility.com/anti-ransomware/how-to-block-port-445-in-windows-3889.html

What do you guys think about this guide?

I feel like i understand what it is that i need to do to fix the problem but yet its like im not in the ball park.

Port 445 if for file sharing could i just disable the server service and disable net bios service as well or should i follow the guide provided in the link above?

You would still need to make sure ports 137 - 139 are also blocked or at least operating in stealth mode as these are NetBios ports.
Check this link and run the port scans mainly under File Sharing and All ports these will tell you where most port issues lay in your system.
https://www.grc.com/x/ne.dll?rh1dkyd2
You would need to do this on each system in your network to make sure, and in future (ideally) none of these systems would be connected to the same network, this will minimise the risk of network jumps.

(07-21-2017, 08:39 AM)smirk24 Wrote:  If i want to test viruses out make sure to do it in a virtual box that is installed on a linux os or stay disconnected from the internet while testing viruses in a virtual box on a windows os?

How would i go about fixing the issue?
I would run Linux as host untill you become more comfortable using VBox and how to (sandbox) a system via the program. If you're testing malware you will need net access for it to drop the payload, otherwise you won't see a lot happening. You may also wish to use something like WireShark to gain an idea of IP addresses being sought out.
Reply

#13
(07-21-2017, 09:33 AM)GuiltySpark Wrote:  
(07-21-2017, 03:00 AM)smirk24 Wrote:  https://www.backup-utility.com/anti-ransomware/how-to-block-port-445-in-windows-3889.html

What do you guys think about this guide?

I feel like i understand what it is that i need to do to fix the problem but yet its like im not in the ball park.

Port 445 if for file sharing could i just disable the server service and disable net bios service as well or should i follow the guide provided in the link above?

You would still need to make sure ports 137 - 139 are also blocked or at least operating in stealth mode as these are NetBios ports.
Check this link and run the port scans mainly under File Sharing and All ports these will tell you where most port issues lay in your system.
https://www.grc.com/x/ne.dll?rh1dkyd2
You would need to do this on each system in your network to make sure, and in future (ideally) none of these systems would be connected to the same network, this will minimise the risk of network jumps.

(07-21-2017, 08:39 AM)smirk24 Wrote:  If i want to test viruses out make sure to do it in a virtual box that is installed on a linux os or stay disconnected from the internet while testing viruses in a virtual box on a windows os?

How would i go about fixing the issue?
I would run Linux as host untill you become more comfortable using VBox and how to (sandbox) a system via the program. If you're testing malware you will need net access for it to drop the payload, otherwise you won't see a lot happening. You may also wish to use something like WireShark to gain an idea of IP addresses being sought out.

But what do i do about the issue now can i get rid of it or is avast just telling me that im vulnerable?
Reply

#14
Try the things mentioned in the avast link (they're there for a reason) and see what it says afterwards, the chances are there was no payload dropped but the doublepulsar boreware (a name I give to deception programs designed to make a hole for the actual malware) was detected and as yet hasn't had a chance to do anything.

You have checked with ProcessExplorer to see what programs are running right?
Reply

#15
Alright i will. Ive used process explorer i didnt see anything out of the ordinary.
Reply

#16
After you've done everything it suggests just run the scan again to see if it is still lingering.
Reply

#17
Will do gs
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.