this post was submitted on 13 May 2024
192 points (97.1% liked)

Privacy

31981 readers
301 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
192
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 

This is probably not the right community but I haven't found a better one.

So I watched a video from Seytonic where he mentiond that some malware creates a windows link with the name of the usb on a usb. So I checked my usb because I remembered that I had to click 2 times on my usb to opened it. I found a link that contained cmd.exe and a name of a file next to it. Upload to the virustotal showed Raspberry Roblin worm.

I use Linux but my familly uses windows so I will have to go through all familly computers and remove the worm. Where can I find info how to remove this specific worm - Raspberry Roblin? On google I found a description about how the worm works but not specific files it creates and how to remove it.

The first page that shows up is microsoft.com and it says that windows defender detects the worm, but clearly it doesnt.

Edit: The worm was on one computer and it did not have windows defender installed. Seems like malware removed it and also disabled automatic updates. I installed MalwareBytes and sucessfully removed the worm :)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 6 months ago* (last edited 6 months ago) (2 children)

Flamethrower and hammer, to be sure.

Joke aside, Kaspersky Virus Removal Tool is the tool you need. Download a fresh copy and put it on a USB stick. Whatever Windows computer you need to disinfect, restart in safe mode and copy KVRT. It is standalone and runs offline and can be removed after use. It will scan the whole system. Its malware removal rate is approximately the same as Kaspersky suite, so you know it will do the job.

Edit: turns out there are brainwormed redditors out here. Ignore their downvotes and you will be fine following advice.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (3 children)

Edit: turns out there are brainwormed redditors out here. Ignore their downvotes and you will be fine following advice.

https://en.wikipedia.org/wiki/Eugene_Kaspersky

Yeah... No. Pick any other reputable company.

Kaspersky is one of many Russian "oligarchs"

Edit: I think this paints the picture pretty clear... So worth adding to the discussion. Note the domains that are voting for this post vs not.

[–] [email protected] 2 points 6 months ago (1 children)

I think this is poor form, and I won’t be surprised or sad if your one-person instance gets defederated by other instances for this kind of behavior.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

Activitypub information is public by design. Kbin users for instance can see this information openly. There's nothing poor form here. My instance also isn't 1 user. But whatever floats your boat.

Edit: It's also well known...

https://kbin.social/m/[email protected]/t/77983/Interesting-difference-from-Reddit-Upvotes-Downvotes-are-not-anonymous
https://old.reddit.com/r/RedditAlternatives/comments/14s1qki/psa_your_lemmy_activities_including_votes_are/
https://a.lemmy.world/lemmy.world/post/142436

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

As I said, we know all of this. You’re just repeating yourself.

[–] [email protected] 2 points 6 months ago

I'm sorry, where did I repeat anything?

This would be the first time in this thread I've said anything about it.

If "we all know this" then why state "I think this is poor form"?

Who's de-federating kbin then? Nobody? Well then...

[–] [email protected] 2 points 6 months ago

So we now who is on Lemmy.ml, got it

[–] [email protected] -2 points 6 months ago* (last edited 6 months ago) (1 children)

Any serious security expert is not a Russophobe and regards Kaspersky as the best commercial tool provider and company for malware analysis, based on merit and not on nationality. Kaspersky also does annual global malware reports. You are not one of those serious security people.

I do not trust Bitdefender, the second best, because it has relatively very high false positive rate. Unlike brainwormed western nationalists, I focus on merit of the tool, as will any serious security enthusiast.

Edit: also since you are concerned with my edit, yes CIA uses metadata to kill people, and I cannot trust CIA country origin products like Bitdefender. Also lol at abusing one man instance to try and be a snitch on people. This tells a lot about you.

[–] [email protected] 0 points 6 months ago (1 children)

You could just do a Windows defender offline scan.

[–] [email protected] 2 points 6 months ago (1 children)

Windows defender is almost useless. It heavily relies on cloud for scanning. This is not a problem with special offline tools that some AV companies provide to disinfect systems that may not be able to connect to a network.

I recommend you check PC Security Channel to see how Defender works against ransomware when internet is turned off, versus on. You can also check performance of other AVs. He is the most reputed resource on benchmarking AVs if you want to see frequent updates, and a rare one that is not biased or rooted in nationalistic or weird biases, since he has his Patreon, Discord and a lack of dependence on lackeys.

[–] [email protected] 2 points 6 months ago

Yeah I didn't say it was perfect but does happen to be baked it