This is probably not the right community but I haven’t found a better one.
So I watched a video from Seytonic where he mentiond that some malware creates a windows link with the name of the usb on a usb. So I checked my usb because I remembered that I had to click 2 times on my usb to opened it. I found a link that contained cmd.exe and a name of a file next to it. Upload to the virustotal showed Raspberry Roblin worm.
I use Linux but my familly uses windows so I will have to go through all familly computers and remove the worm. Where can I find info how to remove this specific worm - Raspberry Roblin? On google I found a description about how the worm works but not specific files it creates and how to remove it.
The first page that shows up is microsoft.com and it says that windows defender detects the worm, but clearly it doesnt.
Edit: The worm was on one computer and it did not have windows defender installed. Seems like malware removed it and also disabled automatic updates. I installed MalwareBytes and sucessfully removed the worm :)
melroy ( @melroy@kbin.melroy.org ) 81•10 months agoTry to clean your USB stick. Remove the worm and maybe use a cloth to remove the dirt.
SomeBoyo ( @SomeBoyo@feddit.de ) 32•10 months agoI would use a microwave to kill any worms / eggs still remaining, just in case.
some_guy ( @some_guy@lemmy.sdf.org ) 10•10 months agoRubbing alcohol should work in a pinch.
geoma ( @geoma@lemmy.ml ) 6•9 months agoBetter use a biologic solution. Put the usb outside with some seeds nearby to attract birds that should eat it
geoma ( @geoma@lemmy.ml ) 2•9 months agoBetter use a biologic solution. Put the usb outside with some seeds nearby to attract birds that should eat it
melroy ( @melroy@kbin.melroy.org ) 5•10 months agoTry C-band UV Lamp instead.
SomeBoyo ( @SomeBoyo@feddit.de ) 3•10 months agoAt the end of the day, if nothing help’s, kill it with fire.
melroy ( @melroy@kbin.melroy.org ) 2•10 months agoDo you want to see something cool? See: https://www.youtube.com/watch?v=Uf4Ux4SlyT4
I’ll clean all USB sticks the house, just to be sure.
melroy ( @melroy@kbin.melroy.org ) 7•10 months agoyea microwave all your sticks in your house at full power for 15 minutes.
Possibly linux ( @possiblylinux127@lemmy.zip ) English3•9 months agoThen mix bleach with ammonia
(Don’t actually do this as it generates chorine gas which is quiet deadly and unpleasant)
melroy ( @melroy@kbin.melroy.org ) 3•9 months ago(what did you say? I can’t read or ty.e mani 93
goldfndr ( @goldfndr@lemmy.ml ) 3•9 months agoIn other words, wipe the USB stick.
melroy ( @melroy@kbin.melroy.org ) 1•9 months agonowadays there is also malware that actually infect the firmware. Meaning just wiping the content isn’t good enough anymore. Same is true for BIOS worms/infections.
stevedidwhat_infosec ( @stevedidwhat_infosec@infosec.pub ) 66•10 months agoHere’s probably all the info you could ever need:
https://redcanary.com/blog/threat-intelligence/raspberry-robin/
Next, you need to get your systems scanned and cleaned. Malware bytes is likely enough, but I always recommend BitDefender. Their efficacy rates are always fantastic, and they have been leading the industry for several years now. Download the AV on a clean system, put on clean flash drive, and install that way.
Last, you’re gonna need to reset your passwords. Yes, I know that’s toxic af. But this is the reality and why we always need to be veeeery careful with what we do. This worm communicates with a c2 server which means it can update itself which makes detection hard, and it also means that, at one point it may have been spying on your activity (and it likely was if not continues to)
This stuff happens, don’t beat yourself up too much. Live and learn
Thank you for the link, it will help for sure!
I (not me but my family) always used just default Windows Defender but I heard good things about Malware bytes and BitDefender, I’ll checked them out.
stevedidwhat_infosec ( @stevedidwhat_infosec@infosec.pub ) 6•10 months agoBitdefender usually goes on sale too - check for coupon codes, don’t pay full price. Plus you get like 5 devices with your license IIRC. Worth a shot
Oh it’s paid… I would rather install Linux, I don’t pay even for Windows.
stevedidwhat_infosec ( @stevedidwhat_infosec@infosec.pub ) 6•9 months agoAnd you got what you paid for, no?
I believe there is a free version as well but don’t think just because you’re installing Linux that you’re somehow safer.
There was just a package that was essentially socially engineered into by a hacker, who then had full access to everyone’s shit.
All because a GitHub author was pressured into letting them contribute to code. Mac/Apple are no different and starting to be more and more vulnerable as the “security by obscurity” wears off.
Free tools are fine and well, but that stuff is done for free. Including maintainence and everything else. In times like these, ain’t nobody got time for that anymore. People need to make a living and you will see degradation in the products thusly
apotheotic (she/her) ( @apotheotic@beehaw.org ) English4•9 months agoWindows defender along with a system hardener (like hard_configurator) can actually be quite insanely strong, especially since windows defender starts working and blocking stuff long before non-system apps, which can be a big boon. This approach is also free (if you have windows) which seems to fit your needs!
Possibly linux ( @possiblylinux127@lemmy.zip ) English3•9 months agoI’d start with a offline scan.
If possible wipe the drive from Linux and reinstall Windows. Be mindful of any files as documents and other files can sometimes hide things. Make sure you reset all passwords as well. Start with email passwords and then go up from there.
Hanrahan ( @hanrahan@slrpnk.net ) English38•9 months agoSame thing happened to RFK Jr
SoupBrick ( @SoupBrick@pawb.social ) 33•9 months agoWould you love your USB if it was a worm?
KazuchijouNo ( @KazuchijouNo@lemy.lol ) 8•9 months agoWhat if it didn’t exist? Would you still love your USB then?
sag ( @sag@lemm.ee ) 3•9 months ago
stevedidwhat_infosec ( @stevedidwhat_infosec@infosec.pub ) 10•10 months agoI’ll also toss this hat into the ring - sysmon this is essentially a logging tool thats a bit better/nicer than the windows default, and categorizes all logs into very neat buckets that will make watching out for strange shit much much easier.
Sysmon is part of the sysinternals suite (vetted by the community + microsoft, which is sayin somethin lol) and you can make use this as the config file to use (Uses industry-standard MITRE Att&ck framework) which you can then use to correlate to more threats/malware authors/malware artifacts if you really wanna get your hands dirty/have some fun
borari ( @borari@lemmy.dbzer0.com ) 6•9 months agoTo level set, Microsoft owns SysInternals, and has since 2006. None of it is “community vetted”, to me that implies FOSS or something.
Imprint9816 ( @Imprint9816@lemmy.dbzer0.com ) English8•9 months agoWhy would “community vetted” imply FOSS?
Microsoft has a massive community of users and sysinternals is highly regarded amongst amateur and professional users alike. The term “community vetted” makes perfect sense in this context.
borari ( @borari@lemmy.dbzer0.com ) 3•9 months agoYeah, I use SysInternals stuff every day. Neither myself nor the community has vetted SysInternals tools any more than they have vetted outlook, teams, or word. Unless I’m misunderstanding the meaning of vetted.
Vetting in a program/application context as I understand it is that the code has been vetted, which can only be done by the community at large if the source code is provided. Just like with a person, vetting is doing an actual background check, where as vouching for someone is just one person telling a second person that a third person is chill or something.
anar ( @anarchist@lemmy.ml ) 7•9 months agoLisan al ghaieb!!!
Possibly linux ( @possiblylinux127@lemmy.zip ) English5•9 months agoThe malware probably turned of defender. Try an offline scan
Actualy the malware somehow deleted windows defender and disabled automatic updates. I install MalwareBytes and run full scan and removed it.