viruses in ram or memory

[Guest]

[pazsion]

Most people think this is impossible. But it has heppend to me before and i have had to chnage ram or hd's out because of it..

Somehow turning off the power and remving them alone didnt remove the info or the program was in some area of the hd and used the memory to operate without detection..

They can also be installed remotely.. If the ip is not blocked it will re-infect your pc as long as there is a connection presant.

[mjj09]

... a virus ummm Comodo protects the memory to prevent this

[pazsion]

yea but, most firewalls dont..

And i was just wondering if anyone here thught that a virus can't infect other parts of your computer.. like even ROM.. or your cpu..

[HeffeD]

Most people think this is impossible. But it has heppend to me before and i have had to chnage ram or hd's out because of it..

If you swapped out some RAM because you thought it was infected, you wasted your money. RAM is volatile. This means that the contents are erased when the power is turned off. In other words, there is no virus hanging out permanently in your RAM. This is why you need to save anything you are working on before turning off your machine or you will lose what you were working on.

What can happen is a piece of malware can infect the data in your RAM on machine startup. If you fail to remove this offender from your HD, it can appear as though the virus is living in your RAM because it is reinstated every time you turn on your machine. But the malware is residing on your HD during power off, not in RAM.

ROM is persistent, but requires a re-flashing procedure to change any of the code existing on your EPROM. A flash can not take place invisibly (At least as far as I am aware) so you will know if this has taken place. Malware attempting to flash some portion of your systems ROM resources are going to be rare as it would need to be hardware specific and not something likely to be deployed in drive-by fashion. This would be more of a case of downloading a firmware update from an disreputable source.

[pazsion]

TY heff

that elaborates so much better my thoughts in the original..And then expanded into areas i was curious about..

So this last incident i had recently someone was able to shutdown my pc..

not the first time its happend.. memory overflows usually give a BSOD and an address...

comodo has failed in the past for me.. And i'm trying to be aware of methods of attack..Maybe ways to prevent,stop or reverse an attack.. there was a firewall I tried awhile back that used older virii and ddos's AGAINST attacking ip's  lols.. But i'm using comodo again =D Just sometimes you'll notice llittle glitches or something wont work right.. And you can stop a new process and real-time will then detect the virius..

"hacks" in video games are mostly prefab software with simple bindings and instructions that take advantage of the programmers commands that make it ez for them to make the game..or cheats- and they are setup in a simple point and click GUI.. no codeing needed.. thats not hacking...lols

A growing number a newer "hacks" in these games are going further. DDOS's viruses and trojans are being put into them. And w/e some geek comes up with =D.  and since most newer mmo's are p2p... this kinda thing could get nasty ... thats the kinda thing that kills games.. also keep in mind the same games being hacked have the same problem on console games.. I dont even know how one would install such a thing on a PS3.. emulater in another OS?? lol hell u could Just install windows on ps3 and buy the pc versions..

[Data]

Things can be written in such a way that they stay active in memory. They can survive a warm reboot. In other words, when you restart, the running code remains. Same If you hibernate or standby. If you rarely switch off, and you lack memory scanning (which is an AV job), then In theory, this running code would be ever present. Nothing short of a shutdown will dispose of It.

As HeffeD stated, If this code appears after a shutdown, It's on your HD somewhere.

[pazsion]

well the current round of bufferover flows, defys logic. The ram is not burned out. system will not boot with it in.  The monitor's memory is infected, and may be allowing it to re-infect the system. It's on screen displays don't appear. And it seems the more i try, the more faulty it makes this device.

The system appears to hang on screen, but the pc itself still functions for a bit, then it acctually freezes. If you dont shut down before this point, your monitor or mine. wont work on reboot. It seems to install on boot. I have yet to confirm this.

[Jacob]

Somehow turning off the power and remving them alone didnt remove the info or the program was in some area of the hd and used the memory to operate without detection..

Hmf... This is pretty obvious; If you remove the HD from the PC, and plug it back in; the data is not going anywhere.. Unless of course you set the HD on fire or run a moderately powerful magnet against the HD.. If you remove the RAM and then place it back; now thats debatable,  depending on the time between removal and place back..

A flash can not take place invisibly (At least as far as I am aware) so you will know if this has taken place;

If, I'm reading this correctly; you are saying "A flash can not take place hidden"? this is not true;
You can flash your ROM in XP via Command Prompt (an evil prank i use to pull on my students and took them days in order to figure it out), This can be done in C+ as well or Batch. and The affect is applied immediately and can be hidden or shown depending on what the malicious dev wants;

CIS Does protect against such thing

This means that the contents are erased when the power is turned off

Also Only Partially True!

Data Can Still Survive In RAM(only for a moment) when You shut off your PC/Laptop. (Longer if Power is being cycled through the motherboard - Shorter if No Power is being cycled through the motherboard).
CIS Does protect against such thing

[EricJH]

Hmf... This is pretty obvious; If you remove the HD from the PC, and plug it back in; the data is not going anywhere.. Unless of course you set the HD on fire or run a moderately powerful magnet against the HD.. If you remove the RAM and then place it back; now thats debatable,  depending on the time between removal and place back..

Read my comment further down.

If, I'm reading this correctly; you are saying "A flash can not take place hidden"? this is not true;
You can flash your ROM in XP via Command Prompt (an evil prank i use to pull on my students and took them days in order to figure it out),This can be done in C+ as well or Batch. and The affect is applied immediately and can be hidden or shown depending on what the malicious dev wants;

CIS Does protect against such thing

You are a truly evil teacher. 

Also Only Partially True!

Data Can Still Survive In RAM(only for a moment) when You shut off your PC/Laptop. (Longer if Power is being cycled through the motherboard - Shorter if No Power is being cycled through the motherboard).
CIS Does protect against such thing

That is highly theoretical. DRAM stores charges but needs to be refreshed:

Typically, manufacturers specify that each row must be have its storage cell capacitors refreshed every 64 ms or less, as defined by the JEDEC (Foundation for developing Semiconductor Standards) standard.

Having it refreshed every 64 ms means that in practice that once you took out and put back a memory module the memory will be empty.

On top of that even if there still would be voltage on the memory module it would leak away in the blink of an eye due to lack of refreshing.

[Jacob]

You are a truly evil teacher.

I was teaching on the affects of malicious software,

My philosophy is, If you know how to destroy something, You'll know more on how to protect it

That is highly theoretical

Ah; So We have a debate  

DRAM stores charges but needs to be refreshed:

I was thinking universal, If it's buffered, Instead of DRAM what about those who are using SRAM still?

....that once you took out and put back a memory module the memory will be empty.

What about those who have a restart? or shutdown wait few seconds and start up?

[EricJH]

I was teaching on the affects of malicious software,

My philosophy is, If you know how to destroy something, You'll know more on how to protect it

Very true...

Ah; So We have a debate 

I was thinking universal, If it's buffered, Instead of DRAM what about those who are using SRAM still?

What about those who have a restart? or shutdown wait few seconds and start up?

I am not familiar with buffered memory but as far as I know that is not used in consumer computers.

If a refresh rate of typically 64 ms is needed then that means that if a refresh is done that is seriously out of synch the integrity of data can no longer be guaranteed. I find it highly improbable information would survive.

I don't know exactly what happens when doing a reboot. But I don't recall ever having seen a description of an attack that started in RAM after its information survived reboot.

[Jacob]

I don't know exactly what happens when doing a reboot. But I don't recall ever having seen a description of an attack that started in RAM after its information survived reboot.

With CIS Installed this cannot happen; As it prevents Access to Physical Memory and interprocess memory access and also it sandbox's unknown application(s) so kernel level is nearly impossible to achieve this type of exploit;

But if you didn't have any protection this type of exploit could happen;

[Tags:]