A possible new forum:

Tell us what you think of the place, and what you would like to see.

Moderators: Admin Team, Moderators

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

A possible new forum:

Postby MalwareMutilator » Fri Aug 08, 2008 12:21 pm

Hey TeMerc,

You know what . . . guys like you, and Blender, and Train, and GaryR, who are so very, very, very good and professional at what you do, actually begin to take your expertise for granite. Not trying to build your ego here, but you guys are so good, I don’t think that you even realize just how good you really are.

In my profession (Forensic Locksmith) I deal with Police officials, Insurance agents, Attorneys, State’s Attorneys, FBI, and numerous other official agencies on a daily basic. What seems simple and basic to ME is a total mystery to those agencies.

So here is my suggestion . . . Given the fact that there are many, many people like myself whom are simply chomping at the bits to learn, how about starting a new forum open to all? I realize that you guys don’t have enough time to “teach and train” individuals, but why not try this . . .

How about posting some sample HJT logs with basic infections. As time goes by, you could introduce HJT logs with even more serious infections. Let guys like me examine, analyze, and then purpose the suggested fixes. You guys could then review our results, you could ask us WHY we came up with our suggested fixes, and you can then correct our mistakes and lead us to the proper evaluation. Given time, I believe that you could produce some very good malware hunters. Plus, your site would be the very first to offer such specific and unique, hands-on training. When needed, you could even recommend/refer us to the proper site for training in our weak areas.

Your site is among the few which is open to suggestion. I feel that a forum open to this type of training would prove to be highly successful.

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Fri Aug 08, 2008 12:33 pm

There are already dedicated schools for this. Doing so in an 'open' environment would be too dangerous a task. With no sound structure people will go off half-cocked trying to take on malware removal, definitely not a good idea.

Learning how to diagnose HijackThis! logs can be a very long process and it's best done in an controlled environment. If you're really serious about learning to help others, I strongly suggest you join a school dedicated to teaching so you can learn from the ground up. Be prepared to take on a lot of reading and studying.

Here are a few to choose from:You'll come out of any of those schools a better HJT analysis that I.

But I will consider doing something of a limited basis, more of a Q&A type of thing, just let me give it some more thought and discuss it with a few people.

Thanks for taking the time to suggest improvements tho.
Image

User avatar
Mindblower
Countermeasures Agent
Countermeasures Agent
Posts: 271
Joined: Fri Sep 02, 2005 8:33 am
Area Of Expertise: More tinkering in hardware than software
experience: I know the functions, OS settings, registry tweaks and more
PC time: Alot more than I should
Location: Montreal, Canada
Contact:

Re: A possible new forum:

Postby Mindblower » Fri Aug 08, 2008 1:12 pm

Although a good idea to teach users Geopla, one might also be teaching the WRONG person(s) - those who'd like to cause problems.

As TeMerc mentioned (here I might put words into your mouth), without proper training, many individuals will jump to a wrong conclusion, thus causing an escalation of the problem, Mindblower!
A converted Windows 8 user (using third party programs to ease the transition)

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Fri Aug 08, 2008 1:36 pm

Mindblower wrote:Although a good idea to teach users Geopla, one might also be teaching the WRONG person(s) - those who'd like to cause problems.

As TeMerc mentioned (here I might put words into your mouth), without proper training, many individuals will jump to a wrong conclusion, thus causing an escalation of the problem, Mindblower!
I guess I don't think my site is much of a target for the guys looking to create problems. There are far larger targets than my few bytes on the Web for those guys to monitor. rofl
Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Sat Aug 09, 2008 10:07 am

Hi all,

I sincerely appreciate all of the feedback that this post generated. While I disagree with a bit of, I absolutely understand the possible reasons for your concern. The problem here, as is true with so many other sites, is that all of you authentic experts recognize the potential danger evolved with assisting non-professional users. I’m not trying to be a smart-ass here, and I truly DO understand your concerns, but sometimes you just must go with your “gut” feelings.

I may not be a brain surgeon, but I am certainly intelligent enough to recognize, without qualification, that I am NOT an expert in the field of malware removal/recognition. As my post indicated, I suggested the insertion SAMPLE HJT logs for learning purposes. I never suggested the insertion of ACTIVE logs for repair. I am going to give one brief example before I go away. This example was taken from a yet unanswered post on the Spyware Warrior forums:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:07, on 01.8.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\HP Software Update\HPWUCli.exe
C:\WINDOWS\system32\rundll32.exe
G:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BM77ebda61] Rundll32.exe "C:\WINDOWS\system32\fhcpbxfa.dll",s
O4 - HKLM\..\Run: [74d8e9fd] rundll32.exe "C:\WINDOWS\system32\bkhrdwxg.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1260DE-129A-40CC-8150-0DDED077A490}: NameServer = 78.90.30.1,213.240.241.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C1260DE-129A-40CC-8150-0DDED077A490}: NameServer = 78.90.30.1,213.240.241.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{6C1260DE-129A-40CC-8150-0DDED077A490}: NameServer = 78.90.30.1,213.240.241.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.712.12266 (GoogleDesktopManager-121207-085209) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

The presence of these lines, as well as others:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Indicate to me that a Trojan is currently active on this user’s computer. I just felt that guys like you could review MY analysis, and to then point out where I was either correct or incorrect. I never suggested that I would EVER attempt to REPAIR the user’s computer.

It was a pleasure to be involved with such a fantastic group of professionals, [-]

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
SpySentinel
Posts: 151
Joined: Tue Jan 08, 2008 2:16 pm
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: The United States
Contact:

Re: A possible new forum:

Postby SpySentinel » Sat Aug 09, 2008 10:32 am

Hi Geopla, I would have to agree with TeMerc and Mindblower. For Me, being a GeekU Senior and training at Geeks to Go's malware school GeekU, I know that it takes time and effort to learn how to fight malware. Yes, you may be able to spot malware, however, it takes training to learn how to remove it and not to mess up the users computer. Also there are many ways that malware can hide, so you have to learn how to seek it out and destroy it, so to speak. There are many factors that play into malware fighting, thats why we do not offer what you suggested. You cant expect to learn how to fight malware over night, it takes time and practice. Like TeMerc stated, if you would like to learn how to fight malware you can apply to one of the schools below:

-SpySentinel TIC Moderator

Proud Graduate of GeekU - Learn how to remove malware from the best

Image

Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Sat Aug 09, 2008 11:02 am

The presence of these lines, as well as others:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Indicate to me that a Trojan is currently active on this user’s computer.
Why? What is it that's causing these?
Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Thu Aug 14, 2008 10:29 am

Hi guys,

Okay, it has been a while since I posted my last response, and since then, I have attempted to take ALL of your first-class and welcome information. I wasn’t trying to be a smartass on my last post, so please don’t misunderstand me. I was only stating that receiving GENUINE training is virtually impossible these days.

As an example, and the one that is my MOST favorite of all, SpySentinel, who claims to be a GeekU Senior, stated that I should gain real knowledge by joining a school. Since then, I have contacted, registered, and applied at ALL of the schools which are currently listed on the Unite site. I MUST add that my first choice was the GeekU site! Of the six (6) applications that I submitted, not one single site even bothered to RESPOND to my request, even after MULTIBLE requests.

I could understand a site telling me to drop-dead, go-away, I am a moron, or to even go #### myself, but I never even received one single REPLY to my requests. I found it very interesting that GeekU specifically states on their site that they “always need helpers.” Could have fooled me!

I haven’t given up yet, but I still feel that THIS site would be the best choice for eager learners.

Even TeMerc himself asked in his last post (in response to the HJT log I posted) Why? What is it that's causing these?

That would have been (in my opinion) a fantastic beginning. I could have explained my reasoning, and you guys could have explained to me the error(s) of my thought process.

Anyway, I am still trying! I am a stubborn sob. :)

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Thu Aug 14, 2008 10:38 am

Geopla wrote:Hi guys,Of the six (6) applications that I submitted, not one single site even bothered to RESPOND to my request, even after MULTIBLE requests.

I haven’t given up yet, but I still feel that THIS site would be the best choice for eager learners.
I'm very surprised you've not gotten a reply from any of these, I'll look into it personally. Did you use the same user name that you use here at all 3 schools? Let me know.

Even TeMerc himself asked in his last post (in response to the HJT log I posted) Why? What is it that's causing these?
I was asking you why you thought those lines to be an indicator of infection. And if possible, could you provide links for reference.
Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Thu Aug 14, 2008 11:07 am

Hi TeMerc,

The closest I have yet to come as being enrolled with a legitimate school seems to be with the site “That Computer Guy”. I have not yet been accepted as a trainee with them, but I am able to post some suggestions. I DO use the screen name Geopla there, and at the sites I have contacted, and I have made some BASIC suggestions at “That Computer Guy”. I don’t want the experts on this site to blast me for being an unqualified helper, because I have NOT suggested any type of repairs, nor will I. Rather, I have merely suggested some possible courses of action for their uses that are in need of help.

If, in fact, some of their people actually respond to my suggestions, I would likely suggest them to post their HJT logs here! That way, I could at least follow YOUR experts advise.

As far as the four lines that I mentioned earlier, I have never seen “CTFMON.exe.” in capital letters, anywhere else before. I have only seen ctfmon.exe in the Windows/system32 folder. I have since learned that it is possible for the keys to be elsewhere if a user has, for example, intentionally installed a “keylogger” program to monitor child activity (example).

I will keep trying to get in somewhere! It is only a matter of time (I hope). :)

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Thu Aug 14, 2008 11:25 am

Well there is no school there that I can see. Is it hidden from guests perhaps?

They are not what I'd call a trustworthy site to get any sort of schooling from based on the short time I'm poking around.

I'll get back you about joining one of the others ASAP.

But I can tell you right now, trying to follow along in a forum like you won't learn anything.

Malware has come a long way and are not simple anymore to diagnose.

As far as the four lines that I mentioned earlier, I have never seen “CTFMON.exe.” in capital letters, anywhere else before. I have only seen ctfmon.exe in the Windows/system32 folder. I have since learned that it is possible for the keys to be elsewhere if a user has, for example, intentionally installed a “keylogger” program to monitor child activity (example).
Generally speaking, Windows\malware don't care about caps or not. So this would be no indication of any infection at all. In fact they are legit.


Edit to add:
If, in fact, some of their people actually respond to my suggestions, I would likely suggest them to post their HJT logs here! That way, I could at least follow YOUR experts advise.
Do not do this unless you have specific permission to do by the forum owners\admins.

Many of these sites are so dependent on donations, they may get annoyed that a user gets redirected to another site.
Image

User avatar
secur3d
Moderators
Moderators
Posts: 203
Joined: Tue Jul 01, 2008 11:11 am
Area Of Expertise: Advanced, Expert in some areas.
experience: I know the functions, OS settings, registry tweaks and more
PC time: Alot more than I should
Location: USA
Contact:

Re: A possible new forum:

Postby secur3d » Thu Aug 14, 2008 12:35 pm

Don't even bother trying to get in to that computer guys "Malware School" because the information there is way outdated, and his site is not that active.

I have applied at GeekU, BC, CC, Malware Removal, and all the other ones I could think of but, never got accepted(I finally got accepted into SWI bootcamp but I am totally confused with there training system..). As for me, I am seriously considering getting out of the security field and devote all my time into what I really enjoy (Web design and development :) ).
secur3d TIC Moderator

User avatar
SpySentinel
Posts: 151
Joined: Tue Jan 08, 2008 2:16 pm
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: The United States
Contact:

Re: A possible new forum:

Postby SpySentinel » Thu Aug 14, 2008 3:01 pm

As an example, and the one that is my MOST favorite of all, SpySentinel, who claims to be a GeekU Senior, stated that I should gain real knowledge by joining a school.


First off, was that an attack against me? Like I am lying or something?
Second, the best way to gain knowledge is to enroll in a school, with some of the greatest anti-malware minds of all times.


Since then, I have contacted, registered, and applied at ALL of the schools which are currently listed on the Unite site. I MUST add that my first choice was the GeekU site! Of the six (6) applications that I submitted, not one single site even bothered to RESPOND to my request, even after MULTIBLE requests.


Maybe because you sent 6 applications in. The Anti-Malware Community is tied together, and they help each other out. If you keep applying to schools, you might not be taken seriously. Malware Fighting takes time and training. Stick with one school and learn all you can. Give it time, you will get in if you really want it.


I could understand a site telling me to drop-dead, go-away, I am a moron, or to even go #### myself, but I never even received one single REPLY to my requests. I found it very interesting that GeekU specifically states on their site that they “always need helpers.” Could have fooled me!


GeekU is not accepting new trainees at this time.
-SpySentinel TIC Moderator

Proud Graduate of GeekU - Learn how to remove malware from the best

Image

Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Thu Aug 14, 2008 3:11 pm

Geopla, can you please tell me which schools you applied to and in what manner you attempted to join?

I've just checked MalwareRemoval University, SpywareInfo, Bleeping Computer and Geeks2G and did not find your user name. I suppose I could have missed it tho.

Thanks.


As an example, and the one that is my MOST favorite of all, SpySentinel, who claims to be a GeekU Senior, stated that I should gain real knowledge by joining a school.


First off, was that an attack against me? Like I am lying or something?
Second, the best way to gain knowledge is to enroll in a school, with some of the greatest anti-malware minds of all times.
I think he was more impressed with your strong recommendation than anything else.

And as I've mentioned, you won't learn anything by trying to figure out things yourself or following along on some obscure forum. Especially one that has no real credible HJT analysis board such as the one you have mentioned.

Let me know what school you want to join and I'll be sure you app gets read. I get around and been around, I know everyone. ;)
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Thu Aug 14, 2008 8:18 pm

eXaByTe wrote:I have applied at GeekU, BC, CC, Malware Removal, and all the other ones I could think of but, never got accepted(I finally got accepted into SWI bootcamp but I am totally confused with there training system..). As for me, I am seriously considering getting out of the security field and devote all my time into what I really enjoy (Web design and development :) ).
This also surprises me. <?>

What method did you use to sign up at them? Did you join?

And does that mean we're gonna have to set up a new forum for web design and development? :mrgreen:
Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Fri Aug 15, 2008 4:11 am

SpySentinel,

That was by no means any form of attack against you! I took your suggestion very seriously, and that is why I enrolled, or at least attempted to enroll, with GeekU. I just found it interesting that their site clearly states “help is always needed.”

As far as them not accepting new trainees, I understand that also. They could have, however, at least have had the courtesy to respond with an answer. All of the sites I applied at stated on their enrollment form that an answer would be furnished within 1-2 days. After waiting, and after receiving no response at all, I enrolled at the next site(s).

As far as “That Computer Guy” site, I suggested no repairs whatsoever. I only suggested to a few users to, at a minimum, post a HJT log on the “That Computer Guy” site. The two that I did suggeste help to began their conversation by explaining their problems, but they gave no log to examine.

Lastly, about two years ago (or so), I too applied at SWI. I also found their training system totally confusing, and I could not continue. I assumed it was due to my lack of knowledge at that point.

Once again, if I offended you in any manner, please accept my sincerest apology. That was NOT my intent. :oops:

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Fri Aug 15, 2008 4:14 am

I forgot to mention this; Bleeping Computer DID finally respond. Not accepting trainees. :cry:

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Fri Aug 15, 2008 5:47 am

Hi TeMerc,

Well, if I had my choice of a school, I think that I would choose “WhattheTech.” They seem to have a good amount of logs available for viewing, and I see the name RandomRandom there. I am fully aware of the high-quality work\credentials the individual has, and I am thoroughly impressed. I don’t believe that I could find a better instructor anywhere else.

Thanks,

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Fri Aug 15, 2008 9:18 am

Hi guys,

I need to add one more thing, and then I will quit bugging you for a while (but only for a while) :)

ALL of you have absolutely bent over backwards to help me, and I sincerely appreciate it. Trouble is, being a novice; it’s just not possible to know who are the “good-guys” and who are the “bad-guys” in this field. Most of your know that I visit the Spyware Warrior forums each and every day. When I see many of the helpers add the “Unite” link to their posts, I sort of assumed that Unite would be a good place to seek advice.

I visited the Unite site, I saw the schools that they suggested (see picture), and I contacted them. The ONLY one that seemed to be accepting new trainees was “That Computer Guy.”

One response to this post indicated that the site was outdated and not active. Because I DO trust you guys, I will not proceed with them. Still, I am frustrated with the inability to LEARN! One of you state:

Stick with one school and learn all you can. Give it time, you will get in if you really want it.

I would LOVE to, but how?

Thanks again to all of you,

George
Attachments
Unite.jpg
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Fri Aug 15, 2008 9:49 am

For one thing, I have no clue who's working the school at TCG, but the one person I saw offering help is just a trainee helper at SWI and maybe lower at Bleeping with very few posts. So that indicates to me at least that their being a little too lenient with who they allow to post help to users. Bad idea.

And CastleCops has all but been useless since the server issues and I don't see where that's gonna change anytime real soon, so don't bother there. Alot of people have been moving on cause the site is so slow to load.

And I'm surprised that schools are not taking on more students. Especially at SWI and Bleeping where the back log is in the hundreds of HJT users awaiting analysis.

I would try SWI again. I know they have loads of sticky posts to assist trainees. If you're already in there it may be your only choice. But TCG as a school is not one I'd recommend at all.

And keep the questions coming, we don't mind one bit.
Image

User avatar
SpySentinel
Posts: 151
Joined: Tue Jan 08, 2008 2:16 pm
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: The United States
Contact:

Re: A possible new forum:

Postby SpySentinel » Fri Aug 15, 2008 12:58 pm

Hi

That was by no means any form of attack against you! I took your suggestion very seriously, and that is why I enrolled, or at least attempted to enroll, with GeekU. I just found it interesting that their site clearly states “help is always needed.”


Thanks for clearing that up. Sorry I misunderstood you. Most schools at this time are overbooked, thats why many are not accepting right now. However, if you keep checking Bleeping Computer, they are good at opening up slots. You should find it available in no time. They have a good training
program there as well as GeekU.

I wish you the best, and good luck in your training.
-SpySentinel TIC Moderator

Proud Graduate of GeekU - Learn how to remove malware from the best

Image

Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Sat Aug 16, 2008 9:54 am

Hi guys,

Well, as some of you sort of indicated, I have now learned my lesson the hard way. A school that I was really looking forward to joining has recently contacted me a few times. Somehow, they realized, and have apparently verified, that I posted a few suggestions over on the TCG site, and it appears as though they are not very happy that I did that.

I guess I can’t blame them though, because it WAS wrong of me to even suggest that I would review a log. Still, I NEVER offered to REPAIR a log.

Big, big bummer, but I will take the very good advice of SpySentinel. I will just keep trying to find an empty spot over on Bleeping.

I am truly, truly bummed, :(

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Sat Aug 16, 2008 10:36 am

Geopla wrote:Hi guys,

Well, as some of you sort of indicated, I have now learned my lesson the hard way. A school that I was really looking forward to joining has recently contacted me a few times. Somehow, they realized, and have apparently verified, that I posted a few suggestions over on the TCG site, and it appears as though they are not very happy that I did that.

I guess I can’t blame them though, because it WAS wrong of me to even suggest that I would review a log. Still, I NEVER offered to REPAIR a log.

Big, big bummer, but I will take the very good advice of SpySentinel. I will just keep trying to find an empty spot over on Bleeping.

I am truly, truly bummed, :(

George
Yes, you can see what a serious thing this is, malware removal assistance.

But let me tell you, there is no need to be bummed. Your enthusiasm is well noted here and won't be forgotten. So don't let that stop you from asking questions, just don't expect to be 'taught' here. Yes, I have no problem answering many questions in general but specifics will need to be taught in the proper atmosphere.

And everyone deserves a second chance.

I can recall one other very enthusiastic wanna be analyst who made a mistake such as you're and got admonished for it. BIG TIME

He took his lesson in stride begged for forgiveness and in short time all was forgiven and he now is well on his way to becoming one of the trusted HJT analyst. >>< >><

He now even has a role as a moderator in some small out of the way forum. ;)

So keep your chin up, all is not lost. Keep at it. [;]
Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Sat Aug 16, 2008 10:55 am

You are absolutely correct, TeMerc, so I too will ask/beg the forgiveness from all of the highly-trained analysts who frequent this, and all other forums. Eating crow always leaves an unpleasant taste in ones mouth, but when deserved, a man must do what a man MUST do.

George
I’m proud to be a Senior malware fighter at Bleeping Computer.

User avatar
FredFlintstone
Countermeasures Team
Countermeasures Team
Posts: 61
Joined: Sun Sep 02, 2007 10:07 am
Area Of Expertise: Security
experience: I can do more than turn on PC
PC time: What else is there in life?
Location: Somerset UK
Contact:

Re: A possible new forum:

Postby FredFlintstone » Sat Aug 16, 2008 8:08 pm

Geopla wrote:You are absolutely correct, TeMerc, so I too will ask/beg the forgiveness from all of the highly-trained analysts who frequent this, and all other forums. Eating crow always leaves an unpleasant taste in ones mouth, but when deserved, a man must do what a man MUST do.

George
Hi Geopla..Welcome.. 8)
No need to "beat yourself up" over it, we've all been there-done that-got the T-shirt etc!.. ?>!
We all at some time have been over enthusiastic and dropped a clanger here and there... NOTme

Don't take it personally, a lot of the schools only take on trainees in "batches" according to the number of teachers available to review the practice logs and so on, if they took all who applied you would only end up waiting long periods for replies to your logs (which can be extremely frustrating). ((O

I joined SWI boot camp, and MRU, both are fine schools, SWI is probably the only school that does take trainees "on application" (as far as I am aware..might be wrong though..).
You say you found it "confusing".. so did I... but if you persevere and follow through with the logs you will get there..
Took me quite a while, but it was worth it in the end!..
I strongly recommend that you only join one school though, as I found it impossible to do both due to unforseen real life circumstances.
I am T/A at SWI and in the Visiting Fellows group at MRU as I was unable to fully complete my training there to graduate etc..but still use it as the resources available are second to none!!
I think it would be fair to say that both are highly respected schools whos training is accepted at most forums.

If you prefer to wait for entrance to one of the other schools, best thing to do is
  • READ
  • READ
  • READ
Follow live logs, read the archives of recent fixes to get a feel for it.
And of course, not forgetting the fine resource and learning opportunity you have right here at TeMercs.. there is a wealth of information here which will be of enormous use to you when you actually start your course whichever place you choose
(take no notice of TeMerc's misplaced modesty, he is famed throughout the digital world)!!.. 1wnnr 1wnnr

The more reading / learning you do before you actually start, the easier and faster you will complete training logs and be "let loose" on the unsuspecting world!!.. >)(

Stay with it, you will get there if you really want to.. [v 1rokon

Regards and good luck..,
Fred.. chrz
ImageImage

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Sat Aug 16, 2008 8:18 pm

FredFlintstone wrote: (take no notice of TeMerc's misplaced modesty, he is famed throughout the digital world)!!.. 1wnnr 1wnnr
Fred.. chrz
Check's in the mail. ;)
Image

User avatar
FredFlintstone
Countermeasures Team
Countermeasures Team
Posts: 61
Joined: Sun Sep 02, 2007 10:07 am
Area Of Expertise: Security
experience: I can do more than turn on PC
PC time: What else is there in life?
Location: Somerset UK
Contact:

Re: A possible new forum:

Postby FredFlintstone » Sat Aug 16, 2008 8:39 pm

TeMerc wrote:
FredFlintstone wrote: (take no notice of TeMerc's misplaced modesty, he is famed throughout the digital world)!!.. 1wnnr 1wnnr
Fred.. chrz
Check's in the mail. ;)
Not like that rubber one you sent me last time I hope, bounced right through the door!!??.. grgr grgr
ImageImage

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: A possible new forum:

Postby TeMerc » Sat Aug 16, 2008 8:45 pm

FredFlintstone wrote:
TeMerc wrote:
FredFlintstone wrote: (take no notice of TeMerc's misplaced modesty, he is famed throughout the digital world)!!.. 1wnnr 1wnnr
Fred.. chrz
Check's in the mail. ;)
Not like that rubber one you sent me last time I hope, bounced right through the door!!??.. grgr grgr
>>< >><
Image

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Sun Aug 17, 2008 10:03 am

Hi guys,

No matter how bummed I get, you guys ALWAYS lift my spirits! I simply cannot thank you enough.

George :D
I’m proud to be a Senior malware fighter at Bleeping Computer.

MalwareMutilator
Countermeasures Agent
Countermeasures Agent
Posts: 240
Joined: Tue Jul 29, 2008 7:58 am
Contact:

Re: A possible new forum:

Postby MalwareMutilator » Sun Aug 17, 2008 10:37 am

Hi guys,

Well, a new bit of hopefulness has arrived today:

Bleeping recently indicated that five (5) new slots are currently available for novice trainees. Needless to say, I immediately applied for one of the slots. I have not yet heard from them, but my aspirations are high!

My only reservation is that many of the sites involved with training are linked to other sites. I can only wish that my past mistakes do not influence them.

I will keep all of you up to date with what happens.

George
I’m proud to be a Senior malware fighter at Bleeping Computer.


Return to “Site Feedback and Suggestions”

Who is online

Users browsing this forum: No registered users and 1 guest