This probably isn't the best forum to get help with cleaning an infected computer (as my first reaction is to direct you to format the drive), but I'll try to help as much as I can.

I would try to use the instructions found here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
If you're unable to download the tool on your computer, download it on another computer and copy it over with a USB drive. If that doesn't help, they have (in my opinion) the best forum for troubleshooting this type of issue.

Good luck!

I agree that anyone setting up an access point is responsible for protecting their network, from a security standpoint. If you don't want your stuff to get stolen, don't leave it out in the open. Obviously a malicious hacker is ignoring the law when attempting to gain access and steal information.

However, my point is this: the law does not make any discrimination between an access point that is protected and an access point that is not protected. In my area, it's very clear: "unauthorized access" is a crime. Being unprotected does not grant authorization.

Hate to tell you this, but not knowing the law doesn't make it legal. You can defend this as much as you want, but I didn't write the laws. You still need to check what it says for your area.

This is what we're talking about. A sign implies advertising that it is an open service. If I have an unsecured house, it is not open to the public. If I have an unsecured wireless connection, it is not open to the public. If I have a sign stating that either of these are free, then by all means, go for it.

Also, you can't honestly say that you don't know the difference between the wifi offered for free at a coffee shop, and an open wifi network in your neighborhood.

The law doesn't state that there are different rules whether or not you have security measures in place, the law is there to protect people who don't know any better. Not everybody who buys a router is going to have to knowledge to setup security. Does that mean that person is not responsible for their own security measures? Not at all. Everyone is accountable for their own network security, that's why there is a security field to begin with.

Like I said in my previous post, would that person even know that a crime was committed? Probably not. Does that make it okay? Absolutely not.

I know what you're saying, though. If it's open, shouldn't it be okay? Websites are open, and there aren't any laws about using open websites, but it's a little different. If I put up a website, and it's open to the internet, I probably had to take some steps to deliberately open that to the public. There would usually have to be a firewall rule specifically allowing that type of traffic to that specific webserver. If there is to be a domain, a domain would have to be purchased and DNS entries setup. These are things that specifically open the site to the internet, it doesn't usually happen by accident.

With wireless networks, it's different. The average user without any idea of security essentials would bring their new router home, plug it in, and say "it works!" and never change any settings, not knowing that they've created an open network. They're still not giving you permission to access their network, they just don't know any better. That being said, they probably would never know that someone connected, and wouldn't know that an illegal activity is taking place, but that still doesn't make it right for people to take advantage of it.

FL Statute 815.06 states:

I gave a presentation on WEP cracking recently, and had to know the rules before giving the presentation.

I hope whoever got the voucher gets to use it. Mile2 had originally sent us all an email stating that the voucher was good for 1 day only, but I hope that is not the case.

It's illegal to use any network that you don't have permission to use.

Legal: using wifi at a coffee shop that advertises free wifi.
Illegal: using your neighbors wifi just because it has no password.

I know there is a law for that in the state that I live in, but you'd have to check the laws for your area for the specific details.

Thank you 3xban and BillV, very helpful info. I'm really not too worried about this kind of attack, but it was something that crossed my mind yesterday and I just wanted to see if anyone had security measures against it. I hope others can get some use from this information.

I figured you would say that.

Since BIOS passwords can potentially be reset leaving the boot options open again, partition encryption sounds like the only reasonable approach. That being said, is there really any way to implement partition encryption across a corporate network?

Or the obvious answer, just install Linux. lol

So, I was playing around with the Offline Windows Password & Registry Changer earlier today (basically a stripped down version of Linux with the ntpasswd tool installed), and it got me thinking. Is there any way to prevent someone from using this tool against your workstation/laptop? I mean, to use the tool implies that you already have physical access, which (in my opinion) makes the attack 90% easier. The tool is able to change or just flat out remove passwords for any user accounts, has the ability to enable accounts that have been disabled, and elevate privileges for users that are not Administrators. It also has a registry editor, which has come in quite handy on more than one occasion.

The only thing I could come up with would be to remove USB/CD/floppy from the available boot drives, and set a BIOS password so it can't be changed. I know that on desktops, you can clear the CMOS pretty easily if you have physical access (which we're already implying is the case), and that usually clears a BIOS password. Not sure if you can do that on a laptop. Is there any way to harden Windows against this type of attack? Encrypt the partition?
I'd love to hear everyone's opinion on this.

Not that I'm aware of. I believe my users with laptops only get updates when they're on the corporate network. If they're on the network at least once a week, I would think this is adequate.

There is also the option of having people download from your WSUS server over VPN, or open your WSUS server to the internet for your users, but that makes it a lot more dangerous to have to WSUS and Active Directory on the same box, and your bandwidth would take a hit.

Yeah, SMB is a built-in Windows feature, and isn't too complicated to implement.

If you're setting this up on a Linux box, you may want to look into NFS. It's also pretty easy to setup, and Windows has an NFS client, it's just not installed by default.

Just depends on which way works better for you. If you have more Windows machines, SMB is probably easier. If you have more Linux machines, NFS is probably easier.

Typically, once you setup a Domain Controller and WSUS server, you would make a Group Policy that tells all the workstations on the domain to get updates only from the WSUS server. If many of the computers on your network are personally owned, then it may be difficult to get each person to agree to putting it on the Windows domain, and then there's also the fact that they would not be able to get updates except when they have access to your WSUS server.

Technically, they wouldn't have to login to Active Directory. The workstations could be joined to the domain, make use of the Group Policies, and still use local logins. However, in that case, you could probably just make a registry change on each computer to get updates from your WSUS server instead of going through all the trouble of joining a domain and setting up Group Policies.

It's a matter of "choose your battle."

Same here.

First thought:
A USB drive, with a label on it: "FILE TRANSFER PROTOCOL"

I ended up registering for quite a few of these classes: Cryptograhy, Computer Science 101, Information Security, Information Theory, and Game Theory.

Also, they recently ran an AI class that I had registered for, and completely forgot about...
Did anyone else happen to catch it? Reviews? The only thing I can tell you is that most of the class (maybe all of it?) is given in the form of youtube videos. I can't say that will be the case for these upcoming classes, but that would make it convenient.