1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Dreaded TechStream virus

Discussion in 'Fred's House of Pancakes' started by cyberpriusII, Oct 22, 2024.

  1. cyberpriusII

    cyberpriusII Prodigyplace says I'm Super Kris

    Joined:
    Oct 1, 2009
    1,139
    1,610
    0
    Location:
    Iowa
    Vehicle:
    2008 Prius
    Model:
    N/A
    Just sorted through some old stuff.

    Found a Ziploc baggie with some stuff in it....No Bob, not that kind of stuff.

    One thing was an old Sandisc thumb drive. Popped it into my computer and immediately ran a malware scan and Malware Bytes immediately quarantined it, called it TechStream. Must be from my old hacked copy, but cannot say how or why...I do know I only ran that on an old Netbook I had lying around.

    Did anyone ever figure out if it really IS malware? I know.

    Everyone continually warned about it, but never saw that anyone had a confirmed issue.
    kris
     
    #1 cyberpriusII, Oct 22, 2024
    Last edited: Oct 22, 2024
  2. PriusCamper

    PriusCamper Senior Member

    Joined:
    Mar 3, 2012
    11,330
    4,614
    0
    Location:
    Pacific Northwest, USA
    Vehicle:
    2007 Prius
    Model:
    Two
    Malware bytes is probably protecting the software developer on this one more than its protecting you... These files have been hacked for the end-user for decades.
     
  3. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    24,902
    16,209
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    Well, malware techniques are used to modify some piece of software so it behaves differently than it was meant to. Modifying Techstream to not check your subscription is one example, and the people who do that have to use the same techniques other people might use to modify it to steal your passwords or wipe your files. (Really, we have nothing but faith to go on that the folks who did modify your copy of Techstream stopped at making it not check the subscription.) A scanner like Malware Bytes just detects signatures of those modification techniques; it can't really judge the motives behind the modifications.
     
    Trollbait and PriusCamper like this.
  4. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    ^ That.
    Still...ya gotta be careful what you stick into 'puters. ;)

    One of the more nettlesome problems I have in my job is with USB devices - mostly because all too many supervisors in my beloved company decide on a regular basis to go "Secretary of State" on us when it comes to silly little things like firewalls, file transfers, software procurement, etc.

    I still have the last laptop computer that I ever bought - over 20 years ago that I use in 'Media Mode.(*)" for working on our newest switches, routers and muxes - because LIKE THE MILITARY all of my equipment seems to use connection and transfer modalities that are stuck in the 90's. (RS-232 through wired serial ports.)
    Then I have to use a near-CEO level exemption to get any resulting data back into the cloud.
    -or?
    Cheat and just 'sneaker-net' the data from me to me, illicitly.

    It's almost exactly like passwords (I use passphrases)
    They force password complexities uniqueness and aging that require most people to either write them all down or use........a program to store them.

    Brilliant. 'eh?

    Some time ago I was the lucky recipient of a corporate-level 'nasty-gram' with an invitation to 'explain myself' to my food chain for forwarding sensitive data using an unsecure system.
    It was me, forwarding payroll info to myself in Gmail after my company emailed it to me.
    The only resulting harm was strained eye-roll muscles. :rolleyes:








    (*Blind, deaf dumb.)
     
  5. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    24,902
    16,209
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    And things can get hairy depending on where those devices come from. When you stick a USB device into the port, it gets to tell the 'puter what kind of device it is. (It can even identify itself as more than one device; some USB flash drives will show up as one read/write storage device and another read-only one with a driver program on it.) It can even say that one of its devices is a keyboard, and start typing stuff in whatever window you most recently had focused.

    Sometimes it can seem like the folks thinking about "convenient user experience" aren't thinking about much else....
     
  6. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    That's why I have to get permission from the head-shed to even have my USB ports open on my company 'puter - and more often than not I'm not able to use them effectively.
    I have ONE thumb drive that is locked down tighter than my Vice President's employment history that I can use to get data on and off of my 20-year-old personal laptop.
    And?
    My WiFi, BT, fax and LAN enabled freekin PRINTER has to be used from a USB port.....(don't ask!) :(
     
  7. vvillovv

    vvillovv Senior Member

    Joined:
    Mar 19, 2013
    3,898
    1,338
    1
    Location:
    NY
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Plus
    hey cyberk this is not an endorsement of wolf security or anything else, mind you. False positives are all around and techstream is one of them that shows up; everytime, OEM or hacked. Instructions say turn off the scanner while installing. Makes for a double edged sword kinda situation while using the hacked version or a trust / affordability thing while using OEM. ;)
     
  8. PriusCamper

    PriusCamper Senior Member

    Joined:
    Mar 3, 2012
    11,330
    4,614
    0
    Location:
    Pacific Northwest, USA
    Vehicle:
    2007 Prius
    Model:
    Two
    It's why you want to only used this hacked software on an air gapped laptop with no access to your personal information... By air gap I mean there's no way for the machine to connect to any network other than the vehicle, unless of course there's a van with blacked out windows or a black helicopter nearby because they might have a way.
     
  9. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    The 1970's called.
    They want their black Helicopters back.
    Black helicopter - Wikipedia
    (The ideal color to blend with the environment during the night is not black but gray.)
     
  10. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    11,799
    11,362
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    You ignore the fact there were many network connections & servers handling the unencrypted data between your desired endpoints. You have no way of definitively determining whether there was any resulting harm. You can only determine that any potential harm has not (yet) been detected.

    The path your data followed was over open, unencrypted connections to servers with unknown ownership.
     
  11. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    I ignored nothing.
    The email was from me to me.
    I did not object to their monitoring of data originating from their network, nor their pinging me with a Whiskey-Tango-Foxtrot message. My comment critiqued the ham-fisted way that a Fortune-50 deals with lay-ups when it comes to PII and data security.
    It's hard to do, I get that, but if you're going to trade agility for security, then you'd better DAMN well be delivering SECURITY.

    -just sayin....
     
  12. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    11,799
    11,362
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    It did not travel directly from you to you. It went through the Internet unencrypted, at a minimum to gmail servers where it sat unencrypted. That is how standard email functions technically.
     
  13. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    And?
    If it's from me to me who is imperiled by this travesty of data security??
    Especially if YOU email me something that didn't originate from the company, and was not appropriately labeled for sensitivity, retention or classification, and I forward it to me????

    Yeeeah.
    Keep 911 or FAA circuits up for a week or two, or maybe protect customer data for a couple of months and then come at me for the email stuff.
    I'm just a humble Layer- Layer-2 tech, but I can read, and I'm pretty sure that I can understand the consequences of sending an email from me to me.

    I try to use the Wall Street Journal test.
    If you don't want to see it on the front page, above the fold?

    -don't hit 'send.'

    Honestly, it's the people who try to HIDE stuff that get jammed up by malevolent actors.
     
    #13 ETC(SS), Oct 29, 2024
    Last edited: Oct 29, 2024