Author Topic: Nasty Malware Going Around  (Read 9751 times)

MikeB

  • friend
  • Senior Member
  • ***
  • Posts: 924
Re: Nasty Malware Going Around
« Reply #25 on: September 13, 2009, 08:53:08 PM »
Mike, your statement presumes that the BitDefender rescue CD is even keyed to find and delete those particular rootkit files.  It may not be.

It was when I used it the other day, it has as good a chance as taking a drive out and sticking it in another computer. It even updates itself before running if a network connection is attached.

And FWIW, that day Combfix and Malwarebytes didn't work on their own. They did two days later for the same piece of malware.

RocketMan

  • Mad Rocket Scientist
  • friend
  • Senior Member
  • ***
  • Posts: 13,980
  • Semper Fidelis
Re: Nasty Malware Going Around
« Reply #26 on: September 13, 2009, 08:55:55 PM »
Taking the drive out and scanning it on another computer does not work with this particular bug.  BTDT, doesn't work.  It removes a lot of the ancilliary files, but does not find and kill the rootkit files.
And that was scanning with BitDefender, MalwareBytes, SuperAntiSpyware, etc.
« Last Edit: September 13, 2009, 09:02:44 PM by RocketMan »
If there really was intelligent life on other planets, we'd be sending them foreign aid.

Conservatives see George Orwell's "1984" as a cautionary tale.  Progressives view it as a "how to" manual.

My wife often says to me, "You are evil and must be destroyed." She may be right.

Liberals believe one should never let reason, logic and facts get in the way of a good emotional argument.

Perd Hapley

  • Superstar of the Internet
  • friend
  • Senior Member
  • ***
  • Posts: 62,153
  • My prepositions are on/in
Re: Nasty Malware Going Around
« Reply #27 on: September 13, 2009, 11:59:28 PM »
Yes, but did you try running PC_AntiSpyware2010?   :lol:
Can the liberties of a nation be thought secure when we have removed their only firm basis, a conviction in the minds of the people that these liberties are the gift of God?
--Thomas Jefferson

RocketMan

  • Mad Rocket Scientist
  • friend
  • Senior Member
  • ***
  • Posts: 13,980
  • Semper Fidelis
Re: Nasty Malware Going Around
« Reply #28 on: September 14, 2009, 12:42:54 AM »
I did try that one, fistful, but weird stuff happened.  I can't explain it.
If there really was intelligent life on other planets, we'd be sending them foreign aid.

Conservatives see George Orwell's "1984" as a cautionary tale.  Progressives view it as a "how to" manual.

My wife often says to me, "You are evil and must be destroyed." She may be right.

Liberals believe one should never let reason, logic and facts get in the way of a good emotional argument.

Perd Hapley

  • Superstar of the Internet
  • friend
  • Senior Member
  • ***
  • Posts: 62,153
  • My prepositions are on/in
Can the liberties of a nation be thought secure when we have removed their only firm basis, a conviction in the minds of the people that these liberties are the gift of God?
--Thomas Jefferson

Jim147

  • friends
  • Senior Member
  • ***
  • Posts: 7,687
Re: Nasty Malware Going Around
« Reply #30 on: September 14, 2009, 09:52:34 AM »
What if any antivirus were you all running when you got your bug? Was it up to date at the time?
I haven't went through all the articles yet but do any of you think you might have got it from a common source?

jim
Sometimes we carry more weight then we owe.
And sometimes goes on and on and on.

BAH-WEEP-GRAAAGHNAH WHEEP NI-NI BONG

MikeB

  • friend
  • Senior Member
  • ***
  • Posts: 924
Re: Nasty Malware Going Around
« Reply #31 on: September 14, 2009, 12:10:17 PM »
Taking the drive out and scanning it on another computer does not work with this particular bug.  BTDT, doesn't work.  It removes a lot of the ancilliary files, but does not find and kill the rootkit files.
And that was scanning with BitDefender, MalwareBytes, SuperAntiSpyware, etc.

Look, I don't know what your problem is with me. You thank another user that was actually quoting me for suggesting the Bitdefender rescue CD. Then claim it doesn't work, even though you've never even tried it; when I point out to another user that it's essentially the same thing as plugging it into another computer sans the OS.

Perhaps Bitdefender didn't work for you because they were both Windows OS machines, it did work for me on the same exact malware when using the rescue CD. It broke the root kit so that Combofix and Malwarebytes could do their thing.

AZRedhawk44

  • friends
  • Senior Member
  • ***
  • Posts: 14,032
Re: Nasty Malware Going Around
« Reply #32 on: September 14, 2009, 12:14:42 PM »
It's something grown-up computers get.   :laugh:

Fisty for the win. =D

My brother picked up "Personal AntiVirus 2009" the other day and it hosed his computer up real good.  Fooled me at first glance.... it has a logo emblem very much like Norton Antivirus.

I dug the bugger out of the computer and the registry though, so there's nothing left.
"But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist."
--Lysander Spooner

I reject your authoritah!

Monkeyleg

  • friend
  • Senior Member
  • ***
  • Posts: 14,589
  • Tattaglia is a pimp.
    • http://www.gunshopfinder.com
Re: Nasty Malware Going Around
« Reply #33 on: September 14, 2009, 11:01:48 PM »
I was screwing around with the brother of Antivirus 2009 today, Antivirus Pro 2010. I went through the registry, the program files, everything, but there were still enough parts of the virus left to make it annoying.

I did a search on Antivirus Pro 2010, and found articles on some software that gets rid of it. Installed the software and it found the remnants of the virus. When it came time to have the software get rid of the virus, it was time to register (pay for) the software.

So, there's a virus that gets into folks' PC's, and looks like anti-virus software. Click on the warning, and you're invited to purchase the software. If you don't, it bugs you until you realize it's not a nice antivirus program. So you find an antivirus program to get rid of the antivirus scam program, but it's going to cost you money.

Gee, do you think the purveyors of the anti-anti-virus software may have come up with the anti-virus software in the first place to create demand for their anti-anti-virus software? ;)


Harold Tuttle

  • Professor Chromedome
  • friend
  • Senior Member
  • ***
  • Posts: 8,069
Re: Nasty Malware Going Around
« Reply #34 on: September 14, 2009, 11:10:36 PM »
a buddies wife used her credit card to buy the licence for the remover

I advised them to cancel that card
"The true mad scientist does not make public appearances! He does not wear the "Hello, my name is.." badge!
He strikes from below like a viper or on high like a penny dropped from the tallest building around!
He only has one purpose--Do bad things to good people! Mit science! What good is science if no one gets hurt?!"

RocketMan

  • Mad Rocket Scientist
  • friend
  • Senior Member
  • ***
  • Posts: 13,980
  • Semper Fidelis
Re: Nasty Malware Going Around
« Reply #35 on: September 14, 2009, 11:39:57 PM »
Mike, I don't have a problem with you at all.  I apologize if I offended you, as that was not my intent.
My reference to using the BitDefender rescue CD was for future antivirus work.  I had already managed to kill the Antivirus Pro 2010 rootkit on my current client's machine with a mix of different tools.
I went back and read your post where you said you had used the BitDefender Rescue CD.  I had missed the part where you said you managed to nuke this particular bug.  In misreading it, I thought you were speaking about its general appication.
Again, my apologies.
If there really was intelligent life on other planets, we'd be sending them foreign aid.

Conservatives see George Orwell's "1984" as a cautionary tale.  Progressives view it as a "how to" manual.

My wife often says to me, "You are evil and must be destroyed." She may be right.

Liberals believe one should never let reason, logic and facts get in the way of a good emotional argument.

Jim147

  • friends
  • Senior Member
  • ***
  • Posts: 7,687
Re: Nasty Malware Going Around
« Reply #36 on: September 15, 2009, 12:05:45 AM »
I was screwing around with the brother of Antivirus 2009 today, Antivirus Pro 2010. I went through the registry, the program files, everything, but there were still enough parts of the virus left to make it annoying.

I did a search on Antivirus Pro 2010, and found articles on some software that gets rid of it. Installed the software and it found the remnants of the virus. When it came time to have the software get rid of the virus, it was time to register (pay for) the software.

So, there's a virus that gets into folks' PC's, and looks like anti-virus software. Click on the warning, and you're invited to purchase the software. If you don't, it bugs you until you realize it's not a nice antivirus program. So you find an antivirus program to get rid of the antivirus scam program, but it's going to cost you money.

Gee, do you think the purveyors of the anti-anti-virus software may have come up with the anti-virus software in the first place to create demand for their anti-anti-virus software? ;)



It's always the anti's fault.

jim
Sometimes we carry more weight then we owe.
And sometimes goes on and on and on.

BAH-WEEP-GRAAAGHNAH WHEEP NI-NI BONG

lee n. field

  • friend
  • Senior Member
  • ***
  • Posts: 13,822
  • tinpot megalomaniac, Paulbot, hardware goon
Re: Nasty Malware Going Around
« Reply #37 on: September 24, 2009, 02:53:23 PM »
Quote
PC_AntiSpyware2010 and Advanced Antivirus.  It is also known by the anti-malware companies by one of its common filenames, Braviax.exe.

Fixed one of these this week.  A bitch.

The customer is on contract, so it wasn't a time and materials thing, fortunately for them.

Bitdefender live CD ran, found stuff.  The scanner crashed (*poof* and it's gone) shortly after being told to deal with what it found.  Too bad.  If it'd worked, it would have been a nice thing to give to the end users, for them to run first before they call me in.

Couldn't get anywhere near cleaning it with tools running on the system itself.  Stuff just kept coming back.

Pulled the drive, scanned it with 1)Symantec Endpoint Security, 2)Malwarebytes and 3)Superantispyware.  Each successive program found more stuff.

Reinstalled the drive.  Scanned with locally installed Malwarebytes and Superantispyware.  Had to run a TCP/IP fix to get malwarebytes to update itself.  Each found yet more stuff.  Cleared some security blocks that the nasty had left in place (to keep you from running task manager and regedit).  And....Couldn't run Windows updates.  Couldn't start the Event Log service -- some missing critical piece.

"Aw, ***t!"

Repair install of Windows, plus all updates.

Then, something along the way had put a limit on the user profile size (computer is not on a domain, BTW).  A bit of Googling found the fix.

Way, way too much trouble.  Next time it gets backed up and blowed away.
« Last Edit: September 24, 2009, 08:34:32 PM by lee n. field »
In thy presence is fulness of joy.
At thy right hand pleasures for evermore.

Angel Eyes

  • Lying dog-faced pony soldier
  • friend
  • Senior Member
  • ***
  • Posts: 13,138
  • You're not diggin'
Re: Nasty Malware Going Around
« Reply #38 on: September 24, 2009, 03:03:14 PM »

Yesterday my wife's PC got infected with "Alpha Antivirus" which, among other things, prevented her from using IE.  I'm not sure if this is the same malware you had, but rebooting in "safe mode with networking", then running Malwarebytes (full scan) got rid of it.

 
"... and now I want to hand it over to the president of Ukraine who has as much courage as he has determination.  Ladies and gentlemen, President Putin."
                          - Joe Biden, July 11, 2024

Balog

  • Unrepentant race traitor
  • friends
  • Senior Member
  • ***
  • Posts: 17,774
  • What if we tried more?
Re: Nasty Malware Going Around
« Reply #39 on: September 24, 2009, 03:37:05 PM »
That, or use a Macintosh.

What the heck is malware, anyway ? 

Quote from: French G.
I was always pleasant, friendly and within arm's reach of a gun.

Quote from: Standing Wolf
If government is the answer, it must have been a really, really, really stupid question.

Harold Tuttle

  • Professor Chromedome
  • friend
  • Senior Member
  • ***
  • Posts: 8,069
Re: Nasty Malware Going Around
« Reply #40 on: September 24, 2009, 04:51:00 PM »
Got a call from a buddy last night,
His wifes laptop got hit
She took it into the School districts tech and he fixed it

He blew away 5 years of work files and reinstalled a clean OS

fixed it good he did

My buddy is investigating partition recovery tools

He didn't format it, he just replaced the OS and lost the old directories
"The true mad scientist does not make public appearances! He does not wear the "Hello, my name is.." badge!
He strikes from below like a viper or on high like a penny dropped from the tallest building around!
He only has one purpose--Do bad things to good people! Mit science! What good is science if no one gets hurt?!"

280plus

  • friend
  • Senior Member
  • ***
  • Posts: 19,131
  • Ever get that sinking feeling?
Re: Nasty Malware Going Around
« Reply #41 on: September 24, 2009, 06:45:33 PM »
"There was a Malware goin' 'round, puter caught it and it died last spring,
Now my hard drive doesn't want to do much of anything..."

 I seem to be fariing well with my spy doctor. No hints otherwise.
Avoid cliches like the plague!

Silver Bullet

  • friend
  • Senior Member
  • ***
  • Posts: 1,859
Re: Nasty Malware Going Around
« Reply #42 on: September 24, 2009, 10:38:41 PM »


Well, here's something we can agree on:  you deserve a pc ! 

 :laugh:

jackdanson

  • friend
  • Senior Member
  • ***
  • Posts: 702
Re: Nasty Malware Going Around
« Reply #43 on: September 24, 2009, 10:44:11 PM »
My lifelong dream is to create an international team of hitmen, "tactical operators" and spies to deal with the people who make these programs... that and the pirates.  (somali ARRGHHHH pirates, not software pirates)

Hawkmoon

  • friend
  • Senior Member
  • ***
  • Posts: 27,776
Re: Nasty Malware Going Around
« Reply #44 on: September 25, 2009, 11:08:50 AM »
I had to deal with the 2009 version of that one last year. In the end, I decided it was time for a bigger hard drive anyway. I put the old drive into another machine as a D: drive, copied off only the data files we wanted to save, then installed Xp onto a new hard drive, reinstalled the key apps we use, and copied the data files back onto the new hard drive.

Much work, but it succeeded where none of the virus tools we had would touch it.

The people who create this stuff should be flayed alive, then staked out on an ant hill.
- - - - - - - - - - - - -
100% Politically Incorrect by Design

RocketMan

  • Mad Rocket Scientist
  • friend
  • Senior Member
  • ***
  • Posts: 13,980
  • Semper Fidelis
Re: Nasty Malware Going Around
« Reply #45 on: September 25, 2009, 06:12:39 PM »
The people who create this stuff should be flayed alive, then staked out on an ant hill.

Why do you just want to coddle these ne'er-do-wells?  How about some real punishment, or are you afraid to hurt their widdle feelings?   :rolleyes:


Seriously though, I'm with you.  When folks like this are caught and convicted, hanging is too good for 'em.
If there really was intelligent life on other planets, we'd be sending them foreign aid.

Conservatives see George Orwell's "1984" as a cautionary tale.  Progressives view it as a "how to" manual.

My wife often says to me, "You are evil and must be destroyed." She may be right.

Liberals believe one should never let reason, logic and facts get in the way of a good emotional argument.

lee n. field

  • friend
  • Senior Member
  • ***
  • Posts: 13,822
  • tinpot megalomaniac, Paulbot, hardware goon
Re: Nasty Malware Going Around
« Reply #46 on: September 25, 2009, 07:33:41 PM »
Quote
The people who create this stuff should be flayed alive, then staked out on an ant hill.

"I'd like to live just long enough to be there when they cut off your head and mount it on a pike as a warning to the next ten generations not to screw with my computer.  I would look up at your lifeless eyes and wave, like this."  --Vir Cotto


In thy presence is fulness of joy.
At thy right hand pleasures for evermore.

Silver Bullet

  • friend
  • Senior Member
  • ***
  • Posts: 1,859
Re: Nasty Malware Going Around
« Reply #47 on: October 17, 2009, 11:54:08 PM »
I guess he didn't want to debate after all. 

Strings

  • APS Pimp
  • friend
  • Senior Member
  • ***
  • Posts: 5,195
Re: Nasty Malware Going Around
« Reply #48 on: October 18, 2009, 03:57:11 AM »
I think this was what hit me, and made me try Linux...
No Child Should Live In Fear

What was that about a pearl handled revolver and someone from New Orleans again?

Screw it: just autoclave the planet (thanks Birdman)