Suggestions needed

Discussion in 'malware problems & news' started by HURST, Jun 23, 2008.

Thread Status:
Not open for further replies.
  1. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    582
    What happened to your SAS support ticket? Your Bagle seems to be a polymorphic, parasitic file infector. Did you send the sample to Nick?

    If you decided to reformat, to be on the safe side, flash your BIOS.

    I think F-Prot DOS (v3?) is no longer supported.

    thanatos
     
  2. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    It still is! I wonder if other AVs have DOS scanners too.
     
  3. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    582
    Hello PiCo. It's no longer available for download at F-Prot's site. Also, definitions for it have been pulled out. According here, the last signature update for F-Prot DOS (v3.16f) was from May 10, 2008.

    thanatos

    EDIT:
    PiCo, just checked the link you gave and there is a download link for f-prot.zip. The zip file contains the signatures but I don't know if they are current. If v3 support was discontinued last June 2, 2008, does this mean v3 CLI uses defs of v6?
     
    Last edited: Jun 25, 2008
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    No, haven't sent the sample yet. Just sent the sample.
    The computer can't connect to the internet, so it's imposiible to ask for a custom scan from SAS.
     
    Last edited: Jun 25, 2008
  5. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    582
    When SAS updates its definitions, slave the infected PC's HD then scan (turn-off autoplay). Ask Nick if you could slave the HD and run a diagnostic scan from there.

    thanatos

    EDIT:
    So it's a laptop. You will need a laptop drive adapter. If slaving is not possible at the moment/not an option, you could either reformat or go to a malware removal forum.

    BTW, did you try installing SAS in safe mode?
     
    Last edited: Jun 25, 2008
  6. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Yes, tried in normal mode and in safe mode.

    Crap.. I wish I had the time to build that adapter.
    Reformat time :(
     
    Last edited: Jun 25, 2008
  7. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I'll give SAS one more try...
    But Internet connection is broken on that laptop.
    Is there a way to download defs in my laptop and export them to the other?
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yes :)
     
  9. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks Lucas, but it's useless. I can't get SAS to install.
    I've sent an e-mail to Marcin, from MalwareBytes, since MBAM can run properly under Safe Mode.
    So far this is my last chance.


    EDIT: I JUST WAS ABLE TO INSTALL SAS ON NORMAL MODE. SO FAR NO BSOD (WISH ME LUCK). I'LL WAIT FOR THE NEW DEFS TO COME OUT!
     
    Last edited: Jun 25, 2008
  10. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    582
    Hello HURST. While waiting for SAS's update for your threat, try this,

    Download mwav to your clean PC.
    Unzip it to C:\Kaspersky.
    Run kavupd.exe. Keep trying until it says "Updates Downloaded Successfully". Press enter.

    Copy paste C:\Kaspersky to C:\ of the infected PC.
    Go to safe mode and run mwavscan.com.
    Check drives, scan all files. Click Scan and clean.

    Take note that the scan will take a while. BTW, good luck.

    OT: Congrats lucas1985!

    thanatos
     
  11. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks Thanatos.
    Will try it out later.

    ~~~

    I think this (and the updated versions of SAS and MBAM) are the last things I'll try.
    All data has already been backed up and countdown to a clean install has begun.

    I'd like to thank every one of you who helped with suggestions. This is what makes Wilders such a great place.
     
  12. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    So, finally!
    I didn't worked on this yesterday, but today I see that now the file is getting 21/33 detections on virustotal.
    Hopefully, it wont be able to do harm to anyone else.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.