Rustock C no longer a myth, no longer a threat

drweb, will never 'ever' add a signature for a threat that they dont have a cure for.

it really comes down to different thoughts and feelings about what protection is, drweb has always been the ugly duckling, the one that stands out from the rest, to have a different strategy compared to others, usually flamed for, but they have customers for that very reason.

its nice to have a different choice.

brings back memorys of the stealth MBR that drweb was first to cure too.

 

IMO, Dr.Web has some solid technology (even if not always stable) and a few brilliant minds working in there, but I just can't shake the feeling that they could do with hiring a few more people

And yes, its Dr.Web's philosophy, they will never add detection without having at least a rudimentary curing mechanism in place.

 

Hmm,

Even at the expense of detecting and blocking real current threats it seems. Not a good way to look after your customers, who expect to be protected from malware, not to get infected and find a perfect cleaning routine some 6 months later.

Kudos to the analysts at Dr. Web for their excellent work in this case anyway

 

Hey Steve,

drweb 'know what they're doing' when cleaning is concerned, they aint the amateurs at it, they can manage it quite quickly, this case is different for the ability of the malware itself.

:d

 

Well that can be said for others as well,with No signature in place and maybe slips under the nose of heuristic detection to what, maybe find the infection at a the next update or later and cant clean the mess anyways.Leaves you what, looking for another to clean up what one couldn't.

 

Now Kaspersky Detects the threat too, as


Trojan-Clicker.Win32.Costrat.cx (http://vgrep.viruspool.net/virus.cms?&id=3526061)

and

Trojan-Clicker.Win32.Costrat.g (http://vgrep.viruspool.net/virus.cms?&id=1265717)

 

wow, add them to my new club.

 

Hello Very intresting read i must say \(^.^)/

Does anyone know if eset detects this bad boy

 

I went to http://vgrep.viruspool.net and searched for Rustock.c. Didn't find the detection by Eset, but of course that website doesn't display all detections.

 

Thanks buddy so i guess thats a no no yet

 

Now lets come to the last Version D what about that?

 

lmao hahahahahaha

 

Are you talking about the rustock C hype?

Did you see the date? Detected by: Kaspersky Lab KavCon 1.0.0.48 15-Feb-2008? I hope you can make the conclusion!

 

So you think it is not existent..

 

Of course i am happy that Dr. Web can handle this malware, but i am very disappointing in the fact that the website mentioned above,
decided NOT to mention TrustPort, which also contains Dr. web engine.

TrustPort is tested on a regular basis at virusbtn AND had the best
test results in the last 2 On-Demand av-comparatives.org.
So why is this (i am waiting for a mail reply of them).

 

Oops! Didn't see that!

They may have decided not to include multi engine avs. Anyway don't worry, if Dr.Web detects it, then Trusport will detect it indeed.

 

I just don't think it is fair, if i am running TrustPort, i like to see how it performs.
If all these kind of websites will decide NOT to mention products like G-data or TrustPort, people will never know they exist and how they perform.

Another thing is that both G-Data and TrustPort are smaller companies then Symantec and Eset, Mcafee etc. with smaller marketing budgets.
So it is extra difficult for them, to compete with these big brothers.

So this is another website that helps to inform people about the most famous AV's, and not the ones that find the most viruses and other malware.

It is just as honest as creating a website that reviews all antivirus products that don't start with a M or a E

 

I don't think they actually care about those engines, they care more about more famous ones. Anyway you could try contacting them.

 

Greatis Regrun Platinum has no problems as well with the rustock variants

http://www.greatis.com/security/Rustock(lzx32.sys)_free_removal_tool.htm

 

Interesting that it makes no difference between hacker defender and rustock
it seems UnhackMe sees a genetic similarity in both. Czechia meets Russia.

 

Stand alone free Rustock A,B,C removal tool from Greatis
http://greatis.com/security/Rustock(lzx32.sys)_free_removal_tool.htm

 

I must disappoint you a bit. TrustPort won't detect an active infection and won't be able to cure.
But of course it detects the samples.

 

Let me clarify some statements posted (in no particular order).

- "Good in curing" does not imply "bad in detection". Implementing a cure path requires more work, but this does not pose a real problem. There are tough cases, but not many.
- It is not a crime to be the first (and/or best) in something. I'm proud of our people, who did this hard work. Definitely it wasn't easy (actually, it was a challenge).
- It is a win/win for everybody. Our customers are protected from this malware now. We wish other vendors to catch up, their customers want to be protected too.
- This is a powerful and dangerous rootkit. According to some sources it's been there for more than a year, "hackers" were discussing it on their forums, but some people did not believe it even existed. This is another reason why it was important to come up with a solution. Posting "look, one more rootkit" would not help.

I believe it is actually a good PR: complete a job's, tell the people.

PS. Sorry for my English

 

Your english is fine. Made perfect sense.

 

One felt its existence agree around a year or so, maybe even longer but still thousands of other threats outthere. Still awaiting a exact explaination, is it right that it uses winlogon (at least partially) as tcp connector? (I recently saw something in this way but could be other malware too) On the screen of DrWeb we see that it also affects winlogon, so would be logical on the one hand and prove what I´ve seen.