Rivarts.A Backdoor

Hi,

Looks like it's been fixed at long last !

New Signature Version: 1.14.1358.2 does not detect Rivarts.A. So they have corrected the FP.

http://www.dslreports.com/forum/remark,15757725


StevieO

 

DCdc,
A long time ago there was comet cursor on this pc.
After one program removed it another ( more than one year later ) found remains of this malware.So after this i found its no garantee that the software is completely gone after a decent scan when programX says its gone.

I will see tomorrow if MS AS will find something.
One online scan found look2me.
Antivir and Adaware found nothing.
Little brother likes screensavers.
Is there software that prohibits installation of such software?

PS:thanks dcdc and StevieO for the link...

 

I thought it strange too. At first everybody found it and removed it. Now we're told it doesn't exist. My computer still exhibits the same problems as before. With all my auto updates switched off, my computer still uploads 130kbs of data on switch on with only XP desktop operating. If Rivarts operates to its potential, it would be an ideal national security surveillance device. Call me paranoid, but that doesn't mean they're not watching me. I'd love to know where this data is going to. Can anyone assist?? Is there something I could install which would identify the recipient of automatically initiated uploads.

 

I finally got a new update available for MS AS Beta 1, and after the download, Rivarts.A is no longer detected on my system. The update was apparently made available after the similar Windows Defender update that removed the Rivarts.A detection based on the presence of mchInjDrv alone.

I tried Windows Defender, the Beta 2, but didn't really like it. I missed the System Explorers feature of the original MS AS, which was a handy way of looking at the startup programs, ActiveX and BHOs, and some other things on my system.

I also did not like that Defender uninstalled MS AS Beta 1. After I uninstalled Defender, I reinstalled MS AS just for the System Explorers. I'll probably keep it just for that functionality.

 

MSAS found it first on my computer and after I upgraded to WD it still found time after time after time. The solution I found was to go to Symantec's web page and download the trial version of NAV. I uninstalled what was my AV program and installed NAV. Once NAV was all updated and I attempted to scan the computer froze. No problem. I rebooted to safe mode, ran the scan and it found a program called Adware.Linkmaker. I removed it and rebooted to normal mode. One you get booted up there is a procedure which must be followed othewise your firewall will be turned of by default. See the procedure out lined on symantec's web site for PWSteal.Rivarts. This actually fixes the computer and all the talk about FP's is wrong. Our computers were infected by this thing because it got through an open port. I'm going to get a new fire wall. All of you try this. It works! Good Luck.

 

MS Anti-Spyware Beta1 Defs. "5825" available

"This definition set fixes the appearance of a false positive for Rivarts.A
which a number of users of multiple antispyware products had noted. "

 

Butt-Head9726

Rivarts can indeed be a Real nasty, but a lot of the shows for this from MS have been FP's. If you really did have the Rivarts infection, then that shows it's always wise to get other opinions, and use different methods to double check etc. Even if sometimes they can be very time consuming !


StevieO

 

I also find this on my system. It deletes it and then detectes it again.

I have windows defender, virus sig 1.14.1353.2