CIS Froozen highly infected machine

On the sense and senselessness of Malware cleaning

http://www.emsisoft.com/en/kb/articles/tec081111/

Emsisoft wrote this article, after my test.i dont with them.i dont like their suggestion, "FORMAT"
This is very primitive.

 

Re: On the sense and senselessness of Malware cleaning

Well infact it is the only way to be sure that a computer is clean after attack, and in case you really want to perform "cleaning" of a very badly infected machine, in your case a virtual machine, then the first step would be to use a rescue disk/bootable scan cd (as provided by some if not all of the vendors mentioned here) and get rid of the infected files while they are inactive...as active cleaning of such infections is almost certainly going to go either 1 of two ways: 1) Antivirus will not function due to malware blocking it 2) Pc will BSOD and refuse to boot once antivirus attempts to delete certain files.

I wouldn't use this as a deciding factor on how "good" your antivirus is, because 1) it wasn't installed when the infections took place 2) we have no way of knowing which samples are doing what (aka have they been specifically designed to target certain antiviruses and block them from loading (as is probably the case here- AVP and Norton both seem to be targetted) and 3) This does not demonstrate the true cleaning/detection capabilites, as the malware is interfering with the OS and virus scanners

It would be interesting if you could boot a virtual scan cd into a virtual machine and see what happens then.

 

Re: On the sense and senselessness of Malware cleaning

Like yourself, I was not impressed at all with all of this "testing"

 

Re: On the sense and senselessness of Malware cleaning

i can manually cure fake av's with winPE cd. There is no need av cd.

Some Av alert when malware installation
but it cant stopped it.

Every Av vendors say "we can disinfect virus"

From kaspersky;
http://www.kaspersky.com/kaspersky_internet_security?blocknum2_3=3
# The program can be installed on infected computers
# Restores correct system settings after removing malicious software

but Kaspersky cant be installed.

Avast;
http://www.avast.com/eng/avast-4-professional-antivirus-antispyware.html
* Certain strong capabilities of direct repair (especially macroviruses)
* Repairing files using automatically generated Virus Recovery Database (VRDB)

Anyway. Article seems true. Test confirm this idea.
But i cant appropriate this idea.

 

Drweb can disinfect, clean and cure infected files.

Some say they can, but actually can't really.

 

Re: On the sense and senselessness of Malware cleaning

That isn't the point...I can boot with a bartpe cd and delete a few directories too, if you want to test the antivirus detection and cleaning then that is how you should do it- with the boot cd. We aren't talking about detection or prevention of infection, but actual cleaning, which should be done while the malware files are inactive.

Yes, you can install Kaspersky on infected machines, but when a malware is actively targetting and terminating all threads with "avp" inside it, it is a lot more difficult for you to install Kaspersky, than on a computer that is infected but that is not specifically targetting the Kaspersky files/processes. If it was installed before the infection took place that is another matter. The more popular an antivirus is, the more likely it will be targetted in such a way.

Plus, in such cases where it is not possible to install Kaspersky first time around, there is a special tool that tech support will probably get you to run.

http://support.kaspersky.com/downloads/utils/www.bat

 

im surprised kis/kav2009 do not what there own avptool does.
creates a process with a random file name and then enables self defence.
if you call the process avp.exe of course malware is going to disable it.
everything who creates malware knows the main processes of all major antivirus programs and will terminate if possible.

 

Again, certification.... AVPTool does not seek windows certification, KAV/KIS does.

 

this is very good idea.

 

Re: On the sense and senselessness of Malware cleaning

don't think anyone cares

getting sick of you idiots posting this crap

the guy said, 'i am not a professional', 'i am doing this for fun' 'this is not real world, my machine is highly infected' etc, etc

and you still talking crap

how much more transparent can you be?

 

Re: On the sense and senselessness of Malware cleaning

Quite frankly I'm all for testing product software,and others have made points of view known as how this was handled,I was stating an opinion, which is done on open forums and message boards. If this makes you upset,best bet would be dont check out too many message forums because there's lots of opinions and you might be mad alot,so get used to it.

 

Re: On the sense and senselessness of Malware cleaning

Quite frankly I'm all for testing product software,and others have made points of view known as how this was handled,I was stating an opinion, which is done on open forums and message boards. If this makes you upset,best bet would be dont check out too many message forums because there's lots of opinions and you might be mad alot,so get used to it.

(ps i copied and pasted this because it applies right back to you, saved me effort of typing )

 

Found some background info regarding early load:

http://community.norton.com/norton/...dback&message.id=20418&query.id=173212#M20418

Auto-Protect Early Load will set Auto-Protect to load earlier in the boot process. This will protect against malware that also loads early in the boot process, if there is any on the system, which there shouldn't be unless you turned off protection at some point or something. It will slow down the boot process since we are scanning more files.



If we detect any infections on the machine that require a reboot to repair we automatically set Auto-Protect to run in Early Load mode until we declare the machine clean. This automatically protects against any other malware that loads at boot time.



It makes repairing possible for some of the nastier infections but it isn't required to be on. If you don't mind the couple extra seconds of boot time you can turn it on.




Principal Software Engineer
Consumer and Client Product Delivery 4 Kudos! Thanks!

 

Please try Kaspersky again with the fix baz provided. I really want to see if its really good at removal.

 

Re: On the sense and senselessness of Malware cleaning

You people need to be nice to each other ^_^

 

Re: On the sense and senselessness of Malware cleaning

yep and more respectful i guess

 

So, MS does not permit appz. own process name randomization while app. install itself (app. will lose MS certificate), it is unbelievable, are you sure?

 

Ok Guest did say he is not a pro and it is his Hobby,He did not even have to post or take all the time he did making screen shots for all of us to see.Imo it was for enjoyment and to see how each one did during a invested machine.I honestly do not see anyone else testing or doing any better including my self. why insult some ones testing but perhaps suggestion of testing in a different procedure in the future would be a kinder suggest.

 

Re: On the sense and senselessness of Malware cleaning

Stop it you guys. LOL

 

Re: On the sense and senselessness of Malware cleaning

Thanks, De Hollander
Much appreciated ....

 

ooof.
www.bat is a spesific tools for some malware files to deletion.
this malware can stopped kaspersky installation.


anyway. you can get it.

NEW TEST 1 :KASPERSKY TEST WITH WWW.BAT

NEW TEST 2:SUPERANTISPYWARE PRO TEST

NEW TEST 3:VIPRE TEST

http://rapidshare.com/files/170323416/ViprE_PART1.rar
http://rapidshare.com/files/170390814/VIPRE_2.rar





NEW TEST 4: PANDA

*it has a internet connection problem (for update)
*it has a deletion problem
*it has a dedection problem (eantivirus and some others)

i tested it, but i wont upload screenshot.


*THANX GERY

if anybody dont like my test, yo can prefer dont reading.
Or Yo can try do better test.
if you do, i will read it with relish.

 

Well that is how it seems to be unfortunately, according to the conversations I have seen from the developer of AVPTool on the KL forum.

 

From the test photos, superantispyware cleaned up a fair chunk, or the majority of the problem applications and popups.

Well done. Combined with an AV, just shows how useful the program is.

 

Guest, first of all, thanks for your efforts!

Are you planning on using AV Boot disks to see how they perform, f.i. F-Secure Rescue CD or Avira Rescue System?

It might be interesting to see, if this way of cleaning performs better than the standard way of installing/updating AV's on such a heavily infected (almost bricked) system.
Mind you, running a disk like F-Secure's can take hours and hours so better start it just before going to sleep .
Cheers.

 

sory. i am going to another city after 1 hour (for holiday)
may be 1 week later, if you want.