CIS Froozen highly infected machine

Discussion in 'other anti-virus software' started by guest, Dec 1, 2008.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    On the sense and senselessness of Malware cleaning



    http://www.emsisoft.com/en/kb/articles/tec081111/

    Emsisoft wrote this article, after my test.i dont with them.i dont like their suggestion, "FORMAT"
    This is very primitive.
     
  2. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Re: On the sense and senselessness of Malware cleaning


    Well infact it is the only way to be sure that a computer is clean after attack, and in case you really want to perform "cleaning" of a very badly infected machine, in your case a virtual machine, then the first step would be to use a rescue disk/bootable scan cd (as provided by some if not all of the vendors mentioned here) and get rid of the infected files while they are inactive...as active cleaning of such infections is almost certainly going to go either 1 of two ways: 1) Antivirus will not function due to malware blocking it 2) Pc will BSOD and refuse to boot once antivirus attempts to delete certain files.

    I wouldn't use this as a deciding factor on how "good" your antivirus is, because 1) it wasn't installed when the infections took place 2) we have no way of knowing which samples are doing what (aka have they been specifically designed to target certain antiviruses and block them from loading (as is probably the case here- AVP and Norton both seem to be targetted) and 3) This does not demonstrate the true cleaning/detection capabilites, as the malware is interfering with the OS and virus scanners

    It would be interesting if you could boot a virtual scan cd into a virtual machine and see what happens then.
     
  3. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    Re: On the sense and senselessness of Malware cleaning


    Like yourself, I was not impressed at all with all of this "testing" :thumbd:
     
  4. guest

    guest Guest

    Re: On the sense and senselessness of Malware cleaning

    i can manually cure fake av's with winPE cd. There is no need av cd.

    Some Av alert when malware installation
    but it cant stopped it.

    Every Av vendors say "we can disinfect virus"

    From kaspersky;
    http://www.kaspersky.com/kaspersky_internet_security?blocknum2_3=3
    # The program can be installed on infected computers
    # Restores correct system settings after removing malicious software

    but Kaspersky cant be installed.

    Avast;
    http://www.avast.com/eng/avast-4-professional-antivirus-antispyware.html
    * Certain strong capabilities of direct repair (especially macroviruses)
    * Repairing files using automatically generated Virus Recovery Database (VRDB)

    Anyway. Article seems true. Test confirm this idea.
    But i cant appropriate this idea.
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Drweb can disinfect, clean and cure infected files.

    Some say they can, but actually can't really.
     
  6. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Re: On the sense and senselessness of Malware cleaning

    That isn't the point...I can boot with a bartpe cd and delete a few directories too, if you want to test the antivirus detection and cleaning then that is how you should do it- with the boot cd. We aren't talking about detection or prevention of infection, but actual cleaning, which should be done while the malware files are inactive.

    Yes, you can install Kaspersky on infected machines, but when a malware is actively targetting and terminating all threads with "avp" inside it, it is a lot more difficult for you to install Kaspersky, than on a computer that is infected but that is not specifically targetting the Kaspersky files/processes. If it was installed before the infection took place that is another matter. The more popular an antivirus is, the more likely it will be targetted in such a way.

    Plus, in such cases where it is not possible to install Kaspersky first time around, there is a special tool that tech support will probably get you to run.

    http://support.kaspersky.com/downloads/utils/www.bat

     
    Last edited: Dec 4, 2008
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,062
    im surprised kis/kav2009 do not what there own avptool does.
    creates a process with a random file name and then enables self defence.
    if you call the process avp.exe of course malware is going to disable it.
    everything who creates malware knows the main processes of all major antivirus programs and will terminate if possible.
     
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Again, certification.... AVPTool does not seek windows certification, KAV/KIS does.
     
  9. guest

    guest Guest

    this is very good idea.
     
  10. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    Re: On the sense and senselessness of Malware cleaning


    don't think anyone cares

    getting sick of you idiots posting this crap

    the guy said, 'i am not a professional', 'i am doing this for fun' 'this is not real world, my machine is highly infected' etc, etc

    and you still talking crap

    how much more transparent can you be?
     
  11. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    Re: On the sense and senselessness of Malware cleaning

    Quite frankly I'm all for testing product software,and others have made points of view known as how this was handled,I was stating an opinion, which is done on open forums and message boards. If this makes you upset,best bet would be dont check out too many message forums because there's lots of opinions and you might be mad alot,so get used to it.
     
  12. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    Re: On the sense and senselessness of Malware cleaning


    Quite frankly I'm all for testing product software,and others have made points of view known as how this was handled,I was stating an opinion, which is done on open forums and message boards. If this makes you upset,best bet would be dont check out too many message forums because there's lots of opinions and you might be mad alot,so get used to it.

    (ps i copied and pasted this because it applies right back to you, saved me effort of typing ;))
     
  13. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Found some background info regarding early load:

    http://community.norton.com/norton/...dback&message.id=20418&query.id=173212#M20418

    Auto-Protect Early Load will set Auto-Protect to load earlier in the boot process. This will protect against malware that also loads early in the boot process, if there is any on the system, which there shouldn't be unless you turned off protection at some point or something. It will slow down the boot process since we are scanning more files.



    If we detect any infections on the machine that require a reboot to repair we automatically set Auto-Protect to run in Early Load mode until we declare the machine clean. This automatically protects against any other malware that loads at boot time.



    It makes repairing possible for some of the nastier infections but it isn't required to be on. If you don't mind the couple extra seconds of boot time you can turn it on.




    Principal Software Engineer
    Consumer and Client Product Delivery 4 Kudos! Thanks!
     
  14. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Please try Kaspersky again with the fix baz provided. I really want to see if its really good at removal.
     
  15. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Re: On the sense and senselessness of Malware cleaning

    You people need to be nice to each other ^_^
     
  16. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,079
    Re: On the sense and senselessness of Malware cleaning

    yep and more respectful i guess
     
  17. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    So, MS does not permit appz. own process name randomization while app. install itself (app. will lose MS certificate), it is unbelievable, are you sure?
     
  18. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Ok Guest did say he is not a pro and it is his Hobby,He did not even have to post or take all the time he did making screen shots for all of us to see.Imo it was for enjoyment and to see how each one did during a invested machine.I honestly do not see anyone else testing or doing any better including my self. why insult some ones testing but perhaps suggestion of testing in a different procedure in the future would be a kinder suggest.;)
     
  19. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    421
    Location:
    Honolulu, Hawaii
    Re: On the sense and senselessness of Malware cleaning

    Stop it you guys. LOL :D
     
  20. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Re: On the sense and senselessness of Malware cleaning

    Thanks, De Hollander :thumb:
    Much appreciated ....
     
  21. guest

    guest Guest

    ooof.
    www.bat is a spesific tools for some malware files to deletion.
    this malware can stopped kaspersky installation.


    anyway. you can get it.

    NEW TEST 1 :KASPERSKY TEST WITH WWW.BAT

    NEW TEST 2:SUPERANTISPYWARE PRO TEST

    NEW TEST 3:VIPRE TEST

    http://rapidshare.com/files/170323416/ViprE_PART1.rar
    http://rapidshare.com/files/170390814/VIPRE_2.rar





    NEW TEST 4: PANDA

    *it has a internet connection problem (for update)
    *it has a deletion problem
    *it has a dedection problem (eantivirus and some others)

    i tested it, but i wont upload screenshot.


    *THANX GERY

    if anybody dont like my test, yo can prefer dont reading.
    Or Yo can try do better test.
    if you do, i will read it with relish.
     
    Last edited by a moderator: Dec 5, 2008
  22. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Well that is how it seems to be unfortunately, according to the conversations I have seen from the developer of AVPTool on the KL forum.
     
  23. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    From the test photos, superantispyware cleaned up a fair chunk, or the majority of the problem applications and popups.

    Well done. Combined with an AV, just shows how useful the program is.
     
  24. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Guest, first of all, thanks for your efforts!

    Are you planning on using AV Boot disks to see how they perform, f.i. F-Secure Rescue CD or Avira Rescue System?

    It might be interesting to see, if this way of cleaning performs better than the standard way of installing/updating AV's on such a heavily infected (almost bricked) system.
    Mind you, running a disk like F-Secure's can take hours and hours so better start it just before going to sleep ;).
    Cheers.
     
  25. guest

    guest Guest

    sory. i am going to another city after 1 hour (for holiday)
    may be 1 week later, if you want.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.