cleaned pc using an antivirus:)

Discussion in 'other anti-malware software' started by jmonge, Oct 1, 2010.

Thread Status:
Not open for further replies.
  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ok here is the situation a friend of mine told me his laptop was infected and coludnt use it so i told him to bring it to fix it;)
    tools i used:Gmer,SAS,Mbam,Hitman Pro,Dr Web Cure it,WebRoot SpySweeper,ComboFix,prevx,Comodo Antivirus and avast Free:)

    first Gmer didnt detect nothing and scaner took for ever:D ,then hitman pro could work properlly and was terminated by malware when scaning;),Mbam could even open even if renamed to other name and in safe or any mode:D
    then SAS after like a minute scaning got killed :mad: then DR web cure it say that found zero virus:) nice going:D then SpySweeper found 1 rootkit 1 rouges and 2 trojans but aster i hit remove it was terminated and uninstall by the malware:) this is not a test is real life situation:thumb: :thumb: then run comodo and said zero viruso_O then prevx and prevx says in gree :D system secure no malware in system:D then here comes my only hope avast free;)
    then install avast run a scan and it found 2 trojans,2 rootkits and send them tp the chest(quarentine)then i noticed no more redirection i was able to run all the scaners that got killed and after reboot i notice the speed of pc was back to normal,it was all good thanks to Avast Free Antivirus:thumb: :thumb: i am very impressed with avast:thumb:
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    yeah I like avast alot. The boot time scan is a wonderful option. The network sheild also stops alot of malware from infecting. I used it with CIS v5 but it didn't detect alot of exe's. Not really sure why.
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Use boot CD like Kaspersky to further check system state.
     
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    yeah take your pick with any boot cd, kaspersky, eset, avira, avast. I would be checking combofix and then hijackthis. You could also run MBAM and EAM emergency kit, now that you are able to run programs again.
     
  5. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    For Avast did you do a normal scan or a boot time scan?
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ jmonge

    :D

    Good job ;)

    How would the average person deal with that, they wouldn't :(

    What OS browser AV did they have ? How were they set up ?

    What are the names of the malware you found ?

    Are you sure the MBR is OK ?
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I am curious as to what AV and other security applications were being used, and if they were up to date.

    If Avast found and removed the malware, it would appear to me that the user did not have an up to date AV. Avast is a good one, of course.
    I am also surprised that the other applications mentioned did so poorly.

    Regards,
    Jerry
     
  8. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    @jmonge.......man what if you would have started with avast......:p
     
  9. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    No matter what AV you use, some will detect one kind and others won't. I've ran files through jotti and virus total and avira didn't catch something that bitdefender did. I've seen files that only avira found and only dr web found. Thats why alot of people preach layered defense. No matter what you have at least one time its going to miss something. Yes avira and prevx have high detection rates but its no 100% and probably never will be. Not unless virus writers give up trying to screw peoples systems. Of course if that does happen you might want to look up and see if pigs are flying. ;)
     
  10. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I agree Avast is a fantastic product.

    But keep in mind, no two situations/PCs/users are the same.

    Next time when cleaning, if you use Hitman Pro, use its force breach mode, where you can hold the left ctril key + launching hitman pro, and it will terminate all non-essential windows processes, including rogue programs and malware (hitman pro should advertise this on the main screen, so more users are aware of this feature).
     
  11. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Ok that was the bomb! I just tried it out. It only found some cookies I didn't know about the force breach mode. Thats good stuff. I'll have to remember that for next time. Thanks saraceno.
     
  12. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Good Job dude and one more thing is that threat still quarantined if yes mind if you provide the MD5:)
     
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    @jmonge - you did a lot of work but your effort is worth nuts.
    the security hole is still present and that system aint safe any longer.

    http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    jmonge, why did you simply not press the ctrl-button while starting Hitman pro? That would shut down ALL non required services and applications and let Hitman scan with ease without getting shut down.
     
  15. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    J :( y did you not try avira :(o_O o_O
    atleast good to know avast removed the crap though:thumb: :thumb: :thumb:
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    all it is ok now thanks to avast and i did a normal full scan it took for ever but it did the job,also the program didnt get termiated;) also i re-run all scaners again and the system remain clean;) it was xp pro with ie 7 and they have Mbam pro real time only:D
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i did try the bridge control in hitman pro but it was terminated;) my friend took the laptop already i forgot to see the malware names but the rootkits where sys and driver;) the system remain stable ;) it is cure:thumb:
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i think that malware writer knew about the control breach and insted of terminating other services(malware for scaning) hitman pro was terminated very soon:) all of them fail:thumbd: only avast remain strong and stable:thumb:
    also i tried in same mode and the malware still works in safe mode and use msconfig tool and disable all posible services and only load diagnostic start up devices and services:) and still the 2 rootkits still do their evil work even with out internet:)
    the very strange thing was that the browser worksso i took advantage and install avast very fast and scan:) also usb was correcpted:)
    i was getting ready for a formatt but i wanted some thing different and it works
     
    Last edited: Oct 1, 2010
  19. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    +1
    Why not [suggest<->coerce] your friend to make an OS+programs and a separate data partition.
    After installing and updating the lot, make an image of the OS+programs partition.
    Show him how to restore the image and be done with it. This also guarantees the image. Perhaps write down the steps for future reference.

    For average users who use their computer for 'everything' (including banking or other sensitive stuff), it's the easiest, fastest and most solid solution imo.
    Next time a friend has a malware infection, you'll only have to remind him how to restore the image.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i did made an image for his system in case of emergency also i made some registry tweaks and put the good stuff in it like winpatrol;) i didnt do more as my friend wasnt paying me:D but i wanted to practise my litle knowdge;)
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Did you get a name for the rogue?
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is a new one to be honest i forgot it's name but it is the first time i saw this one:)
     
  23. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Avast should have it's detection name in its logs.
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    my friend took the pc already:D man avast nail the malware like peace of cake:cool:
     
  25. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    :rolleyes: :rolleyes: :rolleyes: :rolleyes: :rolleyes: :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.