Defensewall and malware

Discussion in 'other anti-malware software' started by curious george, Jun 8, 2009.

Thread Status:
Not open for further replies.
  1. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    Alright, so i've been messing around with this Copy.exe host.exe and this autorun thats sometimes created with a bunch of anti malware software. I thought i could match this up with Defensewall, and even though its running as untrusted, the app still seems to spread.

    Any ideas or settings i should try?
     
  2. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    540
    Have you tried Stop attack after you have executed these malwares?

    //
    Hmm yeah...kinda strange it is spreading.
     
  3. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    If you mean new malicious processes and files- just stop them with the "Stop attack" button. Files can be removed manually with the "File and registry tracks" (rollback) dialog if you really understand what is what.
     
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    As Ilya said, just go to 'file and registry tracks', highlight all the files created by that process (you'll see the folder path/extension name listed, and a list of times a file/folder/registry key was created), and then 'delete'.

    You can hold shift key to select many files, or the control key to select individual files.

    File and registry tracks even show you the 'time' files were created. Just remember to 'allow' any files you want to keep such as documents or program installation files etc (be sure to check the file location and time created).

    See:
    https://www.wilderssecurity.com/showthread.php?t=242971
     
    Last edited: Jun 9, 2009
Loading...
Thread Status:
Not open for further replies.