EWIDO Beta Scan ROCKS!!!

It totally saved the day - AND my b/f's computer! Somehow his machine was invaded by several Trojan viruses, including that nasty Puper.dll, and there were lots of files that wouldn't die or delete no matter what I tried. His machine was being controlled by an outside source, his registry was all messed up, McAfee Anti-virus was rendered helpless, the online McAfee scan was useless, and MicroTrend did nothing at all. Mind you, I was trying these scans while logged on as "Administrator" and in Safe Mode with Networking, hoping to fly in under the radar - so to speak.

After nearly 24 hours of marathon combat and feeling like it might be all for naught, I started searching the web from my own computer to see if I could find something that might work. Spyquake was one of the evil hijackers that refused to die and I bet that was where the nvctrl.dll file came from that kept popping back in task manager after I ended that process. Totally aggravating - a real hair puller!!!

Finally I ran across a post recommending Ewido anti-malware software. I had never heard of it before, but figured I had nothing to lose - except maybe my mind!

The Beta Scan ROCKS! First time through - it caught everything and anything in between that even might be a problem. Sure, the P2P progs show up, too. One just has to have the patience to weed out the stuff you can't live without - although they can often be a source of the adware and/or malware problem - and the wisdom to know the difference. Since the owner of the machine urgently needed it restored and ASAP, I was pretty ruthless about letting most of the junk programs and adware be included in the cleanup process. Like, "Hey, if you want to be able to use this thing for AutoCAD and make your boss happy, you do want me to make sure all the potential problems are fixed - right?"
(That's what he gets for visiting those porn sites! Ha! Take that!)

My only question is, can I help market Ewido software? I'm drop-dead serious about this! I think it is an awesome product, it is simple to use, and it isn't getting the nearly the amount of marketing attention it deserves. If I didn't know much about how to find what I'm looking for through the search engines, I might still not have had a clue. Now that I know about it, can I help you spread the word?

L

 

Well I agree with you on the respect that Ewido rocks.

All those files found should now be detected by Kaspersky, VBA32, BitDefender, and Ewido. There are remnant .tmp amd .tld files associated with it as well. I just recently found it and submitted.

Tell your man to stop going to ninenine, I know that is where I found the afore mentioned bugger.

Later

 

He claims he was on some drumming info & music site and was downloading some song lyrics and practice rythyms he found when the sh*t hit the fan (his browser stopped functioning and the other stuff began.) Yeah, right - drumming site. Is that what you guys call them nowadays? LOL
No, really - he does play the drums.
I don't know what ninenine is, but I don't think I want to know. ;-)
Thanks for the info!

 

Ninenine is a "portal" for porn, I go there because they love to try to use the latest IE/Windows exploits to infect you, about once every 3-4 links, so it is good to test out your defenses or for collecting malware.

No problem on the information, just make sure you got rid of the temp files to because if he happens to go to the same "drum site" and the exe has changed then Ewido will more than likely not get it, due to the unpacker they have now, changing with v4, and then it will be the same all over again, even in Firefox it tried to run, it tries to run from the temp dir, so if you forbid exe's from running from there it will be good, but remember you did that when trying to install programs.

 

Good point. The only times I have ever run into any IE or Windows exploits was when I was searching for a good, working serial or reg. no. through sites like freeserials, crackfind, etc. Usually it would be a Trojan that McAfee intercepted before it could do any damage. I don't download stuff from questionable sources, keep my anti-virus up to date and stay behind a firewall. I guess you could say I stick to low risk browsing habits most of the time. Besides, my b/f keeps me busy fixing the probs he creates on his machine on a regular basis, as it is.

Get this: He just doesn't seem to get it - why, when our machines are networked and connected to the same router, which is using one DSL modem for our access - his computer is the one with all of the problems and performance issues nearly every time. He had his brother help him rebuild and upgrade his system at about the same time I completely rebuilt my own. He still swears his is "all that", is faster, bigger HDD, blah, blah, blah. (I just smile and let him have his fantasies about superiority. It is only a matter of time until he will be feeling humble, having to ask me to take a look at his machine again.)

Meanwhile... I've got as many as 10 different IE browser windows open, AIM is either idle in the background or maybe I'm chatting while I'm working on some projects in Photoshop or cruising Google Earth all at the same time, with no noticeable lag. If I sound smug, it is because I am proud of having put this thing together right, of doing it all by myself, and of knowing how to keep it running and avoid trouble. I may not be as bold as you are at deliberately challenging hackers to try and compromise your machine to test defenses and aquire the latest malware for reporting purposes, but I sure appreciate the fact that you do it so that others will benefit from stronger protection as a result of those efforts. It's a dirty job, but we couldn't survive these tactics without guys like you.

I don't mean to be nosey, but I was just curious:
Do you get paid for that kind of thing or is it just a hobby? Submitting malware samples and reports is voluntary, isn't it? I mean, people don't receive any compensation for those - or do they?

L

 

No I don't get paid, although that would be nice. A few people here do it for fun, as I do. Also to test our defenses, I keep an up to date image as a backup and trust me I have gotten my money's worth out of Ghost.
So I guess to answer your Q's I don't get paid but it helps me know what to look for on compromised machines, and helps me out in my job.

 

Hate to bumb this old thread but here is a writeup on the culprit our good friends the Zlob variants:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=43272

 

I have to agree with the Topic Line...
After I dnld a few files, (about 300MB), I scan everything with Edwido Beta and SpySweeper. Just noting the time it takes for these to complete, (from context menu), Edwido will open, scan, complete, and close before SS even opens.
Niecly done, consider my check for purchase in mail.
Lata