Flux trojan | fluxscan

Discussion in 'Trojan Defence Suite' started by poogimmal, Nov 6, 2004.

Thread Status:
Not open for further replies.
  1. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    Flux was mentioned as a bad nasty over at GRC.
    supposedly a(squared) has a stand alone scanner for it.
    not eager to try something new...
    does tds3 find and remove flux?
    if so, it doesn't find it here :)
    if not, ...
    I tried searching the forum for "flux" and did not find
    any info.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Last edited: Nov 6, 2004
  3. phaedrus

    phaedrus Registered Member

    Joined:
    Aug 18, 2002
    Posts:
    95
    Actually Jooske TDS doesn`t deal with it. Thats a bit misleading. Your link leads to another link where TDS fails to remove flux and Gavin offers some manual removal instructions? Or am I missing something here?

    Now don`t get me wrong I`m not bashing (I`m actually a licenced TDS-3 user), but I don`t think TDS can clean this nasty.

    BTW. Well done Andreas for providing a fix :)

    Cheers,

    Trev.
     
  4. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    Does Td-3 detect the new trojan flux?
     
    Last edited by a moderator: Nov 7, 2004
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi gre87y, Here is a copy of the TDS primaries list showing flux trojans detected by TDS3.
     

    Attached Files:

    Last edited by a moderator: Nov 7, 2004
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey gre87y,

    I have merged your thread into this ongoing thread for further discussions.
     
  7. phaedrus

    phaedrus Registered Member

    Joined:
    Aug 18, 2002
    Posts:
    95
    Detection is one thing Removal another.
    Many anti malware products can detect flux. The question is, which one`s can actually remove/clean it?

    Cheers,

    Trev.
     
  8. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    OK thanks , Td-3 detects flux does it remove it?
     
  9. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Automatic cleaning of Flux is not that easy, I currently don't know any scanner that is capable of doing so.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    TDS detects, remember you are in the driver's seat to click the delete button for any alert with TDS.
    Gavin gives instructions in the thread how to in this case.
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    ATM TDS does not remove Flux with Persistant server. Removing it manually is totally different. Emsisoft has released a Flux Cleaning utility that works GREAT. The only thing it leaves behind is the registry keys, which are useless without the .exe to run.
     
  12. phaedrus

    phaedrus Registered Member

    Joined:
    Aug 18, 2002
    Posts:
    95

    You can click the delete button all you like in this case TDS doesn`t remove Flux :(
    I do hope TDS find a way to remove these type of trojan.(I guess they are working on it)
    Some Anti malware vendors say they can detect flux (giving the impression that if they can detect it , they can remove it). Unfortunately with this trojan, that`s just not the case.

    Cheers,

    Trev.
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi phaedrus, Due to the nature of these Trojans it is usually not easy to delete them, as can be seen from many instances in the recent past, special tools are required, AKA AH's Flux remover, HJT etc.
    The best way is prevention, processguard would have stopped the installation of this Trojan and many other far more dangerous Trojans such as rootkits.
    This is why Wilders has always recommended a layered defence, there is no such thing as 100% security whilst connected to the Internet ;)

    Cheers. Pilli
     
  14. phaedrus

    phaedrus Registered Member

    Joined:
    Aug 18, 2002
    Posts:
    95
    Hi Pilli,
    I am also an advocate of a layered defence. That`s why I have so many anti malware tools in my system tray! :D
    It is good to know that Process Guard can stop this type of infection.
    Keep meaning to check it out, but not sure what`s happening with the TDS-4 upgrade. Would it be worth getting PG3 now? Or wait to see what kind of upgrade will be available from TDS-3?
    Bearing in mind we`ve been waiting for TDS-4 longer than we`ve waited for A² and that`s saying something! :D
    (No offence to either Andreas or the Diamond guys, they will both be well worth the wait I`m sure).

    Cheers,

    Trev.
     

    Attached Files:

  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi phaedrus, TDS4 will be strictly for identifying Trojanic types of malware including many SpyWare threats, stopping it from running & cleaning.
    Ther maybe links into othe programs such as ProcessGuard but they will stay as independent items. There will be little if any overlap as far as I am aware.

    ProcessGuard was deemed more important than TDS4 as TDS3 is still a leading edge Anti-Trojan program. ProcessGuard is unique in it's abilities to stop the latest malware such as rootkits where AV / AT's and firewalls can fall down badly. :)

    Cheers. Pilli
     
  16. mmmmmm

    mmmmmm Guest

    so anyone... can u tell me how to manually remove flux?

    it s prety nasty :9 i delete the keys it leaves in the registry but it reruns it self?? how?? and how do i remove it without formating??
     
  17. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    There are instructions for removing Flux all over WildersSecurity, but I will tell u anyways :D

    Find the file (Flux)
    Create a folder on your desktop with the same name as the Flux file you want to delete
    This means if the file you want to delete is fuccer.exe then you name the folder fuccer.exe
    copy the folder
    delete Flux and Right after you delete it paste the folder
    if this worked you will see the folder there instead of Flux
    This works now, but may not in the future

    Also, I forgot.. the easy way.
    The title of this post says it all
    FluxScan
    look for it at www.emsisoft.com
     
    Last edited: Dec 5, 2004
  18. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Yes, ProcessGuard actually BLOCKS Flux infections by preventing code injection. TDS4 will have even more advanced memory scans, and also a dedicated cleaner component allowing it to specifically target individual trojans when required in circumstances where standard disinfection cant be applied.
     
Thread Status:
Not open for further replies.