Flux trojan | fluxscan

Flux was mentioned as a bad nasty over at GRC.
supposedly a(squared) has a stand alone scanner for it.
not eager to try something new...
does tds3 find and remove flux?
if so, it doesn't find it here
if not, ...
I tried searching the forum for "flux" and did not find
any info.

 

Hi there!
TDS does deal with it. In the DCS forum is written about it.
And see these threads:
https://www.wilderssecurity.com/showthread.php?t=45559&highlight=flux
https://www.wilderssecurity.com/showthread.php?p=158747&highlight=flux#post158747

 

Actually Jooske TDS doesn`t deal with it. Thats a bit misleading. Your link leads to another link where TDS fails to remove flux and Gavin offers some manual removal instructions? Or am I missing something here?

Now don`t get me wrong I`m not bashing (I`m actually a licenced TDS-3 user), but I don`t think TDS can clean this nasty.

BTW. Well done Andreas for providing a fix

Cheers,

Trev.

 

Does Td-3 detect the new trojan flux?

 

Hi gre87y, Here is a copy of the TDS primaries list showing flux trojans detected by TDS3.

 

Hey gre87y,

I have merged your thread into this ongoing thread for further discussions.

 

Detection is one thing Removal another.
Many anti malware products can detect flux. The question is, which one`s can actually remove/clean it?

Cheers,

Trev.

 

OK thanks , Td-3 detects flux does it remove it?

 

Automatic cleaning of Flux is not that easy, I currently don't know any scanner that is capable of doing so.

 

TDS detects, remember you are in the driver's seat to click the delete button for any alert with TDS.
Gavin gives instructions in the thread how to in this case.

 

ATM TDS does not remove Flux with Persistant server. Removing it manually is totally different. Emsisoft has released a Flux Cleaning utility that works GREAT. The only thing it leaves behind is the registry keys, which are useless without the .exe to run.

 

You can click the delete button all you like in this case TDS doesn`t remove Flux
I do hope TDS find a way to remove these type of trojan.(I guess they are working on it)
Some Anti malware vendors say they can detect flux (giving the impression that if they can detect it , they can remove it). Unfortunately with this trojan, that`s just not the case.

Cheers,

Trev.

 

Hi phaedrus, Due to the nature of these Trojans it is usually not easy to delete them, as can be seen from many instances in the recent past, special tools are required, AKA AH's Flux remover, HJT etc.
The best way is prevention, processguard would have stopped the installation of this Trojan and many other far more dangerous Trojans such as rootkits.
This is why Wilders has always recommended a layered defence, there is no such thing as 100% security whilst connected to the Internet

Cheers. Pilli

 

Hi Pilli,
I am also an advocate of a layered defence. That`s why I have so many anti malware tools in my system tray!
It is good to know that Process Guard can stop this type of infection.
Keep meaning to check it out, but not sure what`s happening with the TDS-4 upgrade. Would it be worth getting PG3 now? Or wait to see what kind of upgrade will be available from TDS-3?
Bearing in mind we`ve been waiting for TDS-4 longer than we`ve waited for A² and that`s saying something!
(No offence to either Andreas or the Diamond guys, they will both be well worth the wait I`m sure).

Cheers,

Trev.

 

Hi phaedrus, TDS4 will be strictly for identifying Trojanic types of malware including many SpyWare threats, stopping it from running & cleaning.
Ther maybe links into othe programs such as ProcessGuard but they will stay as independent items. There will be little if any overlap as far as I am aware.

ProcessGuard was deemed more important than TDS4 as TDS3 is still a leading edge Anti-Trojan program. ProcessGuard is unique in it's abilities to stop the latest malware such as rootkits where AV / AT's and firewalls can fall down badly.

Cheers. Pilli

 

so anyone... can u tell me how to manually remove flux?

it s prety nasty :9 i delete the keys it leaves in the registry but it reruns it self?? how?? and how do i remove it without formating??

 

There are instructions for removing Flux all over WildersSecurity, but I will tell u anyways

Find the file (Flux)
Create a folder on your desktop with the same name as the Flux file you want to delete
This means if the file you want to delete is fuccer.exe then you name the folder fuccer.exe
copy the folder
delete Flux and Right after you delete it paste the folder
if this worked you will see the folder there instead of Flux
This works now, but may not in the future

Also, I forgot.. the easy way.
The title of this post says it all
FluxScan
look for it at www.emsisoft.com

 

Yes, ProcessGuard actually BLOCKS Flux infections by preventing code injection. TDS4 will have even more advanced memory scans, and also a dedicated cleaner component allowing it to specifically target individual trojans when required in circumstances where standard disinfection cant be applied.