when was the last time anyone found a real live virus ?

I have a question. At the end of all of your cleanup, how do you know the system is really clean. Can you guarantee that the customer still doesn't have a rootkit.

 

I have never knowingly seen a virus or spyware but if I did I would not be happy
with any cleanup program - preferring instead to restore a known clean image.

I wouldn't be able to trust a system that had been caught playing around no matter what promises she gave me about the future.

 

Any verdict on this yet? real rootkits or FP?

 

Sorry... Swamped busy... so I take longer to answer forum posts right now.

Ahem... well as for yer question... nope. Actually appears to be a bunch of FP's but don't wait for an answer direct from the good folks up @ Prevx. Anyways, I keep getting more of them on different systems each time Comodo updates... So it would appear to be Comodo that is the real culprit... Labeling these Rootkits must be scarring the helluva lot of those who are just doing a trial of CSI though...

 

Well, in my business there are no real proof a rootkit is gone. Just as difficult it is to prove it was there in the first place... Or that the clients didnt go out and get reinfected again... Usually the primary task for us is to cleanup enough so we can provide the clients with an opportunity to "backup" their data as they usually get hit with a bug and have no backups...

The best course of action if in doubt a rootkit is completely removed is usually to kill the disk by deleting the partition table, then reloading your system with a fresh OS... Even this cant guarantee a rootkit isn't hidden within factory set low level sectors...

Things are getting sophisticated enough to warrant the full treatment... However to be fair, most infections are usually benign enough that a simple cleanup suffices...

 

It seems most of my "finds" usually turn out to be FP's also....i used to get
a bunch more when i ran Win XP w/out updates and browsed on IE6....its kind of
disappointing now, truth be told, that i rarely find anything

 

Not a single one in 28 years of high-risk computing. And in today's context, I would simply use an Acronis image and restore machine to pre-malware point. I never worry about malware- it is totally manageable and is a non-entity (for me).

 

Then why do you have 2 real-time security applications?

 

The last piece of malware? Today.

The last true piece of replicating code that infected a computer I was responsible for happened in 2004 with MyDoom on 2 unpatched W2K boxes.

Prior to that was a hit from Code Red on an unpatched IIS install by a well-meaning colleague in 2002, who did not unplug from the network to install and patch before hitting the wire.

Both were contained quickly, but a PITA to deal with.

 

Actually, three real-time. I said I don't worry- not that malware cannot invade. But if it gets by the three, Acronis provides the solution.

This forum promotes paranoia (and makes for often humorous reading) as I have contended in the past. If you know what you are doing and have taken the proper precautions, malware is a non-event.

 

Thanks for the correction.

I don't think so. Malware is a real problem and people should be informed. Obviously, there's always someone who tries to spread fear/FUD. If you exercise critical thinking, it should be more than enough to separate the chaff from the wheat.

Agreed.

 

I am answering the thread title;It happened a minute ago

Thanks to the Antivir Premium,again it saved my life.

 

i wouldnt be too sure,

avira seems to have too many of the 'HTML-based false positives'.

 

The heuristic detection level of the guard is set to medium.It may not be a false positive.

 

I did not say that malware is not a problem per se- it is a problem for many because they do not know how to deal with it. Paranoia does not mean there is nothing to fear, it is an irrational fear and unreasonable fear.

Years of computer use has allowed me to separate the wheat from the chaff.

 

Then, I'll have to concur

 

I wish now that I had asked "and how did you get that virus ?"

 

I've never run into one unless I went to dodgy sites looking for them.

 

Hola, I need a bit of input on this one...

All I can find on this guy's pc is a few traces. I couldn't see anything in Gmer, but SEng picked up this API hook.
Here is some pics:

 

Today ! (for the first time in over two years).

JS/Wonka ! (according to my log)

I still have that McAfee Virusscan Plus 2008, it uses scripts as (the main?) part for real-time protection.

Looking in my detection log, I saw just JS/Wonka. I remember seeing McAfee detecting a script, and then a trojan, which was prevented from installing.

Probably a delivery mechanism, and a payload (the trojan).

The McAfee Site Advisor indicated that the site where it occurred was safe.

For as far as I understand, Javascript was used in the attempt to infect me.

I know some people say "Firefox with No Script", but I don't want to go as far as not allowing scripts, too inconvenient.

This incident has given me a new perspective on McAfee. As I stated, it uses a script for real-time protection. Using scripts to prevent infection by scripts seems smart. Do any other antivirus programs have something similar ?

 

More bugs to report: The First Pic is is bogus alert by VirusHeat a phony antivirus this nasty I had to remove manually... The other ones kept re infecting via a web browser hijack... Loads of fun! Slow the system to a crawl... Keep an eye out for those warnings! None of the scanners detected or removed this one. So beware. It installs itself by simply browsing to a web site... then tries and sell the clean up. It puts an Icon in the task bar and it uses 4 active executables monitoring each other + a crap load of registry loaders to re install it should you try and kill one or more, and it also locks the web browser to it's home page... + this system also had a zlob infection and some other minor trojans... Kept me busy for a while.

 

And even more on this one: 8 Zlob variant... That one was easy!

 

A month ago, when I was using the search engine to get some information,I my AV told me there was a trojan.

 

I couldn't agree more.

 

Nowadays... One must be careful even when visiting business sites.. as hackers are working hard finding holes in the scripts used on those sites. Exploit them and used them to infect visitors...

I have many examples of this where people got infected while never browsing to porn sites or doing anything wrong at all...

Perhaps the biggest sin too many may have done is being too cheap or too lazy as often the AV is either expired (As in one of the example above the client had PC Cyllinn 2003 AV, with long expired auto updates) Probably because they got suckered into a false sense of security or the ever present invincibility syndrome, or they got suckered into a phony or useless product...

I never blame the users... It's really bad taste. It's like saying investors are too blame when they get ripped off by Con Artists... SOBS write Trojans, Rootkits, and viruses not Internet Users who are just out to browse a web page, whatever that page might be!