when was the last time anyone found a real live virus ?

Last time I saw one live was in 2001, while downloading an executable file via p2p.

 

Just last year.
Kaspersky couldn't clean it, so I did in safemode.

 

https://www.wilderssecurity.com/showthread.php?t=173763&page=2 post #40. I don't have an AV anymore but I don't plug either any memory sticks in my computer. One of the reasons I never got infected is the combination of a good AV AND virtualization, practically bullet proof.

 

You are correct.

 

If Eset detected it he would not need to send it to them, so I would guess NOD didn't detect it and Eset has not added it yet.

 

i betcha on that

 

never that long before it turns into a bashing thread

 

Agree. I go as far as implimenting any FD-ISR snapshot (system) along with Power Shadow/Returnil & SandboxIE, now thats bulletproof.

The last time any virus caught me by surprise was during research on the Parite file infector virus. Nasty little worm that also hops into any other HD or Partition connected to the main system.

Nothing on the internet via drive-by stands a chance anymore HA! HA!

I occasionally probe dodgy sites laced with downloaders the second the browser lands on them but EQSecure (HIPS) suspends them immediately in mid-flight while i get to look them over and capture them instead of vice-versa. Even so, if something was to skirt the HIPS then SandboxIE would trap it too, and as if that wasn't enough, Power Shadow on reboot would remove it anyway. And if some new form of malware happened to be gifted with supernatural bypassing abilities, theres always either of 2 alternate choices, an FD-ISR archive (duplicate) and (Image) to put Humpty-Dumpty all back together again.

 

Long,long time ago. It was with Windows 95. My daughter brought a infected diskete from University. A friend of mine managed to clean it with McAfee ,if my memory is good.

 

Last time my AV detected malware (when I didn't expect it) was yesterday while on a Bank's website... Trojan-Clicker.HTML.IFrame.ey and Trojan-Clicker.JS.Agent.h and at one point, Exploit.Win32.MS06-078.a was also detected on it.

Sent a e-mail about it to 2-3 e-mail addresses mentioned on the website yesterday and have not received a reply about it.... also both the Trojan-Clicker warnings are still coming up today

Thank god there's no OnlineBanking on there! (website looks pretty amature anyway). Still wont expect it from a bank!


Last time I was actually infected was years ago with tenga.a.. can remember my AV popping up constantly warning about it... even after i do a PC scan and removed it all, it kept coming back a few hours later until I done a scan with another AV which got rid of it for good!

 

1)in the last weeks (months): kalpurush knight disk: unwanted application to usb pen,half the university got infected through a copy store,cleaned through linux on the key and safe mode for the pc.

2)rogue antivirus + trojan downloader but never got active

3)big time sasser variant (send that to eset,got it with adv.heuristics)

4)small stuff when uninstalling avast and migrating to eset (keylogger and a trojan...)

5)p2p can give u some "fun" if u try downloading cracks and other similar stuff...

 

Hello all,

I build/upgrade/fix PCs (hardware & software) for friends and people at work for "fun".

Last month, I removed over one hundred forms of malware from one such computer, including botnets (5), viruses (65) , trojans (7), and spyware/adware of all kinds. This XP computer was running with no security software for about 18 months.

 

I normally recommend a format if 20 or more malware is detected at a time if its anything other than adware detected (depending on what else is detected)

 

Just curious, but how do you remove a botnet from a computer? Or five botnets, for that matter...

 

Do any of you remember the notorious group that enjoyed a round of great success for awhile releasing and even updating COOLWEBSEARCH?

 

i think everyone has encountered coolwebsearch on their machine in the past.

 

My last real virus: today
Not exactly "mine", since it was at my father-in-law's computer, but the removal fun was all mine to enjoy. Went to his house today and he said hello with a big smile and an "I need your help".
Toughest battle against malware in years!
It was a rootkit named kernelw.sys, and a ton of tojans, adware and spyware.
In the middle of the SAS scan, i kept receiving BSOD's, until I could catch the file name (very short BSOD's).
AVG anti-rootkit and Dr.Web CureIt saved the day, but I know the computer is not 100% clean. Still showing pop-ups inviting to download "antispyware". So tomorrow comes part 2 of my fun weekend.
Anyways, that computer must be a malware magnet: McAfee enterprise edition had signatures dated JULY, 2007!!!!
Browser was IE6.
(updated McAfee, added BOClean and SpywareBlaster...just for a start)

 

Don't forget to update those files to Virustotal
I think that fcukdat may want some samples too.

 

I don´t think that the rootkit is still there. Connecting to the internet caused a BSOD too, so I had to do the cleaning offline...Submiting to Virustotal was not possible. Didn't think of keeping a copy in an USB-drive.
If I find something else, I'll keep it. Maybe I'll even test SandboxIE and Returnil on my computer.

 

hi hurst,

glad to hear drweb cureit has helped you out,

the problem is, the malware has probably already damaged system files that you need, so even though the malware has been cleaned, its still an unstable machine.

if possible, try to repair your OS installation.

and good luck to ya

 

Well, you can always restore files from the quarantine of SAS and CureIt and/or use the copy file function of Rootkit Unhooker and Icesword.

 

I saw one last month on a hotel's File Server, one last week on a managers workstaion, and one this week on a POS (Point of Sale) terminal.

 

Perhaps you enabled the option "Terminate memory threats before quarantining". This option shouldn't be checked.

 

Indeed.
Next time i'll let it unchecked.

 

OK, you got me on this one! I wanted to say that this particular computer had five "rootkits" on it, not five "botnets". You know, I really should re-read my posts before hitting the "Submit Reply" button........