|
Nthing Antivirus 2009 and its variants. Sometimes that loving "tatemupuku" registry entry just won't go away without using something like ComboFix (awesome little utility, by the way).
|
# ¿ Dec 14, 2008 16:44 |
|
|
# ¿ May 17, 2024 17:13 |
|
ShizCakes posted:By the way, if you have things that are "hidden", and resurgent or whatever, you need this tool: I've got something that I think is like this. It's just called RootkitRevealer, and I think I got it from the same site I got AutoRuns from. Anyone know which is the better of the two rootkit tools?
|
# ¿ Dec 18, 2008 23:15 |
|
abominable fricke posted:What a poo poo day in virus land. We should start posting combofix, malwarebytes, superantispyware, spybotsd, and hijack this logs to use as a community resource. Anyone onboard? On some of these nastier strains of av2009 etc. I've sent myself the log files for research purposes, and I'd be glad to see some other logs if it'd help track some of this stuff down faster.
|
# ¿ Dec 19, 2008 00:18 |
|
Varkas posted:Has anyone gotten a virus that seems to block internet connections to specific known anti-virus/anti-spyware sites, and also seems to inhibit such installed programs from actually running? Make sure to go to Start->Run->type in msconfig->Startup and google every item in there if you have to, but uncheck the bad ones or any blank spaces. And terminate those processes in Task Manager if you can. And I always go through the registry to get rid of any instances of those items, but you may or may not be comfortable with something like that. Also try booting into Safe Mode w/ Networking and then try going to those sites (superantispyware.com, malwarebytes.org, etc.) and download what you can and rename the executables to something generic like setup.exe, to avoid the installer being blocked by anything. Superantispyware won't install in safe mode but Malwarebytes runs just fine. After I run Malwarebytes in safe mode I generally can reboot back into normal Windows and then run Superantispyware to pick up the rest of the crap. If all else fails, I've never gone wrong with running ComboFix. I believe bleepingcomputer.com has a guide on how to use it. bazaar apparatus fucked around with this message at 20:56 on Dec 20, 2008 |
# ¿ Dec 20, 2008 20:54 |
|
Midelne posted:As a bonus, the first user to report the infection took one look at the fake security center popup and called for help without touching anything. How often does that happen? Loving it. Why can't my users do this.... By the time I ever get to look at most of their systems, they've hosed it up so bad just clicking on things without thinking that a 15-minute call turns into a few hours just trying to get everything out of there.
|
# ¿ Dec 30, 2008 19:40 |
|
Midelne posted:Trade you jobs. Heh, I'm entry-level at this place, you probably make a lot more than I do
|
# ¿ Dec 30, 2008 21:35 |
|
Ok, this mousehook.dll/frmwrk32.exe thing that's been popping up today has been a bit ridiculous
|
# ¿ Jan 6, 2009 21:21 |
|
do it posted:Doesn't even have to be that clever. I've had about six clients who paid $50 for Rapid Antivirus. Heh my coworker had one of those yesterday. The thing installed like 12 different fake spyware/antivirus scanners and they wondered how they could possibly be getting so many popups when they have so many programs trying to block them Not to mention they uninstalled the McAfee suite we install on all of our users' computers because "it told them to" and yeah I know McAfee sucks
|
# ¿ Jan 8, 2009 15:54 |
|
|
# ¿ May 17, 2024 17:13 |
|
heat vision posted:I'm going to guess that ComboFix got something, but I don't know... It should have saved a log file to C:\Combofix.txt or something. Check that and see what it says.
|
# ¿ Jan 11, 2009 06:10 |