Guest RJK Posted September 23, 2008 Posted September 23, 2008 A young lady I work with 's father has aquired one of these, and I've downloaded and updated David H. Lipmans' multi-av / av-cls - udpated it, and burnt it to cd ...and attempted to instruct her how to run it in XP Safe Mode. (I have asked her to let me know exactly what the pop-out says.) Are 4x4 CLS sweeps likely to clear this type of malware up ? I do cast an eye through thisNG quite often, and I've seen this type of malware being dealt with - ...d'you think I can now find one ? ..I cannot. TIA, regards Richard Quote
Guest ~BD~ Posted September 23, 2008 Posted September 23, 2008 Hi Richard! style_emoticons/ Try Malwarebytes. http://www.malwarebytes.org/ Let us know how you get on, please. Dave -- "RJK" <notatospam@hotmail.com> wrote in message news:%23yn5a4UHJHA.3640@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> >A young lady I work with 's father has aquired one of these, and I've downloaded and updated David >H. Lipmans' multi-av / av-cls - udpated it, and burnt it to cd ...and attempted to instruct her >how to run it in XP Safe Mode. > (I have asked her to let me know exactly what the pop-out says.) > Are 4x4 CLS sweeps likely to clear this type of malware up ? > > I do cast an eye through thisNG quite often, and I've seen this type of malware being dealt with - > ...d'you think I can now find one ? ..I cannot. > > TIA, regards > > Richard > > </span> Quote
Guest Malke Posted September 23, 2008 Posted September 23, 2008 RJK wrote: <span style="color:blue"> > A young lady I work with 's father has aquired one of these, and I've > downloaded and updated David H. Lipmans' multi-av / av-cls - udpated it, > and burnt it to cd ...and attempted to instruct her how to run it in XP > Safe Mode. > (I have asked her to let me know exactly what the pop-out says.) > Are 4x4 CLS sweeps likely to clear this type of malware up ? > > I do cast an eye through thisNG quite often, and I've seen this type of > malware being dealt with - ...d'you think I can now find one ? ..I > cannot.</span> Standard answer for rogues: Your system is infected with a rogue antivirus program. It is called "rogue" because it pretends to be A Good Guy but is really Evil. Do not pay them! Because you didn't give me the name of the program that is trying to get you to buy it, I can't point you to specific removal steps. Look for them here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html If it is XP Antivirus 2008/09, here are removal steps: http://www.bleepingcomputer.com/malware-re...-antivirus-2009 http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions) These may work for you and all may be well. However, in many cases the computer will also be infected with Zlob and/or Vundo trojans and protected by a rootkit. These machines are extremely difficult to clean. If your machine is one of these cases, either get guided help at one of the specialty forums below OR back up your data and do a clean install of Windows. It is your choice. If you are unsure how to back up your data or how to do a clean install, you can take your machine to a local computer professional. I don't recommend using BigComputerStore/GeekSquad types of places. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://aumha.org/downloads/hijackthis.zip http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ http://www.thespykiller.co.uk/index.php?board=3.0 http://forums.subratam.org/index.php?showforum=7 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest RJK Posted September 23, 2008 Posted September 23, 2008 Many thanks, As soon as "her" at work has run the av-cls sweeps, and if I get any further information from her, I'll post it here. The description of the malware, that is in her fathers' PC was vague, and from this vague description I deduced that it consisted of the "rogue" type, as you call it, i.e. a machine compromised with the system tray pop-out balloon "warning / visit here to buy {unecessary} anti-malware software to "clean" the "infection," ...if you see what I mean. One thing I've been wondering about for some time, is the effectiveness of the 4 cls's contained in David H. Lipmans "multi-av," because, a while ago, I was going to devote the time to collecting them myself and "driving" them by batch file but, never could find the time to study the .exe switches, and do some trials and tweaking on a spare machine, though I did start collecing the cls's from the respective software houses - and unless I misinterpreted something, somewhere, the Sophos CLS is no longer "supported" ? ....I think that I "read" the information as meaning that even the Sophos .exe itself would no longer be modified to thwart malware and/or the malware or virus signature database would no longer be updated. ...or that could have been on of the other CLS's, ...can't remember now. ...in other words I probably misunderstood the "unsupported" aspect of the information. regards, Richard "Malke" <malke@invalid.invalid> wrote in message news:eJvCPFXHJHA.3504@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > RJK wrote: ><span style="color:green"> >> A young lady I work with 's father has aquired one of these, and I've >> downloaded and updated David H. Lipmans' multi-av / av-cls - udpated it, >> and burnt it to cd ...and attempted to instruct her how to run it in XP >> Safe Mode. >> (I have asked her to let me know exactly what the pop-out says.) >> Are 4x4 CLS sweeps likely to clear this type of malware up ? >> >> I do cast an eye through thisNG quite often, and I've seen this type of >> malware being dealt with - ...d'you think I can now find one ? ..I >> cannot.</span> > > Standard answer for rogues: > > > Your system is infected with a rogue antivirus program. It is called > "rogue" > because it pretends to be A Good Guy but is really Evil. Do not pay them! > > Because you didn't give me the name of the program that is trying to get > you > to buy it, I can't point you to specific removal steps. Look for them > here: > > Bleeping Computer removal how-to's - > http://www.bleepingcomputer.com/forums/forum55.html > > If it is XP Antivirus 2008/09, here are removal steps: > > http://www.bleepingcomputer.com/malware-re...-antivirus-2009 > http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions) > > These may work for you and all may be well. However, in many cases the > computer will also be infected with Zlob and/or Vundo trojans and > protected > by a rootkit. These machines are extremely difficult to clean. > > If your machine is one of these cases, either get guided help at one of > the > specialty forums below OR back up your data and do a clean install of > Windows. It is your choice. If you are unsure how to back up your data or > how to do a clean install, you can take your machine to a local computer > professional. I don't recommend using BigComputerStore/GeekSquad types of > places. > > PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. > > http://aumha.org/downloads/hijackthis.zip > http://aumha.net/ - Click on the HijackThis forum. Read the announcement > and > the stickies first . > http://www.atribune.org/forums/index.php?showforum=9 > http://aumha.net/viewforum.php?f=30 > http://www.bleepingcomputer.com/forums/forum22.html > http://www.dslreports.com/forum/cleanup > http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 > http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html > http://www.malwarebytes.org/forums/index.php?showforum=7 > http://gladiator-antivirus.com/forum/index.php?showforum=170 > http://spywarewarrior.com/viewforum.php?f=5 > http://forums.techguy.org/54-security/ > http://forums.tomcoyote.org/ > http://www.thespykiller.co.uk/index.php?board=3.0 > http://forums.subratam.org/index.php?showforum=7 > > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > FAQ - http://www.elephantboycomputers.com/#FAQ > </span> Quote
Guest Max Wachtel Posted September 27, 2008 Posted September 27, 2008 In news:en6Ht9cHJHA.4448@TK2MSFTNGP06.phx.gbl, RJK <notatospam@hotmail.com> after much thought, came up with this jewel:<span style="color:blue"> > Many thanks, > > As soon as "her" at work has run the av-cls sweeps, and if I get any > further information from her, I'll post it here. > The description of the malware, that is in her fathers' PC was vague, > and from this vague description I deduced that it consisted of the > "rogue" type, as you call it, i.e. a machine compromised with the > system tray pop-out balloon "warning / visit here to buy {unecessary} > anti-malware software to "clean" the "infection," ...if you see what > I mean. > > One thing I've been wondering about for some time, is the > effectiveness of the 4 cls's contained in David H. Lipmans > "multi-av," because, a while ago, I was going to devote the time to > collecting them myself and "driving" them by batch file but, never > could find the time to study the .exe switches, and do some trials > and tweaking on a spare machine, though I did start collecing the > cls's from the respective software houses - and unless I > misinterpreted something, somewhere, the Sophos CLS is no longer > "supported" ? ...I think that I "read" the information as meaning > that even the Sophos .exe itself would no longer be modified to > thwart malware and/or the malware or virus signature database would > no longer be updated. ...or that could have been on of the other > CLS's, ...can't remember now. ...in other words I probably > misunderstood the "unsupported" aspect of the information. > > regards, Richard</span> Here is latest info on Sophos CLS- Sophos Anti-Virus for Win32 Command Line Interface (SAV32CLI) Version numbers --------------- Sophos Anti-Virus : 4.34.0 Threat detection engine : 2.79.0 Threat data : 4.34, October 2008 New in this version ------------------- The threat detection engine and threat data have been updated. ------------------- Scanning options with SAV32CLI <http://www.sophos.com/support/knowledgebase/article/13252.html> Follow these links to download an emergency copy of SAV32CLI and the latest virus identity IDE files. SAV32CLI: <http://downloads.sophos.com/tools/sav32sfx.exe> IDEs for SAV version 200810 (4.34) Current web version Zip file: <http://www.sophos.com/downloads/ide/434_ides.zip> Self-extractor: <http://www.sophos.com/downloads/ide/434_ides.exe> -- Virus Removal http://max.shplink.com/removal.html Keep Clean http://max.shplink.com/keepingclean.html Change nomail.afraid.org to gmail.com to reply to me by email. nomail.afraid.org is setup for use in USENET-feel free to use it Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.