Announcement

**technical.angel** · 12-04-2008, 06:40 PM

Well, I had a WinAntivirus 2009 today, and MalwareBytes blew it out of the water... along with 200+ friends.

**pacman** · 12-04-2008, 08:05 PM

i didn't get it away... Yet. It has gotten to the level that's it's personal now. I'm not giving up before I get rid of that bastard! It's a computer from a customer and it's at work now and lucky me isn't going to see it before Tuesday. I, however, am thinking of a resolution all the time. I tried the windows malware remover, but I didn't get it to stop any service. I ran hijack this and have the log from it on the infected computer. If you want I can attach it to a reply here or to that forum someone pointed out here. Can you help? Thanks in advance

**technical.angel** · 12-04-2008, 08:08 PM

Are you running MalwareBytes in safe mode? Or are you getting a version like GK that won't let you in safe mode?

I find that if you can't get into safe mode, if you run the scan in regular mode, it usually can dislodge enough to get into safe mode and run the scan again.

**pacman** · 12-04-2008, 09:12 PM

I got the version that doesn't let me run any anti-malware-program in either normal or safe mode. Of course now that I deleted the folder that was found by windows search (it was c:\documents and settings\<user>\application data\av2009 or something like that) I could try to remove those installed and re-install them.

**Geek King** · 12-05-2008, 12:26 PM

Quoth pacman View Post

I got the version that doesn't let me run any anti-malware-program in either normal or safe mode. Of course now that I deleted the folder that was found by windows search (it was c:\documents and settings\<user>\application data\av2009 or something like that) I could try to remove those installed and re-install them.

That's what I did. Delete the av2009.exe file, then kill any unknown stuff that runs on startup via the msconfig tool (You may want to google any unknowns on a clean computer just to be sure of what you're deactivating). I was then able to run the microsoft tool and then other sweepers from safe mode. Good luck.

And yeah, I apparently ran into a particularly nasty version. I read a lot of tech forums that just said "run Malwarebytes', blah, blah..." Very frustrating when you can't, heh.

Oh, and two days and no issues reported on the cleaned computer. Things look good.

**MrSmiley** · 12-06-2008, 04:24 PM

Quoth Jack Doe View Post

No offense, but you're wrong all the way across the board on your use of terminology, and crap like that muddles the waters. A computer virus is a malicious program which corrupts and destroys data by copying itself until all system resources or available disk space is consumed, like a negative-strand RNA virus does. A virus also has the ability to spread itself (via disk, e-mail, or other means.) A worm corrupts or destroys data by actually deleting it, not replicating until it overwrites other items.

Malware such as WinAV(X) falls under 2 headings, that is spyware and hijacker. It is spyware, as a portion of the 2007 and 2008 versions had keystroke loggers which would record information and transmit it to an offsite location. It was a hijacker (or browser hijacker) in that it would insert itself into your tcp/ip stack and 'hijack' the direction or search that you are attempting to do. It is IN NO WAY a virus, as it 1: Does NOT destroy data (merely records or manipulates it,) 2: Does NOT replicate, and 3: Does NOT spread itself (it has to be downloaded by a end user).

Further, spyware is rarely invisible to users, and in most cases is actually helpful. For instance, every cookie you have on your PC is spyware, and it doesn't actually do anything except assist you in surfing.

Technically I'm not even sure if "malware" is a proper term... just something that's been adopted into common slang. But then it's hard to keep track with computers since most of the terminology is less than 25 years old and quite a lot of it starts off with one or two guys saying it until it catches on...

Can't we just call it MafiaWare? I might go with "GangstaWare" but probably a bunch of dumb teenagers would then install it for the bling!

**Chromatix** · 12-07-2008, 10:53 AM

I'm fairly sure that "malware" is a recognised term among the people who matter. It's a catch-all term covering viruses, worms, spyware, trojans and everything else that makes the computer do things the user doesn't want.

It might even be used within some antivirus programs.

**technical.angel** · 12-08-2008, 07:10 PM

About to hit 3 hours on a full MalwareBytes scan.

MalwareBell and PerfectDefender was installed on the machine. Only 12 items found so far.

We'll see what happens.

**sld72382** · 12-09-2008, 02:47 AM

I got that perfect defender on a client's PC a couple of days ago. Let me tell you that and av2009 are among biggest pests I have seen.

Actually, a co-worker told me something useful. As many of you know this malware installs a rootkit that fools threat scanners into thinking there's no internet connection, so they won't update. Apparently, after you download the scanner of your choice go into services.msc and turn off the DNS service. It will force the program to rely on your ISP rather than your computer to dial out, allowing the program to update. Hopefully that'll help in getting this pest out of the system.

Of course, be sure to turn it back on when you're done.

**technical.angel** · 12-09-2008, 11:58 AM

Has anyone heard of the sinowal trojan?

**Geek King** · 12-09-2008, 12:01 PM

Quoth technical.angel View Post

Has anyone heard of the sinowal trojan?

No, but that never stopped Google-fu:

http://www.f-secure.com/v-descs/troj...nowal_cp.shtml

Looks like a password thief. Make sure whoever had it changes all their passwords.

**otakuneko** · 12-13-2008, 05:54 AM

Turning off the dns client service is actually a good idea -- if you happen to use an ad/malware-blocking HOSTS file. Left on, the service would attempt to cache the entire thing, with which 65k+ entries, will bring Windows to its knees.

**Hyndis** · 12-13-2008, 07:54 AM

http://news.bbc.co.uk/2/hi/technology/7779223.stm

Looks like the makers of WinAntiVirus got slapped upside the head with a court order. About damn time!

**Geek King** · 12-15-2008, 12:48 PM

Quoth Hyndis View Post

Looks like the makers of WinAntiVirus got slapped upside the head with a court order. About damn time!

Now if only I could believe this will be effective. In reality, I forsee them moving offshore where lawsuits will be mostly a strawman effort. Well, maybe they can at least sieze some assets stateside. A small thorn in their sides is better than nothing, I guess.

Maybe they'll release some names. Maybe we could run them out of the country just ahead of a geek posse.

**Bliss** · 12-24-2008, 07:03 PM

It seems there's a new version out, Antivirus 360

Someone please shoot them, forget about all this legality nonsense, and shoot them.

Announcement

Two Hours of Agravation or What You Have to Look Forward To

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment