« předchozí další »
Stran: 1 2 [3]   Dolů

Autor Téma: Vundo or Virtumonde in a PC running Windows 98  (Přečteno 16096 krát)

0 uživatelů a 1 Host prohlíží toto téma.

Compaq

  • Host
Re: Vundo or Virtumonde in a PC running Windows 98
« Odpověď #30 kdy: Prosinec 12, 2009, 06:10:43 odpoledne »
...studying all the information you forwarded me, and still unsure about the nature of the malware...

One question: at this point, how in your opinion could I pinpoint a file (whatever extension in has) that is FOR SURE infected?... I could then send the file to Kaspersky and have it characterized...  ;)
IP zaznamenána

bran34

  • Host
Re: Vundo or Virtumonde in a PC running Windows 98
« Odpověď #31 kdy: Prosinec 12, 2009, 06:47:40 odpoledne »
Make sure that when you wipe it out (As I literally got infected with Virtumonde a week ago) you're running in safe mode NO NETWORKING
Else' it just rebuilds itself. which results in it taking longer to wipe from your system...which isn't really that fun in the first place.
IP zaznamenána

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Příspěvků: 89204
  • No support PMs thanks
Re: Vundo or Virtumonde in a PC running Windows 98
« Odpověď #32 kdy: Prosinec 12, 2009, 07:13:02 odpoledne »
Citace: Compaq  Prosinec 12, 2009, 06:10:43 odpoledne
...studying all the information you forwarded me, and still unsure about the nature of the malware...

One question: at this point, how in your opinion could I pinpoint a file (whatever extension in has) that is FOR SURE infected?... I could then send the file to Kaspersky and have it characterized...  ;)

It was purely for information only, as a result of your comment and question in Reply #26 and #28 of page 2 of this topic...

Citace: Compaq
But he didn't give me any more detail about the threat, a name, some clue... It's so strange that something that has been around 1yr+ can't be better addressed (not to mention the fact that it escapes Avast and Spybot!).

If possible, could someone give me some more detail please?..

and

Citace: Compaq
But, then, is Vundo the bug my father is dealing with?...  Shocked I started the thread assuming it was Vundo/Virtumonde, but I could have been wrong. The user who made the test ("...polymorphic file infector...") did NOT state it was Vundo!  Huh

Bold effect for clarity as to what I was responding to/about, you wanted information, presumably to try and identify what it is.

Virut and later Virtob infections infect the targeted files (*.exe *.scr *.htm *.html *.xml *.zip *.rar *.doc *.jpg *.pdf) when any of them are opened, so the more files you open the greater the number of infected files.

####
From the information I gave it doesn't pinpoint for sure a file that is infected as that job falls to an AV detection, then and only then could you upload it to another scanner.
IP zaznamenána
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Compaq

  • Host
Re: Vundo or Virtumonde in a PC running Windows 98
« Odpověď #33 kdy: Prosinec 17, 2009, 11:46:44 odpoledne »
Okay... after some research, I concluded that 1) I don't know what I'm dealing with, and 2) since the damn thing can elude two of the best antivirus around, there is no chance to get rid of it without characterizing it before... So, I must locate a file that is infected FOR SURE. There are a few companies out there (Kaspersky and others) to which a virus can be delivered for characterization. At that point, once the thing has a name, it could be easier to find the appropriate tool.

In your opinion, what kind of "bait" could I use, and how, in order to get hold of an infected file?...
IP zaznamenána

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Příspěvků: 89204
  • No support PMs thanks
Re: Vundo or Virtumonde in a PC running Windows 98
« Odpověď #34 kdy: Prosinec 18, 2009, 01:05:05 dopoledne »
There are no end of tools for analysis, by what do you send for analysis, if the prerequisite is that you must know 'for sure' that it is infected. It is normal to send files to said tools on suspicion that it is infected. That is as I have said that is a task for an AV scanner.

Surely on your fathers computer there is a file that was detected as infected by some scanner or other (that would be a sample, but I fear that wouldn't return much) ?

Have you not run any on-line scanners:
On-line Virus Scanners and other useful Links Security-Ops.eu.tt

I don't know what scanners will work with win98 and this is essentially the problem here, finding something which will run on win98 and do a half decent scan.
IP zaznamenána
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

snowflake

  • Host
Re: Vundo or Virtumonde in a PC running Windows 98
« Odpověď #35 kdy: Prosinec 19, 2009, 10:38:36 odpoledne »
May I say; Superantispyware will run on Windows 98SE

You may try this older version from http://www.filehippo.com/download_superantispyware/
the suggested exe is

http://www.filehippo.com/download_superantispyware/2579/

but a word of caution ; do NOT update the program but just the definitions; I found   the  up to date program WILL clash with  Windows 98se

Also Stinger will run on it


http://vil.nai.com/vil/stinger/          (11/23/2009)
And Dr web Curit is also a choice

 http://www.freedrweb.com/cureit/?lng=en
|The Esset on- line scanner might also help

http://www.eset.com/onlinescan/

I hope this information helps your helpers and you

IP zaznamenána
Stran: 1 2 [3]   Nahoru
« předchozí další »