Avast WEBforum
Other => General Topics => Topic started by: Archanaperth on June 15, 2013, 06:14:14 AM
-
Hi everybody
I've just scan the forum hoping to find some help, but....
For the second time in two days, I put a flash disk (memory drive, pen drive, memory stick, however you call it...) in my computer e.. zot! deleted. Avast red (scary ::)) adv: malware _WAPJO.nil (in today case) or WKIVZ.com (two days ago case) blocked. OK, thank you. But were are all my files? In the drain with the dirty water? Also the devices cannot be opened, piece of plastic and metal, now. They worked previously. They were full of works, yesterday and so.
What can I do? Seems a bit drastic, to me. Do not name the virus bin, please. Useless.
Thank you for your help, if anyone can :'(
-
Download MCShield from one of the following links:
MyCity - Official download link (http://www.mcshield.net/downloads.html)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
- Double click MCShield-Setup to install the application.
- Wait a few seconds to MCShield finish initial scan.
Recommendation to under Scanner tab you click on "Always unhide items on flash drives"
(http://fotkica.com/thumbs3/1_tmb_68564655_2013-06-15_114004.jpg) (http://fotkica.com/slike.php?slika=1_68564655_2013-06-15_114004.jpg)
- Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start -> All Programs -> MCShield -> Logs
Attach here -> AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Step2
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.
-
redirecting to viruses and worms
-
No need for MC SHield. Every pc should have autoruns disabled. Secondly if you immunize your USB stick then it makes your USB stick immune to malware autoruns being put in it. here are a few simple steps.
http://labs.bitdefender.com/projects/usb-immunizer/overview/
http://www.sevenforums.com/tutorials/216706-autoplay-enable-disable.html
-
Autorun is not the only way to transfer the worms with a flash drive, Immune of USB sticks is no protection.
-
@Aventador
Every pc should have autoruns disabled.
Applys only for XP systems. On Vista and above, the rules are a little different
Secondly if you immunize your USB stick
Can you please explain "immunize" process? What it does?
...then it makes your USB stick immune to malware autoruns being put in it.
Is modified autorun.inf only known trigger for USB infection? Does the above mentioned tools covering other fields?
Please stay out of those things that you don't understand enough. Colleague has ~ five years of experience in the malware removal process.
Funny things is how untrained user says to malware removal expert "No need for" above mentioned program.
-
Autorun is not the only way to transfer the worms with a flash drive, Immune of USB sticks is no protection.
I beg to differ. You do not need a resident program like MC Shield. All 4 of my USB sticks are immunized and I have stuck them in hundreds of infected pc's and never an issue. Disabling autoruns is a primary step in staying malware free. Just Google it.
No need to explain myself. Immunize explanation is on the Bitdefender link. Please read the links I posted before commenting. The disable autoruns is for 7 and Vista. Here is XP.
http://support.microsoft.com/kb/967715
FYI..................I have a masters in computer science and work as a systems engineer. I also run a home business repairing pc's. I make house calls a lot to remove malware. So do not doubt mt knowledge.
-
My comment for Immunize was rhetorical.
Immunize explanation is on the Bitdefender link. Please read the links I posted before commenting. The disable autoruns is for 7 and Vista. Here is XP.
I know these tools and they work very well.
- I'll try to explain to you some things:
Thouse tools like BD immunize, Panda USB protection, ...hey doesn't disable the autorun. They load his own autorun so called powerfull autorun or bulletproof autorun... impenetrable autorun.inf with its attributes.
Aim of this is that malware cann't use autorun.inf.
Tools like , USB AntiVirus ...etc.
They already operate on a signature which is an advantage and disadvantage:
advantage - Scans USB's and it kills to him known malware.
disadvantage - it kills only to him known malware. Unknown malware will "leave alone".
-About USB malware:
Malware must have its own trigger and excellent file.
First malware writers have found a way to take advantage of legit Windows autorun.inf, to execute their malware into PC.
This the contents of autorun.inf as example:
(http://fotkica.com/thumbs3/1_tmb_52742402_66097_116715901_autorun.inf.jpg) (http://fotkica.com/slike.php?slika=1_52742402_66097_116715901_autorun.inf.jpg)
In this example, autoran.inf saying that windows should start test.exe malware.
Then people started to develop tools that may manipulated with autorun.inf ( autorun.inf is legit Windows file, loading their own autorun.inf was a good as first solution, legitimate action too) and thus provide additional protection or some of them trying to earn money.
The aim of this tools is nothing other than prevent infection. This is very important to know. Malware still lives in USB!
Therefore your link from BD says:
Autorun-based malware
Malware writers have had to find another way to infect the machine because the autorun.inf has been too known action. They couldn't use that metod sufficiently...
Currently known methods of infection using this metods:
- Desktop.ini
- comment.htt
- ActiveX
- User (user thinks he launches legitimate folder and he actually launch executable malware, legit folder is super-hidden)
- Windows Shell
- ... etc
This was written only in brief, the story it is much wider
--- --- --- ---
When Argus asked for running MCShield, you wrote this:
No need for MC SHield. Every pc should have autoruns disabled. Secondly if you immunize your USB stick then it makes your USB stick immune to malware autoruns being put in it. here are a few simple steps.
Having the above... do you realize why this comment is wrong?
If the user took your advice, he would get just this:
-Autorun-based malware ( only prevent infection )
If user obeyed Argus, it get this:
AntiAutorun, AntiLNK, three AntiReplicator routines, AntiRimecud, two AntiMimics, known bad file/folder names, hashes, AntiEsfury (folder name heur.), general/blended file heuristics (files are checked in 6 ways)...
In summary:
- autorun is just one of the ways the infection can be started;
- this is not bulletproof;
- USB device is still infected, ready to use on another machine, launches its autorun.inf and interject malware where it can.
-
FYI..................I have a masters in computer science and work as a systems engineer. I also run a home business repairing pc's. I make house calls a lot to remove malware. So do not doubt mt knowledge.
hmmm.....
@magna86 .....shouldn't someone with all this knowledge know this?
-
Not if they look like this one, see image attached...
polonus
-
FYI..................I have a masters in computer science and work as a systems engineer. I also run a home business repairing pc's. I make house calls a lot to remove malware. So do not doubt mt knowledge.
hmmm.....
@magna86 .....shouldn't someone with all this knowledge know this?
No need my dear friend. Its called years of experience. You can read all you want and post articles. I have 4 USB sticks which I bring to work and house calls. 2 have malware removal tools on them. ALL 4 are Immunized using BitDefender USB immunize. All 4 have been inserted into infected pc's and into other pc's. Then back to my home pc's. That makes over 1,000+ computers. Guess what...................No malware has ever infected ANY of my USB sticks. One other stick is for installing Avast and other software. The other is my BitDefender Rescue Disk with the ISO on my USB stick.
FYI..............MC Shield only protects YOUR own pc. It does not protect your USB stick when being inserted into another pc.
-
Not if they look like this one, see image attached...
polonus
Very mature. Unless you have something intelligent to post instead of a dumb picture I suggest you stay away. Thanks.
-
@Aventador
I have 4 USB sticks which I bring to work and house calls. 2 have malware removal tools on them. ALL 4 are Immunized using BitDefender USB immunize. All 4 have been inserted into infected pc's and into other pc's. Then back to my home pc's. That makes over 1,000+ computers. Guess what...................No malware has ever infected ANY of my USB sticks.
I understand you, but please understand me too.
The purpose of malware isn't that it's been detected by user. Its purpose is to keep undetected and that is what many don't realize.
User can be infected and they do not even know it.
Do you know that there were active malware in the government sector and undetected for several years while Kaspersky hasn't detected it ?
I do not want to convince you what is better, the choice is yours. It's on me just at least to try to explain a few thing, and if you are willing to listen, great.
If not, you can listen to yourself and live on yourself experience. But know this: " Two heads are better than one "
You can read all you want and post articles.
What I wrote above did not come from some articles.
This is the knowledge they have shared with me some people - with a lot more understanding of the malware subject matter than me.
-
MC Shield only protects YOUR own pc. It does not protect your USB stick when being inserted into another pc.
Yes, because for valid protection of this nature ( USB malware ) is not possible to make it portable and still to be high quality tool with all his detections routhins.
-
Maybe it time for Aventador to (http://www.sherv.net/cm/emo/angry/angry-shut-up-smiley-emoticon.gif) and let argus & magna86 do there job to help Archanaperth problem without hi-jacking this topic
-
Well now to the more intelligent bit.
Well in irony there rests also a lot of intelligence, but that put aside.
After dissecting and analyzing malcode for 8 years here, and observing the work of magna86 and the like,
I say that if that is/should be true, why developers even bother(ed) to develop
a free product like Mx One AV -> http://www.mxone.net/
or MCshield 2 http://amf.mycity.rs/mcshield/
ClamWin http://portableapps.com/apps/security/clamwin_portable
Panda USB Vaccine http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
All these av solutions now found to be snake oil, what a waste of talent and ideas...
We have Gauss-Another, we have stuxnet and duqu and flame...we do not have online detection for all -> http://www.securelist.com/en/blog/724/Online_detection_of_Gauss
By the way where are the sticks that could easily be set to write.protect?
polonus
-
Maybe it time for Aventador to (http://www.sherv.net/cm/emo/angry/angry-shut-up-smiley-emoticon.gif) and let argus & magna86 do there job to help Archanaperth problem without hi-jacking this topic
This is a public/community forum. All are allowed to post. MC Shield is a great tool but it will not help Archanaperth in the future from malware attacking his USB stick when being inserted into another pc.
So polonus..............What your saying is that a company such as BitDefender, which has one of the highest detection rates around is merely throwing snake out at customers. Too funny. Prevention is where it starts. If we can provide Archanaperth with education on how to prevent his issue from happening gain we did our jobs. Telling him to install MC Shield and walk away is not enough.
-
...but it will not help Archanaperth in the future from malware attacking his USB stick when being inserted into another pc.
It will protect his own PC from future attacks because MCS will check every USB that is hooked up.
As for other computers, if you have installed AV/AM/FW and MCShield (in this case) then, other PC will be safe too. This is the best form of protection. I do not see where is the problem in that?
edit:
PS: MCS will also delete malware from USB mem-devices. USB will leave PC as clean and disinfected devices.
-
Hi SpeedyPC,
All are allowed to post in there own threads, but not to come swanning in on malware removal threads,
criticizing qualified standard removal procedures. It is at least frowned upon....
polonus
-
...but it will not help Archanaperth in the future from malware attacking his USB stick when being inserted into another pc.
It will protect his own PC from future attacks because MCS will check every USB that is hooked up.
As for other computers, if you have installed AV/AM/FW and MCShield (in this case) then, other PC will be safe too. This is the best form of protection. I do not see where is the problem in that?
So what your saying then is if Archanaperth goes to a friends house he needs to install MC Shield before inserting his USB stick? ::) Thats unrealistic. Archanaperth is better immunizing his current USB sticks and installing MC Shield.
Furthermore if anyone is inserting there USB stick into an unknown or malware infected pc that is there own fault.
Are we all forgetting that Avast has a USB scanner? Are we telling Avast users to use other means of scanning there USB drive cause you do not trust Avast? Why install another resident program taking up resources if you do not have to.
-
So what your saying then is if Archanaperth goes to a friends house he needs to install MC Shield before inserting his USB stick? ::)
No, what I had to say, I said.
I recommend you to read it again my posts if you will, and if not well ... you won't be the first nor the last one that didn't want to accept and learn new things from someone who might be more experienced in this field.
I did not invent these things for shure. What is certain is that malware writers definitely love stubborn people.
Cheers,
magna
-
Hi SpeedyPC,
All are allowed to post in there own threads, but not to come swanning in on malware removal threads,
criticizing qualified standard removal procedures. It is at least frowned upon....
polonus
I wasn't talking about you Polonus ;)
-
Hi SpeedyPC,
Well here is something that users could consider to have better security with- hardware write protect pendrives: http://www.fencepost.net/2010/03/usb-flash-drives-with-hardware-write-protection/
This is also handy software: http://rufus.akeo.ie/ to ensure viruses are not running in the back ground...
polonus
-
Download MCShield from one of the following links:
MyCity - Official download link (http://www.mcshield.net/downloads.html)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
- Double click MCShield-Setup to install the application.
- Wait a few seconds to MCShield finish initial scan.
Recommendation to under Scanner tab you click on "Always unhide items on flash drives"
(http://fotkica.com/thumbs3/1_tmb_68564655_2013-06-15_114004.jpg) (http://fotkica.com/slike.php?slika=1_68564655_2013-06-15_114004.jpg)
- Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start -> All Programs -> MCShield -> Logs
Attach here -> AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Step2
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.
Argus!!! Avast! Evangelist ;D you are my hero!! I love you!!
I think I have my files back, but I did not understand if you want me to attach the logs to my post?
BTW, the device autorun is not working, I just got the files in a folder. Can I make the flash disk work normally?
Thank you sooooooo much (funny discussion, anyway :P I got my chips and coke..... ;))
-
Thank you sooooooo much (funny discussion, anyway I got my chips and coke.....
;D
Listen to argus and magna86 and your USB will be safe
-
Archanaperth wait until Argus or Magna86 confirm you're problem is 100% resolved before you do anything further to make sure you're in the clear safe zone first.
Edit: you beat me Pondus.
-
@Archanaperth
Please post Mcshield and DDS logs.
-
No probs :)
Isn't there too much information? :-[
-
OK system is clean.
If you have installed MCShield, ability to infect PC's via USB devices is equal to zero.
You could be assured that USB devices will automatically be cleaned from any kind of worms. Only worms (type of malware) may be transmitted using memory card.
Settings MCShield:
(http://fotkica.com/thumbs3/1_tmb_97955767_1.jpg.jpg) (http://fotkica.com/slike.php?slika=1_97955767_1.jpg.jpg)
(http://fotkica.com/thumbs3/1_tmb_124670979_2.jpg.jpg) (http://fotkica.com/slike.php?slika=1_124670979_2.jpg.jpg)