Avast WEBforum

Other => General Topics => Topic started by: polonus on April 27, 2006, 08:56:00 PM

Title: Remaining 2%
Post by: polonus on April 27, 2006, 08:56:00 PM
Hi malware fighters,

Ad-Aware and Spybot S&D aren't complete solutions
for people that are already infested with spyware:
92% of Spyware can be removed, 6 % cannot be
removed because programs loaded in memory are being
protected by Windows. Starting up in Safe Mode makes
it possible to remove them, but then there is still
a remaining 2% that are either new variants or reside
in Windows files that copy normal system files that
are being used (at normal Windows start-up).
After removal a reboot will restore this remaining 2%
to their full glory. Even variants exist that are
aware what "virus scan daemon" or "adware-daemon"are
loaded in memory and how to manipulate to circumvent
them to avoid further detection.

Temporary and executable files in Windows:
X:\WINDOWS\TEMP\
X:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ (look
for a files with specific names and contents)
X:\DOCUMENTS AND SETTINGS\(local user)\LOCAL
SETTINGS\TEMP\
X:\DOCUMENTS AND SETTINGS\(local user)\LOCAL
SETTINGS\TEMPORARY INTERNET FILES\
X:\DOCUMENTS AND SETTINGS\(local user)\LOCAL
SETTINGS\APPLICATION DATA\(look for specific file names (e.g.:
size does matter), and content
X:\DOCUMENTS AND SETTINGS\(local user\LOCAL
SETTINGS\Temporary Internet Files\

Files with names like "temp" (temporary) can be emptied up.
So much for space and less chance of viruses or
spyware.

Internet Explorer en Explorer are identical. They both
are embedded in Windows. Delete through Configuration
Screen does not do a thing.

Loading  Explorer with other rights than IUSR_SYSTEM is
impossible. This can lead to big problems and even
crashes in Windows.

polonus