question about virus

[decimus]

What about W32.Spybot.WON ?  I can,t remove it from my computer with Avast 4.6 Home Edition. I receved all upgrades almost every day - and what ... and nothing - somebody's still stealing informations from my comp.

Please help, I don't believe ... Avast can't localize and remove the thief ...


decimus

[Eddy]

If Avast can detect it, it can remove it.
If you have a NT based system, run a boottime scan.

[FreewheelinFrank]

That's not quite true Eddy. If it's a FU rootkit infection, avast! can detect but not remove it. This is true of other anti-virus programs too.

In the arms race of malware writers against anti-virus developers, the malware writers are a step ahead at the moment.

Watch out for similar postings- they may be a sign of FU.

[polonus]

Hi FreewheelinFrank,

I agree here with FreewheelinFrank. There should be a way not only to find Fu rootkit up, but also to eliminate it. In the war between malcreants and AV producers we have once again come into a new arena. There are two ways to go by: one is have a program that prevent that a rootkit is set up (system monitoring is one of the possibilties to prevent this), another way is to find them up, there are minor differences in the ways the normal kernel and the rootkitted kernel react to api calls. This is a way to get a grip unto them. Another way is to detect them from an uncompromised variant on a CD or from another uncompromised computer in a system. But rootkits are getting more sophisticated and less easily to detect. We will hear more abou them,

polonus