Author Topic: Virus in Flash Drive hides all the files, tried MCShield but cleaning failed?  (Read 10365 times)

0 Members and 1 Guest are viewing this topic.

adel219

  • Guest
@magna86

You didn't mention OTL before, anyway I've searched it and found this (check the png image in the attachment).

Is this the OTL you have talked about :)




Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
@magna86

You didn't mention OTL before, anyway I've searched it and found this (check the png image in the attachment).

Is this the OTL you have talked about :)

Ups, my bad. I copied prepared speech for removing OTL too without much thinking.   ;D

But when you already have him ... click on that button to finish this adventure.  :D

adel219

  • Guest
Ok, now CleanUp is done.

But one more last question please, how the malware got nested under "NT style" reg keys in the first place?
and how Malicious loading file was placed in temp folder you've talked about?

Forgive me for asking too much but I need to understand how those malware came into my machine to be more protective in the future :)

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
But one more last question please, how the malware got nested under "NT style" reg keys in the first place?
and how Malicious loading file was placed in temp folder you've talked about?
Uh, it's a big thematic to you to be able to understand. They are varius of malware.
http://en.wikipedia.org/wiki/Malware

All malware are using so-called "security holes" in Windows OS to take advantage of some poorly / bad / large-scale written code in some legitimate application to launch their malicious code.

Windows trying to patch to them known security holes ( you know that as Windows Update) and thereby to prevent the known malware to spread in the future. Legitimate applications do the same thing. AV hunts dropers and malware sample or to be more precisely their binary code to create the signature for some malware variant.
Your malware is a variant of the worm. Worm is malicious program that spreads via network or via removable drives exploiting security holes in any operating system or legit program.
Certainly it has been manage to advantage some known or unknown security hole to us, or it was launched from the side of your hands to be executed. I don't know how he did it.

Any malware must have some sort of trigger, something that will load malware itself. In most cases, the malware starts user (in this or other way) and they do not even aware of that. 
For example: Are you aware when you install some toolbar? And you've did installed that toolbar, It did not come from 'heaven.  :)

Malware writers find a way to abuse an some action / operation. Windows & AV vendors seek to patch the hole and to add malware to signatures. Then malware authors write or improve their malware code to use another hole in some legit application or OS, and so on ...

> The purpose of malware is to exploit security hole in order to be installed without the user's knowledge and executes a malicious act and trying to stay undetected by the side of user or security softwares. That is why the struggle between good and evil is eternal ...
« Last Edit: June 30, 2013, 11:29:34 PM by magna86 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
adding some additional info to magnas comments

Quote
All malware are using so-called "security holes" in Windows OS to take advantage of some poorly / bad / large-scale written code in some legitimate application to launch their malicious code.

list of security holes here... click the orange arrow to the right, or google the CVE name fore more info.  ;)

http://www.avast.com/exploit-protection.php


adel219

  • Guest
@magna

You're so generous, I noted that you mentioned Windows as operating system a lot like it is the whole problem after all :) (Kidding  ;) ), from your experience, do you think due to the security holes in Windows that it is the best OS for malware creators to begin with.

What do you say about other OSs like Linux and Linux based ones, do they have the same amount of the security holes like Windows?

Should I move to Linux or Linux based system to avoid that.



Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Quote
...do you think due to the security holes in Windows that it is the best OS for malware creators to begin with.
Yes. Everything popular is becoming a subject of abuse. The goal of a malware writer is to make money.

Quote
What do you say about other OSs like Linux and Linux based ones, do they have the same amount of the security holes like Windows?

Windows is very keen to protect their OS. As soon as they find a security hole next week you have patch for it.
In Unix everything is on a voluntary basis. For someone to wrote a patch for a Unix security hole, they are doing it on a voluntary basis, so they are not so up to date.

Some last tests show that fully patched Windows 8 (with all it's updates, etc.) and people who are looking for security holes, they have been found only about ~ 110 holes in Windows 8.
Latest updated Ubuntu, they have been found ~ 2,000 security vulnerabilities.

Windows in core is fortress opposed to Unix-based systems.
People think that Linux is malware "free" because they have the root admin rights but this is not true.
Linux is "free" of malware because malware writers can't earn on Unix system.
Think abaut it: why should they try a month to write some good malicious code for Linux when they can earn 10x more on Windows based malware.

« Last Edit: July 01, 2013, 12:07:19 AM by magna86 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Quote
What do you say about other OSs like Linux and Linux based ones, do they have the same amount of the security holes like Windows?
if the malware creators where looking, they would most likely find lots of security holes there also
but they fish in the biggest pond with most fish in where the chanse fore somone taking the bait is a lot bigger
and the biggest pond is Windows OS
and all malware today is about money....


« Last Edit: July 01, 2013, 12:19:17 AM by Pondus »

adel219

  • Guest
If Windows patches its security holes this fast, why do we have anti virus and anti malwares, I mean if there is a new virus that take advantage from new discovered security hole, the virus will affect one computer Windows will know about it and then patches it quickly and stop the virus spreading to other computer with no need to antivirus.

Is the problem in this simplicity or it is far more complicated?


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Quote
If Windows patches its security holes this fast, why do we have anti virus and anti malwares, I mean if there is a new virus that take advantage from new discovered security hole, the virus will affect one computer Windows will know about it and then patches it quickly and stop the virus spreading to other computer with no need to antivirus.

It doesn't work that way. Malware is able to stay undetected for years and all that time perpetrating malicious act or just waiting for hackers sign to use it for DDoS attack for example.
(that's if you read on internet that some computer virus turns your computer into zombie. They meant to sey that, but even they did not understand what are they writing)

Or to let's say if the purpose of malware is to crouched and waiting for the command of the owner malware. The malware purpose is to keep working properly and to stay undetected.

Without AV and AM programs, you would not know you were infected, would not have your's privacy, someone from the outside could control your computer, steal your personal /banking information or simply they would get illegal profit.  Google it what malware colled Rogue (fake AV's) doing actually to better understand.

Antivirus is here to protect you. This is the first & required step of malware protection.

Quote
Is the problem in this simplicity or it is far more complicated?

Unfortunately, as I and Pondus wrotes, it is not that simple. The story is far more complicated and you can not understand it so quickly.

adel219

  • Guest
Thank you magna86 and Pondus for all the help, support and the precious time you gave me in explaining the problem reasons to me :) .