Other > Viruses and worms

Problems with TROJANS that are hard to get rid of...

<< < (8/9) > >>

KLM:
ok, Ready!!!, it looks like the problem is solved. Thank you FreewheelinFrank.

But what about my doubts:

Why can't avast solve this problems with the trojans?
Why can't it detect them as other antivirus?
In my opinion is a good antivirus (i have no basis to state that, it's just feeling) but i don't understand why if the team that developed it should be actualizating for new kind of trojans, worms, etc... I even send them one of this infected executables (bxyxyyyy, or something like that) so that the could analize it and develop a defence...
Maybe i am being impatient but i would like you to explain me a little about this dinamic.

FreewheelinFrank:

--- Quote ---Many tools and programs have been written to remove Vundo, although the trojan's authors often release new versions. Vundo creates a DLL file in the Windows system directory and writes registry entries causing Windows to inject the file into winlogon.exe.
--- End quote ---

http://en.wikipedia.org/wiki/Vundo_trojan

It's a combination of new malware files emerging very frequently (think hourly in some cases), and the fact that malware uses techniques to hide itself, inject itself into system processes, protect itself or start itself from obscure locations in the registry.

AV companies have to add detections for viruses, worms and a huge range of Trojans. Tools like ComboFix and VundoFix are specially designed to counter the tricks used by a specific type of malware, and may have more sucess in removing the infection.

Other AV's have the same problem: Symantec has a special tool to remove Vundo, and McAfee requires some 'manual removal methods':


--- Quote ---Certain variants of the Vundo trojan are especially difficult to remove.  Current DAT and Engine functionality does not yet provide an automatic method to fully remove this threat if it is active in memory.  However, a combination of manual and DAT/Engine removal methods does allow for successful removal of this threat.
--- End quote ---

http://vil.nai.com/vil/content/v_127690.htm

Spyware generally is best dealt with using specialist spyware removal programs, which have more of an emphasis on registry scanning than AV programs, which concentrate on file scanning.

In a spyware infection, I use AVG Anti-Spyware, Ad-Aware and Spybot Search & Destroy in addition to an AV program, and they all find different things, and very often there's something to remove manually at the end.

Unfortunately nothing detects 100% of malware.

KLM:
OK, thank you very much to every one, specially to mauserme, FreewheelinFrank and DavidR. The problem seems to be solved but considering that this kind of virus, malware, etc are being produced or elaborated very often well, maybe we will meet again.

That's good considering the lot of things I just learn with you, thanks again.

FreewheelinFrank:
Don't forget the Secunia scan- avoid infection in the first place!!

http://secunia.com/software_inspector/

Remove all older versions of Sun Java especially.

mauserme:
Just to be safe please download OTMoveIt  by OldTimer.  Save it to your desktop and double-click OTMoveIt.exe to run it.  Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\wncrcfvn.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also, install the latest version of Java

http://www.java.com/en/download/index.jsp

and then open Add/Remove Programs in the Control Panel.  Uninstall any versions of Java you find that have older version numbers than the one you just installed.


Have the trojan warnings stopped now?

I am still just a bit suspicious of C:\WINDOWS\system32\mucltui.dll and will research it some more.  I'll post again if/when I find anything.

Navigation

[0] Message Index

[#] Next page

[*] Previous page