Author Topic: Malware fixes and work-arounds!  (Read 107196 times)

0 Members and 1 Guest are viewing this topic.

Offline lexx_gray@hotmail.com

  • Newbie
  • *
  • Posts: 1
Re: Malware fixes and work-arounds!
« Reply #30 on: January 29, 2010, 10:15:00 PM »
i just order the AVAst Pro and downloaded it but what ever is on my comp. will not let me open anything including my malware/spyware scanner. Can someone help me???

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #31 on: February 04, 2010, 01:27:09 PM »
Hi malware fighters,

A fix for a IE vulnerability on XP adn Win2000 where protected mode has been disabled can be found here:
http://go.microsoft.com/?linkid=9709676
Info on the Information Disclosure hole in IE: http://www.microsoft.com/technet/security/advisory/980088.mspx
Make a bookmark of it, because later MS will come out with an out of band patch, and you then have to disable the work around:
Users with Vista and Windows7 are safe,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #32 on: February 14, 2010, 11:51:20 PM »
Hi malware fighters,

A work-around for an intermittent CPU peak due to a corrupt virtual memory leaking:
Make sure you have plenty of RAM to do this (minimum 515mb preferred). Get rid of the current page file (virtual memory), it may be corrupted causing memory leaks.

>Right click My Computer on your desktop
>Choose Properties
>Click the Advanced tab
> In the Performance panel,
>Click the Settings button
>Advanced tab in the Performance options
> In the Virtual memory panel,
>Click the Change button
>Select C drive/partition, if it isn’t already selected
> Tick ‘No Paging file’ in the paging file size for selected drive panel.
> Press the SET button
> Then click OK, OK, OK.
>Reboot, the system will re-create it.

This possible solution should end your worries,

polonus
« Last Edit: February 14, 2010, 11:54:28 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline alisterben

  • Newbie
  • *
  • Posts: 1
Re: Malware fixes and work-arounds!
« Reply #33 on: March 02, 2010, 08:16:57 AM »
Give me some possible solution for cleaning registry.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: Malware fixes and work-arounds!
« Reply #34 on: March 02, 2010, 11:31:22 AM »
***

Go to the link below and download TweakNow Registry Cleaner at the top left under the header Download.

http://www.tweaknow.com/RegCleaner.php


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061
Re: Malware fixes and work-arounds!
« Reply #35 on: March 02, 2010, 04:40:40 PM »
Go to the link below and download TweakNow Registry Cleaner at the top left under the header Download.
http://www.tweaknow.com/RegCleaner.php

Be careful with this, I have had problems after cleaning.. better leave the registry as it is or use ccleaner's registry cleaner. which is very much safer.

Thanks
nmb
« Last Edit: March 02, 2010, 04:49:14 PM by nmb »

Offline magicmatt1

  • Newbie
  • *
  • Posts: 1
Re: Malware fixes and work-arounds!
« Reply #36 on: March 03, 2010, 05:52:02 PM »
Can anybody help me with this nasty "xp antivirus pro" virus?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35969
Re: Malware fixes and work-arounds!
« Reply #37 on: March 03, 2010, 05:56:35 PM »
You should have started a new topic, and not posted inside this


How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

What this programs does:

Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 are new rogues that are exactly the same program, but are shown with different names and interfaces depending on the version of Windows that it is run on. After I wrote this guide, I was told that this rogue goes under quite a few different names, which I have listed below:

•Antivirus Vista 2010
•Vista Antispyware 2010
•Vista Guardian
•Vista Antivirus Pro
•Vista Internet Security
•Vista Internet Security 2010
•XP Guardian
•XP Antivirus Pro
•XP AntiSpyware 2010
•XP Internet Security
•XP Internet Security 2010
•Antivirus XP 2010
•Antivirus Win 7 2010
•Win7 Guardian
•Win 7 Antivirus Pro
•Win 7 Antispyware 2010
•Win 7 Internet Security
•Win 7 Internet Security 2010

When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Antivirus Vista 2010, Win 7 Antispyware 2010, or XP Internet Security 2010. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline soumen

  • Newbie
  • *
  • Posts: 13
Re: Malware fixes and work-arounds!
« Reply #38 on: March 09, 2010, 09:59:55 PM »
Hi guys,

Need some help!

My PC is infected with Win32-Malware-gen.
The virus is present in C:\Windows\Temp\xxx.tmp\svchost.exe.

Avast home edition is detecting it every 5 mins and suggested measure is to move it to Chest.
I have tried bootscan and it deletes it but after reboot it comes up again.

please let me know how to remove the malware from my system.

Thanks in advance!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35969
Re: Malware fixes and work-arounds!
« Reply #39 on: March 09, 2010, 10:08:54 PM »
Hi guys,

Need some help!

My PC is infected with Win32-Malware-gen.
The virus is present in C:\Windows\Temp\xxx.tmp\svchost.exe.

Avast home edition is detecting it every 5 mins and suggested measure is to move it to Chest.
I have tried bootscan and it deletes it but after reboot it comes up again.

please let me know how to remove the malware from my system.

Thanks in advance!


http://forum.avast.com/index.php?topic=54389.0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81797
  • No support PMs thanks
Re: Malware fixes and work-arounds!
« Reply #40 on: March 09, 2010, 10:13:58 PM »
@ soumen
This really should be in its own new topic in the Viruses and Worms forum as it is technically unrelated to the original Topic.

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

If you have any other questions, etc. including posting logs, create your own new topic to do that, thanks.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #41 on: March 24, 2010, 12:00:47 AM »
Hi malware fighters,

You experiences a block of the MS update, somehow the settings for svchost.exe for www.update.microsoft.com are being blocked, so now it is time to reset the settings database in ZA.

Hold down the Ctrl and Shift keys together
Right click on the ZA icon near your clock
Choose 'Reset' from the box that comes up
Choose Yes on the Reset Settings dialog box
When prompted, choose OK to restart your system
Follow the on screen configuration prompts after reboot

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #42 on: April 02, 2010, 09:34:32 PM »
Hi malware fighters,

A proposed manual removal routine,

1) Run Process explorer. Use Ctrl+F to find any references to the malware at hand.
2) Kill any malware processes or malware threads (PIDs) inside of normal processes (ex. some malware hides as a thread in winlogon.exe)
3) Run Autoruns to be able to cleanse the "startup vectors" for the malware
4) Reboot
5) If the system boots clean, obliterate the malware files. For this use MoveOnBoot: http://go.ask-leo.com/moveonboot (instruction: http://ask-leo.com/how_do_i_delete_a_file_in_use.html )

polonus
« Last Edit: April 02, 2010, 09:42:50 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #43 on: April 08, 2010, 11:10:07 PM »
Specific usb virus cleansing script found here: http://www.en.mygeekside.com/?p=18

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline asw

  • Newbie
  • *
  • Posts: 1
Re: Malware fixes and work-arounds!
« Reply #44 on: April 19, 2010, 04:01:10 PM »
need help with win32:alurean-fz      now has affected startup.  what does  C:/windows/system32/drivers/rascacd.sys      mean?