Author Topic: Malware fixes and work-arounds!  (Read 107108 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Malware fixes and work-arounds!
« Reply #45 on: April 19, 2010, 08:33:11 PM »
That may be the new TDSS variant which takes careful handling - please start your own thread and let me know.  I will then assist
PLease do not try to restore the system as one variant will remove all services if you do that 

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #46 on: May 04, 2010, 08:50:41 PM »
Hi malware fighters,

Repository of malware removal tools: http://www.wintricks.it/FORUM/showthread.php?t=56594


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #47 on: May 20, 2010, 03:34:06 PM »
Hi malware fighters,

Work-around for the new ActionKey USB malware worm: Preventing AutoPlay for a Component
Quote
To prevent AutoPlay from launching in response to an event, add the following REG_SZ value, as shown in this example.

HKEY_LOCAL_MACHINE
   SOFTWARE
      Microsoft
         Windows
            CurrentVersion
               Explorer
                  AutoplayHandlers
                     CancelAutoplay
                        CLSID
                           00000000-0000-0000-0000-000000000000The value is the class identifier (CLSID) that the component generating the event is known by in the running object table (ROT). The value has no data.

Important  Under this key, the CLSIDs are not enclosed in braces ( {} ).

pol

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline kellykent@hotmail.com

  • Newbie
  • *
  • Posts: 1
Re: Malware fixes and work-arounds!
« Reply #48 on: June 30, 2010, 11:22:54 PM »
I have been using the newer free version of Avast for awhile.  Before that 4.8.  Over the last couple of months I have recently worked 3 machines that have come down with different malware/trojans that Avast did not catch.  What program caught it?  F-Secure Clean Scan.  A free version.
I recommend Avast to everyone who asks but I'm beginning to lose confidence.
The only problem with the Clean scanning software of f-secure is it doesn't tell me what it caught just tells me "malware".

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #49 on: June 30, 2010, 11:38:05 PM »
Hi kellykentAThotmail.com,

Well this is quite common for any resident av solution. It cannot catch all, to many variants, they have to make a selection for their database and cover the remainder with heuristics, too large a vulnerability window to cover and zero-days can also be your deal if you are so unlucky to stumble upon it online. This is not only avast it is with all av solutions, so best what you can do is have some additional non-resident scanning next to it (MBAM, SAS, online scanner of your choice) so the detection range become as broad as you can live with. Additionally if you want to be fully protected use a Mozilla browser with NoScript and RequestPolicy extensions installed, yep, and then, and then you are fully covered,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline robnasty

  • Newbie
  • *
  • Posts: 1
Re: Malware fixes and work-arounds!
« Reply #50 on: July 03, 2010, 02:11:32 PM »
Hi there
I have a question relating to malware.
I picked up a trojan last night even though my avast was runnin and up to date.
my system restore is diabled and avast has been completely diabled incluing the boot scan it just restarts the pc
and does not scan the pc infact avast says the version installed is `unknown` how do i remove this threat and restore avast
to its former working order?
please help!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #51 on: July 26, 2010, 07:13:27 PM »
Hi malware fighters,

There is now protection against the new Windows Shortcut Exploits without losing your icons, free tool download here:

http://downloads.sophos.com/custom-tools/Sophos%20Windows%20Shortcut%20Exploit%20Protection%20Tool.msi

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061
Re: Malware fixes and work-arounds!
« Reply #52 on: July 27, 2010, 05:30:46 PM »
<snip>
There is now protection against the new Windows Shortcut Exploits without losing your icons, free tool download here:

One more (GDATA) : http://www.gdata.de/support/downloads/tools (tool available in English)

Read more in sans diary : http://isc.sans.edu/diary.html?storyid=9268
Quote
This(Sophos) tool currently only protects against LNK files and does not protect against PIF based exploits. It also does not protect against LNK files or targets stored on the local disk.

nmb
« Last Edit: July 27, 2010, 05:37:18 PM by nmb »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11678
    • AVAST Software
Re: Malware fixes and work-arounds!
« Reply #53 on: July 27, 2010, 05:39:35 PM »
There is now protection against the new Windows Shortcut Exploits without losing your icons, free tool download here:

Well, how about avast? It protects you for quite some time already... ;)

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #54 on: July 27, 2010, 06:06:56 PM »
Hi igor,

If you say so, and we all are avast users after all. We should know why then.   
Thanks a bunch, for the reassuring message,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Malware fixes and work-arounds!
« Reply #55 on: July 28, 2010, 07:52:41 AM »
There is now protection against the new Windows Shortcut Exploits without losing your icons, free tool download here:

Well, how about avast? It protects you for quite some time already... ;)


Hi Igor :)

So if I understand you right Avast! detects/blocks the LNK exploit itself, no matter what malware it is used by ???

Greetz, Red.
« Last Edit: July 28, 2010, 08:06:37 AM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061
Re: Malware fixes and work-arounds!
« Reply #56 on: July 28, 2010, 07:36:55 PM »
Well, how about avast? It protects you for quite some time already... ;)

Yeah :) I have seen the LNK:Runner in the vps update history ;)

Thx

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #57 on: July 28, 2010, 11:36:23 PM »
Hi folks,

I reported here about the third party fixes for the LNK-hole, but I must also tell you that Microsoft will not support these solutions according to Microsofts security-response team's group manager, Jerry Bryant,


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Malware fixes and work-arounds!
« Reply #58 on: July 29, 2010, 07:28:55 AM »
Yeah :) I have seen the LNK:Runner in the vps update history ;)

Thx

Yeah, you are right :)

16.7.2010 - 100716-0  LNK:Runner
17.7.2010 - 100717-1  LNK:Runner-A, LNK:Runner-B
25.7.2010 - 100725-0  LNK:Runner-T

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #59 on: July 30, 2010, 11:33:12 PM »
Hi malware fighters,

Undo your fixes and work-arounds before you patch coming Monday with an official MS out of band vulnerability fix: http://www.dshield.org/diary.html?storyid=9304

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!