Author Topic: Malware fixes and work-arounds!  (Read 107111 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #75 on: June 18, 2011, 04:38:25 PM »
L.S.

Whenever you do a scan or upload a suspicious file for a scan on VT for instance, then MD5/SHA1 hashes are being generated, and you can identify that particular file, piece of malcreation if it has already been analyzed through earlier scans or found by honeypots.

There is even an extension that can search the Virustotal hashes automatically for you in the Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/virustotal-hash/

Online you can check here: https://www.vicheck.ca/md5query.php
Or you may use the hash database here: http://isc.sans.edu/tools/hashsearch.html

Or just put the hash in as a google search query and look for additional information
you may stumble upon and if avast does not detect send the info to virus AT avast dot com:

Now for some examples, so you may learn what this is all about -

For instance we have found this MD5 hash: 4d7796df39daf235028919533ea7e73b
and we get these accompanying VT results from ViCheck.ca:
http://www.virustotal.com/file-scan/report.html?id=393796c058193cbde2108a799e5378bf5f5a2bfb42db9fddc7034bf56a99c99e-1307961961
and the accompanying Threatreport for this MD5 hash:
http://www.threatexpert.com/report.aspx?md5=4d7796df39daf235028919533ea7e73b
At once we will know that avast does not detect this malware,
and from the Threat report it stemmed from Croatia: http://wepawet.iseclab.org/view.php?hash=3df4df1ded0c2535f521ae302d2f903e&t=1308059678&type=js
Anubis report here: http://anubis.iseclab.org/?action=result&task_id=1d51c29456a0c2d04692cbfc0f8a9011a
Site with poor reputation:
http://www.mywot.com/en/scorecard/ms.mjntravel.biz
but lots of links there are now dead, so this one is not responding.
So on to the most recent one there and see if avast folks did their homework.
and yes, BINGO, they did, as we expected from them, because this MD5 has was found there only yesterday: MD5 hash = dc1297306c88b89fd79f121b1bc5bb22
And if we look at VT for that one, we see that our good avast av protects us all:
http://www.virustotal.com/file-scan/report.html?id=6e1a05ca5bb5d8e72f8de5ab403a8533bb88e74d81933d766613b807dc7a64d5-1308255138
malware detected by avast as Win32:Downloader-HXU,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81785
  • No support PMs thanks
Re: Malware fixes and work-arounds!
« Reply #76 on: June 18, 2011, 05:23:44 PM »
The firefox add-in, is from march 2010 and doesn't appear to install/work with firefox 4.0.1, so I guess the same wild be with FF5 when released soon.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #77 on: June 18, 2011, 09:45:40 PM »
Hi DavidR,

Thanks for pointing this out, have been using Google Chrome lately, so not aware of the Fx add/on policy lately. We have to fall back to google or check against other sources,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #78 on: June 28, 2011, 09:16:24 PM »
Hi forum friends,

A malware remover may ask you to use "Defogger" in the cleansing routine of rogue.agent/gen.nullo for instance (recently back);
this as an initial part of such a cleansing routine.

What is this all about?
The tool is to temporarily stop the legitimate drivers used by CD Emulators,
so they cannot interfere with investigative tools we use to detect the real baddies.

This tool by jpshortstuff can be downloaded here http://www.jpshortstuff.247fixes.com/Defogger.exe
So save it to your desktop.
Now double click on Defogger to run this tool.
With Vista and on W7 you need to run it with full administrative rights.
Now the application window will appear.
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue.
A 'Finished!' message will appear.
Click OK...Defogger will now ask to reboot the machine...click OK.
If not, reboot manually. Do not re-enable these drivers until instructed or your system has been fully cleansed.
N.B. If you receive an error message while running Defogger, please post the log defogger_disable which will appear on your desktop.

In back enabling the drivers with Defogger, you might have to delete and re-install defogger again to perform re-enabling. This could happen in some cases.

The application window will appear.
You click the Re-enable button to re-enable your CD Emulation drivers.
Then click Yes to continue.
A 'Finished!' message will appear.
Now click OK
Defogger will now ask to reboot the machine, click OK,

That is all, if asked you now know what this is all about,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #79 on: June 30, 2011, 01:32:16 AM »
Hi forum friends,

For those who uses the NotScript extension in Google Chrome,
https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn
Instructions for use in browser, can be found on the page of the developer here: http://optimalcycling.com/other-projects/notscripts/
it is advisable for additional protection also to install this following user.script from here:
http://userscripts.org/scripts/show/94123
It should stop all but the most sophisticated clickjacking attempts (i.e. 99.9% of them).
Author of this anti-clcikjacking script is Michael Waddell,
Test page: http://www.planb-security.net/notclickjacking/iframe_madness.html
& http://evil.hackademix.net/frameopts/  

Enjoy and be more secure,

polonus
« Last Edit: July 25, 2011, 02:15:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #80 on: November 09, 2011, 03:29:02 PM »
This free Python tool (script aiding to find DuQu-drivers) may find (almost) all of the DuQu drivers. The tool can be found here: https://github.com/halsten/Duqu-detectors [souce: Mohamed Saher, analyst]

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #81 on: December 03, 2011, 04:12:31 PM »
Well what could be a way to test extra large files is with this free file threat ranking scanner, downloadable from here (English version):
http://www.computer-support.nl/Software/AHC/Setup.exe
All about this free tool - summary and functionality can be read here: http://www.backgroundtask.eu/Applications/AHC1_Index.php
This for files that are larger than metascanners can handle..

Enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #82 on: December 31, 2011, 01:51:17 AM »
Hi you forum friends,

Some virus fighting utilities to be found on link given. Use only under supervision of a qualified removal expert here like essexboy, oldman, etc when they decide for these to be used. See: http://support.kaspersky.com/viruses/utility  link from kaspersky lab,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #83 on: January 14, 2012, 12:29:26 AM »
How to eliminate Trojan-ransom using Kaspersky's Rector Decryptor:
Go to http://support.kaspersky.com/faq/?qid=208282275
link source from Kaspersky Support, this for instruction how to use and here is
the download link: http://support.kaspersky.com/downloads/utils/rectordecryptor.zip
Only use under the guidance of a qualified remover like essexboy or oldman here,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Malware fixes and work-arounds!
« Reply #84 on: January 20, 2012, 06:25:06 PM »
Security extension to be used in the Google Chrome browser: http://userscripts.org/scripts/show/22955
Extension detects frameworks, XSS proxy, XSS shell, Attack-API and BeEF, exploitation, has detection for image.gif, txt/javascript, data txt/html, local file protocol exploitation, wide protocol based and was thoroughly tested, for web developpers and with a browser independant greasemonkey install, detects things that never get detected at webserver-level FW, detects web client run  web trojan and backdoor abuse. In short nice I have this extension in the Google Chrome browser. Only thing is you must have the expertise to evaluate the findings yourself. So it is not just for everyone. Or install and use it and ask about alerts here on the forum,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline andy222

  • Newbie
  • *
  • Posts: 2
Re: Malware fixes and work-arounds!
« Reply #85 on: February 27, 2012, 10:42:57 AM »
Facts to better write your malware-fix

Identification of malware

When you start getting involved in malware fighting, recognizing certain infections is hard. Every infection has specific characteristics. There are sites where you can find descriptions of various infections.

....



Hello, when Avast! blacklist a site (which is the case of mine http://www.lapasserelle.com and I lose a lot of revenues...) why don't you explain why?

Regards,

Andy

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35953
Re: Malware fixes and work-arounds!
« Reply #86 on: March 28, 2012, 10:13:05 PM »
Facts to better write your malware-fix

Identification of malware

When you start getting involved in malware fighting, recognizing certain infections is hard. Every infection has specific characteristics. There are sites where you can find descriptions of various infections.

....

URLVoid - http://www.urlvoid.com/scan/lapasserelle.com/



Hello, when Avast! blacklist a site (which is the case of mine http://www.lapasserelle.com and I lose a lot of revenues...) why don't you explain why?

Regards,

Andy
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.