"xp smart security"
in [Windows Viruses]
|
Prev: Trojan.dropper
Next: Infected XP owners left unpatched
From: David Kaye on 15 Apr 2010 16:27 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: >rename; mbam-setup.exe to cisz.com >and then run cisz.com to install Malwarebytes' Anti-Malware. This doesn't always work. Some malware tracks some other part of the program, maybe the filesize or the internal name or the DLLs being called or something.
From: David H. Lipman on 15 Apr 2010 16:40 From: "David Kaye" <sfdavidkaye2(a)yahoo.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: >>rename; mbam-setup.exe to cisz.com >>and then run cisz.com to install Malwarebytes' Anti-Malware. | This doesn't always work. Some malware tracks some other part of the program, | maybe the filesize or the internal name or the DLLs being called or something. No, it is usually the name (explicit) or just EXE files. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: David Kaye on 15 Apr 2010 17:10 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: > >No, it is usually the name (explicit) or just EXE files. But not always. Believe me; I've had lots of malware kill MBAM regardless of what I called it. Remember that I've been doing this stuff fulltime since 2002. Some of the particularly bad infection would kill everything but a very old copy of SpySweeper and PrcView.exe, again, regardless of what I named the executable.
From: David H. Lipman on 15 Apr 2010 17:41 From: "David Kaye" <sfdavidkaye2(a)yahoo.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: >>No, it is usually the name (explicit) or just EXE files. | But not always. Believe me; I've had lots of malware kill MBAM regardless of | what I called it. Remember that I've been doing this stuff fulltime since | 2002. | Some of the particularly bad infection would kill everything but a very old | copy of SpySweeper and PrcView.exe, again, regardless of what I named the | executable. Certainly not size. That's a stupid approach. Different versions will have different sized executables. I have examined *numereous* malicious binaries. They hard code the name of EXE files into their code. Everything from; \drivers\vmmouse.sys, SbieDll.dll, ollydbg.exe, WIRESHARK.EXE--> PROCEXP.EXE --> HIJACKTHIS.EXE . I have also see the codes the thwart analysis, such as "IsDebuggerPresent", "createtoolhelp32snapshot" and ... This program cannot be run in VMware Workstation. Please close VMware Workstation first. This program cannot be run in Threat Expert. Please close Threat Expert first. This program cannot be run in VirtualBox. Please close VirtualBox first. This program cannot be run in VirtualPC. Please close VirtualPC first. This program cannot be run in CWSandbox. Please close CWSandbox first. This program cannot be run in Sandboxie. Please close Sandboxie first. This program cannot be run in JoeBox. Please close JoeBox first. This program cannot be run in Anubis. Please close Anubis first. BTW: I've been dealing with malware for ~20 yrs. Ever since I had to remove the Jerusalem.B virus from a Netware v2.11 network. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "FromTheRafters" erratic on 15 Apr 2010 17:43 DHL is writing about *this* particular malware, and not just *some* malware. "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hq7vd2$b86$1(a)news.eternal-september.org... > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: > >> >>No, it is usually the name (explicit) or just EXE files. > > But not always. Believe me; I've had lots of malware kill MBAM > regardless of > what I called it. Remember that I've been doing this stuff fulltime > since > 2002. > > Some of the particularly bad infection would kill everything but a > very old > copy of SpySweeper and PrcView.exe, again, regardless of what I named > the > executable. > > >
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Trojan.dropper Next: Infected XP owners left unpatched |