Announcement

**370forlife** · 02-16-2009, 09:32 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I find that Malwarebytes works really well for more common viruses (anti-virus xp, BSOD screensaver, etc...,) and SUPERantispyware works well for the more uncommon viruses.

**bgavin** · 02-16-2009, 10:43 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

The vast majority of these cleaners insist on "installing" their droppings in either the registry and/or WINDIR. So stupid. I guess nobody is capable of writing stand-along code anymore... wankers and their .NET macros.

I use McAfee Enterprise by choice, but it is still fat at 100+mb. Yes indeed, it can break and leave a ton of registry droppings. Their uninstaller, isn't. That is a shame too. Anybody remember the Common Files bug that breaks the auto-update?

Reinstalling is often not possible. I have a client who recently had a nasty divorce with their business partner, who took HIS install CDs with him. They need to reinstall a crapped out workstation... and cannot. Other clients have no end of customization/configuration on their workstations, so a reinstall takes days. My own workstation takes several days to reinstall from scratch. I have simplified this considerable with the use of Virtual Machines, but it is still time consuming.

I tried Vundo fix utility, but it is mostly junk. Very slow, can't fix shit.
If anybody has the name of another tool as good as, or complementary to, Malwarebytes, please post it.

**EGuevarae** · 02-16-2009, 10:50 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by bgavin

If anybody has the name of another tool as good as, or complementary to, Malwarebytes, please post it.

It exists, it is called Linux....

I don't use it myself, but every time I get a problem with one of my Win boxes, I have a friend that has three Linux boxes and he sings always the same song "Get Linux: It's free, it's fast, it's small, and don't get that problems ...". My answer is "Stop worshiping Linus Torvalds and get a girl!".

Still, I stick to M$ OSes.

Too bad that the good old days where a boot disk or a boot CD, more recently, was enough to beat the crap out of infected systems.... in pure DOS. But now, you have to worry more about spyware/malware than viruses themselves, and they are a PITA to remove. And the worst thing is that the McAfee products are not what they used to be ..... I guess John McAfee is not involved anymore with the AV that has his last name on it....

**acstech** · 02-17-2009, 10:36 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by Toasty

What advantage does Linux give you here?

How do you install AVG (or any program for that matter) in a machine that has, quite literally, tied itself in knots?

The last system with this virus-ransomware program that I had come in, took nearly 3 hours to get to the desktop!!

It would not safe-boot at all. It took the Avast! BART CD to get it moving, then a few runs of the others to get it purged.

I then removed both McAfee's and Norton/Symantec's P.o.S. BLOATWARE programs. Man, let me tell you, THAT was a FIGHT!

Neither would uninstall completely until I found some cleaners from their respective tech-support's that do get most of the pieces out. Even after that, they both leave doo-doo in the registry that several reg cleaning runs, still wouldn't purge. Can you say M-A-N-U-A-L removal?

Toast

Linux ignores the Windows permissions, enabling me to backup everything.

My method is to take the hard drive out of the computer I'm trying to fix, then install it in the test computer. The test computer boots it's own hard drive and operating system, bypassing what's on the customer's drive entirely. Then it's a simple matter to have AVG (from the test computer's Windows install) scan the drive. Viruses and other crap come off a whole lot easier when it's not tangled in the running OS.

A dual booting test computer is quite useful.

Norton can be a pain...

**bgavin** · 02-17-2009, 11:03 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by eguevarae

It exists, it is called Linux....

I'll be sure to forward that to all my business clients.
Without a doubt they will instantly throw away all their Windows software and halt their businesses, so they can have a better OS.

I understand the value of Linux, and run it myself.
However, Linux is not a malware removal tool, and that was my question to the forum.

I don't have the luxury of removing drives from client systems while onsite. I use BART-PE and its self-contained operating system, for the reasons above: no removal problems with entangled bugs.

**bgavin** · 02-17-2009, 11:28 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

The Linux Geek

Attached Files

**EGuevarae** · 02-17-2009, 11:34 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by bgavin

I'll be sure to forward that to all my business clients.
Without a doubt they will instantly throw away all their Windows software and halt their businesses, so they can have a better OS.

I understand the value of Linux, and run it myself.
However, Linux is not a malware removal tool, and that was my question to the forum.

I don't have the luxury of removing drives from client systems while onsite. I use BART-PE and its self-contained operating system, for the reasons above: no removal problems with entangled bugs.

I understand you. I removed and cleaned the HD because I was at home, but sometimes (specially with machines that have warranty seals) you just can't.

I can say that Linux is not a malware removal tool, but it is a really valuable help just as BartPE/Reatogo/Hirens is, specially since it can run entirely from CD and is faster (LiveCD anyone?). I don't use it, but have some Live distros that sometimes (specially for backups before reinstall) come in handy.

And here there are more diversity in the OS arena, but I remember one discussion we had in the Tech Support area when I was still in Mexico, when we noticed that when a customer was answering routine questions to leave his machine for repair/diagnose, the Techs just asked "What version of Windows is installed?", instead of "What OS does it have installed?". I don't know in the future, but right now, MS stills owns a very big share of the market ....

Attached Files

**jpdoe** · 02-17-2009, 01:37 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Hi, acstech
I used to use linux in the FAT32 days for backup too, but I never learnt the right way. It would seem there's a mount - time option where you have to choose the right codepage when mounting non - USA codepage windows partitions, or else filenames containing letters such as "ñ", "á", etc. will get garbled.

**acstech** · 02-17-2009, 02:16 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

It's gotten so much easier recently. Literally all I have to do is plug the drive in, turn the computer on, and let it boot. The new drive automatically mounts and shows up as an icon on the desktop. Then simply set it to show hidden files, drag, and drop. Never had a problem with file names. I would guess it got fixed some time ago.

**jpdoe** · 02-17-2009, 04:25 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Thanks for the info, acstech

**PCBONEZ** · 02-17-2009, 08:24 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by bgavin

I'll be sure to forward that to all my business clients.
Without a doubt they will instantly throw away all their Windows software and halt their businesses, so they can have a better OS.

I understand the value of Linux, and run it myself.
However, Linux is not a malware removal tool, and that was my question to the forum.

I don't have the luxury of removing drives from client systems while onsite. I use BART-PE and its self-contained operating system, for the reasons above: no removal problems with entangled bugs.

You could load linux to it's own partition in a dual boot arrangement for 'emergencies' on clients machines.

That way if you -HAD- to you could even walk them through most repairs over the phone.

.

**EGuevarae** · 02-17-2009, 09:20 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by PCBONEZ

You could load linux to it's own partition in a dual boot arrangement for 'emergencies' on clients machines.

That way if you -HAD- to you could even walk them through most repairs over the phone.

.

Never crossed my mind. Good idea now that I think of it. Any version in particular you had any good experience with?

**PCBONEZ** · 02-17-2009, 10:41 PM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I'm a Linux newbie relative to other folks in here.
I think something like Ubuntu would be easiest for clients but you should ask the Linux oldbies to be sure.

.

**acstech** · 02-18-2009, 09:17 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

You will need to become very familiar with it before attempting to distribute it. There are still things that are easier from the command line. Like cloning a disk for example. The "dd" command on the command line works great... if you know how to use it.

Fedora, Ubuntu, OpenSuse, etc. Most will work fine for what you're doing. Instead of dual booting a customer computer, try Knoppix. You can boot it off a CD.

**bgavin** · 02-18-2009, 10:28 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

The boot CD is a better idea than dual-boot, IMO.

Windows Vista does NOT like anything that changes the disk signature. Do that at your peril, and you get a permanent disk load error with Vista.

The only imaging that Vista accepts is one that retains the disk signature. For GHOST, this means a forensic image, disk-only. I've been down the road with partition images, and it is a bust. It kills the Vista installation. No doubt the same with Win7.

I don't know if dd does forensic imaging or not.
Since we are all staying with XP until we die, I suppose it is a non-issue.

BTW, I saw my first instance of Privacy Watcher... egads what a nightmare. It commandeers the entire machine, and you can do NOTHING until you pay the $ demand to purchase it. Malwarebytes will kill it, but only if you have another profile to load from. If "Owner" is the only account on the machine, you are pretty much screwed. BART-PE and manual disable/removal is the only alternative.

**NxB** · 02-18-2009, 10:54 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I see this malware ALL the time. Half of the computers we get have antivirus **** on them. This is the worst malware ever as it pops up windows, disables the task manager and even kills explorer. Some of them run every time you execute anything as they modify the shell open command in the registry. If its a reasonably fast machine, its cleanable with malwarebytes and maybe turning everything off with msconfig. Sometimes I have to boot off an XP or linux live cd and manually delete some of the virus files.

If its super slow and/or filled with toolbars and crapware we usually just reinstall to save us time. It takes less time to reinstall windows than to remove all of the toolbars, OEM crap and viruses. I just keep their user folder and delete other shit as I see fit. Most of these people's machines are poorly configured anyway with old drivers, extensions hidden, system restore and error reporting on.

**NxB** · 02-18-2009, 10:59 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by PCBONEZ

I'm a Linux newbie relative to other folks in here.
I think something like Ubuntu would be easiest for clients but you should ask the Linux oldbies to be sure.

.

Gave one person Ubuntu on their mac mini (not gonna download osx in cd form just for them) and another person kubuntu on an old PII. No complaints from either party. At home I run server 2003 64 and linux mint 64. Linux mint is nicer than plain old ubuntu and doesn't look so much like mac OSX. KDE4 is utter shit so kubuntu is now out.

**i4004** · 02-18-2009, 11:15 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

>If its super slow and/or filled with toolbars and crapware we usually just reinstall to save us time. It takes less time to reinstall windows than to remove all of the toolbars, OEM crap and viruses.

exactly...
and the thing is, they won't really be able to tell difference because they don't use any kind of special or hard to find programs etc.
word, excell, firefox, messanger... that's mostly it..hehe...

**willawake** · 05-06-2009, 06:43 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by 370forlife

I find that Malwarebytes works really well for more common viruses (anti-virus xp, BSOD screensaver, etc...,) and SUPERantispyware works well for the more uncommon viruses.

hmmm this time adaware and spybot let me down. didnt find NOTHING even though i could see this new vundo variant. symantec like to popup joyously finding this dll repeatedly

malwarebytes found a lot of stuff. even some old inactive bits
still working on it though

**EGuevarae** · 05-06-2009, 09:41 AM

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Originally posted by willawake

hmmm this time adaware and spybot let me down. didnt find NOTHING even though i could see this new vundo variant. symantec like to popup joyously finding this dll repeatedly

malwarebytes found a lot of stuff. even some old inactive bits
still working on it though

ComboFix & Malware had worked for me in the past on this instances. Don't forget to check if the systems still boots in Safe mode because after removal I've seen that some systems had lost the ability to boot in safe mode.

Announcement

antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment