Five specific threats

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Those whom my background info bores, please skip to ******* below.


I thought I'd only have 3 questions for you guys, but I keep thinking
of more, and it turns out my ex-gf keeps coming up with more too!  

I appreciate all the help I get here.

Although I'm progressing now using the web, and using boot disks from
BitDefender, Kaspersky, and Panda, and Windows-based scanning from
AVG, I wanted to tell you her status in case you have something to say
about these five threats she seems to have had and maybe still does.

She informs me that the computer is very slow and she can't run
Superantispyware or Malbyteware as I told her to, because the computer
won't let them run.

Do you think she made things worse by waiting 6 days to tell me this?

Also, when I left last Sunday, AVG had only found 1 "infection" and
she got no notifications since that time, yet the AVG Virus vault
included these four entries. Did the first Trojan horse invite its
friends to visit?  

Any specific advice about the five items below?

*******

Hmmm, I think my questions below about 1 and 5 are stupid, but she's
either out or asleep by now.  I can check with her tomorrow.

1) Trojan horse Generic 19.EPB
    Google doesn't seem to find this or even 19.EPB.  Should I search
on other terms?  Did she write it down wrong?
2) Could be infected with I-Worm/Hybris
    I'm doing okay on I-Worm/Hybris, unless there is something I
should know.
3) Trojan horse Dialer
    I think I'm doing okay on this, unless there is something I should
know.
4) Virus indentifed Win32/Magistr.B
    Norton has a virus removal tool especially for this one, so I
think I'm okay.

HouseCall found this virus:
5) GT Down
     But I haven't found anything about it, except references to the
GT Down antivirus.  I wonder if she wrote it down wrong.

Thanks.

Re: Five specific threats



wrote:

Quoted text here. Click to load it

Sorry, the references I find are to "Remove AntivirusGT" or Remove
Antivirus GT".  Nothing about "Down".

This must be what she has.  And there are several sets of instructions
for removing it, if HouseCall didn't do everything.



Re: Five specific threats




| wrote:


Quoted text here. Click to load it

| Sorry, the references I find are to "Remove AntivirusGT" or Remove
| Antivirus GT".  Nothing about "Down".

| This must be what she has.  And there are several sets of instructions
| for removing it, if HouseCall didn't do everything.


The biggest problem is you acting as a proxy for her.

Please have her logon to the Malwarebytes; Forum and post about her problems.

http://forums.malwarebytes.org

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Five specific threats



On 9/11/2010 11:47 PM, David H. Lipman wrote:
Quoted text here. Click to load it
Sounds like he's trying to reverse the Ex-GF status.

Re: Five specific threats



Hello, Dave!

You wrote on Sun, 12 Sep 2010 10:21:53 -0400:

 >>
 | Sounds like he's trying to reverse the Ex-GF status.

Ah... a mans work is never done. :)

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Five specific threats



wrote:

Quoted text here. Click to load it

I don't think she can explain them well enough, or in in many cases,
understand normal answers.

Now the current problem is imo deciding which of the five still have
remnants that are causing problems.  I don't want to go over there,
but I'll be nearby this afternoon anyhow, so maybe I will.

Quoted text here. Click to load it

No, no, no.    But I do want to fix this for her if I can, and
everything I learn doing this sort of thing will benefit me on my own
computer, and if another friend needs help.  Frankly, in general I
like learning auto repair and carpentry and anything else on some one
else's property.   Well, I won't attempt to do fine carpentry on
someone else's stuff, but I'm putting together a work trailer for a
friend, and if I make small mistakes, or cut a piece of his lumber too
short, he doesn't mind (he has a lot of projects and he'll use the
short piece somewhere, he says, and he probably will), and I won't
likely make the same mistake when I do the same thing for myself.



Re: Five specific threats



Quoted text here. Click to load it

Typical of more modern malware (Magistr and Hybris are pretty old)

Quoted text here. Click to load it

The sooner the cure, the better. Infected/infested machines should not
be connected to the internet or any other network. Whether or not this
made it worse for her (or her computer) is anybody's guess, but it
probably made things worse for the rest of us.

Quoted text here. Click to load it

While they are in the virus vault, they are no threat. If you are
finding them elsewhere on the harddrive (or other storage device) then
there *might* be a problem. *Where* suspected malware is found is as
important to troubleshooting as *what* suspected malware was found.

Quoted text here. Click to load it

Many times when generic detections are involved, you don't get much
useful information even if you get the name right. Mostly, trojans are
dealt with simply by deleting them.

Quoted text here. Click to load it

That depends on what we don't know. :o)

When it presents itself as a trojan, Hybris can be treated the same way
as a trojan - simply delete it. If it had been executed on the machine,
things get more complicated. It is a clickworm, and might even be a
virus.

Quoted text here. Click to load it

Del


Yeah, any AV worth a damn should handle that one.

Quoted text here. Click to load it

Sounds like this one is the one you need help with (your description
makes it sound like one of the many rogue 'fake AV' scareware
applications). Never heard of GT Down, but these rogues have many names
they can use.

Does safe mode allow you to run MBAM?
Does renaming MBAM allow you to run what used to be named MBAM?



Re: Five specific threats



On Sun, 12 Sep 2010 19:49:19 -0400, "FromTheRafters"


Thanks to all and thanks to you for the detailed answer  

Quoted text here. Click to load it

That's a good question.

Quoted text here. Click to load it

That's a very good question.

I hadn't thought of this.    I'll try them, or better yet, get her to
if I can.


Re: Five specific threats



On Sun, 12 Sep 2010 19:49:19 -0400, "FromTheRafters"

Quoted text here. Click to load it

I didn't understand this at first.  Yeah, she might have been sending
out viruses during this time.  

My gosh, she wrote me!  But I don't think I got anything. I didn't get
any alerts, and I've been testing antivirus boot cd's at least with
quickscans and they didnt' find anything either.

But the bad emails sent fromn her computer might not have been ones
she herself sent, right, and could have gone to anyone in her
Thunderbird address book.   The old viruses don't know about
Thunderbird, unless it's enough like Netscape.    I know even less the
new viruses. :-(

Re: Five specific threats



Quoted text here. Click to load it

My gut feeling is that both Magistr and Hybris were long ago quarantined
(put in the virus vault).

Quoted text here. Click to load it

AV should have no problem with these - nor should you, as they both
present themselves as attachments for their e-mail vector worming.

Quoted text here. Click to load it

Hybris would have gotten addresses from e-mails as they were sent - she
sends to you, Hybris gets your address and later sends an e-mail to you
with itself as an attachment. Magistr depends on stored addresses.

Quoted text here. Click to load it

E-mail vector worms are making a comeback after having been practically
neglected by commercially motivated malware. Mostly, I expect botnets to
use them in their expansionistic endeavors when there is a dearth of
wormable software vulnerability exploits.

...as for viruses, probably the best you can do is use a good scanner on
programs you intend to execute.



Re: Five specific threats



wrote:
Quoted text here. Click to load it

Three little words:

Security Tool sux.

Re: Five specific threats



I agree totally. I've had several viruses get on my system and I've had
to use MBAM, AVG Free, Panda and a few other antivirus scanners to get
down to the root of the problem.

Re: Five specific threats




| I agree totally. I've had several viruses get on my system and I've had
| to use MBAM, AVG Free, Panda and a few other antivirus scanners to get
| down to the root of the problem.

MBAM does NOT target viruses.  I'll bet they were trojans, not viruses.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Five specific threats



 On Fri, 17 Sep 2010 19:08:57 -0400, "David H. Lipman"

Quoted text here. Click to load it

Are you sure?

This is what it says:

http://www.malwarebytes.org/mbam.php

Malwarebytes' Anti-Malware

Have you ever considered what makes an anti-malware application
effective? We at Malwarebytes have created an easy-to-use, simple, and
effective anti-malware application. Whether you know it or not your
computer is always at risk of becoming infected with viruses, worms,
trojans, rootkits, dialers, spyware, and malware that are constantly
evolving and becoming harder to detect and remove. Only the most
sophisticated anti-malware techniques can detect and remove these
malicious programs from your computer.

Malwarebytes' Anti-Malware is considered to be the next step in the
detection and removal of malware. In our product we have compiled a
number of new technologies that are designed to quickly detect,
destroy, and prevent malware. Malwarebytes' Anti-Malware can detect
and remove malware that even the most well known anti-virus and
anti-malware applications fail to detect.


Malwarebytes' Anti-Malware monitors every process and stops malicious
processes before they even start. The realtime protection module uses
our advanced heuristic scanning technology which monitors your system
to keep it safe and secure. In addition, we have implemented a threats
center which will allow you to keep up to date with the latest malware
threats.

Re: Five specific threats




Quoted text here. Click to load it

David and myself are both former employees of malwarebytes. No, it
doesn't target viruses. It's not able to prevent an actual virus nor
disinfect your machine from one.

When you combine malwarebytes with a good antivirus product such as
AVG, or Avast, then you have virus protection and malware protection
which is decent in todays world.

However, malwarebytes alone is not designed to deal with viruses. It
does not take the place of an antivirus product. It is designed to
compliment said product and handle sometimes difficult malware.




--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ."  - author unknown.

Re: Five specific threats



wrote:

Quoted text here. Click to load it

Well the free version won't run live, so it can't prevent anything.
Are you saying even the paid version can't prevent infection by a
virus?

Quoted text here. Click to load it

Are they trying to mislead people?
Quoted text here. Click to load it

But only because AVG or Avast does the virus protection, is that what
you're saying?

Quoted text here. Click to load it

I'm confused.  For a good product like you seem to say it is, like
they say it is, they seem to be unnecessarily lying or going out of
their way to mislead on their webpage.

"Anti-Malware can detect and remove malware that even the most well
known anti-virus and anti-malware applications fail to detect. "

Do they mean this in a clever way, like My lawnmower can cut grass in
a way that the best jackhammers can't.   In other words, "We can find
a few trojans that the best anti-virus and anti-malware fail to
detect, but when it comes to viruses, those we can't find.  But we
never said we could find them, only that we could find something that
the best anti-virus can't.

How come they don't come right out and say they don't deal with
viruses?   Instead of comparing themselves with anti-virus products.

Re: Five specific threats




Quoted text here. Click to load it

If the virus is using a known dropper file, it can. However, it wasn't
designed specifically for viruses. It is designed to compliment your
already existing antivirus solution by providing malware protection and
removal.

Quoted text here. Click to load it

I don't see any confusion aspect. Malwarebytes is a malware scanner not
an antivirus scanner. While the free version doesn't remain resident, it
still contains the same cleaning abilities and detection as the paid for
version. You just have to do a manual scan as opposed to the resident
monitor keeping an eye on things.



--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ."  - author unknown.

Re: Five specific threats



Quoted text here. Click to load it

It's all true, but it still doesn't say it targets viruses. :o)

(although it does have some viruses on its list of malware it is capable
of detecting)



Re: Five specific threats




Quoted text here. Click to load it












| It's all true, but it still doesn't say it targets viruses. :o)

| (although it does have some viruses on its list of malware it is capable
| of detecting)


But we both know MBAM's engine is totally incapable of "cleaning" an infected
file that
has been viral infected.

We also know that there are some worms that may be considered viruses that can
be
arrdicated by MBAM.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Five specific threats



Quoted text here. Click to load it

Still, it is not hard to see why ZingMe was misled by marketing-speak.

...as you said, it is a good supplement to having a good AV program. I'm
sure the programmers would cringe at such claims. :o)



Site Timeline