Win32/RAMNIT.A Anyone? - Page 6

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Win32/RAMNIT.A Anyone?




| On 8/4/2010 1:53 PM, David H. Lipman wrote:



Quoted text here. Click to load it





|      Well it's time you learned.

I've been studying malware since I had to erradicate the "Jerusalem.B" from a
Novell 2.11
network.  That was a true file infecting virus.  I have been at this long enough
to say
emphatically, YOU need to learn otherwise do NOT call yourself a professional.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Win32/RAMNIT.A Anyone?



On 8/5/2010 2:25 PM, David H. Lipman wrote:
Quoted text here. Click to load it

          What makes me a professional is knowing what I'm
doing. Remember this whole thing started out because someone
wasn't "professional" enough to think of backing up so they
won't lose data by clearing restore points.

John

Re: Win32/RAMNIT.A Anyone?




Quoted text here. Click to load it

IAWTP


--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ."  - author unknown.

Re: Win32/RAMNIT.A Anyone?



Quoted text here. Click to load it

Yep, clear as rain. You don't know the terminology, don't care, yet we
are supposed to believe that you know what you are talking about.

That's it, huh?



Re: Win32/RAMNIT.A Anyone?



On 8/2/2010 2:46 PM, FromTheRafters wrote:
Quoted text here. Click to load it

     "Virus" is both a generic term and a specific term. Why do
you think they call the software used to clean trojans and
worms, "Anti-Virus" software? I'm sure you don't think that they
only clean viruses and leave trojans and worms alone. It's all a
matter of semantics. Just about all of the major anti-malware
vendors have products that they call Anti-Virus. This is because
it just stuck. You're a professional and you don't know this?

     I know exactly what I'm talking about. So tell me what
tools do you use to remove worms and trojans from computers? Are
any of them called "Anti-Virus" software?

     I also know that words can have dual meanings.


John

Re: Win32/RAMNIT.A Anyone?




[...]

Quoted text here. Click to load it

Yes, but that is beside the point.

Some antimalware applications rely on cryptographic hash algorithms to
identify known malware. This doesn't work very well with some
polymorphic self-replicating malware (viruses and worms). Some
antimalware applications check autostart methods as a way to detect that
malware is installed - true viruses don't need any autostart mechanism
at all (they start when an *infected program* runs as a matter of
course. The methods needed to detect, identify, and remove malware
generally, and replicating malware specifically are *different*.





Re: Win32/RAMNIT.A Anyone?



On 8/4/2010 2:48 PM, FromTheRafters wrote:
Quoted text here. Click to load it

     No that's the point entirely. The word "virus" is
acceptable to just about everyone except a few anal retentive
people who love to go around correcting everyone.

John

Re: Win32/RAMNIT.A Anyone?




| On 8/4/2010 2:48 PM, FromTheRafters wrote:

Quoted text here. Click to load it



|      No that's the point entirely. The word "virus" is
| acceptable to just about everyone except a few anal retentive
| people who love to go around correcting everyone.

Its is ONLY accecpted by the "uneducated" person.  The ones who get infected!


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Win32/RAMNIT.A Anyone?



Quoted text here. Click to load it

...and ignorant people will still call themselves professionals I
suppose.

Talk about anal.



Re: Win32/RAMNIT.A Anyone?



Quoted text here. Click to load it

...and ignorant people will still call themselves professionals I=20
suppose.

Talk about anal.=20


Now I've been trying to follow this thread, and I may have  got the =
wrong end of the stick somehere but, I would like to point out that I =
fully respect David H Lipmans' persistance in clarifying malware =
terminology / categrisation,
indeed, I've found it VERY useful on several occasions.

And for those other malware "professionals" out there, I'd like to point =
out that David H Lipman is held in the highest esteem by many people =
inc. myself, ...and who also consider him to be one of the foremost =
authorities in the field of malware, so much so that when I have an =
interest in a specific variant, and I'm wading through a thread, there's =
only a few I need to read - David H Lipman first - and a few others.  I =
particularly avoid reading posts by one or two  particular "know-all's" =
because of their condescending and ignorant attitude.

enough said :-)

regards, Richard

Re: Win32/RAMNIT.A Anyone?



RJK wrote:
Quoted text here. Click to load it

An interesting comment, Richard.

You say that you hold Mr Lipman "in the highest esteem". Tell me why! Do
you know who he is and by whom he is employed?

AFAICT - he's just another unknown entity posting on Usenet. You
obviously trust his word - but how can others *really* know the truth?

If he was a *real* professional, he'd check his spelling before he hit
the send key! ;-)

Regards,

Dave

Re: Win32/RAMNIT.A Anyone?




RJK wrote:
Quoted text here. Click to load it

An interesting comment, Richard.

You say that you hold Mr Lipman "in the highest esteem". Tell me why! Do
you know who he is and by whom he is employed?

AFAICT - he's just another unknown entity posting on Usenet. You
obviously trust his word - but how can others *really* know the truth?

If he was a *real* professional, he'd check his spelling before he hit
the send key! ;-)

Regards,

Dave

I won't be drawn into this one too much !  ...other than to say,

"AFAICT - he's just another unknown entity posting on Usenet," so what !
I've always been impressed by my sixth sense, (modesty completely aside for
a few seconds), and its' rarely ever proved me wrong.
Regarding your other peculiar observations / questions :-
Your perpesctive on the "the truth" seems to be a unique, (and abnormally
persistent and unperceptive), point of view !
"spelling" ....well, ...we all "typo" now and again, it's usually blatantly
obvious what the intended letter or word was from the context, (context
means "surrounding text" - in case you don't know what "context" means), and
to negatively comment on other peoples spelling, esp. when there is an
obvious typo, is bit pathetic to say the least.

regards, Richard

ps ...please don't waste any more breath on the topic, if you have
sufficient intellect, you'll agree that your points have been fully
addressed.  Pusuence of my response would simply be indication that you
simply cannot, or choose not, understand what you're reading !












Re: Win32/RAMNIT.A Anyone?




Quoted text here. Click to load it

Hi FTR......been up this way lately?  We are off to Quebec City on Labour
Day for 5 days of sumptuous feasting, etc.  Must brush up on my French.
8-))



Re: Win32/RAMNIT.A Anyone?



Salut Heather

Long time . La Ville du Quebec is beautiful and a lot of things going on there
especially on the Plains of Abraham on Labor Day week-end

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect

Quoted text here. Click to load it


Re: Win32/RAMNIT.A Anyone?



Thanks Peter........we love the ambience and history and have been going
there for about 40 years for short holidays.  This time we are splurging and
staying "inside the Walls".....lol.  And flying down rather than a long
drive from the GTA.  I am really looking forward to a meal at Louis Hebert
and a few little bistros that we like.

--
Cheers......Heather

Quoted text here. Click to load it



Re: Win32/RAMNIT.A Anyone?



Quoted text here. Click to load it

Canada, not since our Niagara Falls trip - which was actually due west
from here.

Quoted text here. Click to load it

Now that *is* up there...perfect time of year to visit though.



Re: Win32/RAMNIT.A Anyone?



On 8/6/2010 5:13 AM, RJK wrote:
Quoted text here. Click to load it

      That's all well and good but this conversation was not
just about malware. It started out when Dave said he was
reluctant to disable system restore because he wanted to keep
the restore points. Well that problem would be solved by a
simple backup. I think he got a bit angry because he overlooked
something simple. So many times people who are programmers or
people who don't regularly work in on site repairs tend to lose
people skills and commons sense skills. I've been doing repairs
for about 25 years and made a good living doing so. I never
needed to advertise because I got more business by word of mouth
than I could handle.

    Since this thread started people have tried to change the
subject when they lose an argument. That's how we wound up on
soldering irons and leaking capacitors.

John


Re: Win32/RAMNIT.A Anyone?



...same old hair being split again an again :-)

...when someone dumps a system box in my lap, or pleads down the 'phone, he
or she often suspects that "...there's a virus in it."

:-)

regards, Richard



Re: Win32/RAMNIT.A Anyone?



Quoted text here. Click to load it

Calling self-replicating programs "viruses", coupled with the fact that
almost all malware in existence at one time were indeed
self-replicating, led to the popular lexicon's adoption of the term
"virus" to mean the same as "malware". The idea that a computer could
catch a cold virus is *too damned sexy* an idea for the populous to let
go of - they 'prefer' to call any 'bad computer stuff' a virus now.

Be that as it may, three of the groups posted to are technical in nature
(even have "virus" in their names). Ask a question about whether a virus
could infect a data store (no, it cannot), you might get a wrong idea
about where *malware* can be hiding. Viruses are rather unique, and
despite Aunt Polly's refusal to use the term *malware* - there *are*
important differences in the terms, and people should be educated as to
that fact.



Re: Win32/RAMNIT.A Anyone?



FromTheRafters wrote:

Quoted text here. Click to load it


Being pedantic and specific, FTR - explain why viruses are not simply
'unique' - are they is some way /rather/ special? ;-)

--
Dave - and all along I've thought 'malware' was the more modern term!

Site Timeline