Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Virus ? See attachment.

  1. #11
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    I don't even know what to say about your last post Cider

    What is the procedure? Either reformat or wait for Panda to issue a fix? :P

    It seems that maybe Panda has a bit of a pride issue... I mean no offense... They make great utilities... your post just struck me as funny...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #12
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    This is what I usually do when removing similar infections. First turn off system restore. Then go into safe mode and run combofix and smitfraud fix. Usually if there's one there's going to be more so I'd do a full run of AV scans.

    "You see I work for Panda so using 3rd party tools is abit of a no no"
    Seriously, no single software gets everything. For really bad infections I pull the hard drive and have a scanner machine with several AV programs including NOD32, AVG, Antivir, Blink, and SuperAntispyware. There are many times when several programs pickup things the others don't. I'm not saying you need all this for your problem but if you really want to clean a system you need more than one tool.
    Last edited by CyberB0b; March 30th, 2008 at 02:42 AM.
    sandwich.

  3. #13
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    Well I can see you situation, but alas its a lot faster and easier to use the smitfraud fix than to do it manually.
    In fact I did one of these just today manually, I removed privacy_danger which was dropped by privacy protector and of course the trojans and adware that also crippled that poor laptop.

    I booted into a pe environment similar to bartpe and pulled up a file explorer then started looking at all file stamps that were suspiciously new. In the case of this computer march 27, 2008 is when the infections hit. So anything from a few days prior to today pretty much got deleted. There are some exceptions such as the wpa.dbl file which has a timestamp of the current day but is a valid file. Too wrap up, I deleted around 2 or 300 of these trojans, and adware files in this way which takes time and is not recommended for the novice or telling someone to do over the phone if they havent done it before. Always check out the files name and its properties for signatures before deleting.

    After the above steps, its time to boot into safe mode and use the av/as software to clean up the rest. Deletion of temp files, and startup entries is best to do in the PE environment but can be done in safe mode.
    Last edited by Darksnake; March 30th, 2008 at 05:49 AM.
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  4. #14
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Thank you for everyones replies.

    don't even know what to say about your last post Cider

    What is the procedure? Either reformat or wait for Panda to issue a fix? :P

    It seems that maybe Panda has a bit of a pride issue... I mean no offense... They make great utilities... your post just struck me as funny...
    No offence taken! I know it seems funny, but I post here to see what everyone thinks. I do scale it up to Panda Labs to check it out. Its not that I dont go through Panda, I just want to see what everyone else is doing so I can make some judgement on the matter with the client.

    You see, Panda will only go PANDA'S way and no other way obviously. So by me posting here I see the general vibe on the particular subject, just not one sided.

    And I dont trust google

    But thats for your replies.

    Panda has said that with an updated signature file all the smithfraud variants should be taken care of ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 08:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 02:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •