A Detailed Malware Removal Guide - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: A Detailed Malware Removal Guide

  1. #11
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Yes I know it is a valid tool but I suppose from managements perspective is that, how can I ask for a Hijackthis log. The customer will see trend and would say to himself, why dont I jsut buy Trend?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #12
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    @ moxquito

    This one is supposed to work with Vista:

    http://www.pcworld.com/downloads/fil...scription.html

    I have only used it with Win 2000 myself.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #13
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by Cider
    Yes I know it is a valid tool but I suppose from managements perspective is that, how can I ask for a Hijackthis log. The customer will see trend and would say to himself, why dont I jsut buy Trend?
    Hmm.. well looks like management needs to look at it's marketing approach..
    but then HJT is not a tool to leave in the hands of any user.. they have a bad habit of thinking everything HJT lists is bad.. and they remove it.. thinking that they know more than you...
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #14
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    The customer will see Trend and would say to himself, why don't I just buy Trend?
    Errrr,

    1. Trend don't sell HJT
    2. Trend don't ship HJT with their products.
    3. Trend don't support HJT.
    4. HJT doesn't interface with any Trend products.

    Having said that, I don't think that tier 1 helpdesk for an AV product should be messing around at that level of detail, and certainly not encouraging customers to run something as dangerous as HJT unsupervised. You really don't have the time for that?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #15
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Well even after all those comments, we have a number of malware cases pending at the moment and now one of the 3rd level technichans has asked for a HJT log.

    One person says no cant use it, the other asks for it?

    lol!
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #16
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Cider,

    This is a difficult one to call. On the one hand if there is new malware out there you want to find out about it. On the other hand the customer will probably not be too impressed that your product didn't detect/prevent it.

    You have to consider the legal angle here? If you go to a site and it secretly loads some adware/spyware crap on your machine then you would detect that and offer to remove it (or just block it). However, there is still a fair amount of crapware that comes bundled with some P2P, application, or fancy screensaver. You have logged on as administrator and installed that without reading the small print. Even getting caught by loading warez may go undetected, unless it is known malware like a backdoor or trojan.

    You do need to be very sure of your ground before branding some of this stuff "malware"

    Most modern security suites have the option to scan for "potentially unwanted programs", "warnings" or whatever, but this seems to be turned off by default? perhaps your first move should be to advise the customer to turn it on, update, then do a full scan after rebooting into safe mode.

    I suspect that you have something of a local problem over there in SA? given that your bandwidth is severely restricted.............. people will be less inclined to patch their OS and applications if they still seem to be working OK? Now, where you have an exploit using a vulnerability, you cannot really expect your security suite to spot that, as the vulnerability is a part of how the software is apparently supposed to work.

    One person says no can't use it, the other asks for it?
    Which one is the more technically competent?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #17
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    That is exactly right Nihil - People dont patch their OS because they will use there monthly cap up. I know witht he blaster or sasser (the one which shutsdown) can be stopped by patching windows.

    Try explain that to a customer

    I am getting alot of this Windows antivirus 2008/9 with clients. I cant give them spybot but it always lands up as they installed another AV and it detected it, no problem.

    I used Spybot on the machine here in the office and it cleaned and fixed it ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #18
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hmmmm,

    I am told that Windows Defender will do the job. Haven't tried it yet as I haven't managed to obtain a copy of the scumware Normally I would describe it as "scareware" but this one has deliberate or inadvertent flaws in it that could result in your machine being owned. Trojan behaviour in my book.

    http://www.microsoft.com/windows/pro...r/default.mspx

    I would suggest you use the following script (once you are happy that it is Antivirus XP or Antivirus 2008):

    "I am terribly sorry to hear about that Sir/Madam, and can tell you that Microsoft are aware of the problem. They have issued a free solution and will doubtless issue a patch for their operating systems in due course......... you do keep your operating system up to date don't you?" Then just send them to the link above.

    You had better get clearance, and do not suggest it to someone running Windows 2000 (WD doesn't support it) or XP before SP2.

    Do point out that security suites cannot distinguish some sorts of attack because they are operating system or application related, and cannot be distinguished from legitimate activity.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #19
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by Cider
    That is exactly right Nihil - People dont patch their OS because they will use there monthly cap up. I know witht he blaster or sasser (the one which shutsdown) can be stopped by patching windows.

    ...
    HOLY CRAP...

    Sasser and MSBLASTER patches were part of SP2..(RPC and DCOM services) I thought many AV's didnt work with Pre SP2 now?

    beside I have almost forgotten the last Blaster/Sasser infection I had seen..

    If peop[le are concerned of their ISP caps.. then.. why not get the SP's on CD from MS.. or cheaper.. sometime PC Mags carry the officila MS SP CD on their cover...

    The Idea of a any retailer, whatever it is, is to offer the client solutions..
    Q: "hey i need a hole in the wall" -- A:"I will sell you a drill"

    in this case if the client isn't running a patched system you can not sell them the full solution... it is like selling a parachute with only half the nylon sheeting..
    YOU HAVE TO OFFER THE FULL SOLUTION..
    If your company is selling and supporting a product.. you want the product look the best.. so if it means finding a way of providing the MS patches to provide minimum protection then so be it..

    sort of shoots many AV providers in the foot.. not checking for basic level of patching.. bit like a car without a fuel gauge..


    I spent part of this week training a group of salespeople ..not in sales but PC use.. biggest problem.. they would click on EVERY SINGLE POP UP and READ EVERY SINGLE EMAIL OPENING EVERY ATTACHMENT.. while we were locking down their local mail and blocking many questionable sites.. we didn't want to block Webmail.. so we had to train them .. was it easy? NO these guys are salesmen.. the dumbest of the dumb.

    My point.. the biggest vulnerability was, is, and will continue to be.. the USER
    Last edited by Und3ertak3r; August 15th, 2008 at 12:51 AM.
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #20
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    True True

    I will look into maybe sending out say SP2 + SP3 with our software. Im not usre of the legal implications though.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. Replies: 2
    Last Post: June 21st, 2008, 07:51 PM
  2. Malware Removal
    By alakhiyar in forum The Security Tutorials Forum
    Replies: 1
    Last Post: December 17th, 2006, 10:31 AM
  3. The Antivirus Defense-in-Depth Guide
    By jinxy in forum AntiVirus Discussions
    Replies: 0
    Last Post: June 2nd, 2004, 01:33 AM
  4. LOVEGATE_J on the rise
    By thehorse13 in forum AntiVirus Discussions
    Replies: 3
    Last Post: May 23rd, 2003, 01:35 PM
  5. MY trojan removal guide
    By khakisrule in forum The Security Tutorials Forum
    Replies: 7
    Last Post: July 10th, 2002, 02:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides