Re: Pop Up MALWARE: winfixer2005, winantivirus etc.

From: BobH (robert_at_grandecom.net)
Date: 11/28/05 

Date: Mon, 28 Nov 2005 10:32:21 -0600

I downloaded, and tried SUPERAntiSpyware. I did a complete scan on my
computer, and it came up clean. Zip.....nothing! Then I ran Spy Catcher,
provided in a Internet Security Suite by Cox Internet, and it found the
following: "Trojan.Win32.Dialer.hc", and deleted the file with Spy Catcher.
Why wouldn't this be found in the SUPERAdBlocker program? In a couple of
days I will rerun both and see what comes up.
"Nick Skrepetos (SuperAdBlocker.com)" <nicks@superadblocker.com> wrote in
message news:BIadnVO0-8_IDhfenZ2dnUVZ_tudnZ2d@giganews.com...
> Hello,
>
> Yes, the removal should be simple, and it is with some spyware scanners,
> and
> not so with others.
>
> To answer your questions:
>
> 1) Typically you/programs are denied access to the files if another
> application has the file open and has not closed the handle and does not
> open it with sharing. May spyware/malware applications do this to prevent
> getting the MD5/fingerprint of the application, or examining the contents
> of
> the file. There are two direct (and more) ways for applications to get
> around this limitation, both of which we employ in our SuperAdBlocker |
> SUPERAntiSpyware product. This involves finding the open handle and using
> it, or reading directly from the volume in the native format which will by
> pass all of Windows security and protection. This involves parsing the
> NTFS
> or FAT volume directly.
>
> 2) Many kernel level drivers, now referred to as "rootkits", can protect a
> file so that the operating system cannot access it at all, but it's own
> processes can have full accesss. This can involve a filter system filter
> driver or API hooking driver to accomplish the protection and hiding.
>
> If you still have the infection, you may wish to try Super Ad Blocker with
> SUPERAntiSpyware:
> http://www.superadblocker.com
>
> Super Ad Blocker | SUPERAntiSpyware offers several unique features such as
> using a system level driver to delete detected items, so pests do not come
> back once detected and cleaned.
>
> Super Ad Blocker offers a fully functional 15-day trial. You can scan and
> clean your computer and then remove Super Ad Blocker if you do not wish to
> keep it. We do appreciate when users support our development efforts by
> purchasing the product :)
>
> If that does not find and/or remove the spyware/adware on your machine,
> you
> can submit a diagnostic and I will diagnose your machine for free and post
> the results back to the group and update our rules with anything found:
> http://www.superadblocker.com/diagnostic.html?id=nicks
>
> You may also wish to "see" what is running on your computer here:
> http://www.fileresearchcenter.com
>
> Nick Skrepetos
> SuperAdBlocker.com - SUPERAntiSpyware
> http://www.superadblocker.com
> http://blogs.superadblocker.com
> http://forums.superadblocker.com
>
> ** Please note that I am the author of the above programs and sites and I
> do
> have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
> FileResearchCenter.com. You, the user, have no obligation to purchase the
> software and are free to try the software, clean/fix your system, and then
> uninstall.
>
>
>
> <xlurker@lycos.com> wrote in message
> news:1133153859.258769.120390@g14g2000cwa.googlegroups.com...
>> All of these fixes may be a very long trip to what should be a very
>> short and quick solution. I have an application which overwrites files
>> with random numbers. I would use it on the file with the virus if
>> access to that file were not denied.
>>
>> Does that infected file generate this problem? Why are Symantec and I
>> denied access to it? How can we disolve that denial? Why could Symantec
>> not quarantine that file so that no code from it could ever run?
>>
>> Anyhow, I ran Spybot and the Symantec FixVundo utility on 11/27/2005.
>> FixVundo created a log which includes:
>>
>> "Trojan.Vundo has been successfully removed from your computer!
>> Here is the report:
>> The total number of the scanned files: 183114
>> The number of deleted files: 0
>> The number of viral processes terminated: 3
>> The number of viral processes suspended: 3
>> The number of viral threads terminated: 7
>> The number of registry entries fixed: 2"
>>
>> When I next rebooted after running FixVundo, the virus alert
>> immediately appeared as it had before.
>>
>> The Spybot search and destroy function delivered a list of what it
>> thought were suspicious cookies. All of those looked innocuous to me
>> except some in a folder with WinFix in its folder name. I let Spybot
>> kill the cookies in that folder. However, I do not intuit that cookies
>> can execute a pop up intrusion.
>>
>
>

Quantcast