- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Sat, 11 Mar 2006 12:55:09 -0500
From: "Panda_man" <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Panda_man :
| Hello !
| I have read your site several times ...and I still remember the address ->
| The tool in Method 1 -> I would never use it.
| Even before downloaded ,Panda is detectiong it as a PUP/Hack Tool/
| I have submitted it to Panda Labs and the answer was NO FALSE POSITIVE =
| REALLY PUP(potentially unwanted software).
| Fortunately , the instructions ( in pandaman.my.contact.bg ) help .
| As I say in the web-site , if the fast instructions fails , the detailed
| helps and I have used Panda Titanium 2006 many times to remove SpyFalcon.
| (IMO -SpyFalcon is easy to remove nowadays) .However ,we have already
| discussed that so please let us not discuss it again .
| Again , thanks for reminding me to quote after the Original Post ,
| well...I'll try it.
| Thanks again.
| Prevention is always better than cure !
| Panda TruPrevent - the most intelligent technology to combat unknown malware
Well here is the 411 on this...
Such software is installed via a vulnerability exploitation or through an already
installed downloader Trojan. In this case it could have been one of the numerous
WMF Exploits or Sun Java. There are there the ZLob family of Trojans.
The problem is you aren't just targgeting the SpyFalcon. It is just the end
result of of an already exploited PC. One the PC is found to be vulnerable there
are numerous modifications to the OS and Registry. The tools that I suggest
specifically target a range of known files, Registry settings, HTML files,
Desktop alterations, Policy settings, etc.
The problem with V software is that it may find a Trojan or some Trojanized files
but they tend to fail in dealing with teh big picture of alterations and
modifications as well as the "sister" infectors that may be associated.
I don't mention,l although maybe I should, about plugging the WMF Exploit
vulnerability. I hope that Windows Update has already done so. However, as seen
in numerous HJT Logs, the Sun Java Vulnerability is addressed. Curing the
infection is only part of the issue, plugging the vulnerability hole is just as
important or there is a liklelyhood of re-infection.
You'll notice that I don't suggest my tool, Secure2K's or noahdfear's tool. Each
has its strengths and weaknesses dealing with the threat as a function of time.
Hopefully the use of multiple tools will mitigate the infection based upon the
fact that each is updated differently and for different aspects. The one thing
that sets my tool apart is not only is it hard coded for the known threats bu it
usdes the Mcafee command line scanner and its Heuristic and signature based
detection to catch what is not hard coded are is not targeted. I can also say
the my version of the SmitFraud Trojan tool is much more broad based and covers
many other threats. This includes the non-rootkit Apropos, Alexa, Delf family,
Surf Side Kick and many others.
- RE: spyware
- From: Malke
- RE: spyware
- Prev by Date: Re: spyware
- Next by Date: ...who bought Webroot ?
- Previous by thread: RE: spyware
- Next by thread: Re: spyware