Re: Multi_AV.exe caused PROBLEM!

On Sun, 25 Feb 2007 20:43:31 -0500, "David H. Lipman"
From: "OldRebel2" <OldRebel2@xxxxxxxxxxxxxxxxxxxxxxxxx>

| Yes. None of them found anything and none did anything. I had selected the
| choice to detect only. I think it happened before I even ran the scans.

Did you suffer bad exits before doing the scans?
What circumstances prompted you to suspect malware?
Was any malware found or reported by anything else (other than MAV)?

| Multi_AV is doing things behind the scenes when you first execute it: like
| giving WGET.EXE Windows Firewall exception (as well as needing permission
| from any 3rd party firewall). There's also some explanation in the help file
| that it changes some configuration file to a .bak file, but I don't
| understand all of that. Somehow, I just intuit that it is a goup policy or
| permissions problem, but I am not techincal enough to figure it out.

TweakUI for XP gives some control over the "Welcome" (pre-login)
environment; there may be something there about hiding or presenting
the option to shut down from there.

On a modern PC, briefly pressing the ATX "off" button should issue the
OS an instruction to shut down, rather than simply switch "off".

The Multi AV Scanning Tool menu will do some anti malware measures...

- Backup the etc/hosts file and remove it

That implies any protective HOSTS routing (e.g. deliberately routing
known-bad domains to 0.0.0..0 or 127.0.0.1) will be lost.

- Atrempt to allow WGET.EXE access through the WinXP FireWall
- Restore the default; AUTOEXEC.NT and CONFIG.NT after backing them up.
- Remove local and systempolicies that limit the use of the PC.

Hmm... OK

- Fix file associations corrupted by malware ["batfile", "comfile", "exefile", "regfile",
"scrfile" and "piffile"]

cmdfile?

There is nothing in the MENU.KIX file that disable or remove a button to "turn off
computer".

OK.

It also may close web browsers when it runs?

It would be nice to checkbox these changes for interactive user
(de)selection, so the user's more aware (and in control) of what is
being done. Then again, that may be hard to UI in Kix

If it isn't malware then there some "other" cause. Since I have not examined this concept I
don't know what can cause it.
I can emphatically state that I know what every line of code and function WILL do.

I've not seen issues with the Welcome screen's shutdown item either,
but I have seen stuff on malware involving itself at this level
(MSGINA or similar subsystems affected, as well as Winlogin).



--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!
--------------- ---- --- -- - - - -
.

Loading