Re: Can't stop a Zombie EMailer



Points taken, also just so to make it clear im but of no competition to anyone or you in such matters -
Im just here to help add to such i dont use tools quite often to assist someone with malware, virus or so rootkit concerns, perhaps in detection but in removal i rather do it manually to identify the strand origin and functions. But recently they cant keep up with the changes and modification of some droppers and rootkits that you or I have to identify. I did by purpose refer him/her to the support
not only for removal but as well as identification, removal ( possibility of return ) and preventive measure and possibly if it would be allowed extract some sample which will help others, but then again thank you for helping him/her directly - bottom line he/she got a good assistance.



"Dustin Cook" <bughunter.dustin@xxxxxxxxx> wrote in message news:Xns999D6AA00C384HHI2948AJD832@xxxxxxxxxxxxxxxx
"Milo \(MSPSS\)" <V-4jpaca@xxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:7323FEB8-1CBF-4C10-9F21-DA54AE7BC545@xxxxxxxxxxxxx:

Actually thats the first step cut off the bits/data supporting the
code from within... then after such the system would be stable enough
and (non replicating since the source has been block ).

stable enough? Perhaps you misunderstood the authors post then. The
program he had is a variant of gaobot, and while it's resident, your not
going to find the executable. Btw, the author has already resolved the
issue he had. Your advice didn't help, but mine did. :)

Bart PE comes in handy for situations like that, and I doubt microsoft
would recommend it. I've already recieved the executable and determined
what it'll do and what it will not do. While I appreciate your efforts,
malware isn't something you seem to specialize in.

And for further identification use a proper tool for the removal or so
I would recommend to call Microsoft Security US/CANADA ( 866 727 2338
) for added asssistance

And again, gaobot is stealthing, while it's running it makes an effort to
hide the executable. If the malware has control of the machine, the
scanning utility is it's bitch. That's just how things are. As I said,
your method would prevent it from mass mailing, but would not do anything
to fix the issue.


--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@xxxxxxxxx
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

.