Re: Can't stop a Zombie EMailer



What's in a Name? <maxpro4u@xxxxxxxxxxxxxxxxx> wrote in news:fb9b33$s3h$1
@aioe.org:

On 8/31/2007 9:24 AM, Dustin Cook after much thought,came up with this
jewel:
What's in a Name? <maxpro4u@xxxxxxxxxxxxxxxxx> wrote in
news:fb96ol$d6s$1@xxxxxxxx:

On 8/29/2007 3:10 PM, JP after much thought,came up with this jewel:
I have discovered a Zombie Emailer running on XP Home.
It is sending enough email to bring down the LAN. After a few
seconds, all hell breaks loose I have used 3 different Virus
Scanners, and 2 different Rootkit finders. Nothing. I further
checked it with HiJackThis, and with Autoruns. Any suggestions.
Flatten/restore clean image(you do have one,right?)
Buy a bigger rubber. What do you use now,if I may be so bold to
ask?(so I know which one I should stay away from)
max

He had a gaobot variant. We both know how annoying those are, and they
stealth fairly well too.

That's why I said flatten/restore clean image. Some cleaning can take
hours if not days of headaches. Better spending an hour or so looking
for those restore disks!

It just depends on the situation. If they're just workstations and don't
contain too much customized configuration data, I'd agree. But his issue
wasn't really too big of a deal. He was already half way there to finding
the little pest anyhow; He just needed a way to be able to see what was
going on without the pest rerouting some functions and hiding.

Home computers are usually different, usually best to clean them, make
sure they are clean as best as your abilities allow for, and keep an eye
on the machine. If you have the right software (a utility similiar to
bughunter for example can tell me which if any windows main files aren't
what they should be. It'll also have information on common legitimate
installed software. The utility isn't ready for general public use yet,
but it's coming soon). I believe it'll go a long ways towards detecting
modifications made to key windows system files that allows some malware
to come back the moment a live internet connection is discovered.




--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@xxxxxxxxx
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################
.