Re: Klone Virus
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Sun, 26 Nov 2006 18:41:09 -0500
From: "Gary S. Terhune" <grystnews@xxxxxxxx>
| If it's not a virus, how come you want to use an anti-virus to remove it,
| <gd&rvvf>?
|
That's a good question. I believe YOU know the answer but I'll discuss it for the News
Groups readers.
Malware is the super level term that decribes bad software of the malicious kind. There are
two baseic sub-type of malware. Viral and non-viral.
Viral malware is described as software programs or utilities that hacve the ability to self
replicate. These "viruses" have a few sub-classifications such as "Macro Virus" and
"Internet Worms".
- Macro viruses are codes that exist in the MS Office documents and once a MS Office
Document is loaded into its associated MS Office application, it now has the ability to
replicate whenever a non-infected document is loaded, edited and saved and is thusly
infected.
- Internet worms infect not by direct contact but by the use of Network protocols. This is
examplified by such things and Peer-2-Peer networks, Email, News Groups, mIRC/IRC, MS
Networking (SMB and/or NetBIOS over IP), etc.
Then there are the non-viral malware sub-type which is much larger and many more
sub-classifications that can be; Trojans, Browser Helper Objects, Browser HiJackers,
Dialers, etc, etc.
The MAIN difference is the fact that viruses replicate, Trojans do not self-replicate.
Trojans need assistance such as Social Engineering and vulnerability exploitation.
Getting back to the use of "anti virus" software for Trojans. Many Trojans have a payload
like a virus except they don't spread by themselves. Traditionally speaking, anti virus
software has done well on Trojans. The problem comes from other types of non-viral malware
that make so many OS alterations that the traditional anti virus software galls short and
the anti spyware types of software comes into its own. There *may* be overlap but it is
insufficient to say just an anti virus application or just an anti spyware application is
needed. Unless you truly practice Safe Hex, one needs multiple anti malware applications to
keep clean in Today's Internet connected platform.
Now in the case of the Klone Trojan (which can be named Conhook or act like a Conhook
Trojan) loads via two methods and employs self preservation teqhniques. The Klone Trojan is
a DLL that is loaded as a Browser Helper Object as well as by the Winlogon Notify function.
It is NOT an easily removed Trojan as you can't just stop the loading of the DLL and you
canm't just delete the DLL.
One way to delete the Trojan is to load the Windows Recovery Console and logon as
administrator. The DLL is often found in the; %windir%\system32 folder and you can
rename/delete the file in the Recovery Console becuase it will NOT load the Winlogin Notfy
DLLs nor Browser Helper Objects.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
.
- Follow-Ups:
- Re: Klone Virus
- From: Gary S. Terhune
- Re: Klone Virus
- References:
- Re: Klone Virus
- From: David H. Lipman
- Re: Klone Virus
- From: Gary S. Terhune
- Re: Klone Virus
- Prev by Date: Re: Klone Virus
- Next by Date: Re: Klone Virus
- Previous by thread: Re: Klone Virus
- Next by thread: Re: Klone Virus
- Index(es):
Relevant Pages
|
Loading
