well, MBAM can detect rogues very well, but - can you even run it without killing the malicious process manually? i don’t think so, regarding my experience with rogues (they block various processes - even cmd - from running, but they allow you tu enter safe mode and get rid of them)… moreover - MBAM seems to be a silver bullet, or is presented this way on various forums, but as Vlk already posted somewhere on our forums - MBAM doesn’t have a full coverage of malware, there are lots of samples that we detect and MBAM does not… sometimes i think MBAM’s focus is only on rogue SW…
and why we don’t detect the sample after a month? there’s always a possibility that a sample doesn’t arrive at our viruslab (or is shadowed by a lot of noise that sometimes comes from VT and similar services - it’s usual to get tens of thousands samples per day), when it is such short-lived piece of malware…
sometimes i think MBAM's focus is only on rogue SW..
That is MBAM's main aim it is complimentary to an Antivirus. However, there are times when even MBAM won't run and we have to use different methods to get the system back. There is no silver bullet to kill all malware - unless you work outside of windows in a PE environment, but that is a 300MB download requiring a second system and CD burner
I will say up front I have no idea what I am doing or if what i have found is part of the problem talked of here. I have a virus called security tool I hae found a few things in the ODBCMs drier Ms drivr*.dbf
excek *.xls
access data base I cannot see what I am typing here as every letter pops up and thn gone so my screen is flashing. Hence this may be a mess sorry if it iis This virus has stopped my Avast in its tracks there is a a white cirle with a bit of red over the avast icon and it has installed it s own icon in the tool tray. If this is a different virus than the one you ar talking about here I could sure use some help iwth it. I may not be able to bget back on my computer so will check back later from another computer. thanks Sandy
I will say up front I have no idea what I am doing or if what i have found is part of the problem talked of here. I have a virus called security tool I hae found a few things in the ODBCMs drier Ms drivr*.dbf
excek *.xls
access data base I cannot see what I am typing here as every letter pops up and thn gone so my screen is flashing. Hence this may be a mess sorry if it iis This virus has stopped my Avast in its tracks there is a a white cirle with a bit of red over the avast icon and it has installed it s own icon in the tool tray. If this is a different virus than the one you ar talking about here I could sure use some help iwth it. I may not be able to bget back on my computer so will check back later from another computer. thanks Sandy
You should have started your own topic when asking for help
That’s right, blame the users for Avast’s shortcomings. Real nice.
It will interesting to see which of the AV companies comes in second place in being able to detect and remove the trojan. Last I checked, everybody is still posting registry fix files and then recommending MBAM. Breaking news - Microsoft Security Essentials is now fixing it (according to the ESET forum). Surprise, surprise… I figured it would Symantec or Kaspersky.
Well they all have these issues. Not all av vendors are so open and frank about it. Well that is also why they do not have a huge userbase like our solution. I am not defending avast in this respect, nor any other resident av solution for that matter. No av solution is able to get the full 100% of the constantly changing enormous amounts of malcode there is. I also think the scanner would be unworkable, so they have to make a choice. Best thing to do next is install layered defense combining av + non-resident scanners to get a better detection and closing the vulnerability window. Then use SafeHex and in-browser security like Fx with NoScript and RequestPolciy will give you almost full protection, apart from targeted specific artful hacks. Everyone can be compromised in the end, even through obscure backdoors. This said, it is also true that every major av solution needs some time from the appearance of a zero day to detection and then to removal. Malware is becoming more and more stealth and rootkitted and webdriven, so blaming a good and decent av solution is an easy task. Upload here, mail avast, come here to the help of the avast users and evangelists and help create an ever better product. We do wonderful things, here, the impossible takes somewhat longer to perform,
Yes MSE is detecting this FOR NOW. From My experience, as soon as this is detected by an A/V the creators change the code. So soon it will be back to square one.
A little like blaming the pharmaceutical companies or health authorities for having not come up with an effective cure for the common cold. Or HIV. Or Ebola.
These things keep mutating.
A users layered protection strategy and common sense are the main things protecting their computer from a parasite-ridden webscape. (Funny how web imitates life, isn’t it?)
The layers I use seem to work just fine.
It’s not at all like that! There are no cures for the common cold. In the case of this particular Trojan, there was a cure available - MBAM!
I can understand that not all AV programs can catch zero day malware before they infect your machine. What I have a problem with is the slow response time of AV community (all except MBAM) in being able to remove it. This particular trojan has been around for over a month and a half. MBAM was apparently able to remove it from the get-go.
Mbam as of yesterday was unable to kill the latest variant - I don’t know how I can get you to understand this, Avast can kill some variants - the update the day before yesterday got a few more. But, and this is the crippler the malware creators can and will change the coding as soon as one AV/AM kills it, then we are playing catch up again.
They do not need to anlayse the AV’s all they need to do is change a few lines of code, tweak the file names, upload to the server and they are done - half an hours work at the most. AV and AW companies must get a sample and analyse it thoroughly - 24 hours maybe - then create the fix and ensure that they get all the files, all the registry changes that the malware creates, without affecting the rest of the operating system
Riverfan: you don’t have to believe, but it was really difficult to collect enough of samples (they’re quite polymorphic) with their contexts (whether they get inside through phishy e-mails or hacked websites, poisoned ad-rotators)… read our blog and you’ll see that it is a really complex task to track modern rogue antiviruses and it must be done for each particular variant… a general rule is - the more samples you have the better (more generic) detection you can make, so there’s really a need to collect at least tens of samples if you want to be effective enough… but this is nothing against a fact that fake antiviruses are a pain of all common antiviruses…
In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.[1]
Encryption is the most common method to hide code. With encryption, the main body of the code (also called its payload) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is executed this function reads the payload and decrypts it before executing it in turn.
Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair are mutated with each copy of the code. This allows different versions of some code while all function the same.
Apart from the minor detail of “there being no cure for the common cold” (partly because it keeps mutating), it is exactly like that. Maybe the examples chosen could have been better. But in the case of a polymorphic file infector, like some vitro variants, for which there is no cure, it’s pretty much a spot on analogy to, say, HIV.
Details of the analogy may be a bit out; the principle is good.
Ok…today I was infected with this stinking thing…my OS is Windows 7…can’t open anything, just get messages that lead to purchase of Antivirus Suite…I followed the directions given in the thread to remove using FixExe and Mbam…it did what it was supposed to, it downloaded onto the infected computer and ran a full scan with one virus detected and removed…but my computer is still infected…nothing has changed, absolutely nothing will open…what can I do now…??? HELP…!!!
And by the way, when it was still infected, I tried running the FixExe and Mbam again and it would not do…just got the virus message I get on everything else…
believe me or not avast too has major problems dealing with internet security 2010 found it as a suspicious file 1 hour it is in the vm i choosed delete option nothing happened
