Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I want a virus .com 5

Status
Not open for further replies.

jamesbird

Technical User
Jun 4, 2003
216
GB
I'm still not satisfied that I've got a sure fire way of cleaning machines of the AV2009/ AV2010 virus. Seems a bit hit and mis, with combos of Malwarebytes, SpyBot, AVG etc. etc. Best way seems to be to remove drive and as a slave drive run scans then boot it up and scan again. I'd like to experiment to find a reliable 'disk in' sollution, so would like to catch the virus on a test machine.
Strange I know but how can I go about deliberatly infecting myself with the latest and greatest viruseses?
Confused of St Albans
 
I haven't seen that you need anything more than MBAM to get rid of MOST malware. Failing that (or if that fails) there's GMER, RogueFix, ComboFix, SDFix, CWShredder and then bootable CDs (such as Avira or BartPE with Mcafee plug-in).

But as I said, most malware is vanquished by MBAM - game over. If you want to be sure, you can run a scan with the updated AV on the machine that let the threat through (somewhat tongue-in-cheek) but maybe worthwhile.

In terms of catching a malware on purpose - that's perverse, but I understand. Try searching for XP Antivirus 2009 and go to the links.
 
Hi Goom, I agree Malwarebytes is good - if you can get it to run. I find on 'bout half the machines infected that Malwarebytes wont load or if it'll load, wont run.
Ta
 
Then is you haven't already tried this? Re-name the MBAM executable.

Most malware only has one line of defence against a scanner like MBAM and that is to prevent it from running.
They can only really do this by watching the windows stack for the application name.
If its different its much harder to block.


Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
I have personally tried renaming it before, that never works for me. It still does not work once malware attacks it. I have been able to rename the installer before to get it to install though.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
e-freak, that is the ticket... the installer needs to be renamed not the installed app, as you have noted Malware has already blocked it...

with really badly infected systems, well there is only one way to deal with that, NUKE the drive using DBAN or ActiveKillDisk (nothing survives a DoD 7 pass wipe), then reinstall the OS...


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
I use rkill first, then launch Malwarebytes stuff, that seems to negate most of the issues I've had with these virus'.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Running GMER and RogueFix will usually get you to be able to run MBAM.

As stated, starting in safe mode, renaming the installer file and renaming the MBAM.exe executable all help in getting it to run.

Rather than nuke a machine, I'd have that Bart PE CD always ready with Mcafee plug-in and/or the Avira Rescue CD. Even if you only scan the Documents and Settings folder and the Windows folder (to save time) it will usually get the nasties that are keeping MBAM from running.
 
Neither have I actually. Going to try it out next time I deal with that infection.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Now I just need an infected computer to test it on. Oh, if only I had a virus! LOL

--

"If to err is human, then I must be some kind of human!" -Me
 
What are people's opinions about malwarebytes with regards to type of scan? I've been reading recently (don't have the link) that it's been suggested to run only a quick scan and not a full scan.
 
The quick scan is really fast, and the full scan seems really slow. I have found things with the full scan that the quick scan did not pick up.

I'd recommend a quick scan as soon as it's installed, and then a full scan if you think you need it later. If its on your home computer, you could always start the full scan, walk away, and just check back on it whenever you get back to your PC.

--

"If to err is human, then I must be some kind of human!" -Me
 
My problem with full scans on any anti-malware software has always been that they pick up some of my network tools as potential spyware. Most of those tools can be used for nefarious reasons but I need them to prevent people from braking into our network.

My rule of thumb is do a full scan when installing new software, otherwise I do a quick scan. If the quick scan picks up something I do a full scan.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
Check out UBCD4WIN.com, It's a Bert Pe with a lot of good sanners added. I use to do my own Bert Pe that was a lot of work. UBCD4WIN is and easy way to go. I have NOD32, Betdefinder, FileWalker , malwarebytes spyware S&D, super antispyware to name a few that boot and run from the CD and I have not fould any thing that I have not been able to clean yet.
 
Yeah I used ubcd4win as well. Very good cd.

2ffat - Why not tell the scanners to leave the folder with the tools alone? I had to do that with a certain folder of mine. Has tools in it that set off antivirus if I do not tell it to leave alone. Password recovery, keyfinders, etc..

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
So, on the UBCD4win disk, how do you make sure the virus definitions are up to date? I suppose you can load network drivers into that same CD as well, so you can connect to the web?

I really do need to give that a try, sounds like a winner to me!

--

"If to err is human, then I must be some kind of human!" -Me
 
the UBCD4win disk is NOT a BART PE CD (not BERT). It's a linux-based bootable CD with applications integrated into it.

Bart PE is made from a bare bones set of Windows XP software to make it bootable and also to be able to run tools. They're as different as a Zebra and a Skunk, but they both have stripes, if you see what I mean.
 
Okay, I know BART PE, but what is BERT? Or was it a typo?

As far as the UBCD4win, does it run within Windows, or is it a bootable Linux, distro, to look like Windows then? That's got me curious, b/c from the looks of it, it looked like it did the same or similar thing as the Bart PE type setup...

--

"If to err is human, then I must be some kind of human!" -Me
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top