Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

  1. #1
    notuserfriendly Guest

    Default Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi.
    I have been infected with AntiVirusPro (Oct 2008) AntivirusPro 2009 (November 2008) and now Green Antiviruspro (or whatever it is called now; I immediately blew it away with Malaware).
    My point is that I have been covered by ZoneAlarm Security Suite for the entire period.
    I just renewed my license and was hit by the latest version of the virus.
    It seems that every time a new variant comes out I get hit.
    Malaware is able to deal with it, but not you.
    Please address this issue.
    Latest malaware logs follow:
    Malwarebytes' Anti-Malware 1.33
    Database version: 1722
    Windows 5.1.2600 Service Pack 32/3/2009 9:11:29 PM
    mbam-log-2009-02-03 (21-11-29).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
    Objects scanned: 170488
    Time elapsed: 3 hour(s), 14 minute(s), 38 second(s)Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1Memory Processes Infected:
    (No malicious items detected)Memory Modules Infected:
    (No malicious items detected)Registry Keys Infected:
    HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:
    (No malicious items detected)Registry Data Items Infected:
    (No malicious items detected)Folders Infected:
    (No malicious items detected)Files Infected:
    C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.


    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi!actually you should check how you got infected. This software must be installed to infest a PC.So you must have run an installer. But if you already know how these rouge scanners workswhy you keep installing them?Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    ssri Guest

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi Fax - do you think the malware software used by this user is not good? This apart, other scanners like SDFix identify and delete trojans that evade excellent SS like ZA. I am sure a lot of ZA users have installed these type of anti-spyware products in addition to ZA on their machines.

    Could you please tell us your expert opinion on (1) what you think of these software (malwarebytes, SDFix, etc.) and (2) a couple of additional spyware and malware software that can be used by us, say once a week or so You are obvioiusly far more experienced than a lot of us.

    thanks
    SSri

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi!I usually suggest (see link) a couple of good malware scanners as part of the usual cleaning procedure.http://forum.zonelabs.org/zonelabs/b...essage.id=3780 Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    ssri Guest

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Thanks. Sorry I cannot see any scanner suggestions.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!


    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    ssri Guest

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    That's brilliant. Thanks Fax

  8. #8
    notuserfriendly Guest

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi Fax.
    Thanks for the reply.
    This last infection came disguised as a bona fide update to iTunes.It was a funny update; it wanted to update so I updte it; then it wanted to update again.
    So I did.
    I expect that the
    second update was
    the trojan.
    How they got it there, how they knew
    my son subscribes to iTunes... I don't know; I'm sure we can entertain long discussions on the possibilities.
    But...
    This code came to me with a signature.
    We all know this.
    I would
    expect Zone-Alarm to have come into play when a) that that signature
    was detected as a file was downloaded or b) more likely, as the file was
    uncompressed.
    I don't recall whether
    ZA has an option for scanning compressed files...


    After it was installed it DEFINITELY had a recognizable signature.
    You still didn't find it.
    Please let me qualify that statement for 100% accuracy; I ran full scans the first two infections; the last infection I went straight to Malaware (and purchased a license this time; it seems better at recognizing this signature than ZA does.
    So,<ul>[*]this is a virus[*]it has a recognizable signature[*]it infected my computer[*]ZA was unable to proactively detect the signature at download[*]ZA was unable to detect the signature after infection[/list]Please don't take this personal, but I feel that ZA was totally ineffective in doing what AV software is supposed to do.

    Please, also, temper your response with the knowledge that I am a Unix Admin, and one of my responsibilities has been the administration of Sophos in a university environment (email protection).
    The Windows folks also loaded Proventia Desktop on the desktops.
    Lots if iTunes, lots of Facebook (a site where this problem reportedly lurks), no infections.

    Thank you for your response.

  9. #9
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi!well, the substance is that first, you have to visit a specific questionable site before, secondly you have to allow something to beinstalled.. and finally the definition of that virus was not yet in ZA database (they change them on daily bases to avoid detection).Please note that ZA uses Kaspersky engine for malware identification. Proactive protection may have popped up asking if you allow XXX to do YYY. But considering that you just thought it was itunes then the proactive protection is ineffective...No malware scanner can detect 100% of malware out there... you should send the executable to kaspersky so they can add it to the malware database.You should carefully check your system with other tools than MBAM, to ensure you are 100% clean. See my link in previous posts.Cheers,Fax

    Message Edited by fax on 02-05-2009 06:21 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  10. #10
    ssri Guest

    Default Re: Why Can't You Deal With AntiVirusPro??? I've been infected 3 times!!!!

    Hi,

    One thing you may want to consider using is SDFix. Save it on the local disk. Double clicking would install it on the root directory. CAUTION: SDFix IS A VERY POWERFUL TOOL. You have got to be very careful with what you would delete on the basis of logs it generates. PLEASE DO NOT USE IT IF YOU FEEL UNCOMFORTABLE USING IT. SINCE YOU SAY YOU ARE A UNIX ADMIN, you may probably have substantial experience in tackling these issues. Once you install SDFix, please reboot in safe mode as SDFIX works only in the safe mode. Exectue SDFIX in safe mode, which works as a command prompt. Follow the commands. This is supposed to be pretty good in removing a lot of trojans including varieties of backdoor trojans. It will automatically remove any trojan infections found in your system. Except running it to remove the trojans, I would not remove anything else on my own although I would not mind posting the logs to malware staffs.

    thanks
    SSri

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •