AndyManchesta

Mines a Sony Ericsson W810i

Cheers R, I'll use that if I ever have problems with AVG but Im liking it up to now as it just does its thing without bothering me, maybe Antivir thinks displaying a full screen nag advert everyday will persuade users to upgrade but it just had the opposite effect on me and ended up getting removed after afew days, probably like most members here the only time my AV detects anything is when its a false positive so I just want one that doesnt nag unless it really does find infections, Thanks for the tip

I was using AOL's Active shield and was really impressed with it, then they decided to drop it for McAfee and the Kaspersky version didnt update correctly for a couple of weeks so I removed it, Ive noticed on another machine here the AOL version from Kaspersky has started updating again now so I tried to put it back on mine but it wouldnt accept the serial number anymore so I put Antivir on it instead but got abit fed up with the nag screen which suggests updating to the pro version everytime it updated so removed it after a week for AVG, then AVG started detecting my SDFix tool as trojan obfustat whatever that is but they fixed it when I sent them a sample so Im going to stick with that now as it looks good At least I got the chance to try out a few different AV's if nothing else

Congrats Andavari, Really well deserved

Im really not sure Humpty but its likely Windows features such as system restore would fail due to the amount of damage caused, if the ghost software allows you to boot from a disk to restore to an earlier image rather than run the .exe for the imaging software which would likely also be infected or corrupt by the virus then it may work but I wouldnt like to be put in a position where I had to find out

Congrats 1984

Happy Birthday Ms Teacup, Hope all your birthday wishes come true

Amiga That brings back memories, I remember thinking Amiga's were the best thing ever around that time as Id updated from an Amstrad 464 (which Ive still got collecting dust somewhere in my attic )

Hi Dennis, I don't think so but this isn't common so its anyone's guess what they hoping to achieve, it sort of defeats the purpose if they damage the system beyond repair as any revenue they would of made from the original malware that gets installed before Virut such as Smitfraud and Vundo type infections will also be lost if the user has to format. Generally file infectors tend to mostly spread using backdoor bots or other network worms so for example a PC gets infected with a IRCBot but the system is already infected with a file infector such as Parite or Virut so it then infects the IRCBot file with the virus then the bot scans random IP's looking for more vulnerable machines to spread to which is usually the first thing bots will get instructed to do when they connect to the IRC channel and because the file is then infected with a Virus it also spreads that to other machines and on it goes infecting each machine it gets on but Virut itself can also be instructed to look for vulnerable systems to infect once that connects to its IRC channel so just keeping a system fully patched and having a strong AV and Firewall would be enough to avoid junk like that. Honeypot sites such as honeynet will pick up Virut/Parite etc that are spreading together with alot of other infections as their sensors act like unpatched systems so I find thats always a useful reminder why keeping Windows updated is essential but if you download and run one of the infected files from the crack sites then even that will not help much. http://honeynet.cz/?mmenu=malware&smen...=en&vmetr=7

The main problem is that AV programs tend to do a great job at detecting the virus once its trashed the machine but not so great at detecting the installer for the infection so it could easily get past the real time protection on some security programs, for example here's the results for a virut installer from last week and only 6 out of 32 vendors detected it at VirusTotal File install.exe received on 09.15.2007 16:28:26 (CET) Result: 6/32 (18.75%) AntiVir 7.6.0.10 2007.09.14 W32/Virut.W BitDefender 7.2 2007.09.15 Win32.Virtob.2.Gen eSafe 7.0.15.0 2007.09.13 Suspicious Trojan/Worm Microsoft 1.2803 2007.09.15 Virus:Win32/Virut.L Sophos 4.21.0 2007.09.15 Mal/Dorf-A Webwasher-Gateway 6.0.1 2007.09.14 Win32.Virut.W File size: 13312 bytes MD5: 5740638882b6e02b0633d985d550519b SHA1: 79888eec0327b4fbce5906fa7a90fefee4d58970

Hi guys, We always say using crack and serial sites is very dangerous as most of the malware around today is distributed from those sites but in the last few weeks they have been adding a file infector named Virut into the bundle and this is coming from multiple keygen and crack sites, Virut will infect .exe and .scr files on the system and once it gets on the machine the only solution is to format and reinstall Windows, you can attempt to clean it using whatever Antivirus program you can think of but the AV programs will also be attacked by the virus, even if they are able to disinfect the files you will find that most of them will not function or run correctly because they have been corrupted by the virus and due to its process injection features such as injecting into winlogon.exe the virus will regenerate after running the scans and reinfect the files. Apart from the damage Virut causes it will also open a backdoor on the machine to allow the attacker full access so the only safe solution is to format and reinstall and with it being a file infector its not even possible to backup any data before doing that. Please consider the consequences before visiting or downloading any files from crack, serial and keygen sites or even accepting those type of files from friends as this is about as bad as it gets Sample Kaspersky scan log attached, No suprises where it came from on that system G:\keygen.exe Infected: Virus.Win32.Virut.l Kav.txt

Thanks Guys, It was a nice day

There's not much you can do AJ once your email address gets on the spam lists except hope most of them are caught by the spam filter http://www.secureworks.com/media/press_rel...70802-botstorm/ http://www.informationweek.com/windows/sho...cleID=201311245

Good choice AJ as the page will contain exploit scripts which will attempt to load infections as soon as it's opened, the recent variants are patching tcpip.sys to load trojan files so it doesnt need other startup entries or show in tools like HJT. http://www.sophos.com/security/blog/2007/07/419.html They've recently changed tactics to spam all sorts of messges but its essentially the same junk http://www.f-secure.com/weblog/#00001255

Hi Mic Its no bother mic, we are happy to help For SFP.exe just skip that part as alot of those files should be genuine, ones connected to gromozon and another is maybe an Adware installer but we can run another scan abit later to see if there is problems, there's probably still an active gromozon infection so removing that is the main concern for now. Let me know if you have any problems with the remaining steps Cheers