Jump to content

fatdcuk

Members
  • Content count

    627
  • Joined

  • Last visited

About fatdcuk

  • Rank
    Malware Hunter
  • Birthday 01/01/70

Contact Methods

  • Website URL
    http://www.malwarebytes.org/index.php

Profile Information

  • Location
    England,UK
  1. Is this a file of SAS

    No is not SAS file as SAS uses setnames for their files and not randomized naming
  2. Antivirus XP 2008-2009 Rouge Antivirus

    SAS will handle it Well just to balance the coin abit,its not a streight forward *yes* answer and i speak from personal experience whilst testing SAS and later uploading new malwares to SAS hq.It more of a "high chance" its got it covered. New variants of these fraudwares are being distributed/created 24/7 SAS has a very high sucess rate against them because it is updated so quickly to deal with new variants as they emerge.It updates a lot quicker than most of its rival ASW,AT's and AV's and this accounts for its high probability of sucess. But this also must be measured as with all signature based defenders then there is a 0 hour/0 day when the *new* malicious code is not known to them. at which point unless they have special heuristic detection rule for that particular genre of malicious code then it will bypass the realtime defence. HTH:)
  3. Virtumonde

    The free version is fully functioning detection and removal engine(it is the same as what is in the Pro version) No purchase is required for SAS to be used as a botkiller for cleaning up infected computers Purchase is only required if you want the benefits of realtime protection given by SAS Pro As far as Virtumonde/Vundo infection goes then SAS has has a very high sucess rate versus this family of malwares so is always worth a trow of the dice versus them
  4. Safe to Assume?

    No worries, When you first run Autoruns after the EULA(install consent) screen then the tool automatically scans.You will see this as the data list builds and the scan is completed when "Ready" appears in the botom left of the Autoruns windows. HTH
  5. Safe to Assume?

    Ok then here 2 of my priniciple diagnostic tools of choice when checking cutomers pc after cleaning with the botkillers Download a copy of Autoruns : http://technet.microsoft.com/en-us/sysi ... 63902.aspx Run a scan but then after it completes Click options . Check both "verify code signatures" and "hide signed microsoft entries" . This will make the output list a lot shorter Now press F5 to rerun the scan with the new settings.When this completes click file tab then select "Export as" and save the log(autoruns.txt) to your desktop. Copy and paste the contents of autoruns.txt to your next post. Download RootkitUnhooker>>> http://rapidshare.com/files/140970549/R ... 3.rar.html Runs a full scan and save the log at the end.Copy and paste the contents of the logfile to your next post:)
  6. Safe to Assume?

    Well couple of things there,xpantivirus is a known fake alert infection,it sometimes travels alone and other times is accompanied with various other malwares.Depending on the source and age of the infection will detemine its active malware content As far as "trojan unclassified k series" goes then i'm not sure which bot that is by SAS labelling so dont know what its capabilities/functions are etc Anyhow would you like me to get you to run a couple of diagnostic tools and review the output data ?
  7. How can this be ????

    Well taking into account that they all miss stuff then this is not surprising...its swings and roundabouts as to who comes out on top on any given day/infection etc That said dont be fooled by the Numbers game at play with detections by softwares. For example only Brand X could detect 100 items of an infection...Folders/files/regkeys/registry values and so on Brand Y only detects 10 items Yet both kill the active infection As long as the active content of infection(EXE's,dll's,sys files etc are removed)then the rest are not crucial removals persay as they do absolutely nothing.They are often refered to as *orphaned* values and represent no risk. As far as what software i use personally,owing to my experience and knowledge of 'puters i run no resident AV and only have SAS pro installed for testing purposes.I spend a lot of my hobby time intentionally infecting my pc inorder to gather new malware,infections and hone my clean up skillz But if you would like my neutral opinion on which to buy then in all honesty PCtools has just been bought out by Symantec and most of the security sphere know that it will get trashed like so many of their other acquisitions. Go for SAS PRO
  8. Possible fasle positive?

    Ok Chet, In the balance of things it probaly a F/p so if you could restore it and use in software report false Positive function then hopefully SAS HQ will load it into IDA(or whatever their using) and sort it out from there
  9. Best Way to get rid of Various Malware

    That type of data...no way hosay
  10. Safe to Assume?

    Anyone with experience dealing with live malware infections will resoundly reply that it is not a forgone conclusion that all is clear.It probaly is but there is always that chance it is not. Although SAS and Avira have very high detection rates in their respective fields it would still take the use of advanced diagnostic tools inorder to definetly sound the all clear after an infection has been removed
  11. How can this be ????

    Streight answer no one product detects & removes everything on any given day but that is wellknown fact amongst more tech savvy user's. As to which one to purchase then it all boils down to experience and opinion.
  12. Best Way to get rid of Various Malware

    You can't unless of course you are familliar with use of diagnostic tools and malware infections in general hence why i as a third party was hoping to assist you in checking. Unfortunetly until i have the requested data from the first post then i cannot procede
  13. Best Way to get rid of Various Malware

    It depends on what you call personal information....the log output wiil pretty much tell the trained analysis what softwares are set to load etc It also shows the what else is loading...in your case possibly malware It is a diagnostic tool and a very good one at that produced by a M$ employee. I hope this allays your concerns:)
  14. Possible fasle positive?

    ok what were the flags and by whom at VirusTotal ? Back to your question it is possible that a new malware has a target string in common with an old file and hence why out of the blue it becomes flagged by a file sniffing software.Although another possibility is that the file has become infected/patched by malware process/code. Eitherway it can be determined with little extra digging
  15. Best Way to get rid of Various Malware

    Hi and welcome to the sas forums If i can request some more data from you then i will probaly be able to assist you in finishing the cleanup of your pc 1)What is the filename and location of the file that Nod32 is flagging ? e.g C/Windows/System32/name.exe 2)Ignoring the cookies what are the file name & locations of the SS detections,if any are registry valkues then what is there location ? 3)Download a copy of Autoruns : http://technet.microsoft.com/en-us/sysi ... 63902.aspx Run a scan but then after it completes Click options . Check both "verify code signatures" and "hide signed microsoft entries" . This will make the list a lot shorter . Now press F5 to rerun the scan with the new settings.When this completes click file tab then select "Export as" and save the log(autoruns.txt) to your desktop. Copy and paste the contents of autoruns.txt to your next post and i will review the output data of it:)
×