Jump to content


  • Content Count

  • Joined

  • Last visited

About nosirrah

  • Rank
    Malware Hunter
  • Birthday 01/01/1970

Profile Information

  • Interests
    0% reformat rate
  1. Damn Ade , how many times have we seen this driver now ? This is one of those files that is neither bad nor good , it depends of the files that use it . That being said I have seen it used by malware often but never in a legit app (although I did read up on its legit use) .
  2. nosirrah


  3. Google is your friend : http://www.google.com/search?hl=en&q=LE ... gle+Search That seems to indicate that SAS has found evidence of a past infection . Legacy keys are often created with drivers and services . What likely happened here is that some antimalware application of yours in the past killed this infection but left this remnant behind .
  4. IceSword should be able to copy them as well .
  5. I love Spybot for its extra tools in the advanced menu . As for malware removal , I second Lasse88's opinion .
  6. If you don't keep your JRE updated and/or don't use an alternate browser a safe site that has been hacked can attack your system with ease . I can't tell you how many machines I disinfect that have JRE 1.4.2 installed . Check your add/remove list and if you see any java/JRE entries that are below version 1.6/version 6Ux . Uninstall anything from the 1.4/4Ux and 1.5/5Ux families . Version 1.6.3/6U3 is the current version . It sucks that the version has two formats as it is confusing , not sure why they did this . For example 1.4.2 is the same as 4U2 and 5U6 is the same as 1.5.6 . There have been exploit born infections that can use older versions of java to get in even if you have the most current version installed . Installing the new version does not remove old versions and the installer does not give you the option . Doing a scan once a month or once a week or even once a day is not right or wrong as the decision should be based on the use your PC gets . A PC with multiple teenage users in a house with no technically proficient users should be scanned once a day (IMO) . A PC with a single careful user with above average technical proficiency would be safe only scanning once a month . I bring up technical proficiency because understanding things like warning signs of infection and what software needs to be updated goes a long way in terms of keeping infections out . Another thing I have noticed is that if you run a SAS scan and you have active antivirus running in the background the AV can catch malware as SAS checks for infected files . Its like running two scans at once . I do this with SAS and Antivir . As the SAS scan runs Antivir will interrupt it if SAS hits malware that Antivir also detects . This is one hell of a one two punch when you combine the engines and defs of both Antivir and SAS .
  7. Security through obscurity , IMO . Part of the reason Norton and Mcafee miss a huge number of new infections is that the black hats know what AVs are most popular and engeneere against them . I have used it quite a bit and found it to be just shy of the top tier . CA is far more aggressive against software in the gray zone (P2P , semi legit adware with accurate EULAs ...) than most AS apps . As far as what it detects , it does very well but not quite as well as my two favorites (SAS and counterspy) . What I don't like about CA is their frequency of updates . SAS updates on a far more frequent basis .
  8. Between what I see my fellow security experts use and what I see detecting new malware at virustotal.com I would have to say that NOD32 , Kaspersky , BitDefender and Antivir are the best and most trusted . My non test box is protected by SAS and Antivir . When it comes to antispyware my favorites have dwindled down to SAS and CounterSpy . About Antivir , their antirootkit abilities and heuristics are amazing . For free active protection there is nothing better , not even a close second .
  9. I like that idea as well but the temp part better . I would like the restore purge only if it had a strongly worded warning about rebooting first to make sure that everything is working correctly . I have had to format and reinstall several PCs that I could not fix only because I had no restore points to take apart and extract a working registry .
  10. FP prevention engine ? Just a guess .
  11. Do your best to give a clear picture as to what is happening when you try regular mode . Malware can show up in the recycle bin and even run from there . Delete it if you can and rescan . Use safemode with networking so you can both update SAS and download tools . Download a copy of Autoruns : http://www.microsoft.com/technet/sysint ... oRuns.mspx Run a scan but press ESC to stop it . Click options . Check both "verify code signatures" and "hide signed microsoft entries" . This will make the list a lot shorter . Now press F5 to rerun the scan with the new settings . Click file , save as and save the log to your desktop . Open it , copy all and paste it into your next post .
  12. This would also increase the usefulness of SAS in the help forums -> more free advertising -> you know the rest . You could even have an option to send the file/reg item to your team for inspection . Could help build defs .
  13. SAS works well with Antivir . Antivir is free and has both outstanding defs and heuristics . It also now has an option to start its scan with a heuristic rootkit scan . I don't think Nic has any plans to make SAS include antivirus abilities . That involves a lot of new code to unpatch files and is a completely different animal then a general antimalware app .
  14. More than a few fellow techs refused to give SAS a spin because of nothing more than this . They mention that it has the look of a rogue . They love it once I convinced them to give it a chance . It is unfortunate but whether you like it or not image has a lot to do with popularity . IMO SAS could increase its client growth with nothing more than a face lift . No reason not to match your solid technology with a well done website .
  • Create New...