|
|
|||||||
| Technology Computing, programming, science, electronics, telecommunications, etc. |
 |
|
|
Thread Tools | Display Modes |
06-05-2009, 08:35 PM
|
#16 | |
|
Lecturer
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
|
Hi, tough week at work..
Quote:
I'd rip those out and get MalwareBytes and AVG. Seriously. Neither of the two is that good at all. TW, I recommend you get the book Security Warrior so you can watch every supposition you just made about detecting malware get thrown out the window. I've seen malware that hides from Task Manager, netstat, and even anti-virus programs (McAfee, Symantec, Trend, and AVG). The code's been out there for years, and it's not just for Windows. UNIX users have had this problem for years, especially with kernel-level rootkits in Linux or UNIX that will "patch" the API calls. This is a big reason why Microsoft re-wrote the Windows Kernel for Vista and Windows 7 to include ASLR (Address Space Layout Randomization), so it would be much harder to attack known holes via static memory locations. Apple will be including this in OS X 10.6 "Snow Leopard", OpenBSD has had this for years, and Linux has additional functionality to find it. MalwareBytes does have some "interesting" technology to get rid of malware by checking for patched APIs by executables, and a known database of it. However, most anti-spyware programs get rid of cookies because of the privacy issue. Additionally, some installers out there do install adware/spyware, or share DLLs with them. Therefore, they get flagged as a false positive. I've seen Symantec and McAfee do it. The best thing to do is to get the Ultimate Boot CD for Windows, use the AVG plug-in, grab the latest definitions, burn it to CD or USB, and use that to scan your machine in an offline state so that the machine can't initialize itself and the offending DLLs. |
|
|
|
|
06-06-2009, 12:22 AM
|
#17 |
|
barely disguised asshole, keeper of all that is holy.
Join Date: Nov 2007
Posts: 23,401
|
ok - I downloaded Malwarebyte's and uninstalled Spyware Doctor. I ran Malwarebytes and it found 99 objects infected. I deleted all the trojans.
__________________
"like strapping a pillow on a bull in a china shop" Bullitt |
|
|
|
|
06-06-2009, 09:42 AM
|
#18 | ||
|
~~Life is either a daring adventure or nothing.~~
Join Date: Apr 2006
Posts: 6,828
|
Quote:
 Quote:
biookmarked both for reading later |
||
|
|
|
|
06-06-2009, 07:47 PM
|
#20 |
|
Lecturer
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
|
Yes, you want to do that, or else you'll get more error message popping up telling you that things are missing, and you'll have a slower startup time because of it.
|
|
|
|
|
06-06-2009, 11:46 PM
|
#21 |
|
barely disguised asshole, keeper of all that is holy.
Join Date: Nov 2007
Posts: 23,401
|
thanks - It seems to be running faster/better.
OK, I deleted them all and ran malware till it came up clean... Now every time I start anything, I get the following error message: "The application or DLL C:\WINDOWS\system32\fevowafo.dll is not a valid Windows image. Please check this against your installation diskette." The program continues to load normally, but what is this message all about and how do I stop/prevent/fix it.
__________________
"like strapping a pillow on a bull in a china shop" Bullitt |
|
|
|
|
06-07-2009, 02:29 AM
|
#22 |
|
The future is unwritten
Join Date: Oct 2002
Posts: 71,105
|
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump. |
|
|
|
|
06-07-2009, 08:01 AM
|
#23 |
|
Lecturer
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
|
Get yourself Autoruns from sysinternals.com and you'll be able to see exactly where certain programs like that start up at. You can then disable this one.
|
|
|
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Linear Mode
