This particular malware shutdown your internet connection when
AVG needs to be updated
and/or Spybot get installed / update.
What can this be and how does one choke this beast off?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
The Doctor wrote...
> I have a machine contaminated with Malware.
>
> This particular malware shutdown your internet connection when
> AVG needs to be updated
> and/or Spybot get installed / update.
>
> What can this be
Could be anything, really.
> and how does one choke this beast off?
Kill the process. Delete the files. Fix the security which allowed it in the
first place.
In article <opW1f.848$967.309@newsfe1-gui.ntli.net>,
Jim <me@privacy.net> wrote:
>The Doctor wrote...
>> I have a machine contaminated with Malware.
>>
>> This particular malware shutdown your internet connection when
>> AVG needs to be updated
>> and/or Spybot get installed / update.
>>
>> What can this be
>
>Could be anything, really.
>
>
>> and how does one choke this beast off?
>
>Kill the process. Delete the files. Fix the security which allowed it in the
>first place.
I have runned AVG< Ad-aware, PSybot and Spysweeper and still no dice.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
>
> I have runned AVG< Ad-aware, PSybot and Spysweeper and still no dice.
Then they are obviously inadequate for the task and shouldn't be relied on (like
IME most AV programs). Processes in Windows (generally) can only start running
from a limited number of places. Why not check them?
The Doctor wrote:
> In article <opW1f.848$967.309@newsfe1-gui.ntli.net>,
> Jim <me@privacy.net> wrote:
>
>>The Doctor wrote...
>>
>>>I have a machine contaminated with Malware.
>>>
>>>This particular malware shutdown your internet connection when
>>>AVG needs to be updated
>>>and/or Spybot get installed / update.
>>>
>>>What can this be
>>
>>Could be anything, really.
>>
>>
>>
>>>and how does one choke this beast off?
>>
>>Kill the process. Delete the files. Fix the security which allowed it in the
>>first place.
>
>
> I have runned AVG< Ad-aware, PSybot and Spysweeper and still no dice.
Check your hosts file, run hijackthis, get pstools, run a reverse hijack
on persistent droppers..
E.
"Unruh" <unruh-spam@physics.ubc.ca> wrote in message
news:di93dk$205$1@nntp.itservices.ubc.ca...
>
> I wonder what "Wanted Malware" is?
Obviously, that's what you call it if you're the guy who wrote it.
Note that spammers, when cornered, tend to insist that they do what they do
as a public service, because "someone might want to receive it".
Similarly, I'm sure that somewhere out there, the slime that author this
crap that infests the systems of our friends and colleagues (and never
ourselves, of course, oh no) are sitting there, thinking "yeah, someone will
want me to use their processor time to send out the spam that someone might
want to receive, to bilk them out of some money they wanted to get rid of
anyway..."
Okay, who am I kidding - they're trash, they know what people think of their
software, and the only people who want the malware are the guys making money
off it.
Unruh <unruh-spam@physics.ubc.ca> writes:
>
> doctor@doctor.nl2k.ab.ca (The Doctor) writes:
> >I have a machine contaminated with Malware.
> >This particular malware shutdown your internet connection when
> >AVG needs to be updated
> >and/or Spybot get installed / update.
> >What can this be and how does one choke this beast off?
>
> Wipe and reinstall.
This is the best approach that produces the most predictable results
in the most predictable timeframe.
If you can safely get needed data off the machine to an external
drive, or make a disk image of the infected drive off to an external
drive, do that first.
But definitely, wiping the disk, reformating, reinstalling the OS
while disconnected, plopping the machine behind a hardware firewall
device, updating it with all current OS patches, installing your
malware prevention software of choice, and then rebuilding the
application base is the stock recommendation.
You can try malware removers and get by, but you can never be sure
they've "gotten everything" so there's always that risk involved that
you need to understand.
Jim <me@privacy.net> wrote:
> The Doctor wrote...
> > I have runned AVG< Ad-aware, PSybot and Spysweeper and still no dice.
> Then they are obviously inadequate for the task and shouldn't be relied on (like
> IME most AV programs). Processes in Windows (generally) can only start running
> from a limited number of places. Why not check them?
Unfortunately, there is the possibility for root-kits, too. Then a process
is not needed for malware. And furthermore, executables of well-known
processes can be infected, too.
Yours,
VB.
--
If class libraries are compared to animals, MFC is the slime-warts toad.
In article <4348846f$1@mail.netspeed.com.au>, E. <bellyup@the.bar> wrote:
>The Doctor wrote:
>> In article <opW1f.848$967.309@newsfe1-gui.ntli.net>,
>> Jim <me@privacy.net> wrote:
>>
>>>The Doctor wrote...
>>>
>>>>I have a machine contaminated with Malware.
>>>>
>>>>This particular malware shutdown your internet connection when
>>>>AVG needs to be updated
>>>>and/or Spybot get installed / update.
>>>>
>>>>What can this be
>>>
>>>Could be anything, really.
>>>
>>>
>>>
>>>>and how does one choke this beast off?
>>>
>>>Kill the process. Delete the files. Fix the security which allowed it in the
>>>first place.
>>
>>
>> I have runned AVG< Ad-aware, PSybot and Spysweeper and still no dice.
>
>Check your hosts file, run hijackthis, get pstools, run a reverse hijack
>on persistent droppers..
>E.
Are these available for Windows?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
In article <fq-dnWhXG9frENXeRVn-ug@comcast.com>,
Alun Jones <alun@texis.com> wrote:
>"Unruh" <unruh-spam@physics.ubc.ca> wrote in message
>news:di93dk$205$1@nntp.itservices.ubc.ca...
>>
>> I wonder what "Wanted Malware" is?
>
>Obviously, that's what you call it if you're the guy who wrote it.
>
>Note that spammers, when cornered, tend to insist that they do what they do
>as a public service, because "someone might want to receive it".
>
Sentence them to 5 years in jail hard labour.
>Similarly, I'm sure that somewhere out there, the slime that author this
>crap that infests the systems of our friends and colleagues (and never
>ourselves, of course, oh no) are sitting there, thinking "yeah, someone will
>want me to use their processor time to send out the spam that someone might
>want to receive, to bilk them out of some money they wanted to get rid of
>anyway..."
>
>Okay, who am I kidding - they're trash, they know what people think of their
>software, and the only people who want the malware are the guys making money
>off it.
>
Humour.
>Alun.
>~~~~
>
>
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
>I have a machine contaminated with Malware.
>
>This particular malware shutdown your internet connection when
>AVG needs to be updated
>and/or Spybot get installed / update.
>
>What can this be and how does one choke this beast off?
>
>
Have you tried the usual suspects...Running Ad Aware, and the freebie
TrendMicro scan? Note: TM doesn't work with FF. Only IE.
Additionally, Hijack This might work for you if you are familiar with
the system processes on your box. http://www.majorgeeks.com/download3155.html
doctor@doctor.nl2k.ab.ca (The Doctor) writes:
> In article <4348846f$1@mail.netspeed.com.au>, E. <bellyup@the.bar> wrote:
> >Check your hosts file, run hijackthis, get pstools, run a reverse hijack
> >on persistent droppers..
> >E.
>
> Are these available for Windows?
"It's funny cus it's true" answer:
Is their any other OS that requires tool like this?
Plainer answer:
Yes, the ones mentioned are are windows tool.
Jim <me@privacy.net> writes:
> Todd H. wrote...
>
> > "It's funny cus it's true" answer:
> > Is their any other OS that requires tool like this?
>
> Remind me, which OS did chrootkit start on?
The listed tools were not root kit checkers. They are malware/spyware
tools.
In article <xdc2f.21692$WR2.2451@fed1read03>,
Ignis Fatuus <ignisfatuus3267nospam@cox.com> wrote:
>The Doctor wrote:
>
>>I have a machine contaminated with Malware.
>>
>>This particular malware shutdown your internet connection when
>>AVG needs to be updated
>>and/or Spybot get installed / update.
>>
>>What can this be and how does one choke this beast off?
>>
>>
>Have you tried the usual suspects...Running Ad Aware, and the freebie
>TrendMicro scan? Note: TM doesn't work with FF. Only IE.
>Additionally, Hijack This might work for you if you are familiar with
>the system processes on your box.
>http://www.majorgeeks.com/download3155.html
Ad Aware was run 2x with current defintions.
The on-line TM scan with IE. Will try.
Add, I will try hijack this.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
In article <84mzliwma2.fsf@ripco.com>, Todd H. <comphelp@toddh.net> wrote:
>doctor@doctor.nl2k.ab.ca (The Doctor) writes:
>> In article <4348846f$1@mail.netspeed.com.au>, E. <bellyup@the.bar> wrote:
>> >Check your hosts file, run hijackthis, get pstools, run a reverse hijack
>> >on persistent droppers..
>> >E.
>>
>> Are these available for Windows?
>
>"It's funny cus it's true" answer:
> Is their any other OS that requires tool like this?
>
>Plainer answer:
> Yes, the ones mentioned are are windows tool.
Windows an OS?? LOL!!! M$ should follow Apple
and BSDifiy is so-called OS.
I got hijack this, what about the URL for pstools?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
In article <80e2f.118$yL.76@newsfe1-gui.ntli.net>, Jim <me@privacy.net> wrote:
>Todd H. wrote...
>
>> "It's funny cus it's true" answer:
>> Is their any other OS that requires tool like this?
>
>
>Remind me, which OS did chrootkit start on?
>
LOL!!
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
"Todd H." <comphelp@toddh.net> wrote in message
news:84mzliwma2.fsf@ripco.com...
> doctor@doctor.nl2k.ab.ca (The Doctor) writes:
>> In article <4348846f$1@mail.netspeed.com.au>, E. <bellyup@the.bar> wrote:
>> >Check your hosts file, run hijackthis, get pstools, run a reverse hijack
>> >on persistent droppers..
>> >E.
>>
>> Are these available for Windows?
>
> "It's funny cus it's true" answer:
> Is their any other OS that requires tool like this?
Only those operating systems used by people.
Remember, the key vulnerability being exploited here is the user, not the
OS.
I often joke - and I must emphasise, this is a JOKE - that you could send
round an email message that says "for great sex, email this message to
everyone in your address book, then format your hard drive and burn all your
backups". Possibly double-digit percentage of users will follow those
instructions.
In article <43498b35@news.uni-ulm.de>, Volker Birk <bumens@dingens.org> wrote:
>The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>> Windows an OS?? LOL!!!
>
>Yes, an OS. And the kernel is related to VMS.
>
I thought it was VAX.
>> M$ should follow Apple
>> and BSDifiy is so-called OS.
>
>This would not be a good idea - with the exception of the IP stack, which
>of course is BSD already. Though MacOS X is not a usual BSD, of course.
>
I found 4 virii. 3 of which were of the NEtsky type.
>--
>If class libraries are compared to animals, MFC is the slime-warts toad.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
>In article <43498b35@news.uni-ulm.de>, Volker Birk <bumens@dingens.org> wrote:
>
>
>>The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>>
>>
>>>Windows an OS?? LOL!!!
>>>
>>>
>>Yes, an OS. And the kernel is related to VMS.
>>
>>
>>
>
>I thought it was VAX.
>
>
>
>>> M$ should follow Apple
>>>and BSDifiy is so-called OS.
>>>
>>>
>>This would not be a good idea - with the exception of the IP stack, which
>>of course is BSD already. Though MacOS X is not a usual BSD, of course.
>>
>>
>>
>
>IT has to be backwards compatable.
>
>
>
>>>I got hijack this, what about the URL for pstools?
>>>
>>>
>>http://www.google.de/search?q=pstools+windows
>>
>>VB.
>>
>>
>
>Did that.
>
>I found 4 virii. 3 of which were of the NEtsky type.
>
>
>
>>--
>>If class libraries are compared to animals, MFC is the slime-warts toad.
>>
>>
>
>So 4 virii. Does this mean the issue is resolved?
>
>
> I found 4 virii. 3 of which were of the NEtsky type.
You should really give strong consideration to that reinstallation
advice you've hertofore been ignoring.
You've been owned in 4 different ways, and expecting any suite of
tools to fix that and leave you with a stable system without
additional risk of having missed something is really playing the
long odds. I wish I had better news.
In article <434a1449@news.uni-ulm.de>, Volker Birk <bumens@dingens.org> wrote:
>The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>> >> Windows an OS?? LOL!!!
>> >Yes, an OS. And the kernel is related to VMS.
>> I thought it was VAX.
>
>VMS, now OpenVMS, is an operating system for VAX, Alpha and Itanium2.
>VAX is an old hardware platform.
>
>Yours,
>VB.
>--
>If class libraries are compared to animals, MFC is the slime-warts toad.
Where can one get it? And is it Unixlike?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
In article <84irw6xb5p.fsf@ripco.com>, Todd H. <comphelp@toddh.net> wrote:
>doctor@doctor.nl2k.ab.ca (The Doctor) writes:
>
>> I found 4 virii. 3 of which were of the NEtsky type.
>
>You should really give strong consideration to that reinstallation
>advice you've hertofore been ignoring.
>
>You've been owned in 4 different ways, and expecting any suite of
>tools to fix that and leave you with a stable system without
>additional risk of having missed something is really playing the
>long odds. I wish I had better news.
>
>Best Regards,
>--
>Todd H.
>http://www.toddh.net/
Ever heard of ghosting things over to a second partition?
I never ignore what needs to be done.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> >VMS, now OpenVMS, is an operating system for VAX, Alpha and Itanium2.
> Where can one get it?
I got my copy for my VAXStation 3200 by becoming a member of DECUS,
which is now part of encompass, I think. You can get a hobbyist license
for free here:
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
In article <dic96t$q81$3@gallifrey.nk.ca>, doctor@doctor.nl2k.ab.ca (The Doctor) writes:
>In article <43498b35@news.uni-ulm.de>, Volker Birk <bumens@dingens.org> wrote:
>>The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>>> Windows an OS?? LOL!!!
>>
>>Yes, an OS. And the kernel is related to VMS.
>>
>
>I thought it was VAX.
>
VMS is the name of the operating system. The original hardware platform for VMS
was DEC's VAX system. VMS currently runs on VAX, Alpha and Itanium (and VAX
emulators on IA32 such as SIMH and Charon-VAX).
Dave Cutler one of the main authors of VMS was employed by Microsoft to develop
the NT kernel. Hence the Kernel looks very like VMS.
Which just goes to show that even when working from a solid base Microsoft
still managed to create a security nightmare.
David Webb
Security team leader
CCSS
Middlesex University
>>> M$ should follow Apple
>>> and BSDifiy is so-called OS.
>>
>>This would not be a good idea - with the exception of the IP stack, which
>>of course is BSD already. Though MacOS X is not a usual BSD, of course.
>>
>
>IT has to be backwards compatable.
>
>>> I got hijack this, what about the URL for pstools?
>>
>>http://www.google.de/search?q=pstools+windows
>>
>>VB.
>
>Did that.
>
>I found 4 virii. 3 of which were of the NEtsky type.
>
>>--
>>If class libraries are compared to animals, MFC is the slime-warts toad.
>
>
>--
>Member - Liberal International
>This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
>God Queen and country! Beware Anti-Christ rising!
>Better to serve in Heaven that to Rule in Hell.
In article <digd1s$4g0$1@news.mdx.ac.uk>, <david20@alpha2.mdx.ac.uk> wrote:
>In article <dic96t$q81$3@gallifrey.nk.ca>, doctor@doctor.nl2k.ab.ca (The
>Doctor) writes:
>>In article <43498b35@news.uni-ulm.de>, Volker Birk <bumens@dingens.org> wrote:
>>>The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>>>> Windows an OS?? LOL!!!
>>>
>>>Yes, an OS. And the kernel is related to VMS.
>>>
>>
>>I thought it was VAX.
>>
>VMS is the name of the operating system. The original hardware platform for VMS
>was DEC's VAX system. VMS currently runs on VAX, Alpha and Itanium (and VAX
>emulators on IA32 such as SIMH and Charon-VAX).
>
>Dave Cutler one of the main authors of VMS was employed by Microsoft to develop
>the NT kernel. Hence the Kernel looks very like VMS.
>Which just goes to show that even when working from a solid base Microsoft
>still managed to create a security nightmare.
>
>
I I S == It isn't Secure!
>
>David Webb
>Security team leader
>CCSS
>Middlesex University
>
>
>>>> M$ should follow Apple
>>>> and BSDifiy is so-called OS.
>>>
>>>This would not be a good idea - with the exception of the IP stack, which
>>>of course is BSD already. Though MacOS X is not a usual BSD, of course.
>>>
>>
>>IT has to be backwards compatable.
>>
>>>> I got hijack this, what about the URL for pstools?
>>>
>>>http://www.google.de/search?q=pstools+windows
>>>
>>>VB.
>>
>>Did that.
>>
>>I found 4 virii. 3 of which were of the NEtsky type.
>>
>>>--
>>>If class libraries are compared to animals, MFC is the slime-warts toad.
>>
>>
>>--
>>Member - Liberal International
>>This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
>>God Queen and country! Beware Anti-Christ rising!
>>Better to serve in Heaven that to Rule in Hell.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
Unwanted Malware 
Linear Mode
