Five specific threats

[mm]

Those whom my background info bores, please skip to ******* below.


I thought I'd only have 3 questions for you guys, but I keep thinking
of more, and it turns out my ex-gf keeps coming up with more too!

I appreciate all the help I get here.

Although I'm progressing now using the web, and using boot disks from
BitDefender, Kaspersky, and Panda, and Windows-based scanning from
AVG, I wanted to tell you her status in case you have something to say
about these five threats she seems to have had and maybe still does.

She informs me that the computer is very slow and she can't run
Superantispyware or Malbyteware as I told her to, because the computer
won't let them run.

Do you think she made things worse by waiting 6 days to tell me this?

Also, when I left last Sunday, AVG had only found 1 "infection" and
she got no notifications since that time, yet the AVG Virus vault
included these four entries. Did the first Trojan horse invite its
friends to visit?

Any specific advice about the five items below?

*******

Hmmm, I think my questions below about 1 and 5 are stupid, but she's
either out or asleep by now. I can check with her tomorrow.

1) Trojan horse Generic 19.EPB
Google doesn't seem to find this or even 19.EPB. Should I search
on other terms? Did she write it down wrong?
2) Could be infected with I-Worm/Hybris
I'm doing okay on I-Worm/Hybris, unless there is something I
should know.
3) Trojan horse Dialer
I think I'm doing okay on this, unless there is something I should
know.
4) Virus indentifed Win32/Magistr.B
Norton has a virus removal tool especially for this one, so I
think I'm okay.

HouseCall found this virus:
5) GT Down
But I haven't found anything about it, except references to the
GT Down antivirus. I wonder if she wrote it down wrong.

Thanks.

 

[mm]

HouseCall found this virus:
5) GT Down
But I haven't found anything about it, except references to the
GT Down antivirus. I wonder if she wrote it down wrong.

Sorry, the references I find are to "Remove AntivirusGT" or Remove
Antivirus GT". Nothing about "Down".

This must be what she has. And there are several sets of instructions
for removing it, if HouseCall didn't do everything.

 

[David H. Lipman]

From: "mm" <[email protected]>

| On Sat, 11 Sep 2010 22:18:44 -0400, mm <[email protected]>
| wrote:


| Sorry, the references I find are to "Remove AntivirusGT" or Remove
| Antivirus GT". Nothing about "Down".

| This must be what she has. And there are several sets of instructions
| for removing it, if HouseCall didn't do everything.


The biggest problem is you acting as a proxy for her.

Please have her logon to the Malwarebytes; Forum and post about her problems.

http://forums.malwarebytes.org

 

[Dave Cohen]

From: "mm"<[email protected]>

| On Sat, 11 Sep 2010 22:18:44 -0400, mm<[email protected]>
| wrote:



| Sorry, the references I find are to "Remove AntivirusGT" or Remove
| Antivirus GT". Nothing about "Down".

| This must be what she has. And there are several sets of instructions
| for removing it, if HouseCall didn't do everything.


The biggest problem is you acting as a proxy for her.

Please have her logon to the Malwarebytes; Forum and post about her problems.

http://forums.malwarebytes.org

Sounds like he's trying to reverse the Ex-GF status.

 

[mm]

I don't think she can explain them well enough, or in in many cases,
understand normal answers.

Now the current problem is imo deciding which of the five still have
remnants that are causing problems. I don't want to go over there,
but I'll be nearby this afternoon anyhow, so maybe I will.

Sounds like he's trying to reverse the Ex-GF status.

No, no, no. But I do want to fix this for her if I can, and
everything I learn doing this sort of thing will benefit me on my own
computer, and if another friend needs help. Frankly, in general I
like learning auto repair and carpentry and anything else on some one
else's property. Well, I won't attempt to do fine carpentry on
someone else's stuff, but I'm putting together a work trailer for a
friend, and if I make small mistakes, or cut a piece of his lumber too
short, he doesn't mind (he has a lot of projects and he'll use the
short piece somewhere, he says, and he probably will), and I won't
likely make the same mistake when I do the same thing for myself.

 

[FromTheRafters]

Those whom my background info bores, please skip to ******* below.


I thought I'd only have 3 questions for you guys, but I keep thinking
of more, and it turns out my ex-gf keeps coming up with more too!

I appreciate all the help I get here.

Although I'm progressing now using the web, and using boot disks from
BitDefender, Kaspersky, and Panda, and Windows-based scanning from
AVG, I wanted to tell you her status in case you have something to say
about these five threats she seems to have had and maybe still does.

She informs me that the computer is very slow and she can't run
Superantispyware or Malbyteware as I told her to, because the computer
won't let them run.

Typical of more modern malware (Magistr and Hybris are pretty old)

Do you think she made things worse by waiting 6 days to tell me this?

The sooner the cure, the better. Infected/infested machines should not
be connected to the internet or any other network. Whether or not this
made it worse for her (or her computer) is anybody's guess, but it
probably made things worse for the rest of us.

Also, when I left last Sunday, AVG had only found 1 "infection" and
she got no notifications since that time, yet the AVG Virus vault
included these four entries. Did the first Trojan horse invite its
friends to visit?

While they are in the virus vault, they are no threat. If you are
finding them elsewhere on the harddrive (or other storage device) then
there *might* be a problem. *Where* suspected malware is found is as
important to troubleshooting as *what* suspected malware was found.

Any specific advice about the five items below?

*******

Hmmm, I think my questions below about 1 and 5 are stupid, but she's
either out or asleep by now. I can check with her tomorrow.

1) Trojan horse Generic 19.EPB
Google doesn't seem to find this or even 19.EPB. Should I search
on other terms? Did she write it down wrong?

Many times when generic detections are involved, you don't get much
useful information even if you get the name right. Mostly, trojans are
dealt with simply by deleting them.

2) Could be infected with I-Worm/Hybris
I'm doing okay on I-Worm/Hybris, unless there is something I
should know.

That depends on what we don't know. )

When it presents itself as a trojan, Hybris can be treated the same way
as a trojan - simply delete it. If it had been executed on the machine,
things get more complicated. It is a clickworm, and might even be a
virus.

3) Trojan horse Dialer
I think I'm doing okay on this, unless there is something I should
know.
Del

4) Virus indentifed Win32/Magistr.B
Norton has a virus removal tool especially for this one, so I
think I'm okay.

Yeah, any AV worth a damn should handle that one.

HouseCall found this virus:
5) GT Down
But I haven't found anything about it, except references to the
GT Down antivirus. I wonder if she wrote it down wrong.

Sounds like this one is the one you need help with (your description
makes it sound like one of the many rogue 'fake AV' scareware
applications). Never heard of GT Down, but these rogues have many names
they can use.

Does safe mode allow you to run MBAM?
Does renaming MBAM allow you to run what used to be named MBAM?

 

[mm]

On Sun, 12 Sep 2010 19:49:19 -0400, "FromTheRafters"


Thanks to all and thanks to you for the detailed answer

Sounds like this one is the one you need help with (your description
makes it sound like one of the many rogue 'fake AV' scareware
applications). Never heard of GT Down, but these rogues have many names
they can use.

Does safe mode allow you to run MBAM?

That's a good question.

Does renaming MBAM allow you to run what used to be named MBAM?

That's a very good question.

I hadn't thought of this. I'll try them, or better yet, get her to
if I can.

 

[mm]

The sooner the cure, the better. Infected/infested machines should not
be connected to the internet or any other network. Whether or not this
made it worse for her (or her computer) is anybody's guess, but it
probably made things worse for the rest of us.

I didn't understand this at first. Yeah, she might have been sending
out viruses during this time.

My gosh, she wrote me! But I don't think I got anything. I didn't get
any alerts, and I've been testing antivirus boot cd's at least with
quickscans and they didnt' find anything either.

But the bad emails sent fromn her computer might not have been ones
she herself sent, right, and could have gone to anyone in her
Thunderbird address book. The old viruses don't know about
Thunderbird, unless it's enough like Netscape. I know even less the
new viruses. :-(

 

[FromTheRafters]

I didn't understand this at first. Yeah, she might have been sending
out viruses during this time.

My gut feeling is that both Magistr and Hybris were long ago quarantined
(put in the virus vault).

My gosh, she wrote me! But I don't think I got anything. I didn't get
any alerts, and I've been testing antivirus boot cd's at least with
quickscans and they didnt' find anything either.

AV should have no problem with these - nor should you, as they both
present themselves as attachments for their e-mail vector worming.

But the bad emails sent fromn her computer might not have been ones
she herself sent, right, and could have gone to anyone in her
Thunderbird address book. The old viruses don't know about
Thunderbird, unless it's enough like Netscape.

Hybris would have gotten addresses from e-mails as they were sent - she
sends to you, Hybris gets your address and later sends an e-mail to you
with itself as an attachment. Magistr depends on stored addresses.

I know even less the new viruses. :-(

E-mail vector worms are making a comeback after having been practically
neglected by commercially motivated malware. Mostly, I expect botnets to
use them in their expansionistic endeavors when there is a dearth of
wormable software vulnerability exploits.

....as for viruses, probably the best you can do is use a good scanner on
programs you intend to execute.

 

[gcarras]

My gut feeling is that both Magistr and Hybris were long ago quarantined
(put in the virus vault).


AV should have no problem with these - nor should you, as they both
present themselves as attachments for their e-mail vector worming.


Hybris would have gotten addresses from e-mails as they were sent - she
sends to you, Hybris gets your address and later sends an e-mail to you
with itself as an attachment. Magistr depends on stored addresses.


E-mail vector worms are making a comeback after having been practically
neglected by commercially motivated malware. Mostly, I expect botnets to
use them in their expansionistic endeavors when there is a dearth of
wormable software vulnerability exploits.

...as for viruses, probably the best you can do is use a good scanner on
programs you intend to execute.

Three little words:

Security Tool sux.

 

[Jungle Jim]

I agree totally. I've had several viruses get on my system and I've had
to use MBAM, AVG Free, Panda and a few other antivirus scanners to get
down to the root of the problem.

 

[David H. Lipman]

From: "Jungle Jim" <[email protected]>

| I agree totally. I've had several viruses get on my system and I've had
| to use MBAM, AVG Free, Panda and a few other antivirus scanners to get
| down to the root of the problem.

MBAM does NOT target viruses. I'll bet they were trojans, not viruses.

 

[ZingMe]

From: "Jungle Jim" <[email protected]>

| I agree totally. I've had several viruses get on my system and I've had
| to use MBAM, AVG Free, Panda and a few other antivirus scanners to get
| down to the root of the problem.

MBAM does NOT target viruses. I'll bet they were trojans, not viruses.

Are you sure?

This is what it says:

http://www.malwarebytes.org/mbam.php

Malwarebytes' Anti-Malware

Have you ever considered what makes an anti-malware application
effective? We at Malwarebytes have created an easy-to-use, simple, and
effective anti-malware application. Whether you know it or not your
computer is always at risk of becoming infected with viruses, worms,
trojans, rootkits, dialers, spyware, and malware that are constantly
evolving and becoming harder to detect and remove. Only the most
sophisticated anti-malware techniques can detect and remove these
malicious programs from your computer.

Malwarebytes' Anti-Malware is considered to be the next step in the
detection and removal of malware. In our product we have compiled a
number of new technologies that are designed to quickly detect,
destroy, and prevent malware. Malwarebytes' Anti-Malware can detect
and remove malware that even the most well known anti-virus and
anti-malware applications fail to detect.


Malwarebytes' Anti-Malware monitors every process and stops malicious
processes before they even start. The realtime protection module uses
our advanced heuristic scanning technology which monitors your system
to keep it safe and secure. In addition, we have implemented a threats
center which will allow you to keep up to date with the latest malware
threats.

 

[Dustin]

Are you sure?

David and myself are both former employees of malwarebytes. No, it
doesn't target viruses. It's not able to prevent an actual virus nor
disinfect your machine from one.

When you combine malwarebytes with a good antivirus product such as
AVG, or Avast, then you have virus protection and malware protection
which is decent in todays world.

However, malwarebytes alone is not designed to deal with viruses. It
does not take the place of an antivirus product. It is designed to
compliment said product and handle sometimes difficult malware.

 

[ZingMe]

David and myself are both former employees of malwarebytes. No, it
doesn't target viruses. It's not able to prevent an actual virus

Well the free version won't run live, so it can't prevent anything.
Are you saying even the paid version can't prevent infection by a
virus?

nor
disinfect your machine from one.

Are they trying to mislead people?

When you combine malwarebytes with a good antivirus product such as
AVG, or Avast, then you have virus protection and malware protection
which is decent in todays world.

But only because AVG or Avast does the virus protection, is that what
you're saying?

However, malwarebytes alone is not designed to deal with viruses. It
does not take the place of an antivirus product. It is designed to
compliment said product and handle sometimes difficult malware.

I'm confused. For a good product like you seem to say it is, like
they say it is, they seem to be unnecessarily lying or going out of
their way to mislead on their webpage.

"Anti-Malware can detect and remove malware that even the most well
known anti-virus and anti-malware applications fail to detect. "

Do they mean this in a clever way, like My lawnmower can cut grass in
a way that the best jackhammers can't. In other words, "We can find
a few trojans that the best anti-virus and anti-malware fail to
detect, but when it comes to viruses, those we can't find. But we
never said we could find them, only that we could find something that
the best anti-virus can't.

How come they don't come right out and say they don't deal with
viruses? Instead of comparing themselves with anti-virus products.

 

[FromTheRafters]

Are you sure?

This is what it says:

http://www.malwarebytes.org/mbam.php

Malwarebytes' Anti-Malware

Have you ever considered what makes an anti-malware application
effective? We at Malwarebytes have created an easy-to-use, simple, and
effective anti-malware application. Whether you know it or not your
computer is always at risk of becoming infected with viruses, worms,
trojans, rootkits, dialers, spyware, and malware that are constantly
evolving and becoming harder to detect and remove. Only the most
sophisticated anti-malware techniques can detect and remove these
malicious programs from your computer.

Malwarebytes' Anti-Malware is considered to be the next step in the
detection and removal of malware. In our product we have compiled a
number of new technologies that are designed to quickly detect,
destroy, and prevent malware. Malwarebytes' Anti-Malware can detect
and remove malware that even the most well known anti-virus and
anti-malware applications fail to detect.


Malwarebytes' Anti-Malware monitors every process and stops malicious
processes before they even start. The realtime protection module uses
our advanced heuristic scanning technology which monitors your system
to keep it safe and secure. In addition, we have implemented a threats
center which will allow you to keep up to date with the latest malware
threats.

It's all true, but it still doesn't say it targets viruses. )

(although it does have some viruses on its list of malware it is capable
of detecting)

 

[David H. Lipman]

From: "FromTheRafters" <[email protected]>


| It's all true, but it still doesn't say it targets viruses. )

| (although it does have some viruses on its list of malware it is capable
| of detecting)


But we both know MBAM's engine is totally incapable of "cleaning" an infected file that
has been viral infected.

We also know that there are some worms that may be considered viruses that can be
arrdicated by MBAM.

 

[FromTheRafters]

From: "FromTheRafters" <[email protected]>



| It's all true, but it still doesn't say it targets viruses. )

| (although it does have some viruses on its list of malware it is
capable
| of detecting)


But we both know MBAM's engine is totally incapable of "cleaning" an
infected file that
has been viral infected.

We also know that there are some worms that may be considered viruses
that can be
arrdicated by MBAM.

Still, it is not hard to see why ZingMe was misled by marketing-speak.

....as you said, it is a good supplement to having a good AV program. I'm
sure the programmers would cringe at such claims. )