Avira missing downadup worm

[Gaz]

Latest deinfitions of avira, completely missing what i believe are variants
of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential windows
login files, creates autorun.inf on attatched usbs, which point either to a
recycler folder and a 'boot' file or a mispelled recycler folder, causing
the infection to be passed on, other files are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any of
these.

Gaz

 

[Buffalo]

Latest deinfitions of avira, completely missing what i believe are
variants of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential
windows login files, creates autorun.inf on attatched usbs, which
point either to a recycler folder and a 'boot' file or a mispelled
recycler folder, causing the infection to be passed on, other files
are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any
of these.

Gaz

Do a find for David Lipman's post on his mult-av scanning methods for help.
Try putting in multi av in the message box in Find and you should find a
post by Lipman on 11Feb09.

 

[1PW]

Latest definitions of avira, completely missing what i believe are variants
of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential windows
login files, creates autorun.inf on attached usbs, which point either to a
recycler folder and a 'boot' file or a misspelled recycler folder, causing
the infection to be passed on, other files are also infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any of
these.

Gaz

*** Cross Posted ***

Hello Gaz:

If you have any suspected malware files, send them to:

<http://www.virustotal.com/>

for possible identification.

If you receive evidence to corroborate your theory, also pass those
files to the Avira, Malwarebytes and SUPERAntiSpyware folks for their
examination and inclusion in their databases.

Warm regards,

Pete

 

[The Real Truth MVP]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

 

[The Real Truth MVP]

Stalker.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

 

[Leythos]

Stalker.

The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

Chris, Stalking on the internet is a crime, you are warned that you will
be reported to your providers if you continue.

Learn more about Butt's lack of ethics and obsessions in the links
below.

--
Leythos - (e-mail address removed) (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=en&q=pcbutts1+thief
http://tinyurl.com/4rruwd

 

[Frank Merlott]

Latest deinfitions of avira, completely missing what i believe are variants
of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential windows login
files, creates autorun.inf on attatched usbs, which point either to a
recycler folder and a 'boot' file or a mispelled recycler folder, causing the
infection to be passed on, other files are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any of
these.

Gaz

You can send Avira any file and if it contains a virus they will
include it, they will also tell you if it does not contain a virus.

 

[Clay]

From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people listed
| below. They do NOT have the expertise or knowledge to fix your issue. Do
| not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
| Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is included in his
conglemeration of plagiarized and pirated material called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com

<snippage>

So nice to be included! Gives me the warm fuzzies.

How ever did I and/or my site qualify as a thief and a troll? I guess
my looks could very well be considered "troll-ish" and I did steal
some sweet tarts from the dime store when I was 5 or 6. Hmmm.... well
there ya go.

Sincerely,
clay troll thief
http://images.elfwood.com/art/c/h/chronicdoodler/trollthief.jpg

 

[The Real Truth MVP]

Because or your affiliation with the David Lipman Troll.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people listed
| below. They do NOT have the expertise or knowledge to fix your issue. Do
| not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
| Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is
included in his
conglemeration of plagiarized and pirated material called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com

<snippage>

So nice to be included! Gives me the warm fuzzies.

How ever did I and/or my site qualify as a thief and a troll? I guess
my looks could very well be considered "troll-ish" and I did steal
some sweet tarts from the dime store when I was 5 or 6. Hmmm.... well
there ya go.

Sincerely,
clay troll thief
http://images.elfwood.com/art/c/h/chronicdoodler/trollthief.jpg

 

[Buffalo]

Because or your affiliation with the David Lipman Troll.

How immature.
Buffalo

 

[Clay]

Because or your affiliation with the David Lipman Troll.

You seem to be implying that is a "bad" thing and have punished "me"
accordingly.

How delightfully ridiculous.

Bless you and Happy Valentine's Day!

 

[The Real Truth MVP]

Well then you should also pick on mvps.org. This site has nothing to do with
me yet it is in their hosts file. http://pcbutts1.software.informer.com/
Don't tell me there is a double standard for them.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

 

[Leythos]

*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

Chris, Stalking on the internet is a crime, you are warned that you will
be reported to your providers if you continue.

Learn more about Butt's lack of ethics and obsessions in the links
below.

--
Leythos - (e-mail address removed) (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=en&q=pcbutts1+thief
http://tinyurl.com/4rruwd

 

[FromTheRafters]

From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people listed
| below. They do NOT have the expertise or knowledge to fix your issue. Do
| not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
| Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is
included in his
conglemeration of plagiarized and pirated material called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com

<snippage>

So nice to be included! Gives me the warm fuzzies.

How ever did I and/or my site qualify as a thief and a troll? I guess
my looks could very well be considered "troll-ish" and I did steal
some sweet tarts from the dime store when I was 5 or 6. Hmmm.... well
there ya go.

Sincerely,
clay troll thief
http://images.elfwood.com/art/c/h/chronicdoodler/trollthief.jpg

Gee, ya think ya know someone - an' he turns out to be trollthief.

....is nothing sacred?

 

[Roy]

                       *** Cross Posted ***

Hello Gaz:

If you have any suspected malware files, send them to:

                 <http://www.virustotal.com/>

for possible identification.

If you receive evidence to corroborate your theory, also pass those
files to the Avira, Malwarebytes and SUPERAntiSpyware folks for their
examination and inclusion in their databases.

Warm regards,

Pete

Another acquiantance of mine having installed Avira premium installed
in his PC did miss it also... It was not even recognized as
conficker,downadup, kido etc, but just plain recycler.

 

[Dustin Cook]

Latest deinfitions of avira, completely missing what i believe are
variants of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential
windows login files, creates autorun.inf on attatched usbs, which
point either to a recycler folder and a 'boot' file or a mispelled
recycler folder, causing the infection to be passed on, other files
are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any
of these.

Gaz

If you would like to submit them to http://uploads.malwarebytes.org I'll
see that we do detect them with a future update.

 

[Dustin Cook]

From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people
| listed below. They do NOT have the expertise or knowledge to fix your
| issue. Do not waste your time. David H Lipman, Malke, PA Bear,
| Beauregard T. Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is
included in his conglemeration of plagiarized and pirated material
called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com
127.0.0.1 www.elephantboycomputers.com
127.0.0.1 elephantboycomputers.com
127.0.0.1 www.it-mate.co.uk
127.0.0.1 it-mate.co.uk
127.0.0.1 mysteryfcm.co.uk
127.0.0.1 www.mysteryfcm.co.uk
127.0.0.1 www.internetinspiration.co.uk
127.0.0.1 internetinspiration.co.uk
127.0.0.1 www.mvps.org
127.0.0.1 mvps.org
127.0.0.1 bughunter.it-mate.co.uk
127.0.0.1 www.bughunter.it-mate.co.uk
127.0.0.1 www.siri.geekstogo.com
127.0.0.1 siri.geekstogo.com
127.0.0.1 siri.urz.free.fr
127.0.0.1 www.siri.urz.free.fr
127.0.0.1 noahdfear.geekstogo.com
127.0.0.1 www.noahdfear.geekstogo.com

You may also add me to the displeased user list. He'll block my software
(BugHunter) but so far, I don't get the recognition David has been given.
I want my spotlight too!

 

[Max Wachtel]

JD, after much thought, came up with this jewel:

David..

Thanks for the added information. I forgot that he's in the MVP HOSTS
file. But you're already on his list. ;-)

* PCBUTTS WARNING* Do NOT follow any advice given by the people listed
below. They do NOT have the expertise or knowledge to fix your issue. Do
not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
Shagnasty, Leythos.

I want to be on the list!

Christopher, can you hear me now?

I used to be on the list-must be slipping! "it" had made a page just for
me at one time.