Malicious Software Removal Tool?

[CWLee]

Running Vista Ultimate 64-bit, OEM on a new HP computer.

I receive regular updates to something called MS's Malicious
Software Removal Tool. I Goggled that term, and found a MS
site urging me to download the tool.

Question: Is that tool already a part of Vista? If not,
why do I receive updates to it? (I have not installed it
myself.)

Thanks.

--

 

[David H. Lipman]

From: "CWLee" <[email protected]>

|
| Running Vista Ultimate 64-bit, OEM on a new HP computer.
|
| I receive regular updates to something called MS's Malicious
| Software Removal Tool. I Goggled that term, and found a MS
| site urging me to download the tool.
|
| Question: Is that tool already a part of Vista? If not,
| why do I receive updates to it? (I have not installed it
| myself.)
|
| Thanks.
|
The Malicious Software Removal (MRT) utility is NOT a part of Vista. It is a downloaded
anti malware scanner provided by Microsft for Win2K, WinXP, Win2003 Server, etc.

You can manually download the utility, which is updated monthly for new threats, from
Microsoft or you can just allow this to be done automatically via Windows Updates.

Once downloded...

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

The following is the resultant log file...

%windir%\Debug\mrt.log

 

[Malke]

Running Vista Ultimate 64-bit, OEM on a new HP computer.

I receive regular updates to something called MS's Malicious
Software Removal Tool. I Goggled that term, and found a MS
site urging me to download the tool.

Question: Is that tool already a part of Vista? If not,
why do I receive updates to it? (I have not installed it
myself.)

The Malicious Software Removal Tool is not part of Vista. It is offered from
Windows Update to machines running XP, Vista, and Server operating systems.
It scans for a limited number of malware programs. When using Windows
Updates or Automatic Updates, it will automatically run and you will not
get any feedback whatsoever, it runs in quiet mode and then it just deletes
itself. After it is finished, it writes the result to a log file.

To see the log file, run the following command from Start/Run:

notepad %windir%\Debug\Mrt.log

Malicious Software Removal Tool explanation -
http://www.microsoft.com/security/malwareremove/default.mspx

Malke

 

[AlexB]

After you donwload it it will show you a GUI with three options. Select FULL
scan. It will take quite a while but it is worth it. The MSRT reads all
files and checks code for known patters of malicious software. It then
removes the suspects and cleans the registry of their entries.

My policy is not to use any 3-rd party anti-malware except Spybot S&D.
Windows Vista offers sufficient protection against malicious software
writers some of them I am sure watch this forum very carefully.

Download Microsoft Windows Baseline Security Analyzer. It is Beta 2.1 for
Vista and I think it is safe to download. Run it.

<http://www.microsoft.com/downloads/...AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en>

It will give you all your vulnerabilities, especially in your firewall
settings. You should read the report and if it suggests any changes, you
should consider them.
Your Windows firewall setting will be analyzed.

Download Microsoft® Windows® Malicious Software Removal Tool (KB890830). It
will want to run upon install. Choose the FULL scan although it may give you
a threatening message that it might take a few hours. It will scan your
entire computer in about half an hour or less if you do not have a lot of
stuff in it.

<http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en>

Some reassuring information: Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/default.mspx>
The Microsoft Windows Malicious Software Removal Tool helps remove specific,
prevalent malicious software from computers that are running Windows Vista,
Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/?kbid=890830

You can also go to Protection Center (Microsoft)
<http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt>
and click "Protection Scan." There will be a dropdown menu and a button:
"Launch Full Scan or Vista." You can do it if you wish.

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be asked
for donations but it is up to you. It is very up to date and every week you
will have to download new updates, sometimes even more often. You should
check for updates every time you run it. It will give you all su*kers
leached into your registry and ask you if you wanted to remove them. Many of
them have masqueraded themselves under MS Windows names like
Windows.something. Do not hesitate to kill them all. You can trust SB S&D.

http://www.spybot.info/en/index.html

It also allows you to IMMUNIZE your system. It means that when you go to a
website and they try to download some kind of a Trojan to you SB S&D will
either kill it silently, or ask you if you want to do it or will kill it and
give you a notice. It is better to let it kill them all in silence.

Listen to Mark Russinovich's (MS) webcast: Advanced Malware Cleaning

<http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359>

Downloading any 3-rd party "free" anti-spyware program (with teh exception
SB S&D) is an invitation for a disaster.

The AV (antivirus industry) is on the way to the cemetery:
The slow death of AV technology:
http://www.theregister.co.uk/2007/06/08/death_of_av/
Vista did it in.
Last note: it has been suggested around here by some unscrupulous trolls
that the Microsoft Malicious Software Removal Tool (MSRT) and SB S&D do not
clean the registry. MSRT and SB S&D work on different principles. MSRT in
full mode reads RAM memory and detects patterns in the files that match
known viruses and other malware configuraions. This is why it takes so long
to run. If malicious code is detected it is also quite likely that it has a
representation in the registry. The only way to remove a particular piece of
malware is to CLEAN the registry off of this key.
SB S&D works by going thru the registry and locating known names that match
its database of malicious software. After all culprits are found the user is
asked if he/she want to remove the malicious software. If you say OK, then
the registry IS CLEANED of this set of malicious execs. The execs themselves
are killed in the respective folders.
In this sense both tools do CLEAN the registry. They do not do any
"housekeeping" which is absolutely superfluous and unnecessary. It is NOT
recommended by MS and most of the experienced users as well.

*******************************
Additional security measure
To prevent unauthorized breaks into your computer, go to Computer
management, and disable Disable "Internet Guest Account." Make sure "Guest"
account is disabled. It should be disabled by default.

 

[NoStop]

Running Vista Ultimate 64-bit, OEM on a new HP computer.

I receive regular updates to something called MS's Malicious
Software Removal Tool. I Goggled that term, and found a MS
site urging me to download the tool.

Question: Is that tool already a part of Vista? If not,
why do I receive updates to it? (I have not installed it
myself.)

Thanks.

If you're running Vista, you're already running MS's Malicious Software
Adding Tool. Probably wouldn't hurt to use their Removal Tool. That way you
can watch your Vista box do something.

Cheers.

--
My Killfile List: Frank, dennis@home ... Sorry won't be able to read your BS
any longer.

A PDF Book for Windows Users new to Linux:
http://www.suseblog.com/dl.php

Contact AlexB to find out how to "delouse" your Vista system.

 

[AlexB]

You are a sick, sick person. Just crazy. Your hatred for MS has no limits.

You are also a dishonest, malicious troll who enjoys people having trouble.
It makes you tick. It feels your life with joy. You are a scoundrel.

 

[NoStop]

AlexB wrote:

More boilerplate drivel from AlexB ...

After you donwload it it will show you a GUI with three options. Select
FULL scan. It will take quite a while but it is worth it. The MSRT reads
all files and checks code for known patters of malicious software. It then
removes the suspects and cleans the registry of their entries.

My policy is not to use any 3-rd party anti-malware except Spybot S&D.
Windows Vista offers sufficient protection against malicious software
writers some of them I am sure watch this forum very carefully.

Download Microsoft Windows Baseline Security Analyzer. It is Beta 2.1 for
Vista and I think it is safe to download. Run it.

It will give you all your vulnerabilities, especially in your firewall
settings. You should read the report and if it suggests any changes, you
should consider them.
Your Windows firewall setting will be analyzed.

Download Microsoft® Windows® Malicious Software Removal Tool (KB890830).
It will want to run upon install. Choose the FULL scan although it may
give you a threatening message that it might take a few hours. It will
scan your entire computer in about half an hour or less if you do not have
a lot of stuff in it.

Some reassuring information: Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/default.mspx>
The Microsoft Windows Malicious Software Removal Tool helps remove
specific, prevalent malicious software from computers that are running
Windows Vista, Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/?kbid=890830

You can also go to Protection Center (Microsoft)
<http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt>
and click "Protection Scan." There will be a dropdown menu and a button:
"Launch Full Scan or Vista." You can do it if you wish.

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be asked
for donations but it is up to you. It is very up to date and every week
you will have to download new updates, sometimes even more often. You
should check for updates every time you run it. It will give you all
su*kers leached into your registry and ask you if you wanted to remove
them. Many of them have masqueraded themselves under MS Windows names like
Windows.something. Do not hesitate to kill them all. You can trust SB S&D.

http://www.spybot.info/en/index.html

It also allows you to IMMUNIZE your system. It means that when you go to a
website and they try to download some kind of a Trojan to you SB S&D will
either kill it silently, or ask you if you want to do it or will kill it
and give you a notice. It is better to let it kill them all in silence.

Listen to Mark Russinovich's (MS) webcast: Advanced Malware Cleaning

<http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359>

Downloading any 3-rd party "free" anti-spyware program (with teh exception
SB S&D) is an invitation for a disaster.

The AV (antivirus industry) is on the way to the cemetery:
The slow death of AV technology:
http://www.theregister.co.uk/2007/06/08/death_of_av/
Vista did it in.
Last note: it has been suggested around here by some unscrupulous trolls
that the Microsoft Malicious Software Removal Tool (MSRT) and SB S&D do
not clean the registry. MSRT and SB S&D work on different principles. MSRT
in full mode reads RAM memory and detects patterns in the files that match
known viruses and other malware configuraions. This is why it takes so
long to run. If malicious code is detected it is also quite likely that it
has a representation in the registry. The only way to remove a particular
piece of malware is to CLEAN the registry off of this key.
SB S&D works by going thru the registry and locating known names that
match its database of malicious software. After all culprits are found the
user is asked if he/she want to remove the malicious software. If you say
OK, then the registry IS CLEANED of this set of malicious execs. The execs
themselves are killed in the respective folders.
In this sense both tools do CLEAN the registry. They do not do any
"housekeeping" which is absolutely superfluous and unnecessary. It is NOT
recommended by MS and most of the experienced users as well.

*******************************
Additional security measure
To prevent unauthorized breaks into your computer, go to Computer
management, and disable Disable "Internet Guest Account." Make sure
"Guest" account is disabled. It should be disabled by default.

--
The three Rs of Microsoft support: Retry, Reboot, Reinstall.

Proprietary Software: a 20th Century software business model.

Contact AlexB to find out how to "delouse" your Vista system.

 

[NoStop]

You are a sick, sick person. Just crazy. Your hatred for MS has no limits.

You are also a dishonest, malicious troll who enjoys people having
trouble. It makes you tick. It feels your life with joy. You are a
scoundrel.

AlexB, don't you have better things to do now, like "delousing" your Vista
system?

Cheers.

--
The three Rs of Microsoft support: Retry, Reboot, Reinstall.

Proprietary Software: a 20th Century software business model.

Q: What OS is built for lusers?
A: Which one requires running lusermgr.msc to create them?

Contact AlexB to find out how to "delouse" your Vista system.

 

[David H. Lipman]

From: "AlexB" <[email protected]>

| You are a sick, sick person. Just crazy. Your hatred for MS has no limits.
|
| You are also a dishonest, malicious troll who enjoys people having trouble.
| It makes you tick. It feels your life with joy. You are a scoundrel.
|

And your policy...

| My policy is not to use any 3-rd party anti-malware except Spybot S&D.
| Windows Vista offers sufficient protection against malicious software
| writers some of them I am sure watch this forum very carefully.
|

Is just plain WRONG !

What the MRT catches will NOT be caught by SpyBot S&D which gears towards non-viral malware
of the adware/spyware class. The MRT specifically targets certain Trojans, Internet worms
and Trojans using RootKit techniques. It may NOT be the best utility but if it flags a
file(S) it can't deal with it is certainly better then not knowing they existed on the PC.

The fact is what Vista offers is insufficient. The fact is one method of protection is to
check for digital signatures in the installers. Malware authors are now using certificate
authorities to digitally sign their malware to thwart Vista.

A good example...
http://sunbeltblog.blogspot.com/2008/02/dangerous-new-fake-american-greetings.html

 

[AlexB]

What is plain wrong? I never said anything that prompted your
"clarification" that MRT will somehow overlap with SB S&D in function. Where
did I say anything like this?

Yes, SB S&D gears toward non-viral but it also seems to run a portion which
IS geared toward it. Just watch how it runs. Watch the progress bur and the
textbox underneath.

You are saying that what Vista offers is insufficient. I dare say it is YOUR
private opinion.

On the other hand what I offered is MINE.

It is my PRIVATE opinion. I doubt you can support or rather prove yours and
I do not intend to prove mine.

The bottom line is: I am running 4 Vista systems now. I rely on MS means
only. So far I haven't had any trouble. It is only one side of the story.

The other side: I stopped using CA, ZoneAlarm and other tools once I got
Vista. Before I always had trouble with them in terms of handling access,
etc. It is my personal impression that a lot of people around here have
trouble with that software as well.

It is also very problematic to rely on them. You apparently do not
understand the liability issue. CA & ZoneAlarm which are the largest among
their peers have very low liability due to their small size and MS on the
other hand is very massive. In lawyer's terms it is a dip pocket. They have
a VESTED interest to make sure that their anti-malware products work and up
to date. They have enormous staff resources and bank accounts to throw the
very best minds to control bad software.

As a counterpoint, some of the people around here flash crazy names like
"Elephant Computers" and other small potatoes I've never heard of. What if
they missed a few spies? It will affect 15 computers and nobody will ever
sue them. MS on the other hand is VERY VULNERABLE. They have enormous
incentive to come out clean and do their best. The recent history of viruses
as news fodder testifies to that: there have been none whereas before, just
a few years ago, news stories about malicious software overtaking computers
around the world were a commonplace.

Don't tell me this sh*it. If you do not understand what you are talking
about, just shut up.

I actually suggest that you post your opinion independently. Tell them that
"free" antivirus program from a website www.xyz.com will save them from all
devils. I dare you do it. I've seen such posts around here aplenty.

Do you understand how many resources it takes to create and maintain a
database of malicious software? Can you imagine that Malke or whoever he is
can afford to do something like this? When people say MS is insufficient,
well, I start thinking, who those people are?

I am not affiliated with MS, I am not employed by them. I am self-employed.
I do not sell any software. Writing software is NOT my way to make a living.
I am deeply interested in safe computing because I have been victimized many
times. And I run software that needs a lot of protection (stocks trading).
One of the reasons of my being here is to learn all the tricks the crooks
employ.

 

[David H. Lipman]

From: "AlexB" <[email protected]>

| What is plain wrong? I never said anything that prompted your
| "clarification" that MRT will somehow overlap with SB S&D in function. Where
| did I say anything like this?
|
| Yes, SB S&D gears toward non-viral but it also seems to run a portion which
| IS geared toward it. Just watch how it runs. Watch the progress bur and the
| textbox underneath.


There is some overlap. However, it is a minor overlap.


|
| You are saying that what Vista offers is insufficient. I dare say it is YOUR
| private opinion.


I supplied facts based upon my contacts with COMSEC and INFOSEC personnel, with malware
researchers and with employees of anti malware companies. I have been studying viruses
since circa 1990 when I installed a Netware v2.x network for a client who had the
"Jerusalem.B" virus. Studying the broad family of malware has been my hobby ever since.
This is not just knowing the infectors but studying the infection vectors and what they use
to get installed. This includes vulnerability exploitation, social engineering, digital
signatures and other methodolgies.


|
| On the other hand what I offered is MINE.
|
| It is my PRIVATE opinion. I doubt you can support or rather prove yours and
| I do not intend to prove mine.


I did support it. I provided you with a URL to a SunBelt blog post about a Trojan with
RootKit techniques that also uses a digital ceertificate to thwart the security protections
of Vista.


|
| The bottom line is: I am running 4 Vista systems now. I rely on MS means
| only. So far I haven't had any trouble. It is only one side of the story.
|
| The other side: I stopped using CA, ZoneAlarm and other tools once I got
| Vista. Before I always had trouble with them in terms of handling access,
| etc. It is my personal impression that a lot of people around here have
| trouble with that software as well.
|
| It is also very problematic to rely on them. You apparently do not
| understand the liability issue. CA & ZoneAlarm which are the largest among
| their peers have very low liability due to their small size and MS on the
| other hand is very massive. In lawyer's terms it is a dip pocket. They have
| a VESTED interest to make sure that their anti-malware products work and up
| to date. They have enormous staff resources and bank accounts to throw the
| very best minds to control bad software.
|
| As a counterpoint, some of the people around here flash crazy names like
| "Elephant Computers" and other small potatoes I've never heard of. What if
| they missed a few spies? It will affect 15 computers and nobody will ever
| sue them. MS on the other hand is VERY VULNERABLE. They have enormous
| incentive to come out clean and do their best. The recent history of viruses
| as news fodder testifies to that: there have been none whereas before, just
| a few years ago, news stories about malicious software overtaking computers
| around the world were a commonplace.
|
| Don't tell me this sh*it. If you do not understand what you are talking
| about, just shut up.


I "know" what I have written. I have access to information that you don't.


|
| I actually suggest that you post your opinion independently. Tell them that
| "free" antivirus program from a website www.xyz.com will save them from all
| devils. I dare you do it. I've seen such posts around here aplenty.


That is the only true statemant you've made. Malware authors are beating malware
researchers and no anti malware vendor is 100% effective. However even the free Avira
AntiVir is better that Microsoft's Live One Care solution.


|
| Do you understand how many resources it takes to create and maintain a
| database of malicious software? Can you imagine that Malke or whoever he is
| can afford to do something like this? When people say MS is insufficient,
| well, I start thinking, who those people are?
|
| I am not affiliated with MS, I am not employed by them. I am self-employed.
| I do not sell any software. Writing software is NOT my way to make a living.
| I am deeply interested in safe computing because I have been victimized many
| times. And I run software that needs a lot of protection (stocks trading).
| One of the reasons of my being here is to learn all the tricks the crooks
| employ.
|

There is NO opinion in what I have stated. I stated facts.

Malke is a female and SHE knows more than you. She also has access to information that you
will never have access to.

I don't make a living at writing software either. What I do does concern INFOSEC and COMSEC
and I have access to information that you will NOT have.

 

[key.boarder]

What is plain wrong? I never said anything that prompted your
"clarification" that MRT will somehow overlap with SB S&D in function.
Where did I say anything like this?

Yes, SB S&D gears toward non-viral but it also seems to run a portion
which IS geared toward it. Just watch how it runs. Watch the progress bur
and the textbox underneath.

You are saying that what Vista offers is insufficient. I dare say it is
YOUR private opinion.

On the other hand what I offered is MINE.

It is my PRIVATE opinion. I doubt you can support or rather prove yours
and I do not intend to prove mine.

The bottom line is: I am running 4 Vista systems now. I rely on MS means
only. So far I haven't had any trouble. It is only one side of the story.

The other side: I stopped using CA, ZoneAlarm and other tools once I got
Vista. Before I always had trouble with them in terms of handling access,
etc. It is my personal impression that a lot of people around here have
trouble with that software as well.

It is also very problematic to rely on them. You apparently do not
understand the liability issue. CA & ZoneAlarm which are the largest among
their peers have very low liability due to their small size and MS on the
other hand is very massive. In lawyer's terms it is a dip pocket. They
have a VESTED interest to make sure that their anti-malware products work
and up to date. They have enormous staff resources and bank accounts to
throw the very best minds to control bad software.

As a counterpoint, some of the people around here flash crazy names like
"Elephant Computers" and other small potatoes I've never heard of. What if
they missed a few spies? It will affect 15 computers and nobody will ever
sue them. MS on the other hand is VERY VULNERABLE. They have enormous
incentive to come out clean and do their best. The recent history of
viruses as news fodder testifies to that: there have been none whereas
before, just a few years ago, news stories about malicious software
overtaking computers around the world were a commonplace.

Don't tell me this sh*it. If you do not understand what you are talking
about, just shut up.

I actually suggest that you post your opinion independently. Tell them
that "free" antivirus program from a website www.xyz.com will save them
from all devils. I dare you do it. I've seen such posts around here
aplenty.

Do you understand how many resources it takes to create and maintain a
database of malicious software? Can you imagine that Malke or whoever he
is can afford to do something like this? When people say MS is
insufficient, well, I start thinking, who those people are?

I am not affiliated with MS, I am not employed by them. I am
self-employed. I do not sell any software. Writing software is NOT my way
to make a living. I am deeply interested in safe computing because I have
been victimized many times. And I run software that needs a lot of
protection (stocks trading). One of the reasons of my being here is to
learn all the tricks the crooks employ.

You arrogant, self-righteous, gassy, blubbering, paranoid, pathetic old
prick. You have been victimized many times only because you are stupid. The
experienced people here haven't been victimized, haven't been compromised
and haven't had to rebuild system after system like you have. You will
continue to be victimized until you develop a little humility and open up
your closed narrow little mind. You will continue to make the same mistakes
over and over again because the peice of your sad little brain that learns
from mistakes is missing. You have aligned yourself with the trolls instead
of the known experts because you don't have the brains or judgement to know
the difference between them and apparently don't have the research skills to
learn who is who.
Your only reason for being here is because your sad little ego gets some
kind of thrill from blabbering nonsense.

 

[key.boarder]

From: "AlexB" <[email protected]>

| What is plain wrong? I never said anything that prompted your
| "clarification" that MRT will somehow overlap with SB S&D in function.
Where
| did I say anything like this?
|
| Yes, SB S&D gears toward non-viral but it also seems to run a portion
which
| IS geared toward it. Just watch how it runs. Watch the progress bur and
the
| textbox underneath.


There is some overlap. However, it is a minor overlap.


|
| You are saying that what Vista offers is insufficient. I dare say it is
YOUR
| private opinion.


I supplied facts based upon my contacts with COMSEC and INFOSEC personnel,
with malware
researchers and with employees of anti malware companies. I have been
studying viruses
since circa 1990 when I installed a Netware v2.x network for a client who
had the
"Jerusalem.B" virus. Studying the broad family of malware has been my
hobby ever since.
This is not just knowing the infectors but studying the infection vectors
and what they use
to get installed. This includes vulnerability exploitation, social
engineering, digital
signatures and other methodolgies.


|
| On the other hand what I offered is MINE.
|
| It is my PRIVATE opinion. I doubt you can support or rather prove yours
and
| I do not intend to prove mine.


I did support it. I provided you with a URL to a SunBelt blog post about
a Trojan with
RootKit techniques that also uses a digital ceertificate to thwart the
security protections
of Vista.


|
| The bottom line is: I am running 4 Vista systems now. I rely on MS means
| only. So far I haven't had any trouble. It is only one side of the
story.
|
| The other side: I stopped using CA, ZoneAlarm and other tools once I got
| Vista. Before I always had trouble with them in terms of handling
access,
| etc. It is my personal impression that a lot of people around here have
| trouble with that software as well.
|
| It is also very problematic to rely on them. You apparently do not
| understand the liability issue. CA & ZoneAlarm which are the largest
among
| their peers have very low liability due to their small size and MS on
the
| other hand is very massive. In lawyer's terms it is a dip pocket. They
have
| a VESTED interest to make sure that their anti-malware products work and
up
| to date. They have enormous staff resources and bank accounts to throw
the
| very best minds to control bad software.
|
| As a counterpoint, some of the people around here flash crazy names like
| "Elephant Computers" and other small potatoes I've never heard of. What
if
| they missed a few spies? It will affect 15 computers and nobody will
ever
| sue them. MS on the other hand is VERY VULNERABLE. They have enormous
| incentive to come out clean and do their best. The recent history of
viruses
| as news fodder testifies to that: there have been none whereas before,
just
| a few years ago, news stories about malicious software overtaking
computers
| around the world were a commonplace.
|
| Don't tell me this sh*it. If you do not understand what you are talking
| about, just shut up.


I "know" what I have written. I have access to information that you
don't.


|
| I actually suggest that you post your opinion independently. Tell them
that
| "free" antivirus program from a website www.xyz.com will save them from
all
| devils. I dare you do it. I've seen such posts around here aplenty.


That is the only true statemant you've made. Malware authors are beating
malware
researchers and no anti malware vendor is 100% effective. However even
the free Avira
AntiVir is better that Microsoft's Live One Care solution.


|
| Do you understand how many resources it takes to create and maintain a
| database of malicious software? Can you imagine that Malke or whoever he
is
| can afford to do something like this? When people say MS is
insufficient,
| well, I start thinking, who those people are?
|
| I am not affiliated with MS, I am not employed by them. I am
self-employed.
| I do not sell any software. Writing software is NOT my way to make a
living.
| I am deeply interested in safe computing because I have been victimized
many
| times. And I run software that needs a lot of protection (stocks
trading).
| One of the reasons of my being here is to learn all the tricks the
crooks
| employ.
|

There is NO opinion in what I have stated. I stated facts.

Malke is a female and SHE knows more than you. She also has access to
information that you
will never have access to.

I don't make a living at writing software either. What I do does concern
INFOSEC and COMSEC
and I have access to information that you will NOT have.

AlexB strikes again. I am sure he will now scream at you that INFOSEC and
COMSEC are inspired by commies and crooks because he has never heard of
them. No wonder he has been victimized over and over.What he doesn't know
and is incapable of learning would fill a universe.

AlexB gives really stupid advice most of the time, ie: leave your computer
connected to the internet overnight and all your problems will fix
themselves and you don't need anti virus apps, Spybot S&D will take care of
everything. He attacks posters for making mistakes that he constantly makes
himself. His first language isn't English and he expects you to know what he
means when he says something that makes no sense and then he will yell and
swear at you that you are stupid for not knowing what he really meant to
say. He really wants to be a wise elder but he gets so pissed off when
people point out his stupidities and absurdities because he cannot believe
anyone would doubt his wisdom. He is arrogant, homophobic, racist,
irrational, paranoid, abusive and hypocritical. He pounces with questionable
advice on posters new to the group and then abandons the thread when it is
obvious he is in over his head. He denigrates known experts on the os, using
ridiculous assertions proclaiming his expertise. He is unfamiliar with
common apps that are used by IT professonals because he believes they are
malware written by crooks and if you disagree with him, you are scum and a
commie.

 

[CWLee]

Harvard huh...
I didn't know they had a division at the California State
University

It doesn't, but CalState has a division at Harvard!

Thanks for your suggestions.

Seems like one can't ask the time of day in some newsgroups
without two or more posters going into name-calling mode.
:-(

Best regards.

 

[MICHAEL]

There is NO opinion in what I have stated. I stated facts.

Malke is a female and SHE knows more than you. She also has access to information that you
will never have access to.

I don't make a living at writing software either. What I do does concern INFOSEC and COMSEC
and I have access to information that you will NOT have.

Dave,

I have been coming to this forum since it was first opened
during the Vista betas. In all that time, I have never come
across a bigger ignoramus than AlexB. Everyone knows that
he is a fool, except the fool himself, and that's the way it usually
goes. He obviously doesn't care how much he embarrasses
himself..... fools have no shame.

Unfortunately, I don't have the time to post like I once did.
If I did, I would continue to beat down his utter nonsense that
he usually spews in this forum. I am glad you have taken him
to task this time, as others have recently done. His "policy" on
securing and curing computer infections is dangerously inadequate.
Especially, for novice computer users who may not know any better
and think his advice is actually good advice. We know it is *not*.

I do want to thank you for what you've contributed to this
forum, your knowledge and help is greatly appreciated.
Thanks.


Take care,

Michael

 

[AlexB]

Well, you post IS interesting. I will have to study it, it is very serious.

Before I proceed I want to say that I do accept your statement that the
malware authors beat officialdom of software business.

However, you also should take into account this factor: I cannot devote time
and resources you've got to study the issue for years. I have other things
to do. I am always in a hurry. What I am trying to do it to keep AN EYE on
the issue. I want to keep in touch as much as I can, therefore I have to
take many decisions intuitively. I do not have information you have, that is
true. It may be privileged or it may be accessible only to people who
elevate themselves to the level of sort of insiders to read between the
lines and comprehend many details. I do not have this time and I do not want
to do it.

Again, I have to make MY decisions intuitively. My intuitive decision (and I
do not regret it) is to side with MS. I am also convinced that many people
around here are in similar, or even worse position in terms of not being
able to make a sound judgment on anti-malware products.

Again, my INTUITIVE (for the most part) judgment is not to trust any free
software offers UNLESS I can see the source code. I am a software developer
by the virtue of so many years practicing this technology and when I see
something written in C# for instance, and can check all the classes and what
they are doing, then I can compile it and put it into my machine. A recent
example is ExtendedRichTextBox I got on the web and now it is a part of
every my Rtf everywhere.

I also want to add that as an MSDN subscriber and a developer, and also
observing MS evolution in the recent past I am convinced that MS world is
rich enough to withstand the malware challenge.

I stand my ground but I wish we could have a more comprehensive discussion.
I've seen your name before here and if you stick around I may ask you a
question or two.

Many thanks for your post. I appreciate it.

 

[AlexB]

It is beneath my dignity to answer this crook but for he sake of some people
who may be mislead by his seemingly "objective" language I want to answer
this part:

leave your computer connected to the internet overnight and all your
problems will fix
themselves and you don't need anti virus apps

This recommendation is give to people who have two kinds of problems. Some
complain that they see their HDD to run like crazy when they turn the
machine on. Sure it should do if they turn it on only for a limited time of
typing a school report. Vista needs to do updates and check all internal
databases. This is one reason why MS RECOMMENDS that the updates be done at
3AM daily. What does it mean for an idiot like keyboarder? NOTHING. He keeps
twisting the recommendations MS has given to people and claims that AlexB
does it.

The conclusion: Keyboarder is an IDIOT.

there is another reason for people to leave their machines overnight, of
course, if they are not infested with Trojans, etc. During update times
Vista checks compatibility of the updates with the computer configuration,
if all dlls are in place, if they are up to date, etc.

if there are compatibility issues, Vista will download the software pieces
that are needed.

Again, the conclusion is that Keyboarder is an IDIOT.

It is a curse of this group that there are so many unscrupulous people
hanging around.

 

[RA]

It is beneath my dignity to answer this crook but for he sake of some
people who may be mislead by his seemingly "objective" language I
want to answer this part:

And you are one of the most unscrupulous and misleading people here.

 

[David H. Lipman]

From: "AlexB" <[email protected]>

| Well, you post IS interesting. I will have to study it, it is very serious.

< snip >

Just to prove to you that Microsoft is inadequate, I sent some files to Virus Total.

I stated earlier that even the free Avira AntiVir was better. In the following VT reports
Microsoft's so-called AV solution caught none and AntiVir caught them all.


File rasesnet.exe received on 02.20.2008 20:10:59 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 TR/Vundo.Gen
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.20 Suspicious File
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 -
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 not-a-virus:AdWare.Win32.Virtumonde.gen
McAfee 5234 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2889 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 Heuristic: Suspicious File With Bad Child Associations
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 Trojan.Vundo.Gen
Additional information
File size: 52736 bytes
MD5: 8a446c42c124761026bb83f5e7a4fe14
SHA1: 18ae34a10667a0dc6218537fddd1631c0658571d
PEiD: -
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=7CA65EC8008125EFCE790028B7ED9F00D6EE0635





File wavvsnet.exe received on 02.20.2008 20:11:08 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 TR/Crypt.NSPM.Gen
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 Downloader.Zlob.RZ
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 Trojan.DownLoader.47332
eSafe 7.0.15.0 2008.02.20 suspicious Trojan/Worm
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 Suspicious:W32/Malware!Gemini
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5234 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2889 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 Heuristic: Suspicious File With Outbound Communications
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 Sus/ComPack
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 Trojan.Crypt.NSPM.Gen
Additional information
File size: 158286 bytes
MD5: c8d0ba583fe5f0d4955d2f36c7e035bc
SHA1: 546b09f554c001c4f830a6e2d0e9c39f43c1c5c2
PEiD: -
packers: EXECryptor
packers: Execryptor
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=3E08D1CD4E5FEF3D6AC5021B0D735B005162530A




File xpre.exe received on 02.20.2008 20:11:18 (CET)


Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.20 Suspicious File
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 Trojan-Downloader.Win32.VB.axa
Ikarus T3.1.1.20 2008.02.20 Trojan-Downloader.Win32.VB.atp
Kaspersky 7.0.0.125 2008.02.20 Trojan-Downloader.Win32.VB.axa
McAfee 5234 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2889 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 Heuristic: Suspicious File With Outbound Communications
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 Sus/ComPack
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 Trojan.Crypt.XPACK.Gen
Additional information
File size: 168448 bytes
MD5: 71875edc2bbc7a7429127e9f08a44069
SHA1: 5c3c4fad821bc945da282772841212cb279485d6
PEiD: -
packers: EXECryptor
packers: Execryptor, PE_Patch.PECompact, PecBundle, PECompact
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=055716090048B026924402189E95C3000E8FFC09




File yazzsnet.exe received on 02.20.2008 20:11:29 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 DR/Scapur.K.15
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 Win32urityScan-Q
AVG 7.5.0.516 2008.02.20 Downloader.Purityscan.Y
BitDefender 7.2 2008.02.20 Adware.Purityscan.JA
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.20 Trojan.Scapur-23
DrWeb 4.44.0.09170 2008.02.20 Adware.ClickSpring
eSafe 7.0.15.0 2008.02.20 Win32.Scapur.k
eTrust-Vet 31.3.5550 2008.02.20 Win32/Clspring.HM
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 W32/Scapur.K!tr
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 Trojan.Win32.Scapur.k
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 Trojan.Win32.Scapur.k
McAfee 5234 2008.02.20 potentially unwanted program Adware-PurityScan
Microsoft 1.3204 2008.02.20 -
NOD32v2 2889 2008.02.20 probably a variant of Win32/TrojanDownloader.PurityScan
Norman 5.80.02 2008.02.20 PurityScan.BPZ
Panda 9.0.0.4 2008.02.20 Adware/Yazzle
Prevx1 V2 2008.02.20 Trojan.DoS.Win32.Opdos
Rising 20.32.22.00 2008.02.20 Trojan.Win32.Undef.cqb
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 Adware.Purityscan
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 Trojan.Win32.Scapur.k
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 Trojan.Dropper.Scapur.K.15
Additional information
File size: 218632 bytes
MD5: 1466eca117b6d3b43a255208bd8935a3
SHA1: 76393ff09f1da36f3b90a9859eba29d2b4a4782a
PEiD: -
packers: PECompact, UPX
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=8A78872408E73C2B563E038FE14AC6004A9897FC

 

[key.boarder]

It is beneath my dignity to answer this crook but for he sake of some
people who may be mislead by his seemingly "objective" language I want to
answer this part:

With the filth you dare to post, you still believe you have dignity? That
must be another word you don't know the meaning of.
Just remember all your previous posts are out there for everyone to see.
Just because you don't know how to go back to old threads doesn't mean we
all don't.