Safe Mode Virus

[Guest]

My laptop had a critical error yesterday, upon restarting it said it had just
recovered from a serious error. I sent the report to microsoft who informed
me i had a virus, which was only "visible" in safe mode. I'd need to restart
in safe mode and run the protection scan from safety.live.com. I've done
that, but it says i'm clean. Should I just ignore this problem? Or is there
something I'm missing?

 

[SUMMONER]

Try running Symantec's online-scan and if it doesn't find anything
either I would say there is no virus.
(http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true)

Kind Regards

Malte

 

[David H. Lipman]

From: "Musto Snuggs" <Musto (e-mail address removed)>

| My laptop had a critical error yesterday, upon restarting it said it had just
| recovered from a serious error. I sent the report to microsoft who informed
| me i had a virus, which was only "visible" in safe mode. I'd need to restart
| in safe mode and run the protection scan from safety.live.com. I've done
| that, but it says i'm clean. Should I just ignore this problem? Or is there
| something I'm missing?

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Critical Errors are not really indicative of a virus or other malware.

Use the following Multi AV Scanning Tool to find out if it is indeed a virus.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[Yves Leclerc]

My laptop had a critical error yesterday, upon restarting it said it had just
recovered from a serious error. I sent the report to microsoft who informed
me i had a virus, which was only "visible" in safe mode. I'd need to restart
in safe mode and run the protection scan from safety.live.com. I've done
that, but it says i'm clean. Should I just ignore this problem? Or is there
something I'm missing?

Get a true "anti-virus" software package and install it to the hard drive.
I've seen systems where te "so called" on-line anti-virus scanners failed to
detect the virus that had infested the PC. AVG and avast! both have "free"
downloadable versions of the anti-virus software. It has all the
detection/cleaning functionality in them.

 

[David H. Lipman]

From: "Yves Leclerc" <[email protected]>


|
| Get a true "anti-virus" software package and install it to the hard drive.
| I've seen systems where te "so called" on-line anti-virus scanners failed to
| detect the virus that had infested the PC. AVG and avast! both have "free"
| downloadable versions of the anti-virus software. It has all the
| detection/cleaning functionality in them.
|

I am losing faith in both AVG and AVAST !
The following is a report on a well known Downloader Trojan that BOTH AVG and AVAST failed
to detect !

AntiVir 6.33.0.61 12.13.2005 TR/Dldr.TComBil.L.1
Avast 4.6.695.0 12.13.2005 no virus found
AVG 718 12.08.2005 no virus found
Avira 6.33.0.61 12.13.2005 TR/Dldr.TComBil.L.1
BitDefender 7.2 12.13.2005 Trojan.Downloader.Agent.UF
CAT-QuickHeal 8.00 12.13.2005 TrojanDownloader.Vidlo.y
ClamAV devel-20051108 12.12.2005 Trojan.Small-152
DrWeb 4.33 12.13.2005 Trojan.DownLoader.5869
eTrust-Iris 7.1.194.0 12.13.2005 Win32/SillyDL.9760!Trojan
eTrust-Vet 12.3.3.0 12.13.2005 Win32/DlWreck.S
Ewido ?? 12.13.2005 TrojanDownloader.Agent.uf
Fortinet 2.54.0.0 12.12.2005 W32/Agent.UF!tr
F-Prot 3.16c 12.12.2005 security risk named W32/Downloader.KZW
Ikarus 0.2.59.0 12.13.2005 Trojan-Downloader.Win32.Agent.UF
Kaspersky 4.0.2.24 12.13.2005 Trojan-Downloader.Win32.Vidlo.y
McAfee 4648 12.12.2005 Downloader-AAP.b
Microsoft ?? 12.13.2005 no virus found
NOD32v2 1.1320 12.12.2005 Win32/TrojanDownloader.Agent.NDD
Norman 5.70.10 12.13.2005 W32/DLoader.NNC
Panda 8.02.00 12.13.2005 Trj/Downloader.GTG
Sophos 4.00.0 12.13.2005 Troj/Agent-UF
Symantec 8.0 12.13.2005 Download.Trojan
Trend Micro 103 12.13.2005 TROJ_YABE.F
TheHacker 5.9.1.054 12.13.2005 no virus found
VBA32 3.10.5 12.13.2005 Trojan-Downloader.Win32.Agent.uf


Kaspersky and NOD32 are far better suggestions. Thes is NO free lunch !

BTW: About the email message that you recived that was masquerade for the MS05-039 patch
that contains the file... Windows-KB899588-x86-ENU.exe Interestuingly, so far all those
that I have heard from that have received this email are on Sympatico.Com

AntiVir 6.33.0.61 12.12.2005 TR/Luhn
Avast 4.6.695.0 12.10.2005 no virus found
AVG 718 12.08.2005 no virus found
Avira 6.33.0.61 12.12.2005 TR/Luhn
BitDefender 7.2 12.13.2005 Trojan.Spy.Luhn.A
CAT-QuickHeal 8.00 12.12.2005 TrojanSpy.Luhn.a
ClamAV devel-20051108 12.12.2005 Trojan.Spy.W32.Luhn
DrWeb 4.33 12.12.2005 Trojan.Sklog
eTrust-Iris 7.1.194.0 12.13.2005 Win32/Luhn!Spy!Dropper
eTrust-Vet 12.3.3.0 12.12.2005 Win32/Luhn.A
Fortinet 2.54.0.0 12.12.2005 W32/SpyLuhn.A-dr
F-Prot 3.16c 12.12.2005 security risk or a "backdoor" program
Ikarus 0.2.59.0 12.13.2005 no virus found
Kaspersky 4.0.2.24 12.13.2005 Trojan-Spy.Win32.Luhn.a
McAfee 4649 12.13.2005 Keylog-Sklog.dr
NOD32v2 1.1320 12.12.2005 no virus found
Norman 5.70.10 12.12.2005 no virus found
Panda 8.02.00 12.12.2005 Trj/Spy.Luhn
Sophos 4.00.0 12.12.2005 Troj/Dropper-BV
Symantec 8.0 12.13.2005 Trojan.Dropper
TheHacker 5.9.1.053 12.12.2005 no virus found
Trend Micro 993 12.09.2005 TROJ_DROPPER.VK
VBA32 3.10.5 12.12.2005 Trojan-Spy.Win32.Luhn.a

 

[Leythos]

I am losing faith in both AVG and AVAST !
The following is a report on a well known Downloader Trojan that BOTH AVG and AVAST failed
to detect !

Over the last couple years, KAP and Symantec (not Norton) have been
listed as #1 and #2 in their protection ability from unpaid/unbiased
sources.

While I've seen Symantec miss a new virus, I've only seen it miss one in
all the years I've used it - the update 4 hours later had the detection
ability.

 

[deebs]

From: "Yves Leclerc" <[email protected]>


|
| Get a true "anti-virus" software package and install it to the hard drive.
| I've seen systems where te "so called" on-line anti-virus scanners failed to
| detect the virus that had infested the PC. AVG and avast! both have "free"
| downloadable versions of the anti-virus software. It has all the
| detection/cleaning functionality in them.
|

I am losing faith in both AVG and AVAST !
The following is a report on a well known Downloader Trojan that BOTH AVG and AVAST failed
to detect !

AntiVir 6.33.0.61 12.13.2005 TR/Dldr.TComBil.L.1
Avast 4.6.695.0 12.13.2005 no virus found
AVG 718 12.08.2005 no virus found
Avira 6.33.0.61 12.13.2005 TR/Dldr.TComBil.L.1
BitDefender 7.2 12.13.2005 Trojan.Downloader.Agent.UF
CAT-QuickHeal 8.00 12.13.2005 TrojanDownloader.Vidlo.y
ClamAV devel-20051108 12.12.2005 Trojan.Small-152
DrWeb 4.33 12.13.2005 Trojan.DownLoader.5869
eTrust-Iris 7.1.194.0 12.13.2005 Win32/SillyDL.9760!Trojan
eTrust-Vet 12.3.3.0 12.13.2005 Win32/DlWreck.S
Ewido ?? 12.13.2005 TrojanDownloader.Agent.uf
Fortinet 2.54.0.0 12.12.2005 W32/Agent.UF!tr
F-Prot 3.16c 12.12.2005 security risk named W32/Downloader.KZW
Ikarus 0.2.59.0 12.13.2005 Trojan-Downloader.Win32.Agent.UF
Kaspersky 4.0.2.24 12.13.2005 Trojan-Downloader.Win32.Vidlo.y
McAfee 4648 12.12.2005 Downloader-AAP.b
Microsoft ?? 12.13.2005 no virus found
NOD32v2 1.1320 12.12.2005 Win32/TrojanDownloader.Agent.NDD
Norman 5.70.10 12.13.2005 W32/DLoader.NNC
Panda 8.02.00 12.13.2005 Trj/Downloader.GTG
Sophos 4.00.0 12.13.2005 Troj/Agent-UF
Symantec 8.0 12.13.2005 Download.Trojan
Trend Micro 103 12.13.2005 TROJ_YABE.F
TheHacker 5.9.1.054 12.13.2005 no virus found
VBA32 3.10.5 12.13.2005 Trojan-Downloader.Win32.Agent.uf


Kaspersky and NOD32 are far better suggestions. Thes is NO free lunch !

BTW: About the email message that you recived that was masquerade for the MS05-039 patch
that contains the file... Windows-KB899588-x86-ENU.exe Interestuingly, so far all those
that I have heard from that have received this email are on Sympatico.Com

AntiVir 6.33.0.61 12.12.2005 TR/Luhn
Avast 4.6.695.0 12.10.2005 no virus found
AVG 718 12.08.2005 no virus found
Avira 6.33.0.61 12.12.2005 TR/Luhn
BitDefender 7.2 12.13.2005 Trojan.Spy.Luhn.A
CAT-QuickHeal 8.00 12.12.2005 TrojanSpy.Luhn.a
ClamAV devel-20051108 12.12.2005 Trojan.Spy.W32.Luhn
DrWeb 4.33 12.12.2005 Trojan.Sklog
eTrust-Iris 7.1.194.0 12.13.2005 Win32/Luhn!Spy!Dropper
eTrust-Vet 12.3.3.0 12.12.2005 Win32/Luhn.A
Fortinet 2.54.0.0 12.12.2005 W32/SpyLuhn.A-dr
F-Prot 3.16c 12.12.2005 security risk or a "backdoor" program
Ikarus 0.2.59.0 12.13.2005 no virus found
Kaspersky 4.0.2.24 12.13.2005 Trojan-Spy.Win32.Luhn.a
McAfee 4649 12.13.2005 Keylog-Sklog.dr
NOD32v2 1.1320 12.12.2005 no virus found
Norman 5.70.10 12.12.2005 no virus found
Panda 8.02.00 12.12.2005 Trj/Spy.Luhn
Sophos 4.00.0 12.12.2005 Troj/Dropper-BV
Symantec 8.0 12.13.2005 Trojan.Dropper
TheHacker 5.9.1.053 12.12.2005 no virus found
Trend Micro 993 12.09.2005 TROJ_DROPPER.VK
VBA32 3.10.5 12.12.2005 Trojan-Spy.Win32.Luhn.a

An interesting report.

I have Zone Alarms full suite and it is about to expire in 70+ days or so.

Is there a broad recommendation you'd like to make about what should
replace it?

BTW: I have a very as in very, very high opinion of Trend Micro Housecall

 

[David H. Lipman]

From: "deebs" <[email protected]>

<snip >

| An interesting report.
|
| I have Zone Alarms full suite and it is about to expire in 70+ days or so.
|
| Is there a broad recommendation you'd like to make about what should
| replace it?
|
| BTW: I have a very as in very, very high opinion of Trend Micro Housecall

So you are saying that you are using CA eTrust which comes bundled with Zone Labs, Zone
Alarm

I have to put Kaspersky at the top of the list. If you practice Safe Hex, and based upon
your posts I conclude you do, Trend Micro AV software will do you well.

Right now the Trend signatures are at ~115,000 while Kaspersky is at ~165,000

 

[deebs]

From: "deebs" <[email protected]>

<snip >

| An interesting report.
|
| I have Zone Alarms full suite and it is about to expire in 70+ days or so.
|
| Is there a broad recommendation you'd like to make about what should
| replace it?
|
| BTW: I have a very as in very, very high opinion of Trend Micro Housecall

So you are saying that you are using CA eTrust which comes bundled with Zone Labs, Zone
Alarm

I have to put Kaspersky at the top of the list. If you practice Safe Hex, and based upon
your posts I conclude you do, Trend Micro AV software will do you well.

Right now the Trend signatures are at ~115,000 while Kaspersky is at ~165,000

Thank you very much for your reply David.

This also confirms a deep respect I have for Trend Micro Housecall
approach. It certainly helped me and help at a time on need seems to be
very good help indeed.

Your reply is deeply appreciated

 

[David H. Lipman]

From: "deebs" <[email protected]>


| Thank you very much for your reply David.
|
| This also confirms a deep respect I have for Trend Micro Housecall
| approach. It certainly helped me and help at a time on need seems to be
| very good help indeed.
|
| Your reply is deeply appreciated

One of the things I like about the Trend Micro online scanner is that they now have two
versions. One for IE and ActiveX and another based upon Sun Java which means it can be used
with FireFox.

http://uk.trendmicro-europe.com/housecall/v6.5/?

 

[Guest]

Thanks everyone for your advice and suggestions.

I have a full version of symantec running on my computer, and neither it,
nor the online scan of the same name found anything. On a whim I also
installed microsoft antispyware. it found one piece of spyware (although the
name of which i didn't note down), this was removed, and I have ha dno
problems since. If it does reoccur, I shall let you all know!

Thanks again,

MS