I agree Milo. Detecting that a file contains malware is important, but
other things can be *more* important. If the detector can *identify* a
specific malware for instance (giving it a name) it is more useful than
just a filename. Where the suspect file is located is important - but
most important in my opinion is *how* it got there and what *else* may
have been done from that point on. These rogues have the ability to do
some serious damage even after they are *removed*. Unfortunately, I fear
HJT won't address file infections at all, only some other start methods.
HJT analysis may be able to *identify* the exact malware by its various
startup methods, but I doubt it will be able to tell you what other
malware was available at the referenced malicious server at any given
time, or what other malware uses the same ingress vector yet gets less
"press" attention.
Preempt the OP's likelihood of interpreting your post as a request to
post his HJT log here, and I don't think anyone will object.
"Milo" <jfcoel@xxxxxx> wrote in message
news:eP2EzGF6JHA.5932@xxxxxx
Quote:
> Hi Malke,
>
> out of respect to the links as indicated - the troubleshooting " by
> using a 3rd party tool - a nice marketing intro for the MB product "
> revolves only in XP environment not in Vista as what satyad's
> concern - as it also prompts in one way or the other the use of
> Hijackthis so how would that be different to my request of hijackthis
> log. And the FakeAV in satyad case and like any other fake AV it
> didn't came alone since the behavior he indicated now usually
> fake/rogue av are introduced by a catalyst malware, which am more
> concern about than the fake AV which is only the payload and recently
> some of them even have rootkit capability.
>
> And if so the request for the log is granted, I would ask them to send
> it via e-mail which I would gladly analyze myself.
>
>
>
> "Malke" <malke@xxxxxx> wrote in message
> news:eNDnde25JHA.1420@xxxxxx Quote:
>> Milo wrote:
>> Quote:
>>> Hi satyad,
>>>
>>> It only means it was installed on an admin rights and then created
>>> another
>>> account to lockdown users capability to remove or uninstall the said
>>> application and worst some have rootkit capability that is becoming
>>> more
>>> and more complex in each new variant that comes out in the open.
>>>
>>> Download hijackthis send in the logs and lets have it analyzed on
>>> what
>>> variant/class of rogue or fake AV you have. Also what version of
>>> zone
>>> alarm are you using, have you updated it recenty?
>>
>> Milo - I see you are back and again telling posters to run HijackThis
>> and
>> "lets [sic] have it analyzed". Once again, we do not analyze HJT logs
>> here
>> in the MS newsgroups. If you are going to tell people to run HJT
>> (which
>> should really be the last resort, especially when there are already
>> clear
>> removal instructions for the OP's infection - given by DL), then at
>> least
>> give them links to some specialty forums to post the HJT logs.
>>
>> Malke
>> --
>> MS-MVP
>> Elephant Boy Computers - Don't Panic!
>> http://www.elephantboycomputers.com/#FAQ
>>