AndreiASM

Comments

  • Since a rootkit usually operates in kernel mode, there chances that BD will miss some of them. Why? A big part of the answer was already given by Cris; in kernel mode, you have absolute power over the computer; nothing stops the rootkit from making low-level hooks to various operating system functions; for example, any…
  • I'm not a programmer either, nor am I a "virus researcher" whatever that is. I'm just a user, but I know enough to see that you don't know what you are talking about. Killing running processes prevents the program from starting with windows. Does not effects the computer in any other ways. It's an awkward way of doing it,…
  • Hello, I used to love Bitdefender. I was using it back when no one even knew about it. I was always happy with it. Now, on my recommendation, we bought a few licenses for 2009... I feel silly now. Where is the EXIT button? Bitdefender has sunk as low as Norton by not including that VERY IMPORTANT feature in any program.…
  • Troianul se injecteaza in svchost.exe. O solute este sa pornesti in safe mode, si sa scanezi asa (evident, deconectat de la internet). Teoretic, trebuie sa te scape de el.
  • Soon we will add clean routine for this new variant of Virtob too. Since time was against us, I only added detection signature (a more elaborate algorithm must be created in order to clean the files). Best regards!
  • This is an injector, which means that it will inject its code into one or more processes. In this case, the trojan may have launched svchost into execution, and basically, overwrote the original code with its own. This way, the file remains clean, only its memory image gets infected. However, to make sure and remove any…
  • This trojan has similar behavior like those described here. Detection shall be added.
  • In arhiva se gaseste doar fisierul inf (executabilul wormului este gol). Te rog sa ne atasezi si executabilul wormului pt. a-l putea diseca. Nu uita sa setezi parola infected la arhiva. O zi buna.
  • The name of the archive is a little bit confusing, because it contains 2 keyloggers. Basically, they both do the same: drop an executable and a library in system32, and load that library under as many processes as they can (the library does the actual keylogging, the executable is just an "injector" that injects the…
  • Ataseaza-ne fisierele cu pricina la un nou post. O zi buna in continuare.
  • E intradevar un downloader. Ne cerem scuze pt. intarziere. Detectia va fi adaugata.
  • new virus The file is detected as: Trojan.Waledac.H
  • Este vorba de o detectie generica. Te rog sa ne atasezi fisierele cu pricina la un nou post, arhivate, cu parola infected. O zi buna.
  • Te rog sa atasezi programul la un nou post, arhivat cu parola infected. Vom vedea daca e FP sau nu. O zi buna.
  • Am sa caut exact fisiere infectate desi stiu sigur ca fisierele sunt afectate pentru ca virusi au semnaturi aparte iar fisierele afectate sau infectate contin data de creere sau de modificare a virusului gresesc? cel putin la astea de .exe. cat despre o problema de hardw sau soft nu cred ca e vb pentru ca din cate am citit…
  • Fisierele atasate sunt clean. Problema poate sa fie legata de hardware sau chiar de CD-ul dumneavoastra cu Windows, in cazul in care nu este original. Craciun fericit!
  • In ce sens "sa-l dezactivezi"? Fi mai explicit.
  • Ataseaza un log hijack-this, doar din simptome nu ne putem da seama daca e vorba de vreun malware sau problema soft.
  • It is indeed a downloader. Detection will be added.
  • Te referi la intrarea din registrii "Internet Explorer"="c:\\windows\\system32\\iexplore.exe"? Daca da, atunci trimite-ne fisierul c:\\windows\\system32\\iexplore.exe.
  • Please upload them again, both files inside the archive are empty.
  • Please clear your browser`s cache (You should disable BD real-time protection before this. Don`t forget to re-enable it afterwards).
  • Please place it into an archive protected with the password infected and attach it to a new post. You will get a response asap.
  • Obviously, your friend is using some sort of a social engineering to make you believe that he will help get rid of the keylogger. Well, if you run that "uninstaller" you won`t do anything else except installing one. You could also post a HijackTjis log. And the answer is NO. Do not run the uninstaller.
  • Buna seara la toti De doua zile nu mai reusesc sa-mi curat registry!! Am incercat cu "RegistryMechanic" ( pe care-l folosesc demult) si cu "AML Free Registry Cleaner"( l-am pus acum la lucru) Amandoua duc treaba pana la 90% cand SE REBOTEAZA PC-UL. Am observat ca mi-a aparut in folderul unde salvez programele un exe.…
  • Thank you for the sample. Detection will be added.
  • Pare a fi malware ultimul sample. Detectia va fi adaugata.
  • The popup message you get may well be a bug in BitDefender. Please, all of you who get this message, attach a scan log to a new post. Best regards!
    in Virus Comment by AndreiASM October 2008
  • Please continue posting here. It is the same problem. Best regards!
  • Inca un gunoi de introdus la semnaturi: Redenumiti fisierul cu extensia exe, bszente, ai linkurile de unde a provenit in un PM. Semnat ca Trojan.Downloader.Zlob.ABSS, detectia a intrat deja in produs.
Avatar