Malware and Anti-Malware

Discussion in 'Computer Security' started by =?Utf-8?B?U3RvcA==?=, Aug 22, 2005.

  1. I tried about a dozen anti ad/spy programs but none helped completely.
    Some found malware that others missed. They helped to a certain extent only.

    There were files in the system32 directory and elsewhere that did not show
    up in the windows explorer but could be seen only in the command prompt
    window.
    There were also registry entries that were invisible to regedit.exe but
    could be seen with the reglite program.

    There was a registry entry in the HKLM\Software\Microsoft\WindowsNT\Current
    Version\Windows that used ntdll.dll and it called on another file repair.dll
    and, of course, that file was also invisible.
    Searching the registry with reglite for a ntdll.dll file and seeing what it
    calls upon to do would be helpful.

    Almost all of these files could not be deleted because they were used by
    windows.
    I deleted the ntdll entry in the registry.
    Then I mounted the hard drive on another computer, deleted ntdll.dll in
    system32 directory and replaced it with another one. I also deleted some
    other files one of which was named erara. That was probably a randomly
    generated name as were many other files I found.

    After doing this, mounting the drive back and rebooting all problems went
    away.

    The programs that were most useful were Super Ad Blocker, Trend Micro
    Antispyware, cwshredder, ewido, spy sweeper, and of course reglite without
    which registry entries were invisible.
    But NONE of these programs was able to do the disinfecting job by itself.

    The Hijack this and Silent runners programs were helpful in the end to see
    what remained, if anything.
    They showed some registry entries of spyware that were already deleted.

    Microsoft's antispyware and Spybot search & destroy would pick up the
    spyware, sound warnings, seemed to destroy the invaders but after the next
    reboot the computer was invaded again.

    This was my first extremely painful and time wasting exercise and made me
    realize how horribly unsecure the programs Windows and Internet Explorer are.
    Even after all the security fixes.

    For a novice person I would recommend just reformat your hard drive and do a
    complete re-install. You'll save a lot of time that way.
    Of course you should back up your data and then scan them with a few
    different programs before you put them back in the new installation.
    And even then your data may not be 100% safe.

    In the search for solutions I came upon sites filled with frustated and
    angry users who have to be subjected to all this nonsense and have been used
    so that these malware companies located in NY and CA would make money by
    selling "mouse clicks".

    The above is intended to give a general idea of how dificult it is, if not
    IMPOSSIBLE, for the vast majority of users to accomplish, with some hints for
    the experts.


    PS. The above was mistakenly also posted in another thread.
     
    =?Utf-8?B?U3RvcA==?=, Aug 22, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.