Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Discussion in 'Spyware' started by Betina, May 15, 2006.

  1. Betina

    Betina Guest

    I have said on many occasions in another group that the his multi_av tool is
    too intrusive. It just deletes things it finds automatically without user
    intervention, It does not make a backup, there is no quarantining, and the
    scanning is very slow. Good luck with your issues.
     
    Betina, May 15, 2006
    #1
    1. Advertisements

  2. Betina

    Leythos Guest

    I've used it on quite a few systems, even ones that are not infected,
    and never seen where it has done damage to good files. Sure, if you've
    got an infected file that is critical to the operation of the PC you're
    going to have problems with any removal utility, but why would you
    expect less?

    Removing a virus/compromise should be a stop gap measure on the way to
    saving the data and then wiping the machine. As all virus / malware
    removal tools are "reactionary", in that they can't get the latest and
    greatest until detected, you only means to ensure a clean machine is to
    wipe/reinstall from scratch in a secure environment.

    I use Multi-AV to clean machines, but I also won't certify the machines
    as clean - I will only certify a wipe/reinstall machine as to being
    clean.

    In my experience, once a machine is compromised, all bets are off as to
    it working properly, even after removal of the malware - that's whey
    they have a "repair/reinstall" mode.
     
    Leythos, May 15, 2006
    #2
    1. Advertisements

  3. I've had no problem using it. It identified two of my files as trojans,
    as expected (they're not, but every antivirus program I've tried flags
    them anyway). It did nothing harmful to my system, and it did nothing
    that I did not ask it to do.

    rl
     
    Rhonda Lea Kirk, May 15, 2006
    #3
  4. Rhonda Lea Kirk wrote:

    I've had no problems running it and ALL the Scans, it has found the odd
    rogue file and deleted them.
     
    Keith (Southend), May 15, 2006
    #4
  5. Betina

    Leythos Guest

    Pcbutts1 said, in another group, that he's betina and posted the above
    reply. So, since he hates David, you all know how much weight his
    postings about the multi-av tool carries.
     
    Leythos, May 16, 2006
    #5
  6. Betina

    Betina Guest

    Leythos you are a stalking idiot.




     
    Betina, May 16, 2006
    #6
  7. As a Sophos licence holder for many years, I can state categorically that it didn't do
    that.
    What it sounds like is your user profile is/was broken.
     
    Befunge Sudoku, May 16, 2006
    #7
  8. Betina

    Quilljar Guest


    Ah another name for the killfile!

    --
    Cheers,

    Quilly

    Sorry, but an individual reply goes into my spam filter
     
    Quilljar, May 16, 2006
    #8
  9. Betina

    Leythos Guest

    The problem is that with all his name shifting, KF'ing his different
    names many actually KF a valid name at some point.
     
    Leythos, May 16, 2006
    #9
  10. An interesting reply, especially as Leythos didn't mention a certain
    "ass" name in his reply, at all...


    Gabriele Neukam

     
    Gabriele Neukam, May 16, 2006
    #10
  11. Betina

    Far Canal Guest

    Quilljar wrote


    Only an idiot makes a fuss about who they plonk.
    **** off and play with your boats.
     
    Far Canal, May 16, 2006
    #11
  12. Betina

    CJofVP Guest

    As an experiment, I downloaded Mutli_AV lastnight and used it from the hard
    drive, after booting from a PE CD. I didn't dump System Restore, or
    tempfiles ... as I wanted to see what would happen assuming the scenario was
    a massive infection on the primary drive with those options being
    unavailable to me. I used CMD to run it from
    \AV-CLS.

    Multi_av. exe performed as designed, however, the sophos scan took about 4
    hours from start to finish. I'm assuming this had to do with System Restore
    not being emptied. Also, I had forgot about a drive Image I'd saved to C:...
    LOL... Sophos stopped attempting to scan it and said it could be a 'Zip
    Bomp'.

    Otherwise, the scan finished normally with no viruses being the result. On
    reboot into normal mode, my AVG tried to download updates and Scan at the
    same time, this resulted in a program crash (my fault for not suspending
    Scan on startup in AVG.) So I stopped the scan, and killed the update
    process and rebooted. Everything was fine after that. I manually
    downloaded the updates, and then did a scan.
     
    CJofVP, May 16, 2006
    #12
  13. A while back I killfiled you inadvertently. It took me about four or five
    days to realize my mistake when I failed to see your posts. All of this
    troll nonsense just disrupts the group. Which is their aim in the first
    place. Trolls should be rigorously plonked. There is no excuse for feeding
    a troll.
     
    James E. Morrow, May 16, 2006
    #13
  14. From: "CJofVP" <>

    | As an experiment, I downloaded Mutli_AV lastnight and used it from the hard
    | drive, after booting from a PE CD. I didn't dump System Restore, or
    | tempfiles ... as I wanted to see what would happen assuming the scenario was
    | a massive infection on the primary drive with those options being
    | unavailable to me. I used CMD to run it from
    | \AV-CLS.
    |
    | Multi_av. exe performed as designed, however, the sophos scan took about 4
    | hours from start to finish. I'm assuming this had to do with System Restore
    | not being emptied. Also, I had forgot about a drive Image I'd saved to C:...
    | LOL... Sophos stopped attempting to scan it and said it could be a 'Zip
    | Bomp'.
    |
    | Otherwise, the scan finished normally with no viruses being the result. On
    | reboot into normal mode, my AVG tried to download updates and Scan at the
    | same time, this resulted in a program crash (my fault for not suspending
    | Scan on startup in AVG.) So I stopped the scan, and killed the update
    | process and rebooted. Everything was fine after that. I manually
    | downloaded the updates, and then did a scan.
    |


    Thank you for that very informative, feedback, post !
     
    David H. Lipman, May 16, 2006
    #14
  15. Betina

    Dustin Cook Guest

    Which leads me to question your expertise in this case. Malware is
    offly vague. If you won't certify a box as clean due to any version of
    malware, I seriously question your credibility and experience in this
    field.
    Which malware are we talking about? viruses, worms, trojans,
    keyloggers, desktop hijackers.. what specifically would come under the
    "all bets are off" terminology? Surely your not going to tell me a
    trojan/backdoor/desktop hihacker and/or keylogger requires a
    reformat/reinstall to make sure it's clean? Even with today's viruses,
    it's usually not necessary. It really does depend on what your dealing
    with. To say reformat/reinstall clean in all cases is foolhearty.

    Regards,
    Dustin Cook
    author of BugHunter
    http://bughunter.atspace.org
     
    Dustin Cook, May 17, 2006
    #15
  16. Betina

    Dustin Cook Guest

    I can only comment on one aspect of this. With regard to the scanning
    is very slow comment. It's using multiple scanners... That's going to
    cause a time hit... Which isn't the fault of the multiav program
    itself. It's nobodies fault really. The more scanners you use, the
    longer it's going to take.

    If your going to bash on a program, stick with things withen it's
    authors control, eh? :)

    Regards,
    Dustin Cook
    author of BugHunter
    http://bughunter.atspace.org
     
    Dustin Cook, May 17, 2006
    #16
  17. Betina

    Leythos Guest

    If I have to "Certify" the box as clean, I will only do so if I
    wipe/reinstall in a clean environment. If you don't understand why, then
    you've never talked with an Attorney about liability and you've never
    worked with the Government for secure networks.

    Now, if it was a friends computer, and he didn't want my Business
    signature on the cleaning, I would have no problems cleaning the machine
    and feeling confident that I completely cleaned it, but there is no
    financial liability there.

    If you really think you can perfectly, 100% of the time, clean a
    compromised system without a wipe/reinstall, then you need to doubt your
    own logic.
     
    Leythos, May 18, 2006
    #17
  18. Those are fine accomplishments, kind sir.. Now in all seriousness, I
    asked you why you would wipe and reinstall under some particular
    conditions; quite frankly, nobody does this in my profession for very
    sound reasons.

    I don't recall claiming 100%. Nothing is 100%. Without that silly
    percentage your comment falls flat on it's face, like much of what
    you've said.

    In some cases, you can be sure the box is alright after cleaning
    particular things. I made no statement otherwise in my previous post to
    you. What I did was question your actual technical skill. By chance are
    you a programmer yourself, or do you have to rely on others work to
    clean these clients machines?
     
    bughunter.dustin, May 18, 2006
    #18
  19. Betina

    Leythos Guest

    In most cases, and I've only seen a few where it wasn't, it's quicker to
    flatten a box then repair it. My profession is secure networks and
    network design, my side profession is database / application design and
    production tuning/maintenance.
    It's all about liability, not about my confidence. If I claim to clean
    your machine of all malware, 100%, and you take it to your office/home,
    and you get ripped off because some unknown, never before seen, malware
    records all your banking information... Then two weeks later the AV
    vendors develop a signature for it, and then your computer is shown to
    have been infected from before my cleaning, well, I can kiss my company
    goodbye.
    I code in 11 languages, half of them are machine control languages,
    other are your common application development languages. I design secure
    network for medical centers and medical groups along with government
    groups, and we've never been compromised inside the networks we design
    and then manage. In my 20+ years, I've had 1 customer, a CFO that used
    his own laptop, could not get it any other way, that would not let us
    lock it down, he signed a waiver, compromised. His laptop did not
    compromise the rest of the network, but lets just say he learned a
    lesson and won't be playing poker online any more :)

    Look at it this way, when it comes to security and cleaning a machine,
    I'm wise enough to know that there are kids out there creating new
    malware that's undetected every day, that AV/Spyware vendors lag behind
    days if not weeks, and I'm not going to take chances when I have to
    certify something clean. Anything less would be irresponsible of me.
     
    Leythos, May 18, 2006
    #19
  20. Betina

    pcbutts1 Guest

    Liar!



     
    pcbutts1, May 18, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.