nubc
glad to see you have tracked down rootkits/trojans on your system
I recommend, if you are to continue using IE, installing WOT
http://www.mywot.com/en/download/ie
as it will warn of malware/bad sites - most times, accurately
see earlier and herein repeated sandboxIE message
For general info, and to put people's minds at rest, I just verified using XP SP2 & a deliberately vulnerable IE6, by trapping any likely malware in a sandbox [as suggested earlier - SandboxIE] - There was NO viral activity from the forum despite nubc's assertions
Keep it clean! Use Puppy/any other browser than IE!!
Good post, Chris, as usual
Aitch
Alpha Anti-Virus hijack attempt
Hmmm .....
Occasionally, I would have to troubleshoot a system with an infected malware ... Most of the time, I had to do it manually .... The minor to medium malware infection can be cleared up in about an hour ... The bad a*ss ones could take up to 3-4 hours ...
One of the symptoms that you're having a bad a*ss malware is when you've attempted all sorts of software assisted disinfection methods and yet you still get "hijacked" ... This is what I call the hocrux effect ... A piece of malware with the ability to split itself/link/service and hide it into several windows objects using the dark arts ... The real smart bad a*ss will definitely do a hidden system service that's tough to remove ... An attempt to kill it will just make it spawn a new one in the background ...
Such a malware have a timer or counter mechanism that triggers an activity ... You could be at Disney's website and still get such an activity ... Many people failed to understand that software assisted malware cleaning is not 100% effective. A cocktail of malware cleaners does help but is still less than 100% effective ...
Hocrux hunting is also a difficult art to master itself ... Whenever I encounter a new malware, it could take me hours to find and destroy all the hocrux ... The only cure to such an infection for the layman is prevention ... Even a fresh re-install from zero does not guarantee a no-reinfection if it has spread to your broom flying pen drives or other external storages .... A suitable antivirus from a trusted source can definitely help (ie. I do recommend Comodo for those who really cannot afford yearly licenses).
Unfortunately, I haven't encounter this AlphaAV malware thus I am unable to say where to find its roots .....
Rgds
Occasionally, I would have to troubleshoot a system with an infected malware ... Most of the time, I had to do it manually .... The minor to medium malware infection can be cleared up in about an hour ... The bad a*ss ones could take up to 3-4 hours ...
One of the symptoms that you're having a bad a*ss malware is when you've attempted all sorts of software assisted disinfection methods and yet you still get "hijacked" ... This is what I call the hocrux effect ... A piece of malware with the ability to split itself/link/service and hide it into several windows objects using the dark arts ... The real smart bad a*ss will definitely do a hidden system service that's tough to remove ... An attempt to kill it will just make it spawn a new one in the background ...
Such a malware have a timer or counter mechanism that triggers an activity ... You could be at Disney's website and still get such an activity ... Many people failed to understand that software assisted malware cleaning is not 100% effective. A cocktail of malware cleaners does help but is still less than 100% effective ...
Hocrux hunting is also a difficult art to master itself ... Whenever I encounter a new malware, it could take me hours to find and destroy all the hocrux ... The only cure to such an infection for the layman is prevention ... Even a fresh re-install from zero does not guarantee a no-reinfection if it has spread to your broom flying pen drives or other external storages .... A suitable antivirus from a trusted source can definitely help (ie. I do recommend Comodo for those who really cannot afford yearly licenses).
Unfortunately, I haven't encounter this AlphaAV malware thus I am unable to say where to find its roots .....
Rgds
I was using my XP box earlier this afternoon when I suffered one of the fake anti-virus hijack attempts.I rebooted so fast I didn't even notice the name, but after Malwarebytes, SuperAntispyware And Avira scans my computer luckily wasn't infected.
And I was using Firefox 3.5.5 by the way, so its not just the IE users who need to be careful.
And I was using Firefox 3.5.5 by the way, so its not just the IE users who need to be careful.