Posted on Global Malaysians Network: Subject : Business & Professional Networking, Thread : IT Questions - Anti Virus
19 March 2008 at 11:09pm
Sorry for being a latecomer. Please be reminded that I'm not giving any further counter-comments or response to any question or turn this into a technical forum, just a personal view as I don't think I'm an expert in this issue...not yet...
Please also look into the possibility of spread of lunatic and more complex worms like Brontok (any version), Ravmon etc. (not the desktop htt or folder ini - that is not too fatal and can be taken out by a normal anti-virus)
Now, based on my experience, not many anti-virus (which I don't want to mention which one..as I've tried almost all of them) can survive against them except if you know :
a) the 'manual removal' via accessing the *back door* of the registry-editing, (not the normal 'regedit' - it may already not working) *safe mode/command prompt*
b) control-alt-del and look for 'disguising executable files' and/or if necessary, terminating the 'explorer exe' for a while and key in a new fresh command of 'exe'.
c) how to check against the camouflaging files with so-called 'trusted certs'
d) Unhide not only the files but also 'protected system files' as well, (if this doesn't work either i.e. you don't see the 'file-options' - you better call for a 'bigger brains' to help you out)
etc.
Many would not take the challenge except "FORMAT the disk"...if you've given up hope and still on XP, then you should go on doing that - but ensure that you choose the FAT...try to avoid NFTS
If you're a person who loves challenges - try not use any software or application or antivirus - as my last objective is to see the 'scripting' behind such worm after I have manually quarantine it. Reason being, I like to chart the movement of such worm and kinda do a reverse process back to the source - e.g. the 'original brontok' comes from photozip. (photozip needs to be launched the first time..and the rest is history)
As you know, these worms are capable to :
a) Duplicate your e-mail address book and starting to send in e-mails from 'you' to all your friends - with porn links and bad-bad 'words' - you only know after you get ****ed by your friends claiming that you're the one who is sending them.
b) Duplicate even your login and the whole files within your PC/Laptop and your capacity getting bigger and bigger - suddenly everything begin to go slower and slower for no reason - despite you've tried all kinds of anti-virus or even more surprising, whenever you're on the net, while trying to type 'virus removal or the words brontok or ravmon' in the search box, suddenly the browser closed automatically....haaa nasty!!
c) bugged the whole network if you're on network,
d) 'override' 'security system' and 'firewall'..
e) denying your access to 'regedit', denying full use of 'command prompt', inflicting 'pain' to your USB-based application once connected - like your pendrive, gosh..
f) sometimes, you feel you have deleted them, but they reappear after rebooting...and don't trust your 'system restore'
You still fail, then you should carefully look for the right 'antedote'
What I'm trying to tell you all is that should you experience any of what I've said above, then, trust me, not many anti-virus can help (it is possible the anti-virus itself has been bugged)
There are quite a lot of antedotes on the net.
19 March 2008 at 11:09pm
Sorry for being a latecomer. Please be reminded that I'm not giving any further counter-comments or response to any question or turn this into a technical forum, just a personal view as I don't think I'm an expert in this issue...not yet...
Please also look into the possibility of spread of lunatic and more complex worms like Brontok (any version), Ravmon etc. (not the desktop htt or folder ini - that is not too fatal and can be taken out by a normal anti-virus)
Now, based on my experience, not many anti-virus (which I don't want to mention which one..as I've tried almost all of them) can survive against them except if you know :
a) the 'manual removal' via accessing the *back door* of the registry-editing, (not the normal 'regedit' - it may already not working) *safe mode/command prompt*
b) control-alt-del and look for 'disguising executable files' and/or if necessary, terminating the 'explorer exe' for a while and key in a new fresh command of 'exe'.
c) how to check against the camouflaging files with so-called 'trusted certs'
d) Unhide not only the files but also 'protected system files' as well, (if this doesn't work either i.e. you don't see the 'file-options' - you better call for a 'bigger brains' to help you out)
etc.
Many would not take the challenge except "FORMAT the disk"...if you've given up hope and still on XP, then you should go on doing that - but ensure that you choose the FAT...try to avoid NFTS
If you're a person who loves challenges - try not use any software or application or antivirus - as my last objective is to see the 'scripting' behind such worm after I have manually quarantine it. Reason being, I like to chart the movement of such worm and kinda do a reverse process back to the source - e.g. the 'original brontok' comes from photozip. (photozip needs to be launched the first time..and the rest is history)
As you know, these worms are capable to :
a) Duplicate your e-mail address book and starting to send in e-mails from 'you' to all your friends - with porn links and bad-bad 'words' - you only know after you get ****ed by your friends claiming that you're the one who is sending them.
b) Duplicate even your login and the whole files within your PC/Laptop and your capacity getting bigger and bigger - suddenly everything begin to go slower and slower for no reason - despite you've tried all kinds of anti-virus or even more surprising, whenever you're on the net, while trying to type 'virus removal or the words brontok or ravmon' in the search box, suddenly the browser closed automatically....haaa nasty!!
c) bugged the whole network if you're on network,
d) 'override' 'security system' and 'firewall'..
e) denying your access to 'regedit', denying full use of 'command prompt', inflicting 'pain' to your USB-based application once connected - like your pendrive, gosh..
f) sometimes, you feel you have deleted them, but they reappear after rebooting...and don't trust your 'system restore'
You still fail, then you should carefully look for the right 'antedote'
What I'm trying to tell you all is that should you experience any of what I've said above, then, trust me, not many anti-virus can help (it is possible the anti-virus itself has been bugged)
There are quite a lot of antedotes on the net.
No comments:
Post a Comment