Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suggestion for Coordinated Help


  • Please log in to reply
9 replies to this topic

#1 therocher

therocher

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 11 December 2008 - 12:04 AM

This is a great site but I don't understand the basis of it.

I recently had a serious malware problem.......Winweb Security 2008.

The recommended solution on this site is Malwarebytes' Anti-Malware. I ran it and it was unable to remove the problem. I can see from looking at other Topics that others have had the same problem.

I also ran SuperAntiSpyware and that didn't work either.

After running them both a number of times it appeared that SuperAntiSpyware updated and fixed the problem. It got rid of Winweb completely.

My problem is that I see other "Topics" and look on your "Spyware Removal" section and the suggestions still seem to be to use Malwarebytes.

I'm concerned that a solution to a problem seems to be available and the left hand knows about it but nobody is telling the right hand so many will not find the correct solution.

Am I wrong?

Thanks for all the wonderful help that I do get on this site. Just trying to make it better.

Peter

BC AdBot (Login to Remove)

 


#2 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:20 AM

Posted 11 December 2008 - 08:25 AM

I'm concerned that a solution to a problem seems to be available and the left hand knows about it but nobody is telling the right hand so many will not find the correct solution.

Am I wrong?

Thanks for all the wonderful help that I do get on this site. Just trying to make it better.

Peter


Well Peter, to answer your question, No. You are not wrong, but you are not completely right either. The HijackThis Team use many tools to remove malware, MalwareBytes being only one of them. If you peruse the HijackThis Analysis forum you will find that the team recommend MalwareBytes and SuperAntiSpyware, along with a myriad of other tools, when they give instructions for a fix. Sometimes it is even recommended to use both programs. It may take more than one tool to do the job. Often, in the Am I Infected forum the first responders first try one thing, then try another. That forum is for a preliminary check where it is detrmined that there is malware present, or not. I hope that explains some. Thank you for the suggestion. Anything that offers insight or ideas is always welcome. :thumbsup:

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:20 AM

Posted 11 December 2008 - 09:26 AM

Malware writers constantly change their code and methods of attack. Likewise anti-malware writers are always updating to try to get one step ahead. There is no one cure-all for everything
Mbam is quick and easy to use and will give you an idea of what you're infected with so you know how to proceed. Many times it is all you need
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 AM

Posted 11 December 2008 - 10:22 AM

therocher,

Trust me, I do understand your frustration. Let me first explain how I write the malware guides here at BC as I feel it will help to answer your question. When I write a guide I perform the following steps:
  • Unlike most sites that write removal guides, I actually install the associated malware.
  • I then test various tools in order to see if they can remove it. Now with my guides, I never use tools that will not remove the infections for free. So that limits my choices a bit. After testing the tools, my procedure is as follows:
    • If I find a free removal tool that can remove the infection properly, I write a guide based upon it. If there are two different tools that can remove it, then I will include in the guide the choice and instructions on using either tool so that the reader can decide what they want to use.
    • If no tool can fix it, I then create a custom removal guide that describes a manual removal process.
    • If it is too difficult to explain how to remove an infection via a custom removal process, I do not write a removal guide at all.
  • Once my research is done, I write up the guide and publish it.
So if you see a guide at BleepingComputer.com, then that infection was definitively removed by whatever program I tested with at the time of the writing.

Unfortunately, though, malware writers know we are out to get them and thus the infections constantly evolve. To hinder us they change filenames, change registry paths, randomize certain characteristics, etc. When this happens we alert the anti-malware developers and they update their definitions to handle the new variant. So that means for every infection the communities must continue to monitor them in order to see if they change. In WinWeb Security's case, I just spoke to one of the developers of MBAM and they are aware of Winweb and are adding some new definitions within the next 30 minutes to fix the latest changes.

Now you may ask, why not just remove the guide until you know it will remove it? The answer is because the guide will still help those who are infected with the older variants of this malware. Remember, since the malware is constantly evolving some of the guides readers may be infected with the earlier variant that MBAM knows how to remove, while others may be infected with the newer variant that MBAM currently cannot remove. Since the guide still helps those readers who were infected with the earlier variant, it is still beneficial and should be left up.

Hope that helps to explain it.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:20 AM

Posted 11 December 2008 - 10:35 AM

I just spoke to one of the developers of MBAM and they are aware of Winweb and are adding some new definitions within the next 30 minutes to fix the latest changes.


I would just like to add that this is why we say "update before using" every time we respond.
It's also why we do more than one scan

Edited by garmanma, 11 December 2008 - 10:37 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:08:20 AM

Posted 11 December 2008 - 05:24 PM

Unlike most sites that write removal guides, I actually install the associated malware.


:flowers: ......wow.......that takes guts.

I knew they were useful to help kill an infection.....now I have more reasons to say that they're useful :thumbsup:

Edited by scff249, 11 December 2008 - 06:12 PM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#7 therocher

therocher
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 11 December 2008 - 07:13 PM

To all of you who replied to my suggestion/complaint/criticism and to all who have been so helpful on this site:

THANK YOU!!!

I am retired and my wife works on the computer during the day. I spent all night long two nights in a row trying to get rid of Winweb. On the third night a ran about my 8th full scan by Malwarebytes with no success. Then I ran about my 8th full scan on SuperAntiSpyware and behold, IT WORKED.

I was so exuberant I wanted alarms to go off. I wanted every TV channel to post it as breaking news. I wanted to have a direct line to everyone infected with Winweb and have them all get rid of it NOW.

Your replies have educated me even more as to the insidious nature of these criminal attacks. I am, at the same time, more and more convinced of the sincerity and competence of the good folks on bleepingcomputer.com.

I was not aware of the HijackThis Analysis forum. In addition to starting my own topic I went to "Spyware Removal". It has a section on Winweb but it mentions only Malwarebytes, not SuperAntiSpyware.

It seems to me that every malware ought to have it's own emergency news topic so that when someone like Malwarebytes or SuperAntiSpyware updates their fighting forces we can get the news immediately (or something like that).

Let me just say that it would be totally ungrateful to complain about this wonderful site with it's wonderful people. The people who responded on this topic took my comments to be constructive criticism, not whining, and I'm grateful for that. When it comes to personal computers it is very easy for me to turn into a super whiner but I don't want to whine at you folks.

Tx,

Peter

#8 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:08:20 AM

Posted 11 December 2008 - 08:25 PM

Let me just say that it would be totally ungrateful to complain about this wonderful site with it's wonderful people. The people who responded on this topic took my comments to be constructive criticism, not whining, and I'm grateful for that. When it comes to personal computers it is very easy for me to turn into a super whiner but I don't want to whine at you folks.


The majority of the active members here (especially those that volunteer to help) as well as the staff are more mature in terms of mannerism for the most part...or something like that (more of those that help are older than I am, I'm pretty sure :flowers:).

Of course, the tone of your post, IMO, was built around being constructive than it was about whining.

It seems to me that every malware ought to have it's own emergency news topic so that when someone like Malwarebytes or SuperAntiSpyware updates their fighting forces we can get the news immediately (or something like that).


Here's a good rule of thumb: Update your Antispyware/malware products at least once a week (maybe the same for the Antivirus you have on your computer (actually, I don't know if AV's update every week or month....)). Back up any important files (.doc, .jpg, .txt, .xls, .max, etc) you want to keep that's on your computer maybe once a month at the latest (burn them to discs or put them on flash drives.....or both :trumpet:) just in case worse case scenario happens.

.....of course, I should follow half of what I said myself as I haven't backed up in a few months :thumbsup:

....shutting up.

EDIT: Me having to edit this post 4 times = I fail....

Edited by scff249, 11 December 2008 - 08:28 PM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#9 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:20 PM

Posted 12 December 2008 - 01:33 AM

Here's a good rule of thumb: Update your Antispyware/malware products at least once a week (maybe the same for the Antivirus you have on your computer (actually, I don't know if AV's update every week or month....)).

Actually, with todays malware world, make that once a day. Make sure your Antivirus guard is activated and that you Antispyware / Antimalware Tools are checked for updates every time you use it. If you have it set to have its guard run in the background, change the settings for automatically checking for new definitions every day. Malware definitions are sometimes updated several times an hour. In addition, I would suggest to read the following: http://www.claymania.com/safe-hex.html and http://www.sophos.com/security/best-practice/viruses.html .

YoHi

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#10 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:08:20 AM

Posted 12 December 2008 - 02:01 AM

Okay, thanks for the revisions of suggestions Yourhighness!

:thumbsup:

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users