Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MAX++ and other Infections


  • Please log in to reply
3 replies to this topic

#1 SwiftHawk

SwiftHawk

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:C:\Universe\Milky Way\Sol\Terra\Canada\Quebec\Montreal\Home
  • Local time:07:47 AM

Posted 15 November 2009 - 05:21 PM

Cheers,


I am wondering if you guys have any surefire ways of dealing with MAX++? Any scripts for avanger or a tool that is possiable? I currently do not have an infection but wonder what tools would be a good start. The tools currently on my Anti-Virus USB are..

-Root Kit detection
--Root Repeal
--Combofix
--Gmer
--Avanger (With a couple of Scripts for UAC/SkyNet and to delete and restore Eventlog.dll for max++)
--Icesword
--Avasit Anti-rootkit


Normal Malware
--Super Antispyware
--MalwareBytes Anti Malware

Is there any other tools that I should consider? Such as Darkspy or The Panda Anti-Rootkit tool?

Thanks in Advance

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:47 AM

Posted 15 November 2009 - 09:35 PM

The infection you mention is a very tricky one and requires specialized treatment. Each case is unique. I'm sorry, but we do not discuss the methods of removing this infection in the general forums.

--Combofix
--Gmer
--Avanger (With a couple of Scripts for UAC/SkyNet and to delete and restore Eventlog.dll for max++)


These tools, note it is Avenger not Avanger, are specialized tools that we do not use outside of the HiJack This forum. Concerning ComboFix, please note:

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014

If you are interested in malware removal, you may wish to read this topic: http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 SwiftHawk

SwiftHawk
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:C:\Universe\Milky Way\Sol\Terra\Canada\Quebec\Montreal\Home
  • Local time:07:47 AM

Posted 15 November 2009 - 10:41 PM

I was simply wondering if you have another tools that could be used, or/and have more luck into removing Max++ rootkit. I honestly don't belive that I require teaching on the How-To on virus removal as I perform about 10 removal of Infection daily.

Perhapes I should have worded it abit differently as I am simply seeking tools such as Root Repeal (Scanner/Remover) or something Automatic such as ComboFix or Smitfaudfix.

I am not requesting on how to use these tools. Which I withdraw my previous comment for scripts for Avenger. (I spelt it right this time. :-) )

The reason I'm asking, and as you should know, that Tools can sometimes be blocked by Max++ even if you rename it to another extendtion such as pif/scr/bat/com.

If I have mistakenly place this subject in the wrong forum catagory, if in this case, the wrong forum. I do apologize.

Edited by SwiftHawk, 15 November 2009 - 10:49 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 AM

Posted 16 November 2009 - 09:38 AM

I was simply wondering if you have another tools that could be used, or/and have more luck into removing Max++ rootkit. I honestly don't belive that I require teaching on the How-To on virus removal as I perform about 10 removal of Infection daily.

Malware removal using specialized tools is not a matter of luck. It requires extensive training in many areas and a thorough understanding of not only the tool but the specific operating system being used, the malware involved and the approach to neutralizing the infection.

as I am simply seeking tools...something Automatic such as ComboFix or Smitfaudfix.

They are not intended to be general scanning tools and they are only in part intended to be automatic. Both require an understanding and analysis of the logs generated as well as the tool itself in order to use it's advanced features.

I honestly don't belive that I require teaching on the How-To on virus removal as I perform about 10 removal of Infection daily.

That statement tells me differently as everyone requires teaching to some degree. To believe otherwise shows ignorance or arrogance. The state of malware and procedures to disinfect a machine are constantly changing and our experts will tell you the importance of learning and relearning cannot be emphasized enough in order to keep current with successful malware removal techniques. As such, the BC staff would not allow any member to provide advice in this area without undergoing or demonstrating extensive training and knowledge. Even then, training never ends for expert Helpers who constantly strive to refine their skills and ability.

As Orange Blossom already said, each case is unique and involves an attack strategy developed by the malware removal expert who is assisting a member with cleaning an infection. There is no universal "one size fits all" solution.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users