Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


IS2010XP Malware

  • Please log in to reply
No replies to this topic

#1 Waldorf_Mike


  • Members
  • 2 posts
  • Local time:06:52 AM

Posted 08 March 2010 - 04:47 PM

from my intro ...

After smelling mal-ware on my XP-Home PC, I've been on three fori (3rd person plural-Neuter), starting with MBAM's, where the folks were complaining about MBAM not working on this IS2010XP. So far my XP-Pro PC seems clean.

The McAfee "Avert" notices indicated that the more recent malaware is much trickier than the batch I saw in early 2009.

So, I registered on a couple of other techie communes. One said to come here and get Spyware Doctor, so I also registered here.

The week before I tried running MBAM v1.44 on my wife's XP-Pro PC -- it hung up after 41 seconds. The MBAM forum indicated that this was a common issue. After, following lots of deactivation advice from the MBAM techie, the guy before me still was un-fixed. I notified the MBAM staff that this was a sign of not enough interoperability testing, and I would keep happy with v1.42 (luckily I did not get into their know buggy v1.43). They acknowledged they had a problem. So far I have not seen v1.45, but when I do I am not going first, second, ... thirty-first, etc.

I have no faith in Ad-Aware finding anything timely. In early 2009, I had mal-ware, Ad-Aware said no sweat. I remember seeing that the Atribune dude was connected with LavaSoft. Last mal-ware, I got lucky -- Task manager Process list (in CPU High to Low Sequence) showed me which process got hot when the fake message came-up, so I recorded the process name and deleted the process. File-search found the critter with its siblings (based on a maintenance time) -- I zapped the whole dastardly family and ran three Resistry fixers (WinClean-One Click), then Adaware, then MBAM -- all seemed okay (for six months). McAfee added an anti-malware function that caught something last summer.

The trouble with McAfee is they boast too much, and hide the qualifiers: they can't shut WinXP and WinME auto-backup, so if you run McAfee in auto-scan mode, they say that you will backup the nasties, so if you need to restore they come back.

With this IS2010XP, I also got lucky -- I spotted "MSASCui.exe" hopping up when the message appeared. After killing that I noted that it would come back whenn I trtied any of the following: 1) Ad-Aware; 2) MBAM; 3) Firefox -- but I also saw that "Mpfsrv.exe" and "Unsecapp.exe" would hop-up also, so I tried killing these. Based on looking at my un-infected PC (WinXPPro), I saw that MSASCui was not present, but Mpfsrv.exe and Unsecapp.exe were. Based on a search of McAfee's Threat Database, I saw that several malwares (Trojans) affected Mpfsrv and Unsecapp. Based on a file search, I confirmed the McAfee characteristics that the files inserted were not named the same ast the offensive and infected processes.

The malware demons are more sophisticated this year. McAfee provides details of the Registry insertions, deletyiuons, and modifications. I can understand that the anti-malware programs can remove bad registry entries, but I do not know how an antiviral program can re-build the registry. Please advise.

My plan is to rebuild my infected machine, nuking the HD first (DBAN), and hyper-protect our un-infected PCs (2-XP-Pro; 1-Vista), with whatever scanners I can get that are reliable -- waiting for MBAM v1.45. then I re-install Win-XP-Home, and update it for several days. I won't get to this until after 15April (IRS-time).

I plan to stay with McAfee until summer when Comcast says we all have to switch to Norton. The forums at Norton (Symantec) are all unhappy about IS2010XP.

Best to keep the surfing down until the commercial anti-viruses and anti-malwarers catchup (if they do).

Happy bytes to All'Yall. :thumbsup:


Edited by Orange Blossom, 09 March 2010 - 12:33 AM.
Moved to AII. ~ OB

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users