27,394 Infected Files

[TigerRaptor]

Scary isn't it!

http://remove-malware.com/client-notes/ ... cted-files

This guy had the right idea and reformatted that machine. I don't think any one in their right mind would tackle an infection that large.

[Krom]

Giving up without a fight? I bet I could have removed them all without having to format the system.

[Ferno]

well, it's either spend more than half the day removing them, or do a system restore.

[Isaac]

I wont judge. My approach:
[insert windows problem here]? Reformat!

[TigerRaptor]

I guess Krom lost his mind.

I'll skip details since you are familiar with things like that. But why put the effort into something that large?

[Isaac]

New service pack available? Reformat!

[Krom]

I guess Krom lost his mind.

I'll skip details since you are familiar with things like that. But why put the effort into something that large?

Why do people climb mountains?

[fliptw]

those are the 27K that where detectable, I wouldn't be surprised in the process of removing all the infections you'd need to do a OS re-install.

[Krom]

No doubt even after removal there would be enough residual damage to the registry/system that you would have to format anyway. It'd just be entertaining to see how many and how effectively you could clean the system first. Just showing 27,000 infected files doesn't really say how many unique infections there are, it could be only a few dozen unique infections and the rest are all duplicates.

I love a good challenge and it isn't the numbers of infections that matter, its the quality; 27,000 normal infections could easily require less effort to remove than just one well crafted infection.

[Jeff250]

I hope you aren't being paid by the hour.

[Duper]

I'm with Krom on this one. The thing is, that 90% of that can be nuke immediately. (most likely). It's that last 10% that will be a challenge. There is probably only one or two bugs in there that will be difficult to near impossible to get rid of... depending how thoroughly it re-propagates itself. But, it would be interesting to see how far you could get.

I actually helped clean up a mess like this a couple years back a LAN. The guys system was so infected, it was a wonder that it even started up. It took a little over 2 hours and several reboots. After the initial (successful) sweep,things moved along fairly well. He had over 12K infections.

[Isaac]

How effective would it be to boot into a Linux live disk and use clamav to clear out viruses and back up data? I'd still reformat, but I'd try to clean and rescue some stuff before doing that.

I have clamav, though the only virus it ever found was the test virus I downloaded.

[TigerRaptor]

Why do people climb mountains?

To hug the mountain, to envelop that mountain, and to make love to the mountain.

How effective would it be to boot into a Linux live disk and use clamav to clear out viruses and back up data? I'd still reformat, but I'd try to clean and rescue some stuff before doing that.

I have clamav, though the only virus it ever found was the test virus I downloaded.

Clam blows. I all most want to say it is obsolete with its poor detection rate. There are far better choices that can be downloaded for free.

[fliptw]

yeah, clamav is piss-poor.

[Ferno]

I actually helped clean up a mess like this a couple years back a LAN. The guys system was so infected, it was a wonder that it even started up. It took a little over 2 hours and several reboots. After the initial (successful) sweep,things moved along fairly well. He had over 12K infections.

Nowadays it's much easier to clean out an infected machine. My key to doing this fast is; if a recent image isn't available, use a rescue CD on a USB thumbstick. Since they work by seeing the drive as an attached unit instead of an OS drive, it takes about an hour tops and no reboots are involved.

[Isaac]

Why do people climb mountains?

To hug the mountain, to envelop that mountain, and to make love to the mountain.

How effective would it be to boot into a Linux live disk and use clamav to clear out viruses and back up data? I'd still reformat, but I'd try to clean and rescue some stuff before doing that.

I have clamav, though the only virus it ever found was the test virus I downloaded.

Clam blows. I all most want to say it is obsolete with its poor detection rate. There are far better choices that can be downloaded for free.

I'm trying to find proof of this. The only article I found was saying Clamav outperforms Norton and McAffee for detection. Regardless, clamav seems to be the only good option for linux users wanting to scan windows computers through the command line. I haven't tried avg's linux version yet.

[snoopy]

I'm curious about this, too. All I know is clam found some infections from about 5 years ago that were missed back then by my windows antivirus. I don't remember what I had back then.

[Isaac]

Clamav doesn't have the whole "scan every thing you do while you do it" feature. It might be the same for Windows. And this might be the reason Windows users don't like it. Linux users don't need this feature; "scan on demand" is more appropriate for us.

[TigerRaptor]

Here are 60 zero day threats I just downloaded and scanned with the following below. Clam against the popular on-demand scanners used today. Sorry to say Spybot didn't detect any thing. Since clam does a crap job on Windows. Do you think clam will do any better on a linux system? Even McAfee and Norton will put it to shame.

Clamav


SUPERAntiSpyware


Malwarebytes


Emsisoft emergency kit aka A Squared


Hitman Pro


If you want see it up front for your self. PM me and I tell you where to find live malware samples. Just remember to test it in a virtual machine.

[Jeff250]

How can they be zero-day threats if antivirus programs are detecting them?

[snoopy]

Clam won't be any better in Linux.

For course, in Linux you aren't executing windows code, so clam's scanning for windows infections isn't directly protecting your computer.

I believe you now that Clam isn't very good.

[TigerRaptor]

How can they be zero-day threats if antivirus programs are detecting them?

Ok threats released in the last 24 hours. It is very common for it to be called that among the malware community.

[Jeff250]

Is that a practical threat model? Are most viruses that people encounter only 24 hours old?

[Sirius]

"Zero-day" can refer to two different things: something that exploits an unpatched vulnerability, or a previously unknown virus... though I'm guessing this is the latter category. Regardless, it is possible for AV programs to detect unknown viruses in various ways... I would guess similarity to existing known viruses and risky behaviours might be warning flags.

Most infections don't come from new viruses though, no. The majority of people who get hit are using unpatched software and/or outdated virus definitions for that reason.