Avast Doesn't Block XP Defender malware (ave.exe)

[Guest Dustin Cook]

~BD~ wrote in

 

news:zKGdndhkeLGYCyTWnZ2dnUVZ8sadnZ2d@bt.com:

 

 

> Mumia W. wrote:

 

>> On 04/04/2010 04:01 PM, David Kaye wrote:

 

>>> [...]

 

>>> I noted the file date/time and have looked back on this. The exploit

 

>>> appears to have come from foxnews, officedepot, or officemax -- the

 

>>> time stamps are within a few seconds of each other and show up right

 

>>> before the time stamp that was written to the temp directory in my

 

>>> documents and settings tree.

 

>>> [...]

 

>>

 

>> See this:

 

>> http://www.broadbandreports.com/forum/r22225362-foxnewscom-infected~ti

 

>> me=1240194878

 

>>

 

>>

 

>>

 

> The last post in that thread was most telling! Viz:

 

>

 

> "Please note people - you may think you removed it, but really did

 

> not. Malwarebytes and others do not detect Rootkits. You should run

 

> ROOTKITREVEALER. I thought I had cleaned this, and I had really not.

 

 

 

That's not entirely accurate. Malwarebytes does detect some rootkits. As

 

do the other programs. Some newer rootkits will prevent rootkitrevealer

 

and/or gmer from even loading.

 

 

> There was a deep and nasty rootkit involved here. Only way to remove

 

> was to boot off a Windows CD, and delete hidden drivers. I would be

 

> willing to bet that half the people think they clean this stuff and

 

> its not really clean."

 

 

 

Not very deep or nasty if you only had to delete files. Yes, I'm sure it

 

was a pain because you couldn't do it while in windows, but it's still

 

not what I would call deep.

 

 

 

 

 

 

 

 

 

--

 

"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge

 

this boulder right down a cliff." - Goblin Warrior