Rubixone

really noo reply from 13 views, huh?

really noo reply from 13 views, huh?

Ok well I think this is the malware I delt with today,and even in safe mode it just owned me. it mopped the floor with mbam, couldnt even get a sec to run a kill.exe program, was crazzy, i wiped the os and it took care of problem, but holy $h1T. Any one have a good meathod for wipeing this malware, maybe with a live distro or some thing? i tried to copy paste this info below from the forum on new threats but had access to nothing. wasn't going to post here cause I fixed the problem in an essence. Page 1 of 1 Start New Topic This topic is locked Watch Topic Win 7 Security 2011 MD5 : 7e6b85fa4b670784296bfc53281926bc #1 remixed Forum Deity Group: Malware Hunters Posts: 3405 Joined: 05-April 07 Gender:Male Location:London Posted 20 March 2011 - 07:03 AM File name: setup.exe Submission date: 2011-03-20 12:51:00 (UTC) Current status: finished Result: 3 /41 (7.3%) http://www.virustota...6991-1300625460 Attached File(s) setup.rar (251.31K) Number of downloads: 23 Win7Security2011.gif (30.93K) Number of downloads: 0 'Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction.' Albert Einstein 'The pigs did not actually work, but directed and supervised the others. With their superior knowledge it was natural that they should assume the leadership' George Orwell Back to top of the page up there ^ -------------------------------------------------------------------------------- #2 Fatdcuk Forum Deity Group: Moderators Posts: 13039 Joined: 15-November 07 Gender:Male Location:Yeovil,England. Interests:Malware hunting(online) and moutain biking(Offline) Posted 20 March 2011 - 09:44 AM Many thanks remixed, I will take a look at the file shortly Ade Gill Research Engineer

I would have posted in the removal section but it didnt seem appropriate cause i alredy wiped the os the MBR was still good and so was the recovery partition.

Ok well I think this is the malware I delt with today,and even in safe mode it just owned me. it mopped the floor with mbam, couldnt even get a sec to run a kill.exe program, was crazzy, i wiped the os and it took care of problem, but holy $h1T. Any one have a good meathod for wipeing this malware, maybe with a live distro or some thing? i tried to copy paste this info below from the forum on new threats but had access to nothing. Page 1 of 1 Start New Topic This topic is locked Watch Topic Win 7 Security 2011 MD5 : 7e6b85fa4b670784296bfc53281926bc #1 remixed Forum Deity Group: Malware Hunters Posts: 3405 Joined: 05-April 07 Gender:Male Location:London Posted 20 March 2011 - 07:03 AM File name: setup.exe Submission date: 2011-03-20 12:51:00 (UTC) Current status: finished Result: 3 /41 (7.3%) http://www.virustota...6991-1300625460 Attached File(s) setup.rar (251.31K) Number of downloads: 23 Win7Security2011.gif (30.93K) Number of downloads: 0 'Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction.' Albert Einstein 'The pigs did not actually work, but directed and supervised the others. With their superior knowledge it was natural that they should assume the leadership' George Orwell Back to top of the page up there ^ -------------------------------------------------------------------------------- #2 Fatdcuk Forum Deity Group: Moderators Posts: 13039 Joined: 15-November 07 Gender:Male Location:Yeovil,England. Interests:Malware hunting(online) and moutain biking(Offline) Posted 20 March 2011 - 09:44 AM Many thanks remixed, I will take a look at the file shortly Ade Gill Research Engineer Follow us: Twitter, Become a fan: Facebook

Yes the paid for version was running when I got infected, yes it was active till System Tools deactivated it. yes avast was updated and running, and yes fire wall was on.

First of all I agree on the website partner part, as in I see what you are saying. However, the paid for version is so much better I recomend it to my clients. A matter of fact, I wont warranty any work if the client doesn't have a anti virus and an active protection antimaleware. If you suggest the free one, your clients system isn't protected you just have the power to remove infections. The paid for version actively protects and for that purpose alone I suggest it. Spy bot actively protects for free but I feel like it's not as strong as MBAM.

the spelling is dos\alureon.a it was in the original post if you readit. every one should forget about reg cleaners, this topic is not even about that, mt reg cleaner works fine, my concern is why wont MBAM remove system tools or did it and the dos\alureon.a, made a gateway to come back or how did it happen is mainly my question.

yeah I used CCLeaner for the reg. files. So when you use the XP cd to fixMBR and it rewrites it, it that because the xp is acting like a live distro cd? so there for it has its owen MBR, and why do some programs claim they can fix it. Also does any one know if the "system tools" mw is connected with the "Dos\alou" whatever it is?

So i just wanna start out by saying that I love MBAM, and will always use it. Love it love it love it. So heres what happened, I had an xp system with like 14 virus, 42 mw, 710 reg errors. So I cleaned all that up, the major problem was "system tools" mw, rolled the system back like 3 days, took out the "system tools", used MBAM and clean rest out had a clean machine for 2 weeks then it came back, "system tools" that is. So I pulled the HD and formated it from another machine cause there was no value on the data, turns out there was Something nested in the MBR. 1. Why wasn't MBAM able to remove this? 2. Why couldn't MBAM Find this infection? dos\alureon its in the MBR 3. Why did I have to use Microsoft securty Essentials to find it? Mind you that wouldn't remove it either. 4. Was using the XP disk the only way to rewrite the MBR, or would have "remove on boot" taken it out, and if so how would you even see the MBR?