[bcab] Re: malware I can't find

I had a feeling NOD32 was capable of that but couldn't be certain.  Many 
routers have some sort of port stealthing facility on top of NAT which does 
give protection from worms on a fully patched system.  It may be an idea to 
turn off interactive mode or whatever to stop it notifying you after you have 
set most programs up which will prevent such an error occuring.

Regards.

Tristram Llewellyn
Sight and Sound Technology
Technical Support
www.sightandsound.co.uk

  ----- Original Message ----- 
  From: Dj Paddy 
  To: bcab@xxxxxxxxxxxxx 
  Sent: Friday, May 25, 2007 10:44 AM
  Subject: [bcab] Re: malware I can't find


  Tris and all.

  NOD has heuristics and advanced heuristics that's why I'm advocating it to 
  be given a go.

  I do consider NOD in this case a last ditch, and if it don't work it's not 
  only a format job but it'll save you Grahamealot of hassle.  This stuff can 
  get everywhere.

  BTW, I assumed you have but if you haven't back everything up you dont' want 
  to lose.

  Dj Paddy
  ----- Original Message ----- 
  From: "Tristram Llewellyn" <tris-l@xxxxxxxxxx>
  To: <bcab@xxxxxxxxxxxxx>
  Sent: Friday, May 25, 2007 10:26 AM
  Subject: [bcab] Re: malware I can't find


  I can't comment on NOD32 directly since I don't have a copy here, but I 
  think what you are going to need is a scan that uses some sort of heuristics 
  because the malware you have may not have a recognisable signature.  In any 
  case it is going to be difficult for you to asess whether you are free of it 
  assuming the A/V does detect anything at all.  Once you have malware in, I 
  would be inclined to consider that build of Window compromised.  Please also 
  bear in mind that malware authors know that users have A/V and whatnot and 
  are actively seeking ways around such software.

  Regards.

  Tristram Llewellyn
  Sight and Sound Technology
  Technical Support
  www.sightandsound.co.uk

    ----- Original Message ----- 
    From: Graham Page
    To: bcab@xxxxxxxxxxxxx
    Sent: Friday, May 25, 2007 9:08 AM
    Subject: [bcab] Re: malware I can't find


    no, just the normal scan from within nod. how do you specify a fuller 
  scan?

    Regards

    graham
    ----- Original Message ----- 
    From: "Dj Paddy" <mygroups@xxxxxxxxxxxxx>
    To: <bcab@xxxxxxxxxxxxx>
    Sent: Thursday, May 24, 2007 6:41 PM
    Subject: [bcab] Re: malware I can't find


    Hi did you run the thorough scan, not just the normal scan?

    Dj Paddy
    Ôà
    ----- Original Message ----- 
    From: "Graham Page" <gpage@xxxxxxxxxxxxxx>
    To: <bcab@xxxxxxxxxxxxx>
    Sent: Thursday, May 24, 2007 6:25 PM
    Subject: [bcab] Re: malware I can't find


    > first, I have nod 32 on here and             have already done a scan.
    > Nod32 updates itself fine.
    >
    > No problems were found.
    >
    > Cheers
    >
    > Graham
    > ----- Original Message ----- 
    > From: "Dj Paddy" <mygroups@xxxxxxxxxxxxx>
    > To: <bcab@xxxxxxxxxxxxx>
    > Sent: Thursday, May 24, 2007 4:50 PM
    > Subject: [bcab] Re: malware I can't find
    >
    >
    > Graham,
    >
    > Wow that's alot of stuff going on there.
    >
    > The very first thing to do is get yourself a demo copy of NOD32,
    >
    > Go into the indepth scanning settings and check the boxes for it to scan
    > everything.
    >
    > That's the first thing you need to do, let us know how you get on.
    >
    > IMHO, if NOD32 can't find and remove everything it's probably going to 
  be
    > a
    > re-format of the system.
    >
    > I'd also recommend installing Look And Stop, as a software firewall.
    >
    > Dj paddy
    >
    > Ôà
    > ----- Original Message ----- 
    > From: "Graham Page" <gpage@xxxxxxxxxxxxxx>
    > To: <bcab@xxxxxxxxxxxxx>
    > Sent: Thursday, May 24, 2007 4:23 PM
    > Subject: [bcab] malware I can't find
    >
    >
    > Hi all.
    >
    > In the last couple of days, I think I have had someone try and succeed 
  in
    > getting through my firewall.  I found this out because I got a message
    > that
    > appeared from the Microsoft firewall which is all I was using at the 
  time.
    > It said it had blocked something called File Transfer Program and asked 
  to
    > keep blocking or unblock.  I accidentally pressed enter on unblock and
    > that
    > is where my problems began.
    >
    > My PC shut down automatically and then restarted.  Everything appeared 
  to
    > be
    > fine until an mp3 file started playing on the PC automatically.  I
    > therefore
    > asumed someone had gained remote access to my PC, having got through the
    > router on my firewall.
    >
    > I was also working on a new laptop at the time and put the Sygate 
  firewall
    > on this.  I got a dialog there saying a module called I believe Windows
    > Services was wanting to contact a server called garbage.scrappy.cc
    >
    > The Garbage and cc bits are certainly correct.  I did not let this
    > through.
    >
    > I tried to do a system restore and got the message:
    >
    > C:\WINDOWS\system32\Restore\rstrui.exe
    > Windows cannot access the specified device, path, or file.  You may not
    > have
    > the appropriate permissions to access
    > the item.
    > OK
    >
    > also after doing a windows update I get a message telling me the update 
  is
    > complete and asking me to restart and when I do I do a windows update
    > again
    > and the update that I installed is listed as downloaded but not 
  installed.
    >
    > I have tried installing the sygate firewall but this does not work 
  either.
    >
    > I have tried logging on as user admin and this does nnot work either.
    >
    > Running Adaware tells me there is no spyware apart from a few tracking
    > cookies and I have corrected these errors.
    >
    > Anyone any ideas what I can do?  it seems as though I have been denied
    > permision to certain key parts of the system but I am not sure how to 
  get
    > them back.
    >
    > Since this all happened I have changed the password on my account and
    > router.
    >
    > Regards
    >
    > Graham
    >
    > Graham Page
    > Home Phone: 0207 265 9493
    > Mobile: 07753 607980
    > Fax:  0870 706 2773
    > Email: gpage@xxxxxxxxxxxxxx
    > MSN: gabriel_mcbird@xxxxxxxxxxx
    > Skype: gabriel_mcbird
    >
    > ***  BCAB List administration ***
    >
    > If you wish to unsubscribe, set vacation,, request a digest or carry out
    > routine maintenance on your subscription to the list then go to:
    > http://www.bcab.org.uk/mailing-list.html
    >
    > Alternatively, send an email to bcab-request@xxxxxxxxxxxxx with the word
    > faqin the subject line. You'll receive an email with advice on managing
    > your
    > subscription to the list.
    >
    > If you wish to discuss the administration of the list then contact:
    > bcab-moderators@xxxxxxxxxxxxx
    >
    >
    > __________ NOD32 2290 (20070524) Information __________
    >
    > This message was checked by NOD32 antivirus system.
    > http://www.eset.com
    >
    >
    > ***  BCAB List administration ***
    >
    > If you wish to unsubscribe, set vacation,, request a digest or carry out
    > routine maintenance on your subscription to the list then go to:
    > http://www.bcab.org.uk/mailing-list.html
    >
    > Alternatively, send an email to bcab-request@xxxxxxxxxxxxx with the word
    > faqin the subject line. You'll receive an email with advice on managing
    > your subscription to the list.
    >
    > If you wish to discuss the administration of the list then contact:
    > bcab-moderators@xxxxxxxxxxxxx
    >

    ***  BCAB List administration ***

    If you wish to unsubscribe, set vacation,, request a digest or carry out
    routine maintenance on your subscription to the list then go to:
    http://www.bcab.org.uk/mailing-list.html

    Alternatively, send an email to bcab-request@xxxxxxxxxxxxx with the word
    faqin the subject line. You'll receive an email with advice on managing 
  your
    subscription to the list.

    If you wish to discuss the administration of the list then contact:
    bcab-moderators@xxxxxxxxxxxxx


    __________ NOD32 2290 (20070524) Information __________

    This message was checked by NOD32 antivirus system.
    http://www.eset.com


    ***  BCAB List administration ***

    If you wish to unsubscribe, set vacation,, request a digest or carry out 
  routine maintenance on your subscription to the list then go to:
    http://www.bcab.org.uk/mailing-list.html

    Alternatively, send an email to bcab-request@xxxxxxxxxxxxx with the word 
  faqin the subject line. You'll receive an email with advice on managing your 
  subscription to the list.

    If you wish to discuss the administration of the list then contact:
    bcab-moderators@xxxxxxxxxxxxx


  ***  BCAB List administration ***

  If you wish to unsubscribe, set vacation,, request a digest or carry out 
routine maintenance on your subscription to the list then go to:
  http://www.bcab.org.uk/mailing-list.html

  Alternatively, send an email to bcab-request@xxxxxxxxxxxxx with the word 
faqin the subject line. You'll receive an email with advice on managing your 
subscription to the list.
   
  If you wish to discuss the administration of the list then contact:
  bcab-moderators@xxxxxxxxxxxxx

Other related posts: