Avira missing downadup worm

  • Thread starter Thread starter Gaz
  • Start date Start date
G

Gaz

Latest deinfitions of avira, completely missing what i believe are variants
of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential windows
login files, creates autorun.inf on attatched usbs, which point either to a
recycler folder and a 'boot' file or a mispelled recycler folder, causing
the infection to be passed on, other files are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any of
these.

Gaz
 
Gaz said:
Latest deinfitions of avira, completely missing what i believe are
variants of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential
windows login files, creates autorun.inf on attatched usbs, which
point either to a recycler folder and a 'boot' file or a mispelled
recycler folder, causing the infection to be passed on, other files
are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any
of these.

Gaz
Click to expand...
Do a find for David Lipman's post on his mult-av scanning methods for help.
Try putting in multi av in the message box in Find and you should find a
post by Lipman on 11Feb09.
 
Latest definitions of avira, completely missing what i believe are variants
of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential windows
login files, creates autorun.inf on attached usbs, which point either to a
recycler folder and a 'boot' file or a misspelled recycler folder, causing
the infection to be passed on, other files are also infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any of
these.

Gaz
Click to expand...

*** Cross Posted ***

Hello Gaz:

If you have any suspected malware files, send them to:

<http://www.virustotal.com/>

for possible identification.

If you receive evidence to corroborate your theory, also pass those
files to the Avira, Malwarebytes and SUPERAntiSpyware folks for their
examination and inclusion in their databases.

Warm regards,

Pete
 
Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
 
Stalker.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
 
Stalker.

The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
Click to expand...

Chris, Stalking on the internet is a crime, you are warned that you will
be reported to your providers if you continue.

Learn more about Butt's lack of ethics and obsessions in the links
below.

--
Leythos - (e-mail address removed) (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=en&q=pcbutts1+thief
http://tinyurl.com/4rruwd
 
Latest deinfitions of avira, completely missing what i believe are variants
of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential windows login
files, creates autorun.inf on attatched usbs, which point either to a
recycler folder and a 'boot' file or a mispelled recycler folder, causing the
infection to be passed on, other files are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any of
these.

Gaz
Click to expand...

You can send Avira any file and if it contains a virus they will
include it, they will also tell you if it does not contain a virus.
 
From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people listed
| below. They do NOT have the expertise or knowledge to fix your issue. Do
| not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
| Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is included in his
conglemeration of plagiarized and pirated material called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com
Click to expand...

<snippage>

So nice to be included! Gives me the warm fuzzies. :D

How ever did I and/or my site qualify as a thief and a troll? I guess
my looks could very well be considered "troll-ish" and I did steal
some sweet tarts from the dime store when I was 5 or 6. Hmmm.... well
there ya go.

Sincerely,
clay troll thief
http://images.elfwood.com/art/c/h/chronicdoodler/trollthief.jpg
 
Because or your affiliation with the David Lipman Troll.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




Clay said:
From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people listed
| below. They do NOT have the expertise or knowledge to fix your issue. Do
| not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
| Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is
included in his
conglemeration of plagiarized and pirated material called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com
Click to expand...

<snippage>

So nice to be included! Gives me the warm fuzzies. :D

How ever did I and/or my site qualify as a thief and a troll? I guess
my looks could very well be considered "troll-ish" and I did steal
some sweet tarts from the dime store when I was 5 or 6. Hmmm.... well
there ya go.

Sincerely,
clay troll thief
http://images.elfwood.com/art/c/h/chronicdoodler/trollthief.jpg
Click to expand...
 
Because or your affiliation with the David Lipman Troll.
Click to expand...

You seem to be implying that is a "bad" thing and have punished "me"
accordingly.

How delightfully ridiculous.

Bless you and Happy Valentine's Day!
 
Well then you should also pick on mvps.org. This site has nothing to do with
me yet it is in their hosts file. http://pcbutts1.software.informer.com/
Don't tell me there is a double standard for them.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
 
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
Click to expand...

Chris, Stalking on the internet is a crime, you are warned that you will
be reported to your providers if you continue.

Learn more about Butt's lack of ethics and obsessions in the links
below.

--
Leythos - (e-mail address removed) (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=en&q=pcbutts1+thief
http://tinyurl.com/4rruwd
 
Clay said:
From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people listed
| below. They do NOT have the expertise or knowledge to fix your issue. Do
| not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
| Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is
included in his
conglemeration of plagiarized and pirated material called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com
Click to expand...

<snippage>

So nice to be included! Gives me the warm fuzzies. :D

How ever did I and/or my site qualify as a thief and a troll? I guess
my looks could very well be considered "troll-ish" and I did steal
some sweet tarts from the dime store when I was 5 or 6. Hmmm.... well
there ya go.

Sincerely,
clay troll thief
http://images.elfwood.com/art/c/h/chronicdoodler/trollthief.jpg
Click to expand...

Gee, ya think ya know someone - an' he turns out to be trollthief.

....is nothing sacred?
 
                       *** Cross Posted ***

Hello Gaz:

If you have any suspected malware files, send them to:

                 <http://www.virustotal.com/>

for possible identification.

If you receive evidence to corroborate your theory, also pass those
files to the Avira, Malwarebytes and SUPERAntiSpyware folks for their
examination and inclusion in their databases.

Warm regards,

Pete
Click to expand...

Another acquiantance of mine having installed Avira premium installed
in his PC did miss it also... It was not even recognized as
conficker,downadup, kido etc, but just plain recycler.
 
Gaz said:
Latest deinfitions of avira, completely missing what i believe are
variants of the downadup worm.

The bastard seems to be causing explorer DEP, renames essential
windows login files, creates autorun.inf on attatched usbs, which
point either to a recycler folder and a 'boot' file or a mispelled
recycler folder, causing the infection to be passed on, other files
are alos infected on the drive.

Beware neither avira, malwarebytes or superantispyware picked up any
of these.

Gaz
Click to expand...

If you would like to submit them to http://uploads.malwarebytes.org I'll
see that we do detect them with a future update.
 
From: "JD" <[email protected]>


| David..

| Thanks for the added information. I forgot that he's in the MVP HOSTS
| file. But you're already on his list. ;-)

| * PCBUTTS WARNING* Do NOT follow any advice given by the people
| listed below. They do NOT have the expertise or knowledge to fix your
| issue. Do not waste your time. David H Lipman, Malke, PA Bear,
| Beauregard T. Shagnasty, Leythos.

| I want to be on the list!

| Christopher, can you hear me now?

| --
| JD..

TEMerc is also dismayed he's not on Butts hosts file list which is
included in his conglemeration of plagiarized and pirated material
called "Remove-It"

# [Thieves and trolls]
127.0.0.1 www.pctipp.ch
127.0.0.1 pctipp.ch
127.0.0.1 www.raymond.cc
127.0.0.1 raymond.cc
127.0.0.1 www.claymania.com
127.0.0.1 claymania.com
127.0.0.1 www.elephantboycomputers.com
127.0.0.1 elephantboycomputers.com
127.0.0.1 www.it-mate.co.uk
127.0.0.1 it-mate.co.uk
127.0.0.1 mysteryfcm.co.uk
127.0.0.1 www.mysteryfcm.co.uk
127.0.0.1 www.internetinspiration.co.uk
127.0.0.1 internetinspiration.co.uk
127.0.0.1 www.mvps.org
127.0.0.1 mvps.org
127.0.0.1 bughunter.it-mate.co.uk
127.0.0.1 www.bughunter.it-mate.co.uk
127.0.0.1 www.siri.geekstogo.com
127.0.0.1 siri.geekstogo.com
127.0.0.1 siri.urz.free.fr
127.0.0.1 www.siri.urz.free.fr
127.0.0.1 noahdfear.geekstogo.com
127.0.0.1 www.noahdfear.geekstogo.com
Click to expand...

You may also add me to the displeased user list. He'll block my software
(BugHunter) but so far, I don't get the recognition David has been given.
I want my spotlight too!
 
JD, after much thought, came up with this jewel:
David..

Thanks for the added information. I forgot that he's in the MVP HOSTS
file. But you're already on his list. ;-)

* PCBUTTS WARNING* Do NOT follow any advice given by the people listed
below. They do NOT have the expertise or knowledge to fix your issue. Do
not waste your time. David H Lipman, Malke, PA Bear, Beauregard T.
Shagnasty, Leythos.

I want to be on the list!

Christopher, can you hear me now?
Click to expand...
I used to be on the list-must be slipping! "it" had made a page just for
me at one time.
 
Back
Top