KASFX Questions

  • Thread starter Thread starter LOTL
  • Start date Start date
L

LOTL

Was reading up in this forum about KASFX and gave it a shot. Have yet
to run a scan with it as im a little leary about some comments Art made
about it deleting false positives.
Then i just read another post about how he was using an older version
of MWAV with the clean and rename feature. The button is labeled
Scan/Clean and im curious as to whether this will delete or rename
files?
Was thinking of using this on a house call this week, but have concerns
about it deleting critical files.
Any input would be appreciated.

Thanks
 
Was reading up in this forum about KASFX and gave it a shot. Have yet
to run a scan with it as im a little leary about some comments Art made
about it deleting false positives.
Then i just read another post about how he was using an older version
of MWAV with the clean and rename feature. The button is labeled
Scan/Clean and im curious as to whether this will delete or rename
files?
Click to expand...

It will delete Trojan files and clean viruses.
Was thinking of using this on a house call this week, but have concerns
about it deleting critical files.
Any input would be appreciated.
Click to expand...

The risk isn't all that great in my experience using the KAV scan
engine, but the best thing to do is to first run a scan using the
current Microworld escan util which has no clean/delete
capabilty. Then after you've assessed the situation and made sure
no files will be deleted that shouldn't be, you then use KASFX.

Most users suspecting malware should experience no problems with
false positive deletions. It's just that realistically the risk is
always there, and it's something to consider.

Art

http://home.epix.net/~artnpeg
 
Thanks Art and thank you for the great utilities you put out there.
And i see now that if i had searched this newsgroup for escan instead
of KASFX i would have gotten my answer.
One other question, can i still put wget and the batch file in with
Microworlds current version of Escan for updating virus definitions?
 
Holy crap this thing found 68 viruses (all spyware supposedly) and 124
errors.
I have scanned with spybot, adaware and have MS Antispyware running in
real time and none fo them found what this finds. I guess the
possibility of finding a few false positves was an understatement!
Dont think i would want to bring this along on a house call especially
with an unsuspecting client peering over my shoulder. I wouldnt want to
be liable for heart failure.
Back to BartsPE i guess.
Any other suggestions Art on a easy to use NTFS AV scanner that could
either be bootable or ran from the command line?
 
From: "LOTL" <[email protected]>

| Holy crap this thing found 68 viruses (all spyware supposedly) and 124
| errors.
| I have scanned with spybot, adaware and have MS Antispyware running in
| real time and none fo them found what this finds. I guess the
| possibility of finding a few false positves was an understatement!
| Dont think i would want to bring this along on a house call especially
| with an unsuspecting client peering over my shoulder. I wouldnt want to
| be liable for heart failure.
| Back to BartsPE i guess.
| Any other suggestions Art on a easy to use NTFS AV scanner that could
| either be bootable or ran from the command line?

You can verify *IF* they are indeed False Positives at Virus Total --
http://www.virustotal.com/flash/index_en.html

You may just find the Kaspersky signtures are fairly accurate.

Could you please post an excerpt of the log file showing those 68 files and their respective
virus names.
 
Thanks Art and thank you for the great utilities you put out there.
And i see now that if i had searched this newsgroup for escan instead
of KASFX i would have gotten my answer.
One other question, can i still put wget and the batch file in with
Microworlds current version of Escan for updating virus definitions?
Click to expand...

Yes.

Art

http://home.epix.net/~artnpeg
 
Holy crap this thing found 68 viruses (all spyware supposedly) and 124
errors.
I have scanned with spybot, adaware and have MS Antispyware running in
real time and none fo them found what this finds. I guess the
possibility of finding a few false positves was an understatement!
Click to expand...

What makes you think the alerts are spyware and false positives? A
antivirus scanner will find malware, including viruses and Trojans,
that those other scanners won't.
Dont think i would want to bring this along on a house call especially
with an unsuspecting client peering over my shoulder. I wouldnt want to
be liable for heart failure.
Click to expand...

They should be made aware of all the malware they've accumulated. It's
not unusual for average users to acummulate a large number of
malwares.
Back to BartsPE i guess.
Any other suggestions Art on a easy to use NTFS AV scanner that could
either be bootable or ran from the command line?
Click to expand...

The Kaspersky scan engine is top notch. Take its reports seriously!

Art

http://home.epix.net/~artnpeg
 
Dave,
I was thinking of posting an excerpt but it would have been a long
post. I noticed after looking through the log more closely that a lot
of the entries are located in my temp files.
Im going to update spybot and adaware and run scans again. Here is an
excerpt from the log file.

Tue Dec 06 22:45:11 2005 => ***** Scanning Registry and File system for
Adware/Spyware *****
Tue Dec 06 22:45:11 2005 => Loading Spyware Signatures from new
External Database (Size: 145347).
Tue Dec 06 22:45:12 2005 => Indexed Spyware Databases Successfully
Created...

Tue Dec 06 22:45:19 2005 => System found infected with searchexe
Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken:
No Action Taken.
Tue Dec 06 22:45:26 2005 => Offending file found: C:\Documents and
Settings\LOTL\My
Documents\gallery\imagemagick\share\imagemagick-5.5.7\www\install.html
Tue Dec 06 22:45:26 2005 => System found infected with rapidblaster
Spyware/Adware (install.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:26 2005 => Offending file found: C:\Documents and
Settings\LOTL\My
Documents\\gallery\imagemagick\share\imagemagick-5.5.7\www\magick++\install.html
Tue Dec 06 22:45:26 2005 => System found infected with rapidblaster
Spyware/Adware (install.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:26 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\lotlsgallery\gallery\secure.bat
Tue Dec 06 22:45:26 2005 => System found infected with vx2
Spyware/Adware (secure.bat)! Action taken: No Action Taken.

Tue Dec 06 22:45:26 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\search.html
Tue Dec 06 22:45:26 2005 => System found infected with whenu.sidefinder
Spyware/Adware (search.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:27 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\tablescripts\search.htm
Tue Dec 06 22:45:27 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:27 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web
sites\tablescripts\_vti_cnf\search.htm
Tue Dec 06 22:45:27 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:27 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\_vti_cnf\search.html
Tue Dec 06 22:45:27 2005 => System found infected with whenu.sidefinder
Spyware/Adware (search.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:31 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\mysite3\search.htm
Tue Dec 06 22:45:31 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:31 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\mysite3\_vti_cnf\search.htm
Tue Dec 06 22:45:31 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:39 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\cp2rshi7\blank[1].htm
Tue Dec 06 22:45:39 2005 => System found infected with whenu.savenow
Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:40 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\cp2rshi7\style30[1].css
Tue Dec 06 22:45:40 2005 => System found infected with whenu.savenow
Spyware/Adware (style30[1].css)! Action taken: No Action Taken.

Tue Dec 06 22:45:40 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\cp2rshi7\util_buttons[1].js
Tue Dec 06 22:45:40 2005 => System found infected with whenu.savenow
Spyware/Adware (util_buttons[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:40 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\cp2rshi7\util_forms[1].js
Tue Dec 06 22:45:40 2005 => System found infected with whenu.savenow
Spyware/Adware (util_forms[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:41 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\k9mz0123\ctrl_reminder[1].js
Tue Dec 06 22:45:41 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_reminder[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:41 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\k9mz0123\global[1].js
Tue Dec 06 22:45:41 2005 => System found infected with redv
Spyware/Adware (global[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:42 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\k9mz0123\owastyle[1].css
Tue Dec 06 22:45:42 2005 => System found infected with whenu.savenow
Spyware/Adware (owastyle[1].css)! Action taken: No Action Taken.

Tue Dec 06 22:45:42 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\k9mz0123\preload[1].htm
Tue Dec 06 22:45:42 2005 => System found infected with whenu.savenow
Spyware/Adware (preload[1].htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:42 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\k9mz0123\vw_message[1].js
Tue Dec 06 22:45:42 2005 => System found infected with whenu.savenow
Spyware/Adware (vw_message[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:43 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\opefgtuj\common[1].js
Tue Dec 06 22:45:43 2005 => System found infected with whenu.savenow
Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:43 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\opefgtuj\ctrl_notify[1].js
Tue Dec 06 22:45:43 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_notify[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:43 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\opefgtuj\ctrl_poll[1].js
Tue Dec 06 22:45:43 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_poll[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:43 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\opefgtuj\frm_previewpane[1].js
Tue Dec 06 22:45:43 2005 => System found infected with whenu.savenow
Spyware/Adware (frm_previewpane[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:43 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\opefgtuj\index[1].html
Tue Dec 06 22:45:43 2005 => System found infected with whenu.savenow
Spyware/Adware (index[1].html)! Action taken: No Action Taken.

Tue Dec 06 22:45:44 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\opefgtuj\vw_navbar[1].js
Tue Dec 06 22:45:44 2005 => System found infected with whenu.savenow
Spyware/Adware (vw_navbar[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:44 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\blank[1].htm
Tue Dec 06 22:45:44 2005 => System found infected with whenu.savenow
Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:44 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\ctrl_tree[1].js
Tue Dec 06 22:45:44 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_tree[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:44 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\ctrl_view[1].js
Tue Dec 06 22:45:44 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_view[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:44 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\frm_readnote[1].js
Tue Dec 06 22:45:44 2005 => System found infected with whenu.savenow
Spyware/Adware (frm_readnote[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:44 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\index[1].html
Tue Dec 06 22:45:44 2005 => System found infected with whenu.savenow
Spyware/Adware (index[1].html)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\owacolors[1].css
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (owacolors[1].css)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\show_ads[2].js
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\util_recipients[1].js
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (util_recipients[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\temporary internet
files\content.ie5\sti7klyb\util_view[1].js
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (util_view[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\cp2rshi7\blank[1].htm
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\cp2rshi7\style30[1].css
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (style30[1].css)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\cp2rshi7\util_buttons[1].js
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (util_buttons[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:45 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\cp2rshi7\util_forms[1].js
Tue Dec 06 22:45:45 2005 => System found infected with whenu.savenow
Spyware/Adware (util_forms[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\k9mz0123\ctrl_reminder[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_reminder[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\k9mz0123\global[1].js
Tue Dec 06 22:45:46 2005 => System found infected with redv
Spyware/Adware (global[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\k9mz0123\owastyle[1].css
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (owastyle[1].css)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\k9mz0123\preload[1].htm
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (preload[1].htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\k9mz0123\vw_message[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (vw_message[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\opefgtuj\common[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (common[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\opefgtuj\ctrl_notify[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_notify[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\opefgtuj\ctrl_poll[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_poll[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\opefgtuj\frm_previewpane[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (frm_previewpane[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\opefgtuj\index[1].html
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (index[1].html)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\opefgtuj\vw_navbar[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (vw_navbar[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\blank[1].htm
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\ctrl_tree[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_tree[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\ctrl_view[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (ctrl_view[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\frm_readnote[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (frm_readnote[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\index[1].html
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (index[1].html)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\owacolors[1].css
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (owacolors[1].css)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\show_ads[2].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\util_recipients[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (util_recipients[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:46 2005 => Offending file found: C:\Documents and
Settings\LOTL\Local Settings\Temporary Internet
Files\content.ie5\sti7klyb\util_view[1].js
Tue Dec 06 22:45:46 2005 => System found infected with whenu.savenow
Spyware/Adware (util_view[1].js)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My
Documents\gallery\imagemagick\share\imagemagick-5.5.7\www\install.html
Tue Dec 06 22:45:47 2005 => System found infected with rapidblaster
Spyware/Adware (install.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My
Documents\lotlsgallery\gallery\imagemagick\share\imagemagick-5.5.7\www\magick++\install.html
Tue Dec 06 22:45:47 2005 => System found infected with rapidblaster
Spyware/Adware (install.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\gallery\secure.bat
Tue Dec 06 22:45:47 2005 => System found infected with vx2
Spyware/Adware (secure.bat)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\search.html
Tue Dec 06 22:45:47 2005 => System found infected with whenu.sidefinder
Spyware/Adware (search.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\tablescripts\search.htm
Tue Dec 06 22:45:47 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web
sites\tablescripts\_vti_cnf\search.htm
Tue Dec 06 22:45:47 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:47 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\_vti_cnf\search.html
Tue Dec 06 22:45:47 2005 => System found infected with whenu.sidefinder
Spyware/Adware (search.html)! Action taken: No Action Taken.

Tue Dec 06 22:45:48 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\mysite3\search.htm
Tue Dec 06 22:45:48 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:48 2005 => Offending file found: C:\Documents and
Settings\LOTL\My Documents\my web sites\mysite3\_vti_cnf\search.htm
Tue Dec 06 22:45:48 2005 => System found infected with weathercast
Spyware/Adware (search.htm)! Action taken: No Action Taken.

Tue Dec 06 22:45:48 2005 => Offending file found:
C:\WINDOWS\iun6002.exe
Tue Dec 06 22:45:48 2005 => System found infected with zipitpro
Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
 
Dave,
I was thinking of posting an excerpt but it would have been a long
post. I noticed after looking through the log more closely that a lot
of the entries are located in my temp files.
Click to expand...

<snip log>

You should always empty temp folders and flush browser cache before
scanning. Use utils like CCleaner to make this easier and quicker.

Art


http://home.epix.net/~artnpeg
 
From: "LOTL" <[email protected]>

| Holy crap this thing found 68 viruses (all spyware supposedly) and 124
| errors.
| I have scanned with spybot, adaware and have MS Antispyware running in
| real time and none fo them found what this finds. I guess the
| possibility of finding a few false positves was an understatement!
| Dont think i would want to bring this along on a house call especially
| with an unsuspecting client peering over my shoulder. I wouldnt want to
| be liable for heart failure.
| Back to BartsPE i guess.
| Any other suggestions Art on a easy to use NTFS AV scanner that could
| either be bootable or ran from the command line?

You can verify *IF* they are indeed False Positives at Virus Total --
http://www.virustotal.com/flash/index_en.html
Click to expand...

Since KAV will often find stuff other scanners don't, this isn't as
good a check as you make it out to be (in this case). With KAV, if
there is a question, the best bet is a analysis be Kaspersky Lab.

Art

http://home.epix.net/~artnpeg
 
Ok just completed scans with newly updated definitions from spybot and
adaware.
Nothing but a handful of cookies found. I agree my maintenance
practices arent what they should be and i do have CCleaner installed
and will do a little house keeping.
The entries found in my My Websites have me wondering a bit. One of the
sites singled out i just created the other night using a built in
template. It never went live and i never did much with it. Not to say
that something might have copied itself to that folder but???
I dont doubt that KAV is a very thorough scanner but when three popular
and somewhat highly respected Malware scanners dont pick up anything
that MWAV found then i have to wonder.
 
I dont doubt that KAV is a very thorough scanner but when three popular
and somewhat highly respected Malware scanners dont pick up anything
that MWAV found then i have to wonder.
Click to expand...

The spyware/adware scanners may not be scanning the temp folders and
browser cache, for one thing. And remember there's a huge difference
between antivirus products and the spyware/adware scanners you
mentioned. AV will alert on malware the spyware/adware scanners don't.

Art

http://home.epix.net/~artnpeg
 
Art,
I dont mean to sound argumentative here but by default adaware and i
believe Spybot search the temp folders by default.
Click to expand...

Looking for what? Tracking cookies? You can't explain your results on
the theory that KAV is producing a large # of false alerts. That's
simply unbelievable. False alerts are _rare_!

Do as Dave suggested and upload suspect files to Virus Total. At least
some av scanners should alert on some of the files. And if not, submit
the files to Kaspersky for analysis.

Art

http://home.epix.net/~artnpeg
 
From: "LOTL" <[email protected]>

| Dave,
| I was thinking of posting an excerpt but it would have been a long
| post. I noticed after looking through the log more closely that a lot
| of the entries are located in my temp files.
| Im going to update spybot and adaware and run scans again. Here is an
| excerpt from the log file.
|

Make sure that you are using Ad-aware SE v1.06 and SpyBot S&D v1.4

You might want to install the VX2 plug-in (add-on) for Adaware SE

< snip log excerpt >

Many were .css, js and HTML files. They could and should be deleted.

As for; secure.bat that was declared as VX2. I'd like to see the contents of that BAT
file.
C:\Documents and Settings\LOTL\My Documents\lotlsgallery\gallery\secure.bat

As for; C:\WINDOWS\iun6002.exe that may me a False Positive and it should be submitted to
both Kaspersky and Virus Total.

http://www.virustotal.com/flash/index_en.html

Explain to Kaspersky that it was flagged as "zipitpro Spyware/Adware" and you aren't sure if
it a Flase Positive or not.
(e-mail address removed)
 
Back
Top