Any anti-malware software that can scan the registry of a slaved drive?
in [Anti-Virus]
|
Prev: Any anti-malware software that can scan the registry of a slaved drive?
Next: McAfee scans my entire system every day with scheduled scansdisabled
From: Dustin Cook on 14 Dec 2009 15:14 ASCII <me(a)privacy.net> wrote in news:4b268829.842796(a)EBCDIC: > Dustin Cook wrote: >> >>> To your knowledge, is MBAM on such lists? >> >>Some malware will kill us dead in our tracks, yes. > > like a mutex for whatever your executable depends? Yep. Some block by filename, and others actually look for our presence in memory and show us the door. *shrug* -- Dustin Cook [Malware Researcher] MalwareBytes - http://www.malwarebytes.org
From: Dustin Cook on 14 Dec 2009 15:15 Toxic <staring(a)my_hd.tv> wrote in news:pan.2009.12.14.00.57.29(a)cdc.gov: > On Sun, 13 Dec 2009 19:35:14 +0000, Dustin Cook wrote: > > >> Some malware will kill us dead in our tracks, yes. > > Do you think the often repeated endorsements in this forum of MBAM > place it in the category of squeaky wheel, thereby increasing the > likelihood of it being targeted for crippling attacks? > I don't think this forum (usenet) has much if anything to do with it. When you have a good product, in high use, it will be targetted; that's just the way it is. -- Dustin Cook [Malware Researcher] MalwareBytes - http://www.malwarebytes.org
From: Dustin Cook on 14 Dec 2009 15:16
"FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:hg45k7$qq4$1 @news.eternal-september.org: > "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message > news:Xns9CE094C33E07CHHI2948AJD832(a)69.16.185.247... >> Virus Guy <Virus(a)Guy.com> wrote in news:4B1A99E8.4680C0D4(a)Guy.com: >> >>> "David H. Lipman" wrote: >>> >>>> All anti malware scanners presume that they are installed on the >>>> OS that is affected. >>> >>> I fully undertand that - although your "all" proviso leaves no doubt >>> about it, and so far nobody else has suggested that there is even one >>> scanner that can do what I'm asking about. >>> >>> But your statement does not answer the question: >>> >>>| Are hive structures either so proprietary or so complex to make >>>| that task impossible? >>> >>>> I mention the above because many presume placing an affected >>>> drive in a surrogate PC is one of the best ways to deal with >>>> removing malware that may be loaded at run-time. However, if >>>> you do, when you run the Anti malware software it will not >>>> correct the registry of the OS of the affected drive and may >>>> leave the OS of the affected drive impotent. >>> >>> Hence my question as to whether or not the "next frontier" of AM >>> (anti-malware) software would be to have the ability to scan and >> correct >>> the registry present on a slaved drive. >>> >>>> I am NOT saying placing an affected drive in a surrogate PC is >>>> not a good methodology. I am saying that it can have drawbacks >>>> and you must be prepared for them. >>> >>> Would it not be possible to run a system in safe mode and therefor >>> not >>> experience the BSOD in your example? >>> >>>> An advantage of placing an affected drive in a surrogate PC >>>> is that if there is a RootKit >>> >>> In my case, it seems that the malware in question was preventing me >> from >>> (re)installing and running NAV (and even the task manager) but not >>> MBAM. We know that it's fairly common for malware to have an >>> in-built >>> list of file names and processes to interfere with and prevent proper >>> operation. >>> >>> To your knowledge, is MBAM on such lists? >> >> Some malware will kill us dead in our tracks, yes. > > Maybe in the future, antimalware will have to go polymorphic to hide > from the malware - not much different on this side of the fence after > all, eh? :o) No, it seems the grass just looked taller.. :) -- Dustin Cook [Malware Researcher] MalwareBytes - http://www.malwarebytes.org |