Avast Doesn't Block XP Defender malware (ave.exe)
in [Spyware]
|
From: Dustin Cook on 4 Apr 2010 16:59 "The Real Truth MVP" <trt(a)void.com> wrote in news:hpatru$p15$1(a)leythos.motzarella.org: > You are full of sh*t Dustbin. You don't know me and nobody posting in > these groups knows me have never seen me. You will believe anything I > tell you say or do because you are an idiot. You can say that until hell freezes over, it's not going to make it true. Your identity hasn't been a secret in years. No matter how much you try to say your this, or your that, you've been caught; just get over it. Move on. Go.. I dunno, steal something else.. :) -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: David Kaye on 4 Apr 2010 17:01 "Ant" <not(a)home.today> wrote: >So that would be insecurely and typically lacking the latest (or any) >third party software updates or patches for bug fixes. They might be a >little better protected with Vista or Win7 if they haven't disabled >the nags. What I'm getting at is that I use the best of off the shelf freebie programs my customers would tend to download. As for updates, typically when I first see them they have default Windows services turned on, so that they are up to date on Windows updates, but also have remote registry and other nasties turned on. By the time I reach them they're badly infected and have installed 4 or 5 anti-malware programs hoping to fix what they've done. I spend much of my time uninstalling stuff, returning the computer to as close to pristine as possible, and then install anti-malware tools. I know you mean well, but believe me, I already know about this stuff. I wasn't saying anything about a firewall protecting me against this problem. What I SAID was that the warning that the firewall was turned off was th e first information I received that an exploit was running. >You still haven't stated which browser and you don't need to click to >be infected. In the last few days there have been updates for IE6 & 7, >Firefox, Quicktime & Itunes and Foxit PDF reader. All of them correct >exploitable vulnerabilities. Take a look at http://isc.sans.org/ I'm using IE8 Version 8.0.6001.18702. >at isc.sans.org. Foxit have corrected it but Adobe Acrobat is probably >still vulnerable. In fact malicious PDFs, which are frequently used, >often don't display at all but just run code. Yeah, Adobe has been remarkably lame in fixing their software. They have exploits going back years I'm told. >If you want some warning it's best to to have the appropriate OS >security policies and logging in place. Firewalls are usually only >concerned with network connections, not what you allow to run. I know you mean well, but believe me, I already know about this stuff. I wasn't saying anything about a firewall protecting me against this problem. What I SAID was that the warning that the firewall was turned off was the first information I received that an exploit was running. >The only way you can find out what causes a problem like this is to do >an immediate investigation of all the recent HTTP (and perhaps other >protocol) requests and examine any cached pages, scripts, Java .jar >and .class files, etc when it happens so you can track down the bad >site and what exploit was used. I noted the file date/time and have looked back on this. The exploit appears to have come from foxnews, officedepot, or officemax -- the time stamps are within a few seconds of each other and show up right before the time stamp that was written to the temp directory in my documents and settings tree. >More important is to find the vulnerable software component that >allowed it to run. Yes. Also, since I was able to get this infection I suspect that I'll be getting frantic calls this coming week from others. I'm getting tempted to set people up as limited users, even though that creates headaches in itself (such as the inability to run QuickBooks properly, which I mentioned before).
From: gufus on 4 Apr 2010 17:05 Hello, David! You wrote on Sun, 4 Apr 2010 16:50:45 -0400: | | Whatever it is -- the fault lies in you PC. | He /doesn't/ get it :-( -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: David Kaye on 4 Apr 2010 17:16 "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote: >Hello, David! > >You wrote on Sun, 4 Apr 2010 16:50:45 -0400: > > | > | Whatever it is -- the fault lies in you PC. > | > >He /doesn't/ get it :-( No, YOU FOLKS DON'T GET IT. My PC is fine. I happen to be a programmer. I can do API function calls in my sleep. I checked this computer and everything was properly set and the information returned was correct. The fact that the post time is correct now means that Eternal September fixed some problem at THEIR END because I haven't touched a single setting on this computer. Here are the pieces of code (VB style, in this case) I used to determine that the time zone, UTC offset, and daylight flags were correct: Type TIME_ZONE_INFORMATION Bias As Long StandardName(32) As Integer StandardDate As SYSTEMTIME StandardBias As Long DaylightName(32) As Integer DaylightDate As SYSTEMTIME DaylightBias As Long End Type Declare Function GetTimeZoneInformation Lib "kernel32" Alias "GetTimeZoneInformation" (lpTimeZoneInformation As TIME_ZONE_INFORMATION) As Long Declare Function SetTimeZoneInformation Lib "kernel32" Alias "SetTimeZoneInformation" (lpTimeZoneInformation As TIME_ZONE_INFORMATION) As Long
From: David Kaye on 4 Apr 2010 17:19
"gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote: >Hello, David! > >You wrote on Sun, 4 Apr 2010 16:50:45 -0400: > > | > | Whatever it is -- the fault lies in you PC. > | > >He /doesn't/ get it :-( The problem with you folks is that you're working on theory, not real-world testing. You sit back and tell others that they're wrong when you have no idea what experience they have dealing with things. I worked for almost 8 years as a software developer writing medical software for organ transplants and banking software before that. And I have spent the past 8 years fulltime doing tech support, specializing in malware issues. So, I think I have some field experience worth paying attention to that you folks who merely read Usenet posts simply don't have. I'm not angry at you and your smugness, though I suppose I could get angry. I'm saying that your theoretical posts simply don't shed any light on the issues, so they're not helpful. |