From: FromTheRafters on
"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
> On Mon, 9 Aug 2010 20:39:32 -0400, in
> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
> <erratic(a)nomail.afraid.org> wrote:
>
>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>
>>> I thought "this class of virus" would be specific enough,
>>> but you're right that I should have been clearer,
>>> and I thank you for the clarification.
>>
>>Just curious, what did you mean by 'this class of virus' and the
>>infection of possibly needed executables?
>
> I meant the class of virus that implants its own executable files,
> and protects them from most methods of removal. Sorry for not being
> more clear.

That's okay. You are correct that self-contained replicator files can be
deleted outright - there is nothing there that needs to be salvaged, but
Ramnit.a actually modifies (infects/trojanizes) preexisting program
files (although not with a replicant).


From: John Navas on
On Tue, 10 Aug 2010 07:45:46 -0400, in
<i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
<erratic(a)nomail.afraid.org> wrote:

>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>> <erratic(a)nomail.afraid.org> wrote:
>>
>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>>
>>>> I thought "this class of virus" would be specific enough,
>>>> but you're right that I should have been clearer,
>>>> and I thank you for the clarification.
>>>
>>>Just curious, what did you mean by 'this class of virus' and the
>>>infection of possibly needed executables?
>>
>> I meant the class of virus that implants its own executable files,
>> and protects them from most methods of removal. Sorry for not being
>> more clear.
>
>That's okay. You are correct that self-contained replicator files can be
>deleted outright - there is nothing there that needs to be salvaged, but
>Ramnit.a actually modifies (infects/trojanizes) preexisting program
>files (although not with a replicant).

That depends on the actual problem, what the anti-virus system is or is
not able to remove and disinfect on its own. According to this report:
<http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
Win32/RAMNIT.A modifies few essential executables. My own experience
with Microsoft Security Essentials (cf OP) is that only non-essential
files are missed in this case. Do you have experience to the contrary?

--
John

"Assumption is the mother of all screw ups."
[Wethern�s Law of Suspended Judgement]
From: Dustin on
sfdavidkaye2(a)yahoo.com (David Kaye) wrote in
news:i3qvq1$dbu$5(a)news.eternal-september.org:

> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote:
>
>>Horrible, but there's nothing particularly nice in the phrase about
>>raping young girls ... willing or not.
>
> No, of course not, but in those days (and my dad told me he'd first
> heard the phrase during World War II radio duty) electronics was a
> man's game -- not just a man's game, but a "man's man" game, not
> unlike car repair, boxing, or icing.
>
>

it's still an honored skillset, atleast, IMHO.


--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
From: David Kaye on
Dustin <bughunter.dustin(a)gmail.com> wrote:

>
>it's still an honored skillset, atleast, IMHO.

I already knew about car repair and stuff, but icing was one of those male
rituals I just learned about. Now I feel really really manly.

From: David H. Lipman on
From: "John Navas" <spamfilter1(a)navasgroup.com>

| On Tue, 10 Aug 2010 07:45:46 -0400, in
| <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
| <erratic(a)nomail.afraid.org> wrote:

>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>>> <erratic(a)nomail.afraid.org> wrote:

>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...

>>>>> I thought "this class of virus" would be specific enough,
>>>>> but you're right that I should have been clearer,
>>>>> and I thank you for the clarification.

>>>>Just curious, what did you mean by 'this class of virus' and the
>>>>infection of possibly needed executables?

>>> I meant the class of virus that implants its own executable files,
>>> and protects them from most methods of removal. Sorry for not being
>>> more clear.

>>That's okay. You are correct that self-contained replicator files can be
>>deleted outright - there is nothing there that needs to be salvaged, but
>>Ramnit.a actually modifies (infects/trojanizes) preexisting program
>>files (although not with a replicant).

| That depends on the actual problem, what the anti-virus system is or is
| not able to remove and disinfect on its own. According to this report:
| <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
| Win32/RAMNIT.A modifies few essential executables. My own experience
| with Microsoft Security Essentials (cf OP) is that only non-essential
| files are missed in this case. Do you have experience to the contrary?

That ThreatExpert report is insuficient.

Go back and read Ant's analysis based upon the Ramnit samples I provided him with.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp