SpannerITWks
Premium
join:2005-04-22
1 edit | reply to MSauk
Re: Just switched Anti-virus and purchased BoClean
Interesting times today, 'ish lol !!!
For those who were asking/wondering, i did drop those RK's into BOClean to see if it detects them, and of course it did as you saw in the previous screenies. I have attempted to run nasties on Many occasions, but BOClean and/or my AV stops em. Dropping them in to see if it detects a nasty is sufficient, because if run it would automatically pounce on it, as indeed it did, read on ......
Don Pelotas and a few others mentioned about me trying to run them to see what happens with BOClean, or not, so i Did ! With NO VmWare or Sandbox type Apps i went ahead with the tests, oh and Offline too as always ! To do this i had to disable my AV BitDefender, otherwise it would have also jumped in on some of them, as i've scanned them before with it so i know it does.
I feel that honesty is the best policy, otherwise it doesn't help anyone, so here's the FULL details in glorious technicolour, warts n all, hope you respect that !
Here's what happened with these Rootkits and Trojan -
Naturally i Didn't allow Internet access to 39.exe. I chose Not to remove the files also, as i want to keep them in my vault. If i had allowed BOClean to remove everything associated with them, things would have been very different, as you'll see. I usually test with copies i make of any nasties, but didn't this time ! I cleaned out All my Temp/Cache etc files and rebooted.
On reboot my Watcher system monitor App detected that - winymy32.dll - had been added into Windows System, so i renamed it and made a copy of it, here if you want to examine it - Your Download-Link: »rapidshare.de/files/28451975/win···zip.html - Obviously part of the - 39.exe = DISKTRASH = SMITFRAUD18 - file i tried to run. I dropped it into BOClean and got this, as expected and seen by me before -
I noticed that my BD icon was greyed out, which means it's disabled, so i tried to re-enable it, but it only lasted a few seconds before turning grey again ? I tried to do a Full system AV scan with BD, but it was slow in launching and wouldn't scan. Hmmm so what's up ere den mefinks ? Wasn't 100% sure, so instead of wasting time i tried the BD Repair feature, but no go.
Went on to uninstall it via Control Panel, and still no go ! As i install/uninstall Everything with Total Uninstall i used that, together with 2 of my regular Registry cleaners to clean up. I noticed that there were some entries connected with the MS Installer that were showing as still in use/needed etc which remained undeleted. Dug out my install .exe of BD and tried to re-install it, but got an msi failure alert, and it aborted. So i tested the install procedure by installing an imaging App i had waiting to be installed, and that worked fine. I DL'd and installed - InstMsiA.exe - direct from MS thinking that might solve the install errors in case something was really amiss with MSI, but it made no difference in not getting BD re-installed on another retry ?
OK i wondered if it was something just BD related, so went online and DL'd Antivir Free AV, which i've had before and is very good, apart from the nag screen issues, and it's installed and updated the Defs just fine too ! I've checked/tested my other Apps, and there don't appear to be Any problems with them at all ! So the BD events are a mystery ? Don't know if anyone may be able to shed any light on this, but if they can that would be Very welcome.
Maybe Don might like to donate a copy of KAV to me for my troubles, as it's ALL his fault lol.
Once again i Chose NOT to allow BOClean to remove/delete those files etc, so that's down to me, Nothing to do with BOClean, hope that's Clear !
Spanner
edit - added InstMsiA.exe etc info Only.
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
