republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Can YOU Crack The Gauss Uber-Virus Encryption?

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
kudos:7

reply to FF4m3

Re: Can YOU Crack The Gauss Uber-Virus Encryption?

To detect Gauss on you system just go to these sites in the first link below...it is easy to dectect....and the sites will let you know immediately since...

"Both CrySys and Kaspersky sniff out Gauss by looking for a custom-built font, dubbed "Palida Narrow," that the malware adds to infected machines.

CrySys first posted a detection tool that relied on the Palida Narrow strategy; Kaspersky took the same approach, but simplified it by inserting an IFRAME element into a Web page. The IFRAME uses JavaScript to check for the presence of the font."

http://www.computerworld.com/s/article/9230170/Security_experts_push_free_Gauss_detection_tools

And for removal..Bit Defender has a good tool and there are others out there...

http://www.bitdefender.com/news/gauss-removal-tool-powered-by-bitdefender-2556.html
--
Gladiator Security Forum
http://www.gladiator-antivirus.com/
to forum · permalink · 2012-08-14 21:00:08 ·


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by Name Game:

..."Both CrySys and Kaspersky sniff out Gauss by looking for a custom-built font, dubbed "Palida Narrow," that the malware adds to infected machines.

CrySys first posted a detection tool that relied on the Palida Narrow strategy; Kaspersky took the same approach, but simplified it by inserting an IFRAME element into a Web page. The IFRAME uses JavaScript to check for the presence of the font."

Puzzling. Why would a piece of malware go to such lengths of encryption and avoidance of certain specific AVs, but at the same time install a readily-detectable font (Palida Narrow) that immediately can betray its presence to any AV or the user? Although placing the font on an infected system probably makes the malware's presence more readily detectable remotely at infected websites run by the malware authors, it undercuts part of the point of the encryption. Something still doesn't seem to quite match up...
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775
to forum · permalink · 2012-08-15 23:00:22 ·
Forums > Broadband Tech > Security > Security

Saturday, 18-May 22:59:13 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics