A forum for reverse engineering, OS internals and malware analysis
File threats detected : 119thisisu wrote:Attaching a log from SAS as this appears to be new.The same here:
http://forums.majorgeeks.com/showthread.php?t=259885Code: Select allFile threats detected : 119
Quads wrote:FRST it to remove the folder.
Quads
Quads wrote:Not all the time and that includes the desktop.ini files due to the likes of services.exe in behind it all. ESET online scan finds just in the memory as sirefef.EZI agree. However by using BlitzBlank this should allow Combofix to run properly to finish the job.
Quads
B-boy/StyLe/ wrote:The same here:Nice! I'm going to try to move the folder with OTL first and then retry ComboFix (if needed).
http://forum.avira.com/wbb/index.php?pa ... dID=145110
thisisu wrote: I haven't used BlitzBlank before. Do you find it more effective than Avenger?
Gabethebabe wrote:malware case update
I ran MBAM with latest sigs - nothing
I ran hitmanpro - it found some irrelevant vundo stuff, ate some cookies and flagged SearchFilterHost.exe as suspicious, but that file resulted to be legit.
I can't run OTL on the infected system - it halts during the scan.
So all tools are breaking their teeth on this zaccess variant aorn
Running from C:\Users\JonEJet\DownloadsC:\Windows\$NtUninstallKB46020$