Googled, got close to a half-mil hits but couldn't find anything
within the past couple months.
The older posts indicated that there was basically no defense - that
some products detected it and some didn't, but none could recover from
it.
I'm guessing things have changed.
Can anybody confirm?
Using Avast.
| Can anybody confirm?
| Using Avast.
Do you have a sample ?
If you do, submit a cpy to UploadMalware
http://www.uploadmalware.com/
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Not sure what your question is here, but I suggest a re-image from an
old enough image so as to not have an "infected" backup reinstalled.
As for prevention, nothing is perfect and polymorphic viruses are
particularly troublesome. That much will *not* have changed.
> As for prevention, nothing is perfect and polymorphic viruses are
> particularly troublesome. That much will *not* have changed.
Thanks for the terminology.
I just finished reading http://en.wikipedia.org/wiki/Polymorphic_code
Sheesh!.... sounds kind of grim to me... like the human flu... keeps
changing...
Now that I know that, I'll try harder to get the user of the affected
PC up-to-date on the process of re-imaging it themselves - bc it
sounds to me like there are going to be repeat performances of this.
Thanks for the terminology.
***
Trojans can take different forms also, but they usually don't do it
programmatically themselves (relying on human influence). Often just
detecting that a hash of the file matches a known to be malicious file's
hash is enough to detect it. This one is a virus, so, on top of having
malicious code that keeps changing how it appears with each iteration
(as you have just read) it hides "within" pre-existing executable
files - further complicating matters. Even so, the file infection
function is not the only bad thing that this malware does.
When doing image backups, consider having more than one. Some malware
may not be noticed until after a number of thought-to-be-clean images
were made - best to have backup backups going back in time if you know
what I mean.
Thanks for the terminology.
***
Sorry for the late addition to the thread - but I just ran across this
and thought it might be of interest to any readers still monitoring.
http://www.informit.com/articles/article.aspx?p=366890&seqNum=1
***