-
January 3rd, 2013, 10:57 PM
#1
Registered User
Win8 Malware Removal
Yessir, got to do my first Win8 malware removal today. Machine was a Christmas gift, and it has already required cleaning. Fortunately (since there still isn't a version of ComboFix for Win8), it didn't turn out to be anything too intense. TDSSKiller came up clean, and MBAM 1.7 found 119 PUP, almost all of which where MyWeb related, but there were several entries for software (toolbars, etc.) related to GamingWonderland.com, as well as Incredibar, and a couple of coupon toolbars and related stuff.
None of that was particularly difficult to remove, but I also noticed that TVFanatic.com's player was installed. That installs two or three nasty things (variable, but always including Yontoo), that MBAM still fails to detect, but both ComboFix and NOD32 (including the Online scanner) do remove.
Well, just for grins, I decided to run the computer's bundled AV software, McAfee, before I ran Eset's online scan. Amazingly, McAfee found no threats
One really interesting thing stood out when I compared the MBAM and McAfee scans. I ran full scans with both programs, and McAfee reported 191,310 items scanned, which included processes in memory, registry entries, files, etc. MBAM reported 368, 623 items scanned. Perhaps the term "full scan" doesn't mean what I thought it did?
-
January 4th, 2013, 11:36 AM
#2
Registered User
Sadly, I forgot to bring with me the utility I made that wipes Yontoo out of the system or I'd offer it to you for future use. I am mildly interested in fixing a Win8 machine to see what works and doesn't work from both the cleaning and the infector sides since Win8 is supposed to be a lot different under the hood.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
January 4th, 2013, 06:13 PM
#3
Registered User
I really haven't looked at any of the Yontoo specific tools, since ComboFix and NOD32 seem to do the trick, and, I pretty much run 'em in every removal. Still, it might be interesting to do an A/B comparison with a standalone tool.
The biggest change I would expect in 8 would be freedom from rootkits; at least if Secure Boot is enabled. Or until it's cracked. I would say that anything that generates any kind of advertising should automatically be considered malware, due to the danger inherent in un-screened ads. But, most malware removal tools see the majority of this stuff as PUPS rather than outright infections, of course. As if anyone would really want any of this crap on their system if they understood everything it did and the associated risks. Still all this stuff looks like standard add ons to the system, so no serious redflags are raised by Windows or your browser. Personally I think MS and all browser vendors should make it much more difficult to install this junk.
Anyway, on the same note, it's interesting to look at a couple of the default settings in IE and Chrome. Internet Explorer 10 lets you block changes to your search engine by third party software, but you have to turn on that feature; it's off by default. Likewise, by default, Chrome doesn't check a web site for a revoked certificate. Once again, you have to enable that feature if you want it. It just seems to me that all browsers should be more restrictive by default, and provide clearer explanations of their security alerts, instead of adopting the attitude that "Heck, users won't understand this alert anyway, so let's just keep it 'usable'".
Last edited by slgrieb; January 4th, 2013 at 06:17 PM.
Similar Threads
-
By Surfer in forum Windows 7
Replies: 2
Last Post: September 17th, 2012, 07:58 PM
-
By Niclo Iste in forum Tech-To-Tech
Replies: 6
Last Post: November 25th, 2010, 09:14 AM
-
By Kodiak in forum Spyware & Antivirus - Security
Replies: 2
Last Post: October 2nd, 2007, 09:29 AM
-
By kumushai in forum Spyware & Antivirus - Security
Replies: 4
Last Post: January 10th, 2005, 03:15 PM
-
By TechZ in forum Other Software Applications
Replies: 1
Last Post: July 13th, 2004, 06:16 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks