Matt's Malware Enigma

Gnosis · Jun 2, 2011

Check this out. Matt is having a heck of a time. This is really interesting.

http://remove-malware.com/client-notes/my-night-with-a-new-nasty-rootkit/

McLovin · Jun 2, 2011

This seem very interesting. Seems weird that Combo Fix did not work, but at leaset he got is removed. It would be interesting to try that nasty virus out, on a VM.

Gnosis · Jun 2, 2011

Heck yes it would be interesting. See if you can make it happen. I would like to see some relative VM action.

When ComboFix fails, it is time to PANIC.

They are not out of the woods yet. He has failed to boot Windows.

moonshine · Jun 2, 2011

By far, This is a Computer Repair man's nightmare, :s

jamescv7 · Jun 3, 2011

I cannot believe it tools like Combofix failed to detect the rootkit, that was really a nasty tried the tools but the problem still exist.

Dejan · Jun 3, 2011

Was a really nice blog post there, kind of shows how tough some infections can be.

Gnosis · Jun 3, 2011

I hope that one of our can get a hold of that TDSS variant and make a video for us.

MrXidus · Jun 3, 2011

@ZOU1 I'm your hunter. But what should the video be about exactly? Explain in detail and I just might do it. Thank you.

Gnosis · Jun 3, 2011

It would be great if you can find a way to get a hold of that exact TDSS varient and infect your VM. Then try the popular software like, TDSS Killer, MBAM, HitMan Pro, GMER, ComboFix, NPE, Dr. Web, and so on. Also, utilize some good process explorers like Process Hacker 2, Autoruns and SpyDLL Remover. Try some safe mode initializations of anti-malware software that will work in the Safe Mode environment. Maybe even see if the, now unpopular, HiJack This tool can initially cripple it enough to deal with it more effectively. I am just shooting from the hip. You get my drift. I know it is a tall order, but this is fascinating stuff.:angel: Thank You MrXidus.

What would be neat is breaking the video up into an individual short segment for every anti-malware program that I spoke of; tdss vs. GMER; tdss vs. HitMan Pro; tdss vs. MBAM in safe mode; tdss vs. ComboFix in Safe Mode, etc. Something like that, while monitoring each individual performance with a good process explorer. I will also like to see if SpyDLL Remover and Process Hacker 2 can shut it down, and to see the intelligence they gather as you use MBAM and the others to attempt to destroy it.

I am really proud to be a part of our community. Over the last couple of years this group of people and our active forums, here and at rM previously, makes me feel as if we are some of the best in the world on the front lines when it comes to battling malware, esp. when it comes to assisting the many inexperienced users out there that come to us for help.

We may not create the software, but we are crafty in their applications. We are very informed.

Tom172 · Jun 3, 2011

Part 2 of “My Night With A New Nasty Rootkit”

http://remove-malware.com/client-notes/part-2-of-my-night-with-a-new-nasty-rootkit/

Dejan · Jun 3, 2011

ZOU1 said:
It would be great if you can find a way to get a hold of that exact TDSS varient and infect your VM. Then try the popular software like, TDSS Killer, MBAM, HitMan Pro, GMER, ComboFix, NPE, Dr. Web, and so on. Also, utilize some good process explorers like Process Hacker 2, Autoruns and SpyDLL Remover. Try some safe mode initializations of anti-malware software that will work in the Safe Mode environment. Maybe even see if the, now unpopular, HiJack This tool can initially cripple it enough to deal with it more effectively. I am just shooting from the hip. You get my drift. I know it is a tall order, but this is fascinating stuff.:angel: Thank You MrXidus.

What would be neat is breaking the video up into an individual short segment for every anti-malware program that I spoke of; tdss vs. GMER; tdss vs. HitMan Pro; tdss vs. MBAM in safe mode; tdss vs. ComboFix in Safe Mode, etc. Something like that, while monitoring each individual performance with a good process explorer. I will also like to see if SpyDLL Remover and Process Hacker 2 can shut it down, and to see the intelligence they gather as you use MBAM and the others to attempt to destroy it.

I am really proud to be a part of our community. Over the last couple of years this group of people and our active forums, here and at rM previously, makes me feel as if we are some of the best in the world on the front lines when it comes to battling malware, esp. when it comes to assisting the many inexperienced users out there that come to us for help.

We may not create the software, but we are crafty in their applications. We are very informed.

I might ask Dan or Xylitol about it, but I don't know if they'll make a video about it, we'll see.

Gnosis · Jun 3, 2011

Your call. No pressure; would just be fun, that's all. Thanks to all involved if it pans out.

@Tomo
Thanks for the link. I almost forgot to check Matt's updated story.
ComboFix is obviously great, but it is scary that we are having to rely on one product to save us when things get really bad due to fresh malware releases.

moonshine · Jun 3, 2011

Another reason for Teens to stop dabbling with malware,

jamescv7 · Jun 9, 2011

Good that Combofix found finally the rootkit activity, seriously that volsnap.sys really nasty thus to prevent modified it and have a BSOD.

Search

Search

Matt's Malware Enigma

Gnosis

Level 5

McLovin

Level 80

Gnosis

Level 5

moonshine

Level 7

jamescv7

Level 85

Dejan

New Member

Gnosis

Level 5

MrXidus

Super Moderator (Leave of absence)

Gnosis

Level 5

Tom172

Level 1

Dejan

New Member

Gnosis

Level 5

moonshine

Level 7

jamescv7

Level 85

You may also like...