Announcement

Collapse
No announcement yet.

Anyone familiar with SUPERantispyware?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Anyone familiar with SUPERantispyware?

    So, I kinda "discovered" SUPERAntispyware the other night.

    It had been listed on my ultimate boot CD, but I had MBAM, and hadn't needed anything else...

    THEN, MBAM started refusing to recognize a fake AV, and a website mentioned SUPER, so I gave it a try on a hard drive plugged into a SATA/IDE to USB adapter, and everything was good.

    TWO NIGHTS LATER, I plug another HD in the same way, run SUPER, it finds the fake AV, acts like it's removing it, says the computer needs to restart, I restart the computer, plug the HD back into the PC, and the fake av is still there. I unplug the HD, plug it back into the adapter, run the scan, get the hits, remove it, and to be safe, run the scan again. Fake AV is still being picked up. I run the scan about 3 more times, hoping against hope it would be removed, it wasn't. I finally delete the folder that contained the fake av, and ran an AV, which picked up the rest of it.

    The weird thing is just to see what happened, I plugged the now clean HD into the pc, loaded up SUPER, and ran it. This time it actually removed the items, based on a second scan, restart, third scan. (both of which came back clean)

    So, do you think it was the difference in fake AVs that wouldn't let go, something with SUPER, or something else entirely?
    SC: “Yeah, Bob’s Company. I'm Bob. It's my company.” - GK
    SuperHotelWorker made my Avi!!
    Tags: None
  • #2
    We used to use SAS at work but now consider MBAM enough for general malware cleaning. It's possible that rogueware was interfering with the tools, or a rootkit was (even if SAS/MBAM show clean you may want to check gmer or Root Repeal), but in almost all cases if everything is updated properly MBAM should take care of everything. You might need to boot to safe mode though.

    When scanning with MBAM, did you run MBAM and then scan or did you right-click the correct drive and select MBAM's scanning entry? If the former, it will have only scanned the fixed drives.

    Comment

    • #3
      I opened MBAM, selected the drive in question, and scanned it.

      I'll check out the two rootkits cleaners
      SC: “Yeah, Bob’s Company. I'm Bob. It's my company.” - GK
      SuperHotelWorker made my Avi!!

      Comment

      • #4
        One addition: I've run into a couple of rare viruses that you have to unplug the network cable before reboot, then replace it after the computer comes back up. Not sure why that disables them from coming back, but it works, so I don't ask too many questions.
        The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
        "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
        Hoc spatio locantur.

        Comment

        • #5
          isnt isolating the box from the network SOP when dealing with a virus? or was my department head just paranoid.
          This is a drama-free zone; violators will be slapped. -Irving Patrick Freleigh
          my blog:http://steeledragon.wordpress.com/

          Comment

          • #6
            It's usually SOP for me, as I even scan the HD by itself when I can.

            But sometimes, you need to run updates or something on the infected box.
            SC: “Yeah, Bob’s Company. I'm Bob. It's my company.” - GK
            SuperHotelWorker made my Avi!!

            Comment

            • #7
              Quoth SteeleDragon78 View Post
              or was my department head just paranoid.
              It's not paranoia if you're right...

              It's common sense, and it should be SOP at any tech job, yes.
              "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
              "The difference between an amateur and a master is that the master has failed way more times." - JoCat
              "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
              "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
              "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
              "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
              Acts of Gord – Read it, Learn it, Love it!
              "Our psychic powers only work if the customer has a mind to read." - me

              Comment

              • #8
                Best Safe Practices? Sure. Keep the computer off the network.

                But a few things:

                1) Most of my users I don't want trust looking for cords to pull on the back of the machines. I just have them turn it off. This gets overridden by local supervisors telling them to work as they can until I get there, and the people my boss and I can complain to get confused by calculator technology. Talking computers to them, even basic virus safety, is a one-way ticket to GlazedEyes-ville, and gets ignored like the guy teaching calculus to the football team. After all, if they don't understand it, it can't be important, right?

                2) Most of the viruses today require up-to-the-day updates to clean successfully. Even keeping the latest executable on my porta-drive isn't good enough. For instance, right now, the latest downloadable version of Malwarebytes' Anti-Malware still requires a 4-5MB update to be up to date.

                3) It has been a long time since I've run into anything that even tries to propagate itself on a LAN like that. Everything I've had to deal with in the last two years has been fake anti-virus, info-gathering cookies, or website redirectors. Spam-bots, Zombies, and and destructive viruses seem to have gone out of style. For now, anyway.

                It's a matter of reality forcing a risk-vs.-reward choice. Nobody's going to say its the right way, but we do what needs be to get results.
                The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
                "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
                Hoc spatio locantur.

                Comment

                • #9
                  Quoth SteeleDragon78 View Post
                  isnt isolating the box from the network SOP when dealing with a virus? or was my department head just paranoid.
                  No, SOP is isolating the box from the network by physically disabling/removing the means it uses to connect, then to proceed to isolate the (l)user from the company by locking said person in a closet with remote activated lights and fire sprinkler and setting those up to go off randomly for two days.

                  Well, at least that's the SOP for the BOFH...
                  I AM the evil bastard!
                  A+ Certified IT Technician

                  Comment

                  Previous template Next
                  Working...