Remove-Malware.com » Malware

Rootkit Zero Access Removal Notes

malwarekilla — Tue, 27 Dec 2011 15:51:05 +0000

This post is split up in a few sections. It’s mostly my notes on dealing with rootkit zero access (a.k.a – rootkit.zeroacess, w32/Sirefef or Max++) Methods of Infection for Rootkit Zero Access (max++) Outdated Java (this seems to be the #1 way) .exe’s that have random porn type names. They are made to look like [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Rootkit Zero Access Removal Notes

TDL4 Rootkit Video – Being Used as a Proxy

malwarekilla — Tue, 12 Jul 2011 15:44:34 +0000

In this video you get to see how the TDL4 rootkit uses your PC as a proxy server. The tools used in this video are Comodo Cleaning Essentials and the Windows Task Manager.

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: TDL4 Rootkit Video – Being Used as a Proxy

Searching Online Whitepages Often Leads To Rogue Antivirus…or Worse

malwarekilla — Tue, 07 Dec 2010 20:02:27 +0000

I’m often curious on how my clients become infected. What websites they visited, what they were searching for and of course what kind of protection they had on their computer. After taking notes for a month it seams that 75% of the clients infected with rogue (fake) anti-virus first observed the rogues infecting their [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Searching Online Whitepages Often Leads To Rogue Antivirus…or Worse

How the TLD4 Rootkit Bypasses Driver Signing on Windows 64-bit

malwarekilla — Mon, 15 Nov 2010 18:41:58 +0000

Per the Sunbelt Blog: Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded [1]. The TDL4 rootkit bypasses driver signing policy on 64-bit machines by [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: How the TLD4 Rootkit Bypasses Driver Signing on Windows 64-bit

Kaspersky Website Serves Up Malware

malwarekilla — Wed, 20 Oct 2010 17:32:41 +0000

My first reaction to this was….”oooooo….that’s bad”. Anyway, check out the article. http://www.examiner.com/technology-in-national/security-firm-kaspersky-serves-up-malware-from-its-site

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Kaspersky Website Serves Up Malware

Combofix Not As Effective As It Once Was

malwarekilla — Sat, 06 Feb 2010 22:51:12 +0000

I don’t know if anyone else has noticed but for the last 2-3 weeks Combofix has been more or less….a waste of time, in fact I just had to resort to my UBCD4Win on every malware appointment. The latest round of rootkits seem to be evading it rather well. Also, I’ve really had to rely [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Combofix Not As Effective As It Once Was

Microsoft Security Essentials – Rootkit Followup Video

malwarekilla — Thu, 10 Dec 2009 18:07:16 +0000

In this followup video to the Microsoft Security Detection and Removal tests video I show you what rootkit was present on the PC, what apps couldn’t even detect it and what finally removed it. http://www.youtube.com/watch?v=aRfnBjTCG4I

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Microsoft Security Essentials – Rootkit Followup Video

Atapi.sys Rootkit is EVERYWHERE!

malwarekilla — Tue, 08 Dec 2009 03:09:48 +0000

Man…every client I’ve seen for the past 2 weeks who was infected with malware also had this Atapi.sys rootkit. I know I’ve written about this about 2 weeks ago, but I wanted to keep this fresh. If you’re searches are getting redirected and you’ve scanned with just about every thing you can think of then [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Atapi.sys Rootkit is EVERYWHERE!

Black Screen Of Death Caused By Trojan:Win32/Daonol

malwarekilla — Wed, 02 Dec 2009 15:01:35 +0000

I’ve seen a lot of reports that users are experiencing a black screen of death when some Windows updates are applied. Windows updates do NOT cause the black screen of death, however malware already present on the PC does, specifically Trojan:Win32/Daonol (which is an info stealer/redirector). The latest versions of Trojan:Win32/Daonol are very buggy and [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Black Screen Of Death Caused By Trojan:Win32/Daonol

Nasty New Rootkit Patches Atapi.sys

malwarekilla — Mon, 16 Nov 2009 18:55:16 +0000

For the past 7 days I’ve been seeing a new rootkit (not sure of the name) that patches the atapi.sys driver. This rootkit was NOT detected by any of the applications I use in my bootable anti-malware toolkit. Full scans with: Avira SAS MBAM Spyware Doctor GMER revealed nothing. I was still getting all searches [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Nasty New Rootkit Patches Atapi.sys