I put this post on the "Secure Channel" today, a web site for security gurus:
I encountered Green AV 2009 on a customer's computer and googled for a solution. I found several. None worked. In fact, with some of the sites, as has been mentioned earlier, there were entries that seemed to be purposely misleading- removing some of the infection but leaving other parts that allowed it to continue to operate.
I didn't trust any of the old standbys, such as Malwarebytes, to completely remove the thing, since the various instructions on the internet are wrong. I didn't want a partial removal that would hid the total signature of the problem.
I believe I have a process that removed all the threads, but it required a long time using HighJackThis, reviewing and searching the registry, and cross referencing the registry to the possible modules on the computer, etc.
On another customer's computer I had a W32Lovegate variant. That one had disabled windows update by deleting an entire branch of the registry. Working with MS Support, we had to reconstruct the branch, as well as run a couple of different malware programs. Now I have the branch as a local reg file, as well as all the other things I did in "snapshot form" so I can quickly go after the thing if I again encounter it.
These are all stories leading to a couple of questions. How in the world can the good guys communicate amongst each other without the bad guys mucking up the information or using it to change their "signature." Do we have to end up sending the information to the big Security Application sites, where they then use the information to make a profit? Is there some web site where I can contribute solutions I find, get some credit, and not have the information misused?
No comments:
Post a Comment