Tony
Sat Dec 30 14:45:00 CST 2006
Well, thank YOU! This is the only kind of malware that ever brought my
machine (any of them) to it's knees. It was silent for a long time, maybe a
year, then started playing tricks with the i-net connection. As a last
attempt I tried deleting it manually and that completely broke my
connection and nothing could bring it back up.
O.K. - AdAware it is then!
Since Defender recognised it, I assume it will stop it and protect you, but
once it is inside? This is certainly good news on the threshold of a new
year!
Tony. . .
"Dshai" <dshai@indy.rr.com> wrote in message
news:%23dzucgBLHHA.4712@TK2MSFTNGP04.phx.gbl...
> Tony, for future reference on NewDotNet, AdAware will find and disable it
as
> well as identifying the registry keys that "control" it, this allows you
to
> delete said keys and effectively rid yourself of the pest without a
> format/reload.
>
> Dshai
>
> "Tony Sperling" <tony.sperling@dbREMOVEmail.dk> wrote in message
> news:u4TbpTBLHHA.1424@TK2MSFTNGP04.phx.gbl...
> > I'm not sure what benefit a Virus could possibly have from doing that.
> > More
> > likely - if there is a Virus, it trips a process which triggers a memory
> > dump and the Virus gets dumped along with everything else, but this is
not
> > where it performs it's feat, I believe it will effectively be disabled
> > there. The danger is to find it there (where it is harmless!) and
thinking
> > you got rid of it. In the mean-time it sits and waits quietly somewhere
> > else. Nobody really knows what a Virus is doing - or why, sometimes they
> > wait for one specific event (a date, or a certain chain of characters in
> > the
> > keyboard buffer?) this sets it off and it lands in a dump file, the
> > original
> > going back to sleep, the only thing a Virus Scanner can do is scan for
API
> > and System Calls that would be typical for a Virus to want to utilize!
> > Whatever the scanner finds, a lot of it has to be false alarms - we just
> > don't know which ones they are. Personally, I've noticed that Avast
finds
> > an
> > inordinate amount of one specific type of Virus (Trojan's!). If I was
> > using
> > something else, it would probably just be a different type of Virus, and
> > most of anything they find will be false alarms.
> >
> > Windows Defender is not Virus-Centric, but it does some very impressive
> > scanning, and sometimes finds suspicious things that other's don't find.
> > Most likely then it is a false alarm, but you have an option to go
> > looking.
> > I suggest you could install that and run it in tandem with Avast.
> >
> > Anyway, I think the behaviour you are seeing is looking more like a
> > spyware/malware problem, than an actual Virus???
> >
> > I was being terrorised by one nasty thing called "NewDotNet", Recovering
> > to
> > a Restore Point helped for a while, but it came back and I ended up
doing
> > a
> > fresh install. Defender was the only thing that found it - nothing could
> > remove it. Not sure what your options are, but try and find out what it
> > really is or you'll be stabbing at shadows.
> >
> > (One option is to mail the dump file to Avast - they are a helpfull lot,
> > but
> > I'm not sure that they can do anything helpfull with it?)
> >
> >
> > Tony. . .
> >
> >
> >
> > <miso@sushi.com> wrote in message
> > news:1167452998.167900.312250@v33g2000cwv.googlegroups.com...
> >>
> >> Tony Sperling wrote:
> >> > It is probably hard to pinpoint an error so precisely. Something
points
> >> > somewhere specific could mean that is the avenue that brought on the
> >> > offensive code, not necessarily where it originates.
> >> >
> >> > A memory dump would be a file the size of the memory, not a part
> > thereof,
> >> > and size should not have any relation to anything you downloaded. I
> > suggest
> >> > you make Avast run a full scan of your complete system over the
course
> > of a
> >> > couple of days ( not continuously! ) - and after re-booting too. If
it
> > is
> >> > something nasty, it may well regenerate itself, after being deleted.
> >> >
> >> > Tony. . .
> >>
> >> The size of the dump file made me draw the same conclusion, but maybe
> >> the virus can attach to the last dump file. Good idea on running the
> >> virus scan to see if it pops up again.
> >>
> >> Here are some older threads of mine with the same problem:
> >> [July 31, 2006)
> >>
> >
<
http://groups.google.com/group/microsoft.public.windows.64bit.general/brows
> >
e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62
> > ec09231767>
> >> [Sept 11, 2006]
> >>
> >
<
http://groups.google.com/group/microsoft.public.windows.64bit.general/brows
> >
e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476
> > 851b0e1fdd>
> >> [Sept 10, 2006]
> >>
> >
<
http://groups.google.com/group/microsoft.public.windows.64bit.general/brows
> >
e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu
> >
blic.windows.64bit.general+author%3Amiso%40sushi.com&rnum=38&hl=en#223c95def
> > d080d1d>
> >>
> >> X64 is really stable, but this bug just drives me crazy since it is so
> >> flaky.
> >>
> >>
> >> >
> >> > <miso@sushi.com> wrote in message
> >> > news:1167417122.884423.239110@73g2000cwn.googlegroups.com...
> >> > >
> >> > > miso@sushi.com wrote:
> >> > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64
> >> > > > 4400 ).
> >> > > > Every once in a while, my PC gets in this mode where three
programs
> >> > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only
Photoshop
> >> > > > 6
> >> > > > gives me the clue that the problem is due to gdi32.dll.
> >> > > >
> >> > > > Two questions:
> >> > > > 1)
> >> > > >
> >> >
> >
<
http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.ht
> >> > ml>
> >> > > > claims there is a potential to create a DOS attack using
gdi32.dll.
> > Now
> >> > > > I'm not running a server, and I am behind a firewall router, but
> >> > > > any
> >> > > > chance there is a virus in gdi32.
> >> > > > 2) I've been waiting for sp2 to be released. What are the risks
of
> >> > > > installing the beta.
> >> > >
> >> > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
> >> > > Deleting the file made the problem go away, but I suspect this
wasn't
> >> > > exactly the problem For one thing, the file was too large to put in
> > the
> >> > > vault, so I assume it was the full size of my memory, which is
around
> >> > > 3+Gbytes. I doubt I downloaded something that big.
> >> > >
> >>
> >
> >
>
>