RE: [Declude.Virus] OT: Online file check?

[Colbeck, Andrew]

To scan a file with a bunch of different scanners and get a single report from all of them, use this site:   http://www.virustotal.com/   And if you want to see what a malicious file does, use this site:   http://sandbox.norman.no/live.html   And the best way to get rid of a file like that is probably to boot in Safe Mode, then edit all the usual registry places to get rid of the malware, and delete each instance of the file.  Also check that the hosts. file has no bogus entries.  If you can't delete a file because it's running, rename the file on the drive.  If you want to terminate a process that Task Manager won't let you terminate, use pskill.exe from http://www.sysinternals.com/ as an Administrator-equivalent userid.   It won't hurt to also, as the user, install http://www.javacoolsoftware.com/ which will tighten up their Internet Explorer settings, and turn on the "kill bit" for many CLASSIDs of known malware.  If you don't mind fetching updates interactively, Spyware Blaster is free for personal use.   For a general perusal and interactive utility to see what applications are set to start from where, check out HijackThis from http://www.spywareinfo.com/~merijn/downloads.html   And for the next week, I think the best interactive tool to ferret out start all the startup applications and places is still Microsoft Antispyware.  They've taken a hit recently because although they continue to find several Adware vendors' software, they now suggest an action of "Ignore" instead of "Remove".  http://www.microsoft.com/athome/security/spyware/software/default.mspx     Andrew 8)   p.s. You might guess that I've had to remove, oh, just one or two bits of malware from users' workstations... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Monday, July 25, 2005 12:05 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] OT: Online file check? At one time i saw a post about a site that you can upload and it will scan it with the "popular" scanners and check it..   I have this evil little program that i can't remove from a users computer, and i have done everything.. It keeps "Renaming" itself on termination..   It spawns under explorer, rundll32, svchost and just totally takes over, and once its connected to an internet connection, downloads just about every peace of malware/spyware it can..   Thanks-