"Russg" <russgilb@MUNGEsbcglobal.net> wrote in
news:6ctti.2192$ox5.1190@nlpi068.nbdc.sbc.com:
>
> "Dustin Cook" <> wrote in message news:
>> "Russg" <> wrote in > news:>
>> > I haven't dealt with a virus/trojan for a long time.
>> > My question is general. BugHunter and other AV programs identify
>> > malicious files, but don't get rid of them.
>>
>> BugHunter does, and I know others do as well. If they re-infect you,
>> that's not BugHunter's fault.
>> Please, Please read the documentation sir:
>>
>> http://bughunter.it-mate.co.uk/BUGHUNT.TXT
>>
>>
>>
>> > Question:
>> > After BugHunter finds a malware, what does it do to keep it from
>> > coming back, clear out the registry and startup stuff, un-read
>> > only, system the file, prevent system restore from re-inserting it?
>> > Or is it general procedure, once a malware is found, search for a
>> > specific removal tool?
>>
>> Damn... I'm really surprised nobody reads doc files at all?
>> anymore... Seriously... Okay then, To answer your question.
>>
>
> snip BugHunter documentation
>
>>
>> So how do I use it?
>>
>> BugHunter has a simple and straight forward menu system which
>> normally requires only one keypress from you. The hot key is
>> normally shown in brackets [] with a description to the right of the
>> key.
>>
>> BugHunter supports 4 modes of operation. These are:
>>
>> [A] - Scan Only
>> [B] - Scan and rename found files
>> [C] - Scan and remove (delete) found files
>> [D] - Scan and ask what to do with found files.
>> [Q] - Quit the program
>>
>> Make your selection and BugHunter will display the directories that
>> are configured for scanning. Press Y (or y) and BugHunter will do
>> what you selected previously.
> I have read that documentation before, and I can explain myself
> better. Viruses/Trojans/malware are not just simple files that can be
> identified, the permissions altered and deleted.
BugHunter does *not* scan for viruses, it's not designed to deal with
viruses, in any way. Worms are an exception.
> They are usually multiple files, in multiple directories, with entries
> into the registry and system startup and sometimes
Indeed, lots of malware installs into various folders. And BugHunter
scans all folders that it can, including various startup locations. Any
files that are known to BugHunter with your permission will be
disabled/removed.
> the Master Boot Record. I don't know exactly how they work, probably
I do not know of any spyware/adware trojans that are interested in your
boot record. If you have one that is, I'd like a sample.
> varies, but I see the BugHunter documentation
> mentioning removing found files, but not removing all the nefarious
> stuff that viruses install that allows them to be
BugHunter doesn't scan for viruses, and cannot offer you any kind of
protection against them.
> persistent and self replicating. I know only Klez from experience,
viruses do not require registry keys for self-replication, they are able
to do that on there own. Self replication is a requirement to fit the
definition of a virus.
> I've avoided porn sites, opening e-mail files,
> not allowing html, I don't disable Java, but keep it up to date. But
> back to Klez. It installed a program called
> winkxx.exe. That program caught calling out by Zone Alarm. Simple
> removing of winkxx didn't work. I had to run a removal program, this
> was with a WinME machine, so I guess system restore restored it.
Klez isn't something BugHunter is designed to handle. Klez has worm
properties, but it also has self replication routines. It is indeed,
viral. This is beyond the intended scope of BugHunter.
System restore is well known for restoring infected system files. A virus
removal program should have deleted those files from the restore folder.
> There are complexities to files, such as many executable file
> extensions, other than .com .exe .msi, etch.
BugHunter isn't fooled by extensions, it doesn't care what you name the
file or where you put the file. If the file is malware and BugHunter has
a signature for it, no hiding is going to save it. That includes whatever
attributes and name the file may have at the time.
> What I'm getting at, is I don't understand what malware does, but am
> aware it isn't just simple files that can
> be identified and removed. Just like the extensive procedures that
Actually, in most cases, it's really that easy. You kill the host
programs/processes, remove any trojanized windows system files, replace
with clean copies, clean up registry entries if you wish, but even that's
not always necessary. Depending on the malware in question, you may have
to run lspfix to fix a broken stack in the tcpip chain, BugHunter can't
help you with that, as it's something broken in the registry and a tool
dedicated for such things already exists. Same with the registry startup
keys, optional to remove. If the file(s) in question are dead, a runkey
for them isn't important. Windows won't run what it can't find.
Viruses are another breed entirely. Infected files must be disinfected if
at all possible and replaced if not possible.
It's important to use the right tools for the task your trying to
perform. BugHunter isn't suitable for dealing with viruses. If you have
browser hijacking trojans and things of that nature, it's good for it.
> I understand a clean boot, even with a universal boot cd (BartPE will
> trash a Win98/ME MBR in my experience)
> I can boot to command prompt and use a DOS AV like f-prot or BugHunter
> to identify offending programs,
You do understand that f-prot and BugHunter are two entirely different
programs right? and that they aren't really designed to scan for the same
items?
> but it isn't as simple as just removing a file/files.
> I'm repeating myself.
Actually, it can be.
--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
Reply With Quote