jen wrote:
>Thanks a million, Dustin!
>
>-jen
Which is it; Jen or Dustin?
--
Andy - who is playing off the comma, which would normally proceed the
name of the "Thanker"... ;-)
jen wrote:
>Thanks a million, Dustin!
>
>-jen
Which is it; Jen or Dustin?
--
Andy - who is playing off the comma, which would normally proceed the
name of the "Thanker"... ;-)
Dustin Cook, my dear, dear friend, there was this time, oh, 12/13/2008
5:23 PM or thereabouts, when you let the following craziness loose on
Usenet:
> "jen" <jen@example.com> wrote in
> news:ypd0l.6576$M01.1142@bignews3.bellsouth.net:
>
>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>> news:Xns9B6B3D97688D6HHI2948AJD832@69.16.185.247.. .
>>
>> Hey Dustin,
>>
>> Do you have any insight to this posters problem?:
>
> Yep. Our updater is really an Internet Explorer window; so if IE is
> toggled to offline, so is our updater.
>
> Also, if IE is configured to use a proxy and it's not operational for
> some reason, our updater will fail.
>
> I have requested this be changed in a future release so that we are not
> dependant on Internet Explorer for anything... However, that's still a
> ways away.
>
> So, the jest of it is this: If Internet Explorer won't surf, our updater
> won't run.
>
> The other applications mentioned aren't simply asking internet explorer
> to access the net, so they don't care what it's specific settings are.
>
>
Can't for the life of me think of why you'd make your updater dependent
on IE instead of just grabbing the default.
Surely you don't need anything IE-specific to send definition updates?
Cool that you've requested the change, but it should be the smallest of
tweaks to the code (assuming, again, that your updating service isn't
*dependent* on IE for some reason).
By the way, certain variants of the AV2008/AV2009 bug are now blocking
MalwareBytes from being installed on infected machines. Normal
workarounds (changing the name of the installation file, trying to
install in Safe Mode, etc) seem ineffective. I'm sure you're aware of
this already, but thought I'd mention it.
Cheers.
"Kyle T. Jones" <KBfoMe@realdomain.net> wrote in
news:gi8ijr$tko$1@news.motzarella.org:
> Dustin Cook, my dear, dear friend, there was this time, oh, 12/13/2008
> 5:23 PM or thereabouts, when you let the following craziness loose on
> Usenet:
>> "jen" <jen@example.com> wrote in
>> news:ypd0l.6576$M01.1142@bignews3.bellsouth.net:
>>
>>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>>> news:Xns9B6B3D97688D6HHI2948AJD832@69.16.185.247.. .
>>>
>>> Hey Dustin,
>>>
>>> Do you have any insight to this posters problem?:
>>
>> Yep. Our updater is really an Internet Explorer window; so if IE is
>> toggled to offline, so is our updater.
>>
>> Also, if IE is configured to use a proxy and it's not operational for
>> some reason, our updater will fail.
>>
>> I have requested this be changed in a future release so that we are
>> not dependant on Internet Explorer for anything... However, that's
>> still a ways away.
>>
>> So, the jest of it is this: If Internet Explorer won't surf, our
>> updater won't run.
>>
>> The other applications mentioned aren't simply asking internet
>> explorer to access the net, so they don't care what it's specific
>> settings are.
>>
>>
>
> Can't for the life of me think of why you'd make your updater
> dependent on IE instead of just grabbing the default.
That's a question I will have to forward along to Marcin. I don't develop
the windows code.
> Surely you don't need anything IE-specific to send definition updates?
Oh, no. A simple http GET works.
> By the way, certain variants of the AV2008/AV2009 bug are now blocking
> MalwareBytes from being installed on infected machines. Normal
> workarounds (changing the name of the installation file, trying to
> install in Safe Mode, etc) seem ineffective. I'm sure you're aware of
> this already, but thought I'd mention it.
We are aware of this. It's actually a TDSS rootkit variant that typically
gets installed along with AV2008/2009 that is blocking us. Once the
driver is disabled however, we own it pretty quick.
--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
M.L. <me@privacy.invalid> wrote in
news:kuohk4p1usr3b92rq7fdsehasgkn0pojrh@4ax.com:
>>> By the way, certain variants of the AV2008/AV2009 bug are now
>>> blocking MalwareBytes from being installed on infected machines.
>>> Normal workarounds (changing the name of the installation file,
>>> trying to install in Safe Mode, etc) seem ineffective. I'm sure
>>> you're aware of this already, but thought I'd mention it.
>>
>>We are aware of this. It's actually a TDSS rootkit variant that
>>typically gets installed along with AV2008/2009 that is blocking us.
>>Once the driver is disabled however, we own it pretty quick.
>
> How would one disable the rootkit driver?
There are several methods of disabling it. It's a system level driver, so
depending on the version, you can ask windows to unload it. I'm sorry
about the evasive answering, but I really can't go into details.
A handy cd that can usually disable the rootkit for you:
http://www.free-av.com/en/tools/12/a...ue_system.html
Use that cd first, then you can take advantage of MBAM and various other
utilities of it's nature.
--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
buddy b, my dear, dear friend, there was this time, oh, 12/17/2008 2:52
AM or thereabouts, when you let the following craziness loose on Usenet:
> On Tue, 16 Dec 2008 09:48:08 -0600, "Kyle T. Jones"
> <KBfoMe@realdomain.net> wrote:
>
>> By the way, certain variants of the AV2008/AV2009 bug are now blocking
>> MalwareBytes from being installed on infected machines. Normal
>> workarounds (changing the name of the installation file, trying to
>> install in Safe Mode, etc) seem ineffective. I'm sure you're aware of
>> this already, but thought I'd mention it.
>
> True of other malware,too.
> Regards
> buddy b
Absolutely.
Cheers.
M.L. <me@privacy.invalid> wrote in
news6tjk41bbfuljaookfkosko830la5r8jlv@4ax.com:
>>>>> By the way, certain variants of the AV2008/AV2009 bug are now
>>>>> blocking MalwareBytes from being installed on infected machines.
>>>>> Normal workarounds (changing the name of the installation file,
>>>>> trying to install in Safe Mode, etc) seem ineffective. I'm sure
>>>>> you're aware of this already, but thought I'd mention it.
>>>>
>>>>We are aware of this. It's actually a TDSS rootkit variant that
>>>>typically gets installed along with AV2008/2009 that is blocking us.
>>>>Once the driver is disabled however, we own it pretty quick.
>>>
>>> How would one disable the rootkit driver?
>>
>>There are several methods of disabling it. It's a system level driver,
>>so depending on the version, you can ask windows to unload it. I'm
>>sorry about the evasive answering, but I really can't go into details.
>>
>>A handy cd that can usually disable the rootkit for you:
>>
>>http://www.free-av.com/en/tools/12/a...ue_system.html
>>
>>Use that cd first, then you can take advantage of MBAM and various
>>other utilities of it's nature.
>
> Thanks for your prompt reply. I already have that CD, so know I know
> when to use it to its advantage.
They update it constantly. It's most advised to use the newest you
possibly can.
--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
On Thu, 18 Dec 2008 23:02:41 GMT, Dustin Cook <bughunter.dustin@gmail.com>
wrote:
>M.L. <me@privacy.invalid> wrote in
>news
>
>>>>>> By the way, certain variants of the AV2008/AV2009 bug are now
>>>>>> blocking MalwareBytes from being installed on infected machines.
>>>>>> Normal workarounds (changing the name of the installation file,
>>>>>> trying to install in Safe Mode, etc) seem ineffective. I'm sure
>>>>>> you're aware of this already, but thought I'd mention it.
>>>>>
>>>>>We are aware of this. It's actually a TDSS rootkit variant that
>>>>>typically gets installed along with AV2008/2009 that is blocking us.
>>>>>Once the driver is disabled however, we own it pretty quick.
>>>>
>>>> How would one disable the rootkit driver?
>>>
>>>There are several methods of disabling it. It's a system level driver,
>>>so depending on the version, you can ask windows to unload it. I'm
>>>sorry about the evasive answering, but I really can't go into details.
>>>
>>>A handy cd that can usually disable the rootkit for you:
>>>
>>>http://www.free-av.com/en/tools/12/a...ue_system.html
>>>
>>>Use that cd first, then you can take advantage of MBAM and various
>>>other utilities of it's nature.
>>
>> Thanks for your prompt reply. I already have that CD, so know I know
>> when to use it to its advantage.
>
>They update it constantly. It's most advised to use the newest you
>possibly can.
Another option would be to use the F-Secure rescue CD that will download
the latest signatures when it is booted so you don't have to keep
downloading a new CD image to get up_to_date protection. The obvious
drawback is that it requires an internet connection to do this, but most
people are already connected and the F-Secure rescue CD does a pretty good
job of identifying and using the connection.
http://www.f-secure.com/linux-weblog...-301-released/
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote