maybe this is where i should ask...?

hey i was just curious what all is being looked for in the removing malware logs.. i mean all the ccleaner superantispyware combofix mbam and mgtools logs.. i realize when certain things like java and windows messenger etc show up in them they are an instant flag.. but how do yall know about which certain options to choose in the different scans(HJT) or what the custom scripts to use with combofix and others should contain?

is this just experience? or is there something else that says hey this computer needs to run this scan with these options and this other scan with these other options...

mostly im just curious so i can be more effective at debugging and cleaning computer at work and whereever else might need it.. for example right now i am trying to run those tools on all my computer at the house including my brothers and dads(mom is on a mac g5.. xP) and they get kinda annoyed when i wont tell them what the logs mean.. whether it be cuz i dont know or just dont want to tell them..

also.. what would it take to be more of a moderator type person on here.. i would love doing that... i mean i have from like 5:30 til 8am to do support postings... lol once i know what i am looking for i could possibly give the other foum admins a lil bit of a break... xD

oh and by the way.. if you have never heard metallica and the trans siberian orchestra play carol of the bells you need to go find that.. it is LOVELY.. it was just playing in the background.. random thought.. xP

 

ha ok thats what i figured for the moderator part.. is anyone who is a moderator/admin souly employed in the site? or is the entire site upheld just on the side of other jobs? just curious.. i wouldnt mind settin up a site like this..

yea im sure it can cut into nap time.. but looking at several of the mod's post logs averaging about 31 posts a day i think i could handle that.. like i said i have the entire afternoon almost everyday to do whatever.. right now all i do in the afternoon is either mess around on one of my computers or play xbox... i try to stay away from the tv.. the shows are all the same anyways...


but yea glad to see that not eveyone on here are complete geeks... lol we all need our sleep.. xD

 

ha.. you joke but some people really do do that... look at the people with their virus zoos.. lol thats a disaster waiting to happen.. (oops i think i connect my zoo to the mainframe control our part of the internet backbone.. )

 

I found a unit with 4000 different infections on it. One that was sophisticated enough to sense a virus scan running and TURN OFF THE PC.

It was at the LITERACY volunteers... guess they weren't COMPUTER literate, eh?

 

wow 4000 different infections... not any repeats or some of them being different parts of the same infection?

would definitely say they were computer illiterate...

4000 seperate infections.. i cant even comprehend it.. only thing ive seen anywhere near that is a couple of system that had xp antivirus 2005/2006/2007/2008/2009 that declared between 10k and 30k infections.. but they were almost all fake so... yea...

 

Well, there were probably actually more. like I said after it sensed the virus scan running it started a count down to shut off and locked the computer. After that I told her I couldn't do this for her (it was just a favor) she needed to call a tech. Probably move her data to a disk and wipe the drive.

 

ok correct me if im wrong but by moving files to another hard drive to restore them later.. wouldnt that provide means for the malware to spread from one computer to the next.. i mean i know we all hate having to format and start all over... but unless the files were critical to human life i dont think i would risk moving them...

 

you'd have to scan the individual files prior to movin them. IF unchecked then yes, it would.

 

yea good point.. i guess you could move all the files into a single folder and then have something run through that folder looking for malware.. but that would be a pain in the rear to go through each file individually.. but necessary i suppose..

which brings to mind another question.. would an malware scans run go through each file and see if anything is different about it or if there are viral code attatched to the file? or do malware scans just look for certain instances of viral code/files.. for example say i got a trojan that downloaded a couple of files including a virus that attached code to the end of a word document.. or even just a txt file... would the malware scan pick up just the couple of files the trojan downloaded or would it look into the files for that bit of code that the virus planted?

just curious.. even though curiosity killed the cat im still alive so...

 

I believe they're pre programed to search for known viruses and file types. They don't scan a file and if anything has changed about it flag it, it has to have been specifically infected. Thats why keeping updates and databases up to date is so important, it tells the scanner what to look for

 

that makes perfect sense.. kudos to the company thatll make a malware scan that looks for code instead of certain signatures... xD

 

heuristics.. yea.. forgot about that.. especially for rootkits and stuff.. lol im an idiot... go ahead laugh.. i laugh at myself.. xP