Stories of heroism and victory....against malware using KillSwitch :)

[Guest]

[Chiron]

So this is the core of killswich? "show only the untrusted processes in memory" jajajaja are you telling me that this is the super revolutionary technology the only and most important thing?

Well, that's my favorite part. You can quickly look at it (after hiding known safe files) and easily discover whether you're infected or not.

The only part I'm not sure about is the effect if there was a rootkit on the system.

[languy99]

Well, that's my favorite part. You can quickly look at it (after hiding known safe files) and easily discover whether you're infected or not.

The only part I'm not sure about is the effect if there was a rootkit on the system.

I am going to do personal testing against rootkits. I will test not only killswitch but also CCE against them.

[wj32]

Hopefully the devs will allow users to contribute code so at least some of these features will actually get implemented. It's one of the awesome things about free and open source software, and SourceForge.net.

[bobad]

Why I would want to kill any unknown process? very stupid option,

That's your opinion, not to be confused with facts.

The fact is, when you have a computer that's infected with who-knows-what, it can take hours and many re-boots to identify and tease out all the malware. I appreciate a quick solution to get the computer up and running so you can finish disinfecting it. I think MANY OTHERS appreciate it too.

[Melih]

That's your opinion, not to be confused with facts.

The fact is, when you have a computer that's infected with who-knows-what, it can take hours and many re-boots to identify and tease out all the malware. I appreciate a quick solution to get the computer up and running so you can finish disinfecting it. I think MANY OTHERS appreciate it too.

+1

this is a very useful feature for all the real world malware hunters out there!

[alve67]

I didn't know other process managers have the ability to verdict a file?
Can you pls show me which Process Manager have this ability? thanks

 

SpyDLLRemover seems to be similar... But I am no expert 

http://www.rootkitanalytics.com/userland/spy-dll-remover.php

[Tech]

Two weeks ago I need to manage two notebooks infected with Sality.
One had Kaspersky installed. The other, Avira.
I've used all weapons I know, from bootable CDs (like Kaspersky, AVG, Avira and Bitdefender). In one of them I've managed to install avast and run a boot time scanning.
Man, I've lost time... No way... Sality always come back.
I wish I could have tested KillSwitch on them. I reformated

[phalanaxus]

Not exactly related to KillSwitch but I find Dr.Web Boot CD the most effective for cleaning sality and virut infections, followed by a scan with HMP and MBAM. Haven't tried KillSwitch for this purpose yet, though.

[dave1234]

Hi Tech. Could you have used CTM to go back to a point where you were not infected, rather than a tedious reformat?.I say this because you seem by your posts, to have been a user for some time.Oh, by the way before i got CTM i was also infected with sality and tried every possible way to remove it that i could think of and yes i reformatted eventually. Wish Killswitch was around then!.This was on a machine with Avast as the Av and Threatfire covering behaviour.

Neither are installed now, Cis and all its bells and whistles on both machines, should have known better and had Cis on both from the start.

Regards
Dave1234

[Tech]

Hi Tech. Could you have used CTM to go back to a point where you were not infected, rather than a tedious reformat?

CTM was not installed in that notebooks.
CTM is currently not installed in my notebook as it is instable and the development is doing to slow. I work in a production machine and work at it. I need it, at least, without BSODs and data losing.

This was on a machine with Avast as the Av and Threatfire covering behaviour.

avast clean it but it reapers... I couldn't find exactly what was going on. The cleaning procedure was unsuccessful.

[kagun]

Just got an rogue infected laptop which patches exe's, it's called Antivirus Scan, killed the damn thing easily with KillSwitch, updated cce and now performing full system scan....
KillSwitch can even survive patching!
 

Edit: Initiating full scan restarts the computer with rogue then active in memory again, thus patching killswitch, but at least cce is active and scanning....

[wj32]

Just got an rogue infected laptop which patches exe's, it's called Antivirus Scan, killed the damn thing easily with KillSwitch, updated cce and now performing full system scan....
KillSwitch can even survive patching!
 

What do you mean by "patching"?

[kagun]

You know, when you try to open an exe and instead rogue is activated/displayed on screen

EDIT: Well, I hate to say it, but after "cleaning" 3 trojan downloaders and restart, the virus was still there.
What cleaned the system was HitmanPro 3.5....
It also had proxy change detection [127.0.0.1:8074]....

 

[knk2006]

You know, when you try to open an exe and instead rogue is activated/displayed on screen

EDIT: Well, I hate to say it, but after "cleaning" 3 trojan downloaders and restart, the virus was still there.
What cleaned the system was HitmanPro 3.5....
It also had proxy change detection [127.0.0.1:8074]....

 

I'm not in a position to judge but that " as far as I know " is not achieved using patching or whatever , I think it installs some sort of hooks. so that every time u try to run an application , the rogue intercepts it and run itself or shows a scanning progress window or whatsoever.

[kagun]

Yeah, but "technical" term is called patching ;-)
I know it can be fixed using registry, I just wanted to see how it would do this way...
Even hitman had trouble starting so what I did was disable startup in msconfig, cleaned it with hitman, now using malwarebytes to finish the job and in the end norton power eraser, just to be sure...

[Tags:]