• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How did malware "SysInternals" get past my Avira antivirus and install itself?

JEDI

JEDI

Lifer
WinXP SP3

what a pain Sysinternals was:
Sysinternals ran, and I couldnt close it 🙁
ctrl-alt-delete ended the process, but it would start again 🙁
control panel no longer worked.
erased cdrom.sys, thus cdrom drive no longer worked

malwarebytes got some of it.
hitman pro got some of it. (wow... only the checker is free. You have to pay to clean you system the 2nd time u use it to clean) 🙁

thought i got rid of it completely.

then at random, all webpages in IE turned Red.

Ran combofix, and it seemed to have worked.


So how did "SysInternals" get past my Avira v9 and install itself?
 
Last edited:
Assuming you're usually careful about what you install and you're the only one who uses your computer, I'd say the most likely infection vectors are;

USB thumbdrive autorun
or

Out dated web browser or plugins with exploits

Web browser
Java Runtime
Any Adobe product


and remember that Avira is just an anti-virus and anti-virus software can only do so much when it's a security product that depends on signatures
 
jkroeder said:
Assuming you're usually careful about what you install and you're the only one who uses your computer, I'd say the most likely infection vectors are;

USB thumbdrive autorun
or

Out dated web browser or plugins with exploits

Web browser
Java Runtime
Any Adobe product


and remember that Avira is just an anti-virus and anti-virus software can only do so much when it's a security product that depends on signatures
Click to expand...

adobe???

so how do i find out what security holes i have on my machine? and close them?
 
One of the misconceptions about AV software is that it will block all virus or malware. For AV to block something it has to know it exist. Someone has to submit the virus or malware to the AV site before it can be added to the software . If you happen to get a new virus or malware that has not been seen before by that AV software then it can infect the system. Some software uses detection techniques to try to find new virus quicker but it will never be 100% . All of the current AV software except the MS version is open to the root exploit.

http://www.pcworld.com/article/196392/new_exploit_resists_windows_security_software.html
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top