Why aren't the makers of malware treated like the virus makers?

[blackrain]

Why doesn't the government go after malware makers like they do for virus makers? The government has no problem going after and arresting virus makers.

I have encounterd two very nasty variants of malware (BetterInternet/Nail and Spyfalcon) in the last year.

One was at work and one was at home. Although they didn't seem to damage anything, they were very hard to clean. The IT guy at my company gave up on the BetterInternet one and suggested a NEW pc. Thank goodness I am savvy enough that I was able to clean it myself.

 

[hollowman]

Originally posted by: blackrain
Why doesn't the government go after malware makers like they do for virus makers? The government has no problem going after and arresting virus makers.

I have encounterd two very nasty variants of malware (BetterInternet/Nail and Spyfalcon) in the last year.

One was at work and one was at home. Although they didn't seem to damage anything, they were very hard to clean. The IT guy at my company gave up on the BetterInternet one and suggested a NEW pc. Thank goodness I am savvy enough that I was able to clean it myself.

I don't know the answer to your question but just wondering how were you able to clean it yourself?

 

[Injury]

Because the government is still probably enthralled by playing with BonziBuddy.

If they made laws that programs could and couldn't do certain things to prevent spyware/malware, so many people would cry police state and unconstitutional that it wouldn't be funny.

I would love nothing more than to stab all spammers and malware authors, but as low down as it sounds, it makes money for me when the neighborhood moron downloads some crap. It's no consolation, but at least I don't get entirely f**cked by it.

 

[Injury]

Originally posted by: hollowman
I don't know the answer to your question but just wondering how were you able to clean it yourself?

It's all about manual removal.

Check Schadenforooharohar's spyware/malware FAQ in the software section... there should still be instructions for manual removal of spyware.

If they aren't there, PM me and I'll send some really basic ones to you.

 

[ForumMaster]

the government is definently starting to treat malware makers like virus makers, as spyware usually does equal, if not more, damage then viruses. all the internet security companies are allying together against malware and hopefully some day, there will be less malware in the world.

 

[Trikat]

I hate those fvcking programs that bog down your system with a ton of crap.
My friend installed Azures on my comp yesterday to test out ports. I uninstalled it right after I was done with the program, but the freaking thing lingered in my computer doing who knows what. Kerio firewall kept popping up complaining about Azures and it trying to get out to the "internet." The funny thing is I uninstalled it and it did jack sh!t. I coudln't even delete some of the files, because it was in use or something so I had to safe mode delete. And then my friend searched the reg for azures and deleted anything with it. Now Kerio doesn't alert me to Azures activity.

 

[hollowman]

Originally posted by: Injury

Originally posted by: hollowman
I don't know the answer to your question but just wondering how were you able to clean it yourself?

It's all about manual removal.

Check Schadenforooharohar's spyware/malware FAQ in the software section... there should still be instructions for manual removal of spyware.

If they aren't there, PM me and I'll send some really basic ones to you.

Well, usually I just use Spybot and/or Adaware first. Then I check registry to see if anything is left. Is that good enough? or is there more intensive way to delete them?

 

[Injury]

Originally posted by: Trikat
I hate those fvcking programs that bog down your system with a ton of crap.
My friend installed Azures on my comp yesterday to test out ports. I uninstalled it right after I was done with the program, but the freaking thing lingered in my computer doing who knows what. Kerio firewall kept popping up complaining about Azures and it trying to get out to the "internet." The funny thing is I uninstalled it and it did jack sh!t. I coudln't even delete some of the files, because it was in use or something so I had to safe mode delete. And then my friend searched the reg for azures and deleted anything with it. Now Kerio doesn't alert me to Azures activity.

Azureus is not spyware/malware...

 

[CaptnKirk]

I ran into that 'SpyFalcon' program, and the way it functions I'm suprised that Microsoft doesn't go after them
from their corporate level and charge them with a federal level crime along the lines of extrortion.
They spoof the Microsoft protection to make it look like Microsoft itself is helping to get rid of a program
that SpyFalcon & their imbedded clones installs and demands payment to remove when installed.

It should be taken on by the Goverment as Extortion and Racketeering for how they do it - PC Terrorism.

This will take it out though, quite difficult

SmitRemFix - run it in Safemode

 

[blackrain]

Originally posted by: hollowman

Originally posted by: Injury

Originally posted by: hollowman
I don't know the answer to your question but just wondering how were you able to clean it yourself?

It's all about manual removal.

Check Schadenforooharohar's spyware/malware FAQ in the software section... there should still be instructions for manual removal of spyware.

If they aren't there, PM me and I'll send some really basic ones to you.

Well, usually I just use Spybot and/or Adaware first. Then I check registry to see if anything is left. Is that good enough? or is there more intensive way to delete them?

That won't work on these types of malware. The problem with betterinternet (or "nail" I think it was called) and spyfalcon is that you can't really catch it. Its a moving target. You think you found the ah heck on your drive or in the registry or in the task manager and and as soon as you try to do something (like delete the offending file) it just respawns itself. Symantec, Adaware, and Spybot will FIND them all day long. But for whatever reason, they can't completely get rid of them. BetterInternet would be identified by symantec corp ed as file hjdhgj.exe or somthing crazy like that. The IT guy tried to delete that file in safe mode but it would just reappear under some other name. I had to run a program called nailfix, do some registry edits, run ewido security suite in safemode, etc. Spyfalcon was also nasty in that I ran spybot search and destroy and adware SE with the lastest updates and although spyfalcon was recognized (and deleted) he problem lingered. It was only after what CaptnKirk suggested that the problem went away.

Its not as simple as just going to add/remove and removing it. When I tried to add/remove spyfalcon in the beginning, it kept opening acrobat reader and giving me some strange messages.

Basically, these new types of malware mount a fight against removal....that is just going too far.

The reason why I posted this is because I think the developers of these types of malware are known. For example, Aurora Computer Technologies of Canada is the well known culprit for the nail malware. Why isn't some cracking down on them? I see kids on tv being arrested for authoring viruses, and it usually takes some time to find them. With this malware, the author is already known. No need to hunt anyone down. So why isn't anyone cracking down?

 

[mercanucaribe]

Originally posted by: blackrain

Originally posted by: hollowman

Originally posted by: Injury

Originally posted by: hollowman
I don't know the answer to your question but just wondering how were you able to clean it yourself?

It's all about manual removal.

Check Schadenforooharohar's spyware/malware FAQ in the software section... there should still be instructions for manual removal of spyware.

If they aren't there, PM me and I'll send some really basic ones to you.

Well, usually I just use Spybot and/or Adaware first. Then I check registry to see if anything is left. Is that good enough? or is there more intensive way to delete them?

That won't work on these types of malware. The problem with betterinternet (or "nail" I think it was called) and spyfalcon is that you can't really catch it. Its a moving target. You think you found the ah heck on your drive or in the registry or in the task manager and and as soon as you try to do something (like delete the offending file) it just respawns itself. Symantec, Adaware, and Spybot will FIND them all day long. But for whatever reason, they can't completely get rid of them. BetterInternet would be identified by symantec corp ed as file hjdhgj.exe or somthing crazy like that. The IT guy tried to delete that file in safe mode but it would just reappear under some other name. I had to run a program called nailfix, do some registry edits, run ewido security suite in safemode, etc. Spyfalcon was also nasty in that I ran spybot search and destroy and adware SE with the lastest updates and although spyfalcon was recognized (and deleted) he problem lingered. It was only after what CaptnKirk suggested that the problem went away.

Its not as simple as just going to add/remove and removing it. When I tried to add/remove spyfalcon in the beginning, it kept opening acrobat reader and giving me some strange messages.

Basically, these new types of malware mount a fight against removal....that is just going too far.

The reason why I posted this is because I think the developers of these types of malware are known. For example, Aurora Computer Technologies of Canada is the well known culprit for the nail malware. Why isn't some cracking down on them? I see kids on tv being arrested for authoring viruses, and it usually takes some time to find them. With this malware, the author is already known. No need to hunt anyone down. So why isn't anyone cracking down?

Because Malware/Spyware companies pay taxes. And like one poster said, they make money for other people.

 

[Linflas]

I had to clean that Betterinternet/Nail one off of a computer at work last summer. That is the toughest one I have dealt with to date. You could boot into safe mode command prompt only and delete the nail.exe and it came right back within 10 seconds.

 

[SparkyJJO]

My little brother's computer got that spyfalcon thing on it when he got on the web (I told him it wasn't internet safe yet - no security updates or anything!). Neither ad-aware nor spybot fully removed it, which was interesting. It would come back. So I ran them again, and also ran AVG anti-virus and it found the last remaining part of it (along with 4 other viruses :confused after that it was gone. Apparently that thing is part virus too.

 

[CaptnKirk]

Originally posted by: SparkyJJO
My little brother's computer got that spyfalcon thing on it when he got on the web (I told him it wasn't internet safe yet - no security updates or anything!). Neither ad-aware nor spybot fully removed it, which was interesting. It would come back. So I ran them again, and also ran AVG anti-virus and it found the last remaining part of it (along with 4 other viruses :confused after that it was gone. Apparently that thing is part virus too.

It sells itself to the unsuspecting victim as being a program or a codec update needed to continue viewing or processing a file.

 

[imported_Phil]

Originally posted by: Linflas
I had to clean that Betterinternet/Nail one off of a computer at work last summer. That is the toughest one I have dealt with to date. You could boot into safe mode command prompt only and delete the nail.exe and it came right back within 10 seconds.

You're telling me that a Windows virus was replicating in a pure DOS session?

Yeah. Right.

 

[Shawn]

Originally posted by: Phil

Originally posted by: Linflas
I had to clean that Betterinternet/Nail one off of a computer at work last summer. That is the toughest one I have dealt with to date. You could boot into safe mode command prompt only and delete the nail.exe and it came right back within 10 seconds.

You're telling me that a Windows virus was replicating in a pure DOS session?

Yeah. Right.

There is no such thing as a pure dos session anymore. When you boot to command prompt in Win2k or WinXP it just boots into windows without loading anything except for cmd.exe.

 

[Injury]

Originally posted by: hollowman

Originally posted by: Injury

Originally posted by: hollowman
I don't know the answer to your question but just wondering how were you able to clean it yourself?

It's all about manual removal.

Check Schadenforooharohar's spyware/malware FAQ in the software section... there should still be instructions for manual removal of spyware.

If they aren't there, PM me and I'll send some really basic ones to you.

Well, usually I just use Spybot and/or Adaware first. Then I check registry to see if anything is left. Is that good enough? or is there more intensive way to delete them?

That works for most types, but there are some gruesome ones (as previously mentioned) that you need to go into msconfig and disable some things from running not just in the startup tab, but in other tabs as well. You basically have to learn what the bare minimum that you computer can run with is. (and by run, I basically mean mouse, KB and video support)

 

[imported_Phil]

Originally posted by: Shawn

Originally posted by: Phil

Originally posted by: Linflas
I had to clean that Betterinternet/Nail one off of a computer at work last summer. That is the toughest one I have dealt with to date. You could boot into safe mode command prompt only and delete the nail.exe and it came right back within 10 seconds.

You're telling me that a Windows virus was replicating in a pure DOS session?

Yeah. Right.

There is no such thing as a pure dos session anymore. When you boot to command prompt in Win2k or WinXP it just boots into windows without loading anything except for cmd.exe.

Yes, I know. "Safe mode command prompt" is also from 98 and does give a pure DOS session
Deleting troublesome files from anything but the Recovery Console is an exercise in futility.

 

[Linflas]

Originally posted by: Phil

Originally posted by: Shawn

Originally posted by: Phil

Originally posted by: Linflas
I had to clean that Betterinternet/Nail one off of a computer at work last summer. That is the toughest one I have dealt with to date. You could boot into safe mode command prompt only and delete the nail.exe and it came right back within 10 seconds.

You're telling me that a Windows virus was replicating in a pure DOS session?

Yeah. Right.

There is no such thing as a pure dos session anymore. When you boot to command prompt in Win2k or WinXP it just boots into windows without loading anything except for cmd.exe.

Yes, I know. "Safe mode command prompt" is also from 98 and does give a pure DOS session
Deleting troublesome files from anything but the Recovery Console is an exercise in futility.

Safe mode command prompt in XP is nothing like the one in 98. From MS themselves:

Safe Mode (SAFEBOOT_OPTION=Minimal): This option uses a minimal set of device drivers and services to start Windows.

Safe Mode with Command Prompt (SAFEBOOT_OPTION=Minimal(AlternateShell)): This option is the same as Safe mode, except that Cmd.exe starts instead of Windows Explorer.

A description of the Safe Mode Boot options in Windows XP

 

[mugs]

Because malware doens't really do any damage, it's just annoying as hell. And it doesn't spread itself the way a virus does. I've been able to keep my computers spyware free by just not being a retard.

 

[tm37]

Originally posted by: Linflas

Originally posted by: Phil

Originally posted by: Shawn

Originally posted by: Phil

Originally posted by: Linflas
I had to clean that Betterinternet/Nail one off of a computer at work last summer. That is the toughest one I have dealt with to date. You could boot into safe mode command prompt only and delete the nail.exe and it came right back within 10 seconds.

You're telling me that a Windows virus was replicating in a pure DOS session?

Yeah. Right.

There is no such thing as a pure dos session anymore. When you boot to command prompt in Win2k or WinXP it just boots into windows without loading anything except for cmd.exe.

Yes, I know. "Safe mode command prompt" is also from 98 and does give a pure DOS session
Deleting troublesome files from anything but the Recovery Console is an exercise in futility.

Safe mode command prompt in XP is nothing like the one in 98. From MS themselves:

Safe Mode (SAFEBOOT_OPTION=Minimal): This option uses a minimal set of device drivers and services to start Windows.

Safe Mode with Command Prompt (SAFEBOOT_OPTION=Minimal(AlternateShell)): This option is the same as Safe mode, except that Cmd.exe starts instead of Windows Explorer.

A description of the Safe Mode Boot options in Windows XP

Remember Phil there is NO MS-DOS in the XP room