Humpty Posted April 10, 2007 Share Posted April 10, 2007 Seems a particularly nasty one. Wonder why "Giant Antispyware" is included in the list. Didn't MS do the usual with this once great AS, take it over and stuff it up? F-Secure article Email-Worm:W32/Bagle.HR is a trojan-downloader with rootkit technology.The rootkit driver terminates and deletes the following files that are related to antivirus software: * _AVP32.EXE * _AVPCC.EXE * _AVPM.EXE * a2guard.exe * aavshield.exe * AckWin32.exe * ADVCHK.EXE * AhnSD.exe * airdefense.exe * ALERTSVC.EXE * ALMon.exe * ALOGSERV.EXE * ALsvc.exe * amon.exe * Anti-Trojan.exe * AntiVirScheduler * AntiVirService * ANTS.EXE * APVXDWIN.EXE * Armor2net.exe * ashAvast.exe * ashDisp.exe * ashEnhcd.exe * ashMaiSv.exe * ashPopWz.exe * ashServ.exe * ashSimpl.exe * ashSkPck.exe * ashWebSv.exe * aswUpdSv.exe * ATCON.EXE * ATUPDATER.EXE * ATWATCH.EXE * AUPDATE.EXE * AUTODOWN.EXE * AUTOTRACE.EXE * AUTOUPDATE.EXE * avciman.exe * Avconsol.exe * AVENGINE.EXE * avgamsvr.exe * avgcc.exe * AVGCC32.EXE * AVGCTRL.EXE * avgemc.exe * avgfwsrv.exe * AVGNT.EXE * avgntdd * avgntmgr * AVGSERV.EXE * AVGUARD.EXE * avgupsvc.exe * avinitnt.exe * AvkServ.exe * AVKService.exe * AVKWCtl.exe * AVP.EXE * AVP32.EXE * avpcc.exe * avpm.exe * AVPUPD.EXE * AVSCHED32.EXE * avsynmgr.exe * AVWUPD32.EXE * AVWUPSRV.EXE * AVXMONITOR9X.EXE * AVXMONITORNT.EXE * AVXQUAR.EXE * BackWeb-4476822.exe * bdmcon.exe * bdnews.exe * bdoesrv.exe * bdss.exe * bdsubmit.exe * bdswitch.exe * blackd.exe * blackice.exe * cafix.exe * ccApp.exe * ccEvtMgr.exe * ccProxy.exe * ccSetMgr.exe * CFIAUDIT.EXE * ClamTray.exe * ClamWin.exe * Claw95.exe * Claw95cf.exe * cleaner.exe * cleaner3.exe * CliSvc.exe * CMGrdian.exe * cpd.exe * DefWatch.exe * DOORS.EXE * DrVirus.exe * drwadins.exe * drweb32w.exe * drwebscd.exe * DRWEBUPW.EXE * ESCANH95.EXE * ESCANHNT.EXE * ewidoctrl.exe * EzAntivirusRegistrationCheck.exe * F-AGNT95.EXE * F-PROT95.EXE * F-Sched.exe * F-StopW.EXE * FAMEH32.EXE * FAST.EXE * FCH32.EXE * FireSvc.exe * FireTray.exe * FIREWALL.EXE * fpavupdm.exe * freshclam.exe * FRW.EXE * fsav32.exe * fsavgui.exe * fsbwsys.exe * fsdfwd.exe * FSGK32.EXE * fsgk32st.exe * fsguiexe.exe * FSM32.EXE * FSMA32.EXE * FSMB32.EXE * fspex.exe * fssm32.exe * gcasDtServ.exe * gcasServ.exe * GIANTAntiSpywareMain.exe * GIANTAntiSpywareUpdater.exe * GUARD.EXE * GUARDGUI.EXE * GuardNT.exe * HRegMon.exe * Hrres.exe * HSockPE.exe * HUpdate.EXE * iamapp.exe * iamserv.exe * ICLOAD95.EXE * ICLOADNT.EXE * ICMON.EXE * ICSSUPPNT.EXE * ICSUPP95.EXE * ICSUPPNT.EXE * IFACE.EXE * INETUPD.EXE * InocIT.exe * InoRpc.exe * InoRT.exe * InoTask.exe * InoUpTNG.exe * IOMON98.EXE * isafe.exe * ISATRAY.EXE * ISRV95.EXE * ISSVC.exe * JEDI.EXE * KAV.exe * kavmm.exe * KAVPF.exe * KavPFW.exe * KAVStart.exe * KAVSvc.exe * KAVSvcUI.EXE * KMailMon.EXE * KPfwSvc.EXE * KWatch.EXE * livesrv.exe * LOCKDOWN2000.EXE * LogWatNT.exe * lpfw.exe * LUALL.EXE * LUCOMSERVER.EXE * Luupdate.exe * MCAGENT.EXE * mcmnhdlr.exe * mcregwiz.exe * Mcshield.exe * MCUPDATE.EXE * mcvsshld.exe * MINILOG.EXE * MONITOR.EXE * MonSysNT.exe * MOOLIVE.EXE * MpEng.exe * mpssvc.exe * MSMPSVC.exe * myAgtSvc.exe * myagttry.exe * navapsvc.exe * NAVAPW32.EXE * NavLu32.exe * NAVW32.EXE * NDD32.EXE * NeoWatchLog.exe * NeoWatchTray.exe * NISSERV * NISUM.EXE * NMAIN.EXE * nod32.exe * nod32krn.exe * nod32kui.exe * NORMIST.EXE * notstart.exe * npavtray.exe * NPFMNTOR.EXE * npfmsg.exe * NPROTECT.EXE * NSCHED32.EXE * NSMdtr.exe * NssServ.exe * NssTray.exe * ntrtscan.exe * NTXconfig.exe * NUPGRADE.EXE * NVC95.EXE * Nvcod.exe * Nvcte.exe * Nvcut.exe * NWService.exe * OfcPfwSvc.exe * OUTPOST.EXE * PAV.EXE * PavFires.exe * PavFnSvr.exe * Pavkre.exe * PavProt.exe * pavProxy.exe * pavprsrv.exe * pavsrv51.exe * PAVSS.EXE * pccguide.exe * PCCIOMON.EXE * pccntmon.exe * PCCPFW.exe * PcCtlCom.exe * PCTAV.exe * PERSFW.EXE * pertsk.exe * PERVAC.EXE * PNMSRV.EXE * POP3TRAP.EXE * POPROXY.EXE * prevsrv.exe * PsImSvc.exe * QHM32.EXE * QHONLINE.EXE * QHONSVC.EXE * QHPF.EXE * qhwscsvc.exe * RavMon.exe * RavTimer.exe * Realmon.exe * REALMON95.EXE * Rescue.exe * rfwmain.exe * Rtvscan.exe * RTVSCN95.EXE * RuLaunch.exe * SAVAdminService.exe * SAVMain.exe * savprogress.exe * SAVScan.exe * SCAN32.EXE * ScanningProcess.exe * sched.exe * sdhelp.exe * SERVIC~1.EXE * SHSTAT.EXE * SiteCli.exe * smc.exe * SNDSrvc.exe * SPBBCSvc.exe * SPHINX.EXE * spiderml.exe * spidernt.exe * Spiderui.exe * SpybotSD.exe * SPYXX.EXE * SS3EDIT.EXE * stopsignav.exe * swAgent.exe * swdoctor.exe * SWNETSUP.EXE * symlcsvc.exe * SymProxySvc.exe * SymSPort.exe * SymWSC.exe * SYNMGR.EXE * TAUMON.EXE * TBMon.exe * TC.EXE * tca.exe * TCM.EXE * TDS-3.EXE * TeaTimer.exe * TFAK.EXE * THAV.EXE * THSM.EXE * Tmas.exe * tmlisten.exe * Tmntsrv.exe * TmPfw.exe * tmproxy.exe * TNBUtil.exe * TRJSCAN.EXE * Up2Date.exe * UPDATE.EXE * UpdaterUI.exe * upgrepl.exe * Vba32ECM.exe * Vba32ifs.exe * vba32ldr.exe * Vba32PP3.exe * VBSNTW.exe * vchk.exe * vcrmon.exe * VetTray.exe * VirusKeeper.exe * VPTRAY.EXE * vrfwsvc.exe * VRMONNT.EXE * vrmonsvc.exe * vrrw32.exe * VSECOMR.EXE * Vshwin32.exe * vsmon.exe * vsserv.exe * VsStat.exe * WATCHDOG.EXE * WebProxy.exe * Webscanx.exe * WEBTRAP.EXE * WGFE95.EXE * Winaw32.exe * winroute.exe * winss.exe * winssnotify.exe * WRADMIN.EXE * WRCTRL.EXE * xcommsvr.exe * zatutor.exe * ZAUINST.EXE * zlclient.exe * zonealarm.exe Link to comment Share on other sites More sharing options...
Moderators DennisD Posted April 23, 2007 Moderators Share Posted April 23, 2007 Unfortunately more than one of my AV exe files on that list, and I don't have a rootkit scanner. I've previously had the trial version of F-Secures Blacklight, but not keen on trying the latest beta version as the warning notice on the download page dosen't fill you with confidence. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted April 23, 2007 Moderators Share Posted April 23, 2007 antivir now has a built in rootkit scanner. It seems nice enough.(I haven't tried it on an infected computer yet) I'm trying boclean and its not on the list. I wonder if it detects this. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted April 24, 2007 Moderators Share Posted April 24, 2007 I've got Boclean, but haven't installed it yet, but I've just remembered that there are a good selection of Anti-Rootkit applications on AndyManchesta's site, but don't know too much about most of them. Anyway, just had a quick look and I'm gonna try AVG's Anti-Rootkit, although I keep wondering about trying Antivir, although I still like Avast. Decisions Link to comment Share on other sites More sharing options...
Moderators DennisD Posted April 24, 2007 Moderators Share Posted April 24, 2007 AVG Anti Rootkit Free seems like a good piece of software, with a nice interface and manual updates. Has two searches, "Search For Rootkits" and "Perform In Depth Search". Only tried the first one so far, and it's quick but seems quite thorough. Only took a couple of minutes. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted April 25, 2007 Moderators Share Posted April 25, 2007 Yeah AVG rootkit is alright. There are so many antirookit programs.(almost every AV vendor has a free one out) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now