Malware Process Terminator and Anti-Malware Assistant

[tekgeek]

this is funny I was dealing with this exact problem with a customer
and was on the phone with the client and connected remotely from
crossloop

I was looking for a way to get process explorer installed and was checking
this site for the location (remotely) and here directly and found this
thread....

well I was a bit busy trying to fix the clients issue to read this thread
I just left it open to read it later.... after lots of fussing with the computer
and getting it working again I hung up with her and read this article
giving me a better way to do what I just spent a slow connected few
hours doing

[Methical]

Cheers mate, Nice find. Adding to Ketarin

Is there a homepage for this product for further reading ? I know its creating by an MVP from BleepingComputer.com. I did a google for some info on it, found some on a few blogs, but thought that there might be an official homepage buried in BleepingComputer somewhere.

[steve51]

Many thanks for yet another very useful tool, I am seeing more and more of these fake av's/rogue spyware so anything that speeds up the removal is a big help.

[kdyer]

Quote:

Originally Posted by Methical

Cheers mate, Nice find. Adding to Ketarin

Is there a homepage for this product for further reading ? I know its creating by an MVP from BleepingComputer.com. I did a google for some info on it, found some on a few blogs, but thought that there might be an official homepage buried in BleepingComputer somewhere.

Methical,

Have a gander at: http://www.gmer.net/ as this goes in to more detail on what the rkill app does.

HTH,

Kent

[arrow_runner]

In regards to Antivirus Live: Has anyone seen where it will rename an exe and then put an infected placeholder file there instead?

For example, the infection I saw yesterday had about 8 files like the following


realplay .exe (383k) - renamed, original file
realplay.exe (40k) - placeholder, malicious file

cmd. exe (93k) - renamed, original file
cmd.exe (40k) - placeholder, malicious file

You might want to check for that with your infections. This one seemed to be renaming an executable you ran. Luckily the computer was off after 3 minutes of first sign of infection.