Domain: prevx.com
Stories and comments across the archive that link to prevx.com.
Comments · 9
-
Re:No data is actually encrypted.....See also this post from Prevx: http://www.prevx.com/blog/163/Ransomware-lands-on-the-MBR.html
All the data inside the hard drive is claimed to be encrypted, though this isn't actually true. The only thing that has been overwritten is the MBR.
[...]
Attempt by most users and technicians to fix the infection will be to run “fixmbr” to restore the MBR with a clean copy. Sadly it is not possible, because the rootkit wipes out the whole partition table section from the first sector of the hard drive - it is copied out to the fifth sector along with whole original MBR.
-
Re:But better than not finding out at all.
Don't worry, it looks like the malware authors have already rushed out an update for their rootkit
http://www.prevx.com/blog/143/BSOD-after-MS-TDL-authors-apologize.html -
Headline is misleading
The issue is not limited to Win7 but effects most versions of windows. A ACL bug causes the black screen http://www.prevx.com/blog/140/Black-Screen-woes-could-affect-millions-on-Windows--Vista-and-XP.html
-
I guess this is the new "cool thing"
I guess all the security companies are heading toward community based databases. Other similar products include
F-Secure Deepguard: http://www.f-secure.com/deepguard
Threatfire: http://www.threatfire.com/ (recently acquired by Symantec... so they are in the game now)
DriveSentry: http://www.drivesentry.com/
Prevx: http://www.prevx.com/ -
Any trojans cause concern-condom failure
Tell me about it. It just got through spending two hours getting rid of spyware/malware/dialware using Prevx. I religiously use spybot S&D, AVG, Ad-aware, CCleaner AND I still got hit. Makes you want to hurt the ones creating this stuff.
-
Tools I use that haven't been mentionned
Worth a mention:
* Ultimate Windows Boot CD which I also find very useful when someone comes to me with a computer they have completely messed up - you have to create your own but it's a very streamlined experience. http://www.ubcd4win.com/
* PrevxR which is a "permanent beta" version of their commercial offering. It can be configured the different settings range from Individual (suitable for Grandma) to Enterprise (very hardcore). http://free.prevx.com/
*KillBox - basically a utility you can configure to delete certain files on bootup, I use this in conjunction with HijackThis, which was already mentionned above. http://www.bleepingcomputer.com/
-
PrevX or (PrevX1) might be the One Ring ya want...
http://shield.prevx.com/
I'm still using the PrevX Home free version, which no longer appears to be available (typically). However, as inexpensive as the PrevX1 product (still in beta) appears to be for a single-use license, it still appears to be a good value.
After using PrevX Home for nearly a year, my perception is that it's a very aggressive system-internals monitoring tool. While that aggressiveness can get annoying at times, notably when installing or removing software, that aggressiveness can be liberally customized (with some effort) and in any case the benefit - having a trojan-, rootkit-, and spyware-free system - far outweighs the annoyance.
There is a small cost in CPU cycles and disk performance for this monitoring, of course, but my Athlon XP 2500+ system has handled it well enough without severe penalty; I might not recommend it for owners of more obsolete CPUs or hard disk technologies.
There's another option for you to consider, one that was oddly not included in ZDNet's review.
Mark -
PrevxI would recommend looking at Prevx personal IPS. I believe they are working on more enterprise type solutions. On a machine where you aren't stopping the install of software by limiting accounts, Prevx watches to make sure registery keys, IE addons, etc aren't added/modified w/o your explicit permission.
For windows computers, my home security software list is: Ad-aware, Spybot, Prevx home, AVG anti virus, and I've been using windows SP2 firewall. (I'm undecided whether I really need to download Kerio or tiny.)
-
Re:GDIPlus and Jpegs
Yes, without updating the
.NET Framework and getting the appropriate other updates, a WinXP SP2 installation is still vulnerable. I tested it with this particular virus on a sandbox in vmware workstation and it still bit the bullet and tried to fetch the files via FTP.Sane thing anyone can do, as an added precaution is to limit FTP access to a set group of (power) users for now till the whole thing has been resolved properly. I also recommend that anyone who runs Windows should have a personal IDS installed along the lines of Prevx. Not just for this situation, but just as a good precaution in general. Prevx actually blocked the exploit.