Kaspersky is giving us all an excellent rootkit expunger, called TDSSKiller:
Category: Antivirus/Antimalware Tools and Issues
Kill rootkits with TDSSKiller from Kaspersky
article #275, updated 4784 days ago
File Signatures
article #248, updated 4858 days ago
Here is an excellent reference of “file signatures”, data bytes at the beginning of files to use for identification. Under Unix these are called “magic numbers”.
http://www.garykessler.net/library/file_sigs.html
Some firewall on-the-fly antivirus systems can use these to decide which files to scan.
If VIPRE standalone won't upgrade
article #231, updated 4896 days ago
Sometimes VIPRE’s standalone upgrade will fail, giving a message saying something about a script. In this case, you will need to remove the update installer and try again. The location of the update installer under Windows 7 is:
c:\ProgramData\Application Data\Sunbelt\AntiMalware\Downloads
Under XP, it’s:
C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\Downloads
Remove Norton Antivirus
article #229, updated 4906 days ago
A current page by Norton seems to be here:
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
AVG Exceptions Needed for StorageCraft
article #226, updated 4919 days ago
This morning for the first time, I found that AVG exceptions for StorageCraft files are required. I’m excepting *.spi, *.spf, and *.spk.
A CMD Script Reads from a File
article #200, updated 4977 days ago
Let’s say we want to run a series of commands on a set of machines. A good example is a VIPRE Enterprise client refresh, where we want to remove the agents and reinstall them, perhaps after a server crash. We can do it using this .CMD script:
set list=pclist.txt for /F %%x in (%list%) do (echo Removing old... psexec \\%%x msiexec /x {9D544611-F437-4153-913E-91CE036583CC} /qn psexec \\%%x msiexec /x {DB7CF8FB-8638-484E-A6C1-37F5AC21DCB2} /qnEcho Installing new... copy SBVEA_EN-Workstation.msi \\%%x\C$ psexec \\%%x msiexec /i C:\SBVEA_EN-Workstation.msi /qn )
Just put the list of machines in “pclist.txt”, one per line, and put pclist.txt in the same folder as the script. The two IDs were found using regedit (search for “sunbelt” or maybe “vipre”); they will change as versions change. Any application installed via MSI can be removed like this, unless the vendor has really munged the MSI.
There is one exception to the above, gratefully found reported here:
http://blog.crankybit.com/why-that-batch-for-loop-isnt-working/
It occurs when there is a separate variable to be set inside the FOR loop. In these cases, one must add the following line as the first line in the script:
<a href="http://www.ss64.com/nt/setlocal.html">setlocal</a> EnableDelayedExpansion
VIPRE Enterprise service names
article #195, updated 5003 days ago
Sometimes the services have to be restarted, especially immediately after Windows firewall exceptions have been put in.
The name of the agent service: SBAMSVC
The name of the server service: VIPRE Enterprise Service
Restore XP File Associations, including .EXE, folders, and others
article #148, updated 5134 days ago
Doug Knox has an excellent collection of fixes:
More LiveCD antivirus
article #145, updated 5138 days ago
Here’s one new on our radar, from AntiVir:
http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html
Remove Norton/Symantec Antivirus Etc.
article #144, updated 5142 days ago
This tool definitely removes Norton protection suites. It also handles Symantec Core. Not certain about other Symantec products.
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe