Showing posts with label Tools. Show all posts
Showing posts with label Tools. Show all posts
Monday, April 6, 2009
very simple test that's available at the Conficker Working Group's site.
Do you want to check if you are infected with Conficker or Downad worm family? Verify from this test site Conficker Eye Chart
Friday, February 6, 2009
Tool - autorun eater
Din and Hafizi shared with me about this tool that they deployed to their end users to avoid problem with the worm spreading via thumb drives.
The tool is called Autorun Eater. It will remove any suspicious 'autorun.inf' files even before the user attempts to access the drive. These files are auto-backup'ed in case of false positives. If you have OfficeScan already installed, it can work hand in hand. OfficeScan will detect the autorun.inf if only user access the drive. So, when you have autorun eater it is a proactive step.
note: The tool produces a goat sound effect upon starting. You might want to turn off the volume.
The tool is called Autorun Eater. It will remove any suspicious 'autorun.inf' files even before the user attempts to access the drive. These files are auto-backup'ed in case of false positives. If you have OfficeScan already installed, it can work hand in hand. OfficeScan will detect the autorun.inf if only user access the drive. So, when you have autorun eater it is a proactive step.
note: The tool produces a goat sound effect upon starting. You might want to turn off the volume.
Thursday, January 15, 2009
Using GMER to detect rootkit malware
GMER is a free tool which you can use to detect rootkit malware. DownAD is one of it. If you suspect that your machine is infected with a rootkit, you may want to run GMER. Item highlighted in red are the identified rootkit malware.
From the identification, you can do proper cleanup. Once done, you may need to rerun GMER to verify that the rootkit has been successfully removed.
Tuesday, December 23, 2008
Send Large Files by Email
Often, Siclog or other logs that you need to submit to Support Engineer may grow to a large size that restricting you from attaching it via email. Alternative? You can upload it to an FTP site OR try this service offered by You Send It. Other websites offering the same service are in here.
Upon uploading a file to the website, an email is sent to the recipient, where they are given a link to download the file. It's that easy!
Upon uploading a file to the website, an email is sent to the recipient, where they are given a link to download the file. It's that easy!
Monday, December 15, 2008
Online Support System
You can say goodbye to the good ol' asia[at]support.trendmicro.com from now on. Please welcome to the new and updated online support system which can be reached here.
All support cases should be submitted through there and each cases will be assigned with service request ID. Do provide your real email address in "Send Reply-To" field because the reply from Trend Support will be sent to this account.
Happy Supporting Trend!
All support cases should be submitted through there and each cases will be assigned with service request ID. Do provide your real email address in "Send Reply-To" field because the reply from Trend Support will be sent to this account.
Happy Supporting Trend!
Friday, December 12, 2008
Top Infectors for Asian countries
I handled a number of cases for the past few months regarding the spread of autorun malware via thumb drive. Thank you Azril for the latest malware sample, :p
This statistic from Trend Micro researcher will give you some insights, do read it here.
If disabling the autorun feature is agreeable to the end users, you might want to consider deploying this tool.
This statistic from Trend Micro researcher will give you some insights, do read it here.
If disabling the autorun feature is agreeable to the end users, you might want to consider deploying this tool.
Monday, December 1, 2008
Using DOS command : ATTRIB
Sometimes during malware analysis, you suspect there is/are file(s) created on your systems. But you don't seem to be able to find it with the normal search. That is because the file is hidden. You may be able to unhide it by selecting "show hidden files and folders" under Tools > Folder Options > View menu in the Windows Explorer.
Some cases, it will still be hidden after you made the changes. You may need to change the attribute of the file via DOS. Go to the command prompt, change to the directory in which the file is located. Type:
ATTRIB -H
That command will change all files in the directory becoming visible to your view. For more information on this command you may want to read here.
Some cases, it will still be hidden after you made the changes. You may need to change the attribute of the file via DOS. Go to the command prompt, change to the directory in which the file is located. Type:
ATTRIB -H
That command will change all files in the directory becoming visible to your view. For more information on this command you may want to read here.
Monday, August 11, 2008
Using SIC tool
Now you should know how to escalate the virus problem. Next is how to use the SIC tool (a recap for those who already know).
Go to this site in order to download SIC 3.3 tool. Copy the downloaded tool to the infected machine and execute the file and follow the screen shot below:
Click 'I Accept'.
Click 'Analyze'
You have to wait for few seconds/minutes for the tool to collect the information
Click 'No'.
Click 'Compress and Retrieve files'. Sometimes you may not have list of files on the left side of the column. If that is the case, straight away click 'Close'. Please indicate to the Trend Support in your email that you do not have any files to compress.
Click 'Done'.
Go back to the folder where you extract your SIC tool (sicwin.exe). You should have suspect.zip folder. However, if you don't have files to compress you will not have this folder. Proceed to forward suspect.zip folder and siclog folder to Trend Support. Make sure the siclog folder is also zipped and password protected.
Ref: Solution ID 1032596
Go to this site in order to download SIC 3.3 tool. Copy the downloaded tool to the infected machine and execute the file and follow the screen shot below:
Click 'I Accept'.
Click 'Analyze'
You have to wait for few seconds/minutes for the tool to collect the information
Click 'No'.
Click 'Compress and Retrieve files'. Sometimes you may not have list of files on the left side of the column. If that is the case, straight away click 'Close'. Please indicate to the Trend Support in your email that you do not have any files to compress.
Click 'Done'.
Go back to the folder where you extract your SIC tool (sicwin.exe). You should have suspect.zip folder. However, if you don't have files to compress you will not have this folder. Proceed to forward suspect.zip folder and siclog folder to Trend Support. Make sure the siclog folder is also zipped and password protected.
Ref: Solution ID 1032596
Tuesday, August 5, 2008
Virus Escalation process
What you need to do when your customers/users reported that:
A. their OfficeScan cannot detect a particular virus infection (they tried using other brand and able to detect)
Click on the image for larger view
B. their OfficeScan successfully detect an infection but the action result failed to clean, quarantine or delete the file
Click on the image for larger view
Nowadays the attack is targeted. i.e Attack spread in Indonesia and Malaysia may not reach other countries e.g Brontok. One way to help Antivirus vendors to add the detection is by submitting the sample file for them to investigate.
I will share with you cases that I have handled recently in the next post.
A. their OfficeScan cannot detect a particular virus infection (they tried using other brand and able to detect)
Click on the image for larger view
B. their OfficeScan successfully detect an infection but the action result failed to clean, quarantine or delete the file
Click on the image for larger view
Nowadays the attack is targeted. i.e Attack spread in Indonesia and Malaysia may not reach other countries e.g Brontok. One way to help Antivirus vendors to add the detection is by submitting the sample file for them to investigate.
I will share with you cases that I have handled recently in the next post.
Subscribe to:
Posts (Atom)
