Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > GENERAL DISCUSSION > Technology and Internet
Register FAQ Members List Calendar Mark Forums Read

Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions.

Reply
 
Thread Tools Display Modes
  #1  
Old 08-26-2013, 12:39 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default How to remove Cutwail spambot?

We got blacklisted at work and come to find out a computer has the cutwail spambot.

I found the computer that is infected but I cannot get the virus removed. We run Norton Corporate and it doesn't even find it, I found it through Microsoft Malicious Tool but it wouldn't remove it.

Any help?
Reply With Quote
  #2  
Old 08-26-2013, 12:42 PM
SunsetIE SunsetIE is offline
Senior Member
 
Join Date: Jun 2013
Posts: 1,673
iTrader: 45 / 100%
Default

quick googling shows :
http://www.ehow.com/how_8270333_remo...l-spambot.html
http://www.2-spyware.com/remove-cutwail.html
Reply With Quote
  #3  
Old 08-26-2013, 12:44 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Did the first one, delisted IP from blacklist, ran scan, still found it.

3 minutes later relisted on blacklist.
Reply With Quote
  #4  
Old 08-26-2013, 12:47 PM
SunsetIE SunsetIE is offline
Senior Member
 
Join Date: Jun 2013
Posts: 1,673
iTrader: 45 / 100%
Default

Dunno man, im not well versed in counter malware, just tossing up links incase you hadnt seen them.
Reply With Quote
  #5  
Old 08-26-2013, 12:55 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Quote:
Originally Posted by SunsetIE View Post
Dunno man, im not well versed in counter malware, just tossing up links incase you hadnt seen them.
Problem is most of the places want you to download software and then pay to remove what they find.
Reply With Quote
  #6  
Old 08-26-2013, 1:16 PM
rdawg rdawg is offline
Member
 
Join Date: Apr 2012
Location: Burlingame
Posts: 219
iTrader: 10 / 100%
Default

This is a business just format and re-image the hard drive to your corporate standards as you do with all PCs you buy.

Don't waste time trying to remove it and risk it coming back if you think you got it.
Reply With Quote
  #7  
Old 08-26-2013, 1:24 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Quote:
Originally Posted by rdawg View Post
This is a business just format and re-image the hard drive to your corporate standards as you do with all PCs you buy.

Don't waste time trying to remove it and risk it coming back if you think you got it.
We are not setup that way, I'd have to do it all manually.
Reply With Quote
  #8  
Old 08-26-2013, 1:37 PM
el tardo el tardo is offline
Senior Member
 
Join Date: Sep 2012
Location: Earth
Posts: 636
iTrader: 52 / 100%
Default

you can try -
spybot
malwarebytes
superantispyware

if you try these and it doesnt work some times its easier and faster to re format your hd.

i have learned that no anti virus is perfect and works all the time so you better have your info backed up on a second hd or something.i lost a ton of programs and files and info thinking i was safe. now after i big problem i back up once a week. you have to in this day and age.
Reply With Quote
  #9  
Old 08-26-2013, 1:47 PM
njineermike's Avatar
njineermike njineermike is offline
Calguns Addict
 
Join Date: Dec 2010
Location: CO
Posts: 8,295
iTrader: 1 / 100%
Default

Format re-image. If you're doing IT for a business and aren't "set up" for it, you're doing it wrong.
__________________
NRA lifetime member
2AF Defender member

When did I go from being a "citizen" to a "taxpayer"?

Jon Lovitz: I cant wait to go to a hospital run by the DMV!
Reply With Quote
  #10  
Old 08-26-2013, 1:55 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Quote:
Originally Posted by njineermike View Post
Format re-image. If you're doing IT for a business and aren't "set up" for it, you're doing it wrong.
I'm the owner and we're small, don't exactly have an IT department.

I mostly bug my buddies who are
Reply With Quote
  #11  
Old 08-26-2013, 1:57 PM
billofrights's Avatar
billofrights billofrights is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Oct 2012
Location: SFV
Posts: 2,048
iTrader: 3 / 100%
Default

Quote:
Originally Posted by Baboosh View Post
I'm the owner and we're small, don't exactly have an IT department.

I mostly bug my buddies who are
Fair enough, but probably still more time-saving to wipe it. Really good AV scanners take hours to run, you're better spent reloading the OS at this point.
Reply With Quote
  #12  
Old 08-26-2013, 2:01 PM
njineermike's Avatar
njineermike njineermike is offline
Calguns Addict
 
Join Date: Dec 2010
Location: CO
Posts: 8,295
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Baboosh View Post
I'm the owner and we're small, don't exactly have an IT department.

I mostly bug my buddies who are
Business machines usually need to getting back up and running NOW. In the future, you might try running virtual machines with regular backups. Makes headaches like this not as bad. Plenty of guys here with IT experience who can help. I had a blacklist problem a few years back from a rogue machine a subcontractor installed that got infected with the autorun.inf virus and I found it with AVG on a thumb drive by accident.
__________________
NRA lifetime member
2AF Defender member

When did I go from being a "citizen" to a "taxpayer"?

Jon Lovitz: I cant wait to go to a hospital run by the DMV!
Reply With Quote
  #13  
Old 08-26-2013, 2:05 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Quote:
Originally Posted by njineermike View Post
Business machines usually need to getting back up and running NOW. In the future, you might try running virtual machines with regular backups. Makes headaches like this not as bad. Plenty of guys here with IT experience who can help. I had a blacklist problem a few years back from a rogue machine a subcontractor installed that got infected with the autorun.inf virus and I found it with AVG on a thumb drive by accident.
My buddy is a tech head so I'll have to bribe him with ammo or something to come tinker.

We've only had 1 or 2 issues in the past 3-4 years with viruses.
Reply With Quote
  #14  
Old 08-26-2013, 2:10 PM
njineermike's Avatar
njineermike njineermike is offline
Calguns Addict
 
Join Date: Dec 2010
Location: CO
Posts: 8,295
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Baboosh View Post
My buddy is a tech head so I'll have to bribe him with ammo or something to come tinker.

We've only had 1 or 2 issues in the past 3-4 years with viruses.
Ammo? Might try something less valuable like a platinum ingot the size of a loaf of bread.
__________________
NRA lifetime member
2AF Defender member

When did I go from being a "citizen" to a "taxpayer"?

Jon Lovitz: I cant wait to go to a hospital run by the DMV!
Reply With Quote
  #15  
Old 08-26-2013, 2:20 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Quote:
Originally Posted by njineermike View Post
Ammo? Might try something less valuable like a platinum ingot the size of a loaf of bread.
But I get to buy him ammo and expense it. Which then means we need to go have a meeting about what we are going to do while making sure his payment operates right.

So then I would have to then buy myself ammo and expense so I could be consulted.
Reply With Quote
  #16  
Old 08-26-2013, 2:48 PM
njineermike's Avatar
njineermike njineermike is offline
Calguns Addict
 
Join Date: Dec 2010
Location: CO
Posts: 8,295
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Baboosh View Post
But I get to buy him ammo and expense it. Which then means we need to go have a meeting about what we are going to do while making sure his payment operates right.

So then I would have to then buy myself ammo and expense so I could be consulted.
Genius!
__________________
NRA lifetime member
2AF Defender member

When did I go from being a "citizen" to a "taxpayer"?

Jon Lovitz: I cant wait to go to a hospital run by the DMV!
Reply With Quote
  #17  
Old 08-26-2013, 2:54 PM
Baboosh's Avatar
Baboosh Baboosh is offline
Vendor/Retailer
 
Join Date: Jun 2008
Location: Alta Loma
Posts: 5,753
iTrader: 130 / 100%
Default

Quote:
Originally Posted by njineermike View Post
Genius!
Yea, this IT stuff is hard work
Reply With Quote
  #18  
Old 08-26-2013, 2:57 PM
SunsetIE SunsetIE is offline
Senior Member
 
Join Date: Jun 2013
Posts: 1,673
iTrader: 45 / 100%
Default

Quote:
Originally Posted by Baboosh View Post
But I get to buy him ammo and expense it. Which then means we need to go have a meeting about what we are going to do while making sure his payment operates right.

So then I would have to then buy myself ammo and expense so I could be consulted.
One of the best business plans I have ever heard of!
Reply With Quote
  #19  
Old 08-26-2013, 3:29 PM
Dutch3's Avatar
Dutch3 Dutch3 is online now
Dirt Farmer
CGN Contributor
 
Join Date: Oct 2010
Location: Butte County
Posts: 11,616
iTrader: 3 / 100%
Default

Sometimes, a manual reformat and reinstall is the best option. Be glad it is only one machine and not 300.
__________________
Assembly Public Safety Chair Reginald Jones-Sawyer:
..."and with that I'd like to turn it over to my colleague Loni Hancock, Senate Public Safety Chair, and as I like to say, my partner in crime."

Senate Public Safety Chair Loni Hancock:
"Yeah, we do that quite a lot, actually..."

- Joint Legislative Informational Hearing on Firearms - Newsom Initiative #1756 - May 3rd 2016
Reply With Quote
  #20  
Old 08-26-2013, 4:15 PM
WiKDMoNKY's Avatar
WiKDMoNKY WiKDMoNKY is offline
Guns, Jeeps and Drones
CGN Contributor
 
Join Date: Jan 2011
Location: Orange
Posts: 508
iTrader: 6 / 100%
Default

I found that running Hitman Pro gets most of the nasty things out on the first try and then run combofix to be sure.

You can use Hitman Pro for 30 days after activating a license. I sometimes use it to just find the viruses and I manually remove them. I set it to run once and not install anything. You need internet access to run this program. It can be run form safe mode with networking.
http://www.surfright.nl/en/hitmanpro/

ComboFix
http://www.bleepingcomputer.com/download/combofix/
__________________
NRA, SAF, GOA GET INVOLVED NOW OR DON'T COMPLAIN LATER!

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." Benjamin Franklin 1818

"A free people ought not only to be armed and disciplined, but they should have sufficient arms and ammunition to maintain a status of independence from any who might attempt to abuse them, which would include their own government." George Washington 1790
Reply With Quote
  #21  
Old 08-26-2013, 7:19 PM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 2,519
iTrader: 26 / 100%
Default

hitman pro is good but in the end it still isnt as good as reimaging. take njineermike suggestion and build images for your smb. its time consuming at first but will save you a bunch of money in the long run.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 5:46 PM.




Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2016, Calguns.net an Incorporated Company All Rights Reserved.