1 2 3 Previous Next 190 Replies Latest reply on Jun 2, 2011 7:37 AM by mjmurra

    GetSusp 3.0.0.81

    vinoo

      Hello!

       

      Just wanted to keep everyone posted about a minor release of GetSusp version 3.0.0.81.

       

      Changelog:

      + Scans additional registry locations for malware
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\*.*

       

      - Removed DAT version and date being displayed in GetSusp as the tool is independent of DATs; it's uses McAfee GTI for file reputation.

       

      The product guide and FAQ can be found here:

       

      Product Guide: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22668/en_US/GetSusp.pdf

      GetSusp FAQs: https://kc.mcafee.com/corporate/index?page=content&id=KB69385

       

      I'll be glad to help with any questions you may have.

       

      Regards,
      Vinoo Thomas
      Technical Product Manager, McAfee Labs

       

       

      The latest version of GetSusp is hosted at: http://downloadcenter.mcafee.com/products/mcafee-avert/GetSusp/GetSusp.exe

       

      Message was edited by: vinoo on 18/7/11 4:55:07 PM IST
        • 1. Re: GetSusp 3.0.0.81

          I can't figure out how to kill this virus ... HELP please!

          I don't know which one of the logs you need.

           

          When I boot up on safe mode I get the blue screen of death and says that windows detects a virus.

          We run McAfee software on all computers in office .. no idea how this one got by.

          Please HELP!

           

          Thanks

          • 2. Re: GetSusp 3.0.0.81

            Thanks for posting the password.  Attached is what I hope you need to help me out.  I am running Windows & Ultimate and Internet Security 2010.  I started seeing Antivirus Action after what appeared to be a Java Update downloaded.

            • 3. Re: GetSusp 3.0.0.81
              vinoo

              Thanks for posting the logs. Next time please post the entire gsusp.zip file that gets created.

               

              Both of you are infected with differnet variants of the same Trojan. Detection for these have been added to the DATs as FakeAlert-SpyPro.gen.ak Trojan.

               

              @smileychelle
              C:\DOCUME~1\staylor\LOCALS~1\Temp\drifktirn\ilbmkyfyhsn.exe 
              md5: c110915658c2c5ea52e50079145216f6

               

              @websterslair
              C:\Users\Lee\AppData\Local\Temp\ioxcyyxgo\ftbxagpyhsn.exe 
              md5: 69148440abb83b5d667e76eb0e07952c

              • 4. Re: GetSusp 3.0.0.81

                Hey, i will start by saying i am rather hopeless when it comes to computers other than following instructions, i was infected with the Antivirus Action virus and after following the steps on the website posted on the Antivirus Action post i thought i had rid my computer of it, but on startup in normal mode it started to run again. Although i have disabled it's execute order internet is not running properly so i couldn't post the getsup report directly.

                 

                Also i was infected with the google redirect virus a while ago and was not sure how to get rid of it.

                 

                anyway, thankyou for your help.

                • 5. Re: GetSusp 3.0.0.81
                  vinoo

                  @Newbie:

                   

                  No worries. The forum exists to help you. The culprit file is:

                   

                  C:\DOCUME~1\user1\LOCALS~1\Temp\trsgfldtd\ikawaguyhsn.exe

                   

                  Reboot into safe mode and you should be able to delete this file

                  • 6. Re: GetSusp 3.0.0.81

                    Hi Vinoo,

                     

                    It appears you are the expert on the Anti Virus Action infection.  I was finally able to run getsusp however not too techical to figure out what I need to delete. I was wondering if you could take a look at my results file and let me know what files I should delete.

                     

                    Thanks in advance

                    • 7. Re: GetSusp 3.0.0.81
                      vinoo

                      @leenie:

                       

                      It appears you've uploaded the same GetSusp Results file that @Newbie had uploaded in the previous post.

                       

                      Could you post the gsusp.zip file that gets created in the same location from where getsusp.exe was executed please?

                       

                       

                      on 18/10/10 10:00:05 AM IST
                      • 8. Re: GetSusp 3.0.0.81

                        Thanks Vinoo.


                        Ok, so I’m an idiot.  How do I search/find this file? I'm in safe mode but can't locate the path.

                         

                         

                        Message was edited by: leenie on 10/17/10 11:49:51 PM CDT
                        • 9. Re: GetSusp 3.0.0.81

                          Hello,

                           

                          I have been trying to open the GetSusp with no luck. I was able to save it to my desktop but the Antivirus Action infection has attacked my laptop. No applications will open with the exception for Firefox. Please help! One thing I did manage  to run in safemode was Stinger. I have to end it early but it did catch a trojan. Now I cannot run misconfig to get back into safe mode

                          1 2 3 Previous Next