Comments on: Removal Tool? No. http://blog.threatfire.com/2008/06/removal-tool-no.html ThreatFireâ„¢ AntiVirus protects when others can't Sun, 14 Mar 2010 19:21:30 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: kannadi http://blog.threatfire.com/2008/06/removal-tool-no.html/comment-page-1#comment-37 kannadi Mon, 30 Jun 2008 15:00:00 +0000 http://newblog.threatfire.com/2008/06/removal-tool-no/#comment-37 <b>Latest Update on "Macrosoft Corporation's DriveGuard.exe"</b><br/><br/>Earlier today, I had submitted sample of this file to <br/><a HREF="https://www.webimmune.net/scanfile.asp" REL="nofollow"> McAfee's Virus Sample Upload Site</a> <br/>McAfee has communicated me saying this is a new detection named <b>"w32/autorun.worm.c".</b><br/>Their current release of DAT v5327 does not have detection or cure for this file.<br/>They promise a future release of the DAT file will cover this virus too.<br/><br/>But they have sent me an EXTRA.DAT which in turn started detection and deletion of this menace. Latest Update on “Macrosoft Corporation’s DriveGuard.exe”

Earlier today, I had submitted sample of this file to
McAfee’s Virus Sample Upload Site
McAfee has communicated me saying this is a new detection named “w32/autorun.worm.c”.
Their current release of DAT v5327 does not have detection or cure for this file.
They promise a future release of the DAT file will cover this virus too.

But they have sent me an EXTRA.DAT which in turn started detection and deletion of this menace.

]]> By: kannadi http://blog.threatfire.com/2008/06/removal-tool-no.html/comment-page-1#comment-36 kannadi Sun, 29 Jun 2008 21:34:00 +0000 http://newblog.threatfire.com/2008/06/removal-tool-no/#comment-36 Hi<br/><br/>Thanks for the information.<br/>But does it solve the problem?<br/>I have serious doubt about that.<br/>Because I had deleted the file from Program Files few days back. But I see some serious problem with my machine.<br/>When I use any Internet connection in India with a Public IP, any trace route show the first hop at an Australian IP!<br/><br/>See a sample here:<br/><br/>Tracing route to www.yahoo-ht3.akadns.net [87.248.113.14]<br/>over a maximum of 30 hops:<br/><br/> 1 412 ms 224 ms 239 ms 97.238.1.14<br/> 2 218 ms 239 ms 219 ms 220.224.135.65<br/> 3 218 ms 239 ms 319 ms 192.168.2.26<br/> 4 * * * Request timed out.<br/> 5 * * * Request timed out.<br/> 6 * * * Request timed out.<br/> 7 * * * Request timed out.<br/> 8 * * * Request timed out.<br/> 9 * * * Request timed out.<br/> 10 * * * Request timed out.<br/> 11 * * * Request timed out.<br/> 12 * * * Request timed out.<br/> 13 591 ms 539 ms 459 ms f1.us.www.vip.ird.yahoo.com [87.248.113.14]<br/><br/>Why is it so?<br/><br/>I wonder why no Anti Virus company has come up with a solution for this.<br/><br/>Another very serious observation:<br/><br/>I have noticed this software (<i>Macrosoft Corporation</i>'s <b>DriveGuard.exe</b>) presence soon after a Windows Update!!!<br/><br/>Is there something very fishy? Hi

Thanks for the information.
But does it solve the problem?
I have serious doubt about that.
Because I had deleted the file from Program Files few days back. But I see some serious problem with my machine.
When I use any Internet connection in India with a Public IP, any trace route show the first hop at an Australian IP!

See a sample here:

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 412 ms 224 ms 239 ms 97.238.1.14
2 218 ms 239 ms 219 ms 220.224.135.65
3 218 ms 239 ms 319 ms 192.168.2.26
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 591 ms 539 ms 459 ms f1.us.www.vip.ird.yahoo.com [87.248.113.14]

Why is it so?

I wonder why no Anti Virus company has come up with a solution for this.

Another very serious observation:

I have noticed this software (Macrosoft Corporation’s DriveGuard.exe) presence soon after a Windows Update!!!

Is there something very fishy?

]]> By: HosurOnline.Com http://blog.threatfire.com/2008/06/removal-tool-no.html/comment-page-1#comment-34 HosurOnline.Com Fri, 27 Jun 2008 13:05:00 +0000 http://newblog.threatfire.com/2008/06/removal-tool-no/#comment-34 DriveGuard.exe is a virus - Trojen -spyware and its spread by micro-soft.tripod.com. This trojen reaches your computer from unknown source, even if you run any anti-virus, say Kaspersky or McAfee (Internet security suite).<br/><br/>This trojen generates a file called "verupdate.tmp" in the temp folder of the computer and it runs as a system process collecting datas along with the main file driveguard.exe.<br/><br/>After collecting datas it generates a jpg file at internet temp folder and connects to the said tripod site as a process of IE and executes a CGI file at micro-soft.tripod.com. Even though the file has jpg extension, its not a picture file but an exe file.<br/><br/>To remove this, go to task manager, stop the running services of this trojen and then delete it from the program files folder.<br/><br/>It labels itself as windriveguard.exe in the latest varients. DriveGuard.exe is a virus – Trojen -spyware and its spread by micro-soft.tripod.com. This trojen reaches your computer from unknown source, even if you run any anti-virus, say Kaspersky or McAfee (Internet security suite).

This trojen generates a file called “verupdate.tmp” in the temp folder of the computer and it runs as a system process collecting datas along with the main file driveguard.exe.

After collecting datas it generates a jpg file at internet temp folder and connects to the said tripod site as a process of IE and executes a CGI file at micro-soft.tripod.com. Even though the file has jpg extension, its not a picture file but an exe file.

To remove this, go to task manager, stop the running services of this trojen and then delete it from the program files folder.

It labels itself as windriveguard.exe in the latest varients.

]]>