News Items
Aug 12, 2005 12:56PM
While I was in there correcting the problem from my earlier post, I added a new command line option. A few people have complained about AIMFix rewriting buddy profiles. I apologize if this is annoying for anyone, but the difficulty is that many of the viruses (most, actually) write virus code into the profile. If I don't clean that, you're still partially infected, and if I do clean it, I have to overwrite it with something. Anyway, I've added another command line option that leaves the buddy profiles alone, so you now have the following options available to you with AIMFix:
Usage: AIMFix.exe [options] [path-to-log]
-h | /? print this help
-u | /u unattended mode
-l | /l specify log file location
-n | /n Do not create a log
-p | /p Do not edit buddy profiles
Hopefully that helps some people out there, if anyone has further suggestions for AIMFix just contact me through the contact form and let me know.
-Jay
Aug 12, 2005 12:35PM
Wow, so I'm a complete dunce. I was doing some testing on some new AIMFix features, and I noticed something really odd...AIMFix wasn't deleting a known virus file from a test machine. Looking into it further, and realized that in the process of moving my development scripts to a new machine, I had broken the compilation process without knowing it. Recent versions of AIMFix have only been removing registry-key signature virus files. The fact that AIMFix was half functional meant that no one emailed to tell me it wasn't working, because it still appeared to be working.
Sigh.
The positive side is that it at least shows me that my code does enough sanity checks that even with a half crippled engine, it was carefully bailing itself out of any potential side effects. Anyway, the current version of AIMFix is fixed now, and anything you download from now on will be at full capacity. If you've still got a virus out there, you probably will want to grab the current version and give it a go, just in case it helps.
-Jay
Aug 10, 2005 12:21PM
Few new things:
There's a new version of the Funneh worm out, I haven't had a chance to find out much about it, but at least part of it is already removed by AIMFix. I will try to dig into this later tonight and see if I can't come up with some new updates.
Secondly, I finally got a Windows testing PC. It appears to be somewhat on the slow side, and it's not liking the idea of running Microsoft Virtual PC on a 700mhz machine. It runs ok here at work on our faster machines (actually quite fast) so I had hoped it would work well, but no such luck. I'm not sure what I'm going to do yet; I may end up buying a copy of VMWare so that I can just run Windows virtual machines under Linux, but VMWare is about 200 dollars, so we'll see.
Coolest of all, I should be receving a couple packages today. I am expecting delivery of a free photo ipod from Gratis Internet, thanks to all the people who completed offers through my referral link. A big thank you to all of you, I can't wait to open this baby up and check it out! I also should be receiving a new laptop today. I ordered a newer laptop (IBM Thinkpad) on ebay to replace my old Thinkpad, since my old laptop will be going with my best friend to Germany for his study abroad. I'm looking forward to my first laptop that's faster than a 700mhz :)
Last night I also finally got my copy of The Art of Computer Virus Research and Defense and made it through the first chapter. I'm hoping it will give me somewhat of a jumping-off point for future versions of virus removal tools and ways to improve my removal tool(s). I'm more than aware that AIMFix could be improved in a myriad of ways, but I really just sort of stumbled into all this with no idea where I was going. It's time I either decide to drop AIMFix as a project, or delve into it and give it the attention it needs to be improved to the level I'd like.
-Jay
Jul 13, 2005 06:56PM
Copies of the fightbac.com "Funneh" worm have been "adjusted" thanks to some help and teamwork. Instead of downloading more virus files or spyware, they now redirect to http://jayloden.com/info.htm to alert people they are infected and give them instructions for removing the virus components.
-Jay
Jul 12, 2005 07:34AM
The "Funneh" worm now has it's own page, with removal instructions. I still haven't figured out why the discrepancy between what I see and what people are reporting, but as far as I know, the instructions on that page should remove this variant. I'm still working on a more complete fix built into AIMFix, but for now this is the best information I have and it does work, it's just more difficult than simply running AIMFix.
-Jay
