Re: Ask Windows XP Expert Walter Clayton About Spyware
From: Walter Clayton (w-claytonNO_at_SPmvpsAM.org)
Date: 08/08/04
- Next message: The Unknown P: "RE: Pirated Windows XP???"
- Previous message: Carrie Garth: "Re: Locking students out of XP"
- In reply to: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Next in thread: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Reply: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 8 Aug 2004 12:48:44 -0400
;-)
Trust me or not. Disabling SR during the weed out is dangerous. Once the
machine is clean *then* purge SR and snap a base line. Yes, if a system
restore must be done because the weed out trashed the machine, then yes,
you're back with the crapware but at least the system is usable so that you
can try a different approach that won't leave the machine in worse shambles.
Or to rephrase it, why do think Spybot, by default, takes a SR snapshot
prior to altering anything on the system?
Ripping some of this stuff out is dangerous and NT kernels are rather
fragile in this regard. SR is the only graceful mechanism that people have
to restore functionality if something in the TCP stack gets ripped out
incorrectly leaving the machine DOA as far at getting on the 'net is
concerned. Unless they happen to have the proper repair tools on hand in
advance. Or if they hook the shell in such a manner that GUI fails on normal
startup.
Frankly I'm concerned about what Norton says. They have less than a stellar
reputation.
-- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "zippy" <zippywonder@nospamearthlink.net> wrote in message news:fXrRc.12936$9Y6.870@newsread1.news.pas.earthlink.net... >I meant just to disable it while doing the scans, then put it back on. >I've > found this method the only way to completely rid the system. If he had to > repair to a previous date, guess what he's going to get back? Coolweb. I > thought you were the expert? > Even Norton says to disable system restore......... > > "Walter Clayton" <w-claytonNO@SPmvpsAM.org> wrote in message > news:eef3erUfEHA.712@TK2MSFTNGP09.phx.gbl... >> Disabling system restore is a bad idea. The system may be in a bad shape >> now, but at it basically functions. If the spyware rip out goes awry SR > may >> be the only way to get back to make a second attempt. >> >> -- >> Walter Clayton - MS MVP(WinXP) >> Associate Expert >> http://www.microsoft.com/windowsxp/expertzone >> Any technology distinguishable from magic is insufficiently advanced. >> http://www.dts-l.org >> http://support.microsoft.com/servicedesks/fileversion/default.asp| >> >> >> "zippy" <zippywonder@nospamearthlink.net> wrote in message >> news:uXkRc.12607$cK.3981@newsread2.news.pas.earthlink.net... >> > Have you made sure that you updated products? Are you running these >> > programs in safe mode? Have you disabled system restore *before* > running >> > these programs? Try these steps and see if they help. >> > "Michel" <Michel@discussions.microsoft.com> wrote in message >> > news:0F43D42F-89AF-4732-B4FE-1CF8991067C2@microsoft.com... >> >> My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot > & >> >> SpywareBlaster have not detected it or removed it! What can I do?? >> >> >> >> "Walter Clayton" wrote: >> >> >> >> > Generally all I use is AdAware first followed by SpyBot. There's a > lot >> > of >> >> > overlap in the two tools, but they also concentrate on > non-overlapping >> >> > areas. It's also wise to follow up with installing SpywareBlaster. > None >> > of >> >> > these require run time presences although SpyBot will offer to > install >> > such. >> >> > No harm in doing so and in some instances, especially with >> >> > multi-user >> >> > machines, a necessity. The biggest issue is remembering to run them >> >> > periodically after checking for updates. The latter is one of the >> > reasons, >> >> > other than not changing usage habits, that people get reinfected. > It's >> >> > easier to avoid being click happy than it is to clean up the mess >> >> > afterwards. >> >> > >> >> > There are instances where AdAware/SpyBot may be neutralized or >> >> > unable >> >> > to >> >> > clean something. I handle those on a case by case basis since you're >> > looking >> >> > at going with some highly specialized tools that if misused will > leave >> > the >> >> > machine unbootable (note that there is a nasty that the current > version >> > of >> >> > AdAware had been cleaning incorrectly that would make it impossible > to >> > log >> >> > on to the machine without taking corrective action). >> >> > >> >> > Depending on your level of expertise there are some tools that >> > circumvent >> >> > issues with removing nasties that are resident in memory even in >> >> > safe >> > mode. >> >> > If an XP machine is being disinfected I use a bootable CD created > using >> >> > Bart's tools with fully updated AdAware, Trendmicro, McAfee and >> > Kaspersky >> >> > tools (all free versions) incorporated. This also allows me to > correct >> > any >> >> > registry issues on the host machine without any major hassles other >> >> > than >> >> > knowing what parts of the registry need be hacked. The reason I >> >> > include >> > and >> >> > run AV scanners is generally if some one has a load of spyware it's > not >> >> > unusual they'll have nastier stuff as well. >> >> > >> >> > -- >> >> > Walter Clayton - MS MVP(WinXP) >> >> > Associate Expert >> >> > http://www.microsoft.com/windowsxp/expertzone >> >> > Any technology distinguishable from magic is insufficiently >> >> > advanced. >> >> > http://www.dts-l.org >> >> > http://support.microsoft.com/servicedesks/fileversion/default.asp| >> >> > >> >> > >> >> > "Andrew" <Andrew@discussions.microsoft.com> wrote in message >> >> > news:97E53975-D207-4D60-B5D7-08BE5BB4D3CF@microsoft.com... >> >> > > >> >> > >> >> > >> I already know what Spyware can do and all to your computers but >> >> > >> what >> > is >> >> > >> the best Spyware and Ad-aware remover programs out there I'm >> >> > >> using >> > Spybot >> >> > >> 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good >> > Spyware >> >> > >> and Ad-aware remover programs that it will remove about 90% of >> > Spyware >> >> > >> and Ad-aware off your computer and keep it out. >> >> > >> >> > >> > >> > >> > >
- Next message: The Unknown P: "RE: Pirated Windows XP???"
- Previous message: Carrie Garth: "Re: Locking students out of XP"
- In reply to: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Next in thread: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Reply: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
