Re: Ask Windows XP Expert Walter Clayton About Spyware
From: Walter Clayton (w-claytonNO_at_SPmvpsAM.org)
Date: 08/08/04
- Next message: Chad Smith: "upgrade hangup"
- Previous message: John Lombard: "my documents"
- In reply to: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Next in thread: Ronnie Vernon MVP: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 8 Aug 2004 18:53:03 -0400
Yep, t'ain't nothing can be done about the person at the keyboard. BTDTBTTS
:-)
Depending on how compotent you are you can do what I do when I'm on site. Go
to http://www.nu2.nu and grab Bart's PE. You'll need either a standard
retail/oem CD (not a restore set) or an I386 directory on disk. Following
the instructions and you can create a stand alone XP environment that has
AdAware, command line AV scanners, and other tools you feel you need. It's a
lot easier to nail some of the tricker variants that load themselves in safe
mode. And since it has full networking support you can push data across a
network to another machine if things get really nasty.
I've tussled with some of the more willey varieties myself and never had to
disable SR. I have hand massaged the registry and clipped nasties off the
drive either in safe mode when AdAware and Spybot were prohibited from
correcting the registry (and that gets tricky with an active nasty :-) or
via Bart's.
TrendMicro has stepped up to the plate and offers a free tool
(http://www.trendmicro.com/download/dcs.asp) that I've started to use. Also
there's a tool at http://www.silentrunners.org/ that identifies stuff
launching with the system that isn't part of a default virgin install. Use
extremely care when interpreting the results. Some people have
unintentionally shot themselves in the foot extremely badly (flat lined the
system) when hacking the wrong thing out of the registry. Couple that with
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml and, if you're
really compotent at ftp://ftp.kaspersky.ru/utils/ you'll find a Trojan
Finder tool that will let you determine what is preventing you from
terminating a task. It will also let you kill tasks. There's some other
handy stuff there as well.
-- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "zippy" <zippywonder@nospamearthlink.net> wrote in message news:8WvRc.13353$cK.3335@newsread2.news.pas.earthlink.net... > Well I hear what you are saying. But I wouldn't want to have to restore > to > a point where I had the scumware and have to start back at ground zero > trying to get rid of it. I'd lose all my hair. Guess I've just got lucky > with the way I have been doing it for a while. I have found that this > Coolweb thingy has many variants and some variants are easier to get rid > of > with just adaware, spybot, CWShredder, and HijackThis. While on other > computers I've worked on weren't quite so easy. The version I had even > got > past my firewall. Mistyped an address and got directed to a malicous > website and before I knew it I had programs like NotePad and Windows Media > player asking for permission to access the net through ZoneAlarm. Right > then and there I knew something was wrong as these shouldn't have been > asking for permission. I tried running Spybot, Adaware, and Hijack this, > even from safe mode. But I was unable to get rid of it totally till I > disabled system restore and then scanned in safe mode. It was still > asking > for permission. I usually use AVG free for virus scans, but this program > is > unable to scan in safe mode normally and was not detecting any viruses so > I > ran norton from CD, incase the variant I had disabled installed Scanners. > This also found Trojan Downloader that was created on the same day as > Coolweb. I'm thinking these two went hand in hand. I was still getting > Pop-ups, programs still asking for permission. Once I disabled restore and > then ran all these programs again it was able to quarentine most items.I > was > no longer getting all the pop-ups. Programs were no longer asking for > permission. But I still had to manually remove Content.IE5. These infected > items were found in the index dat file that Norton was unable to remove. > Had to fix Notepad. So, I've found that even with Virus Scanners, > spyware > removal tools and a firewall doesn't mean you are protected 100%. To date, > they still don't have software for Operator Error :-)) That's why now > I've > been very dilligent backing up to CD any information that I really really > need, and something does go wrong, it's just as easy for me now to just do > a > clean install of XP rather than restore. Although this is a last resort. > > "Walter Clayton" <w-claytonNO@SPmvpsAM.org> wrote in message > news:Ob17PeWfEHA.904@TK2MSFTNGP09.phx.gbl... >> ;-) >> >> Trust me or not. Disabling SR during the weed out is dangerous. Once the >> machine is clean *then* purge SR and snap a base line. > >
- Next message: Chad Smith: "upgrade hangup"
- Previous message: John Lombard: "my documents"
- In reply to: zippy: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Next in thread: Ronnie Vernon MVP: "Re: Ask Windows XP Expert Walter Clayton About Spyware"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
