re: Removed Spyware returns despite cleanings
From: sgopus (anonymous_at_discussions.microsoft.com)
Date: 09/22/04
- Next message: Carey Frisch [MVP]: "Re: Norton Anitvirus"
- Previous message: Ramzi: "Media Player 9 crashes after SP2 installation"
- In reply to: Chris: "Removed Spyware returns despite cleanings"
- Next in thread: Brian Viercant: "Re: Removed Spyware returns despite cleanings"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 21 Sep 2004 18:45:47 -0700
Visit your website??? that's stupid, that's what the
newsgroup is here for. Trying to make yourself larger in
your own eyes??
Full Maintenance on your pc? Just what does that mean?
Defrag does nothing to inhibit and or stop spyware/malware.
AV software does nothing to inhibit and or stop
spyware/malware. not good advice!!!
I suggest you get hijackthis and follow the directions,
post a copy of the log at the proper place, this ain't it!
if you don't have SP2 get it and install it (make back ups
first). get a better firewall. Sounds like the original
poster is getting a good grip on the basics, also read
this.
There is a new class of malware/adware/virus/trojan that
is neither found nor
fixed using the conventional tools, such as Norton,
McAffee, Lavasoft, etc.
It is based on a super hidden dll that is not detectable
by the OS, even in
safe mode. A full discussion can be found at
http://www.pcsympathy.com/sutra1193.html
including a link to a simple but effective tool called
xfind.
http://home.mnet-online.de/horst.muc/int/find23.zip
Basically, this simple tool can search for files, but it
reports the name of
the file that it cannot read. In my case it was
comjiac.dll. That is the
malware executive that keeps reinfecting the machine. It
is loaded from the
registry key under the AppInit_Dlls but that key remains
invisible and
unreadable by inheriting the file permissions. Once you
know the name from
xfind, you rename or delete using the repair console.
Once the name has
changed, the registry key now appears with normal
permissions and can be
deleted.
For those that are curious, Win2k and XP supports file
permissions that do
not let the file be read or modifed by anyone including
the OS itself. It is
super-super hidden, which is why the anti-virus programs
cannot find it.
However, the registry console apparently does not
consider file permissions
when doing simple operations such as dir, rename, or
delete. xFind gives you
the name, the repair console allows you to kill it, and
regedit allows you to
kill the load process.
Please pass along this information to other software
forums. It took me a
day of searching with google to find the kind person who
copied the recipe
from another site.
Copied with Permission
>-----Original Message-----
>Hi,
>
>You need a FULL MAINTENANCE on your PC (Disk Clean-Up,
>Defragment, etc). Run McAFee AV software. Install
>SP2. And then, you should be safe.
>
>If all this does not work, (I'm sure that it will) then
>you need to REFORMAT your HD.
>
>For further help, visit my website:
>www.yourpcdoctoronline.com
>
>
>>-----Original Message-----
>>Hi,
>>
>>I have posted and received replies to my spyware/malware
>>question a while back but I can't relocate the thread
>>(even though I found it upon 'search').
>>
>>I run WinsXP home ed., and IE 6.
>>
>>In a nutshell:
>>I chased a hundred or more Spywares off my PC by
>>following a stringent detecting and cleansing protocol
>>prescribed to me here by a consultant. (Including the
>>various AV scans, Ad-Aware SE, Spybot-Search & Destroy,
>>SpywareBlaster, WinPatrol, etc., etc.
>>I disabled System Restore, ran 'safe' mode, and followed
>>every instruction accurately. And it seemed to work.
>>Scans eventually showed no further Spyware. (No viruses
>>were present). I set up a Sygate Firewall (freeware)
>>which appears to be closely screening any intruding
>sites
>>trying to get into my system.
>>
>>Problem: when I leave safe mode and allow 'normal' boot,
>>then fire up my browser, I almost immediately see
>Spyware
>>seizing my PC. The screen slows a virtual halt, but I
>>see the hard drive working diligently to re-infest my
>>system.
>>Sure enough, when I run Spybot I see 70-100 Spyware
>>entries. Interestingly, Ad-Aware only shows a few along
>>with some 'negligible' items.
>>
>>If I can manage to navigate through websites and carry
>>out operations without masive delays should I
>just "live"
>>with these infections? My PC seems to be running better
>>than when it was first infected, possibly because my
>>Sygate firewall seems more vigilant.
>>
>>Any thoughts as to how I can obtain better protection?
>(I
>>KNOW I should have just reformated my CD, but I wanted
>>to learn about protecting my system through hands on
>>experience).
>>
>>
>>
>>.
>>
>.
>
- Next message: Carey Frisch [MVP]: "Re: Norton Anitvirus"
- Previous message: Ramzi: "Media Player 9 crashes after SP2 installation"
- In reply to: Chris: "Removed Spyware returns despite cleanings"
- Next in thread: Brian Viercant: "Re: Removed Spyware returns despite cleanings"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
