Re: Malicious Software Removal Tool
- From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
- Date: Sun, 6 Apr 2008 02:33:57 -0400
YW.
Those scans takes time!: ~5 hrs for a MSRT scan, 3 hrs for
Defender and rirus scans, and ~1.5 hrs for each worm scan. And
they require that I blow away restore points...
Whaddya mean, they require that you "blow away restore points"? We "infected" Restore Points found during these scans?
In any event, this discussion belongs in WinXP General newsgroup, not Windows Update.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Tim wrote:
PA Bear:
Thanks for your input.
I checked the Linksys WRT54G and WET54G that I use for
wireless, and they have up-to-date firmware and there is a
firewall. I am not up on networking and optimal settings, but
they are in the same state that I used them in when I had IT
support. . .
I made sure the Repair Install was complete before connecting
to the net. I understand that the sp2 download I used (from
last week - WindowsXP-KB835935-SP2-EN) contained all updates
up to the time it was put together . . .
More generally, I admit that I assume that the XP firewall is
up BEFORE the utilities fire up a net connection. I looked for
a way to check this, but have not found a way. Again, this is
as it was when I had IT support.
Strangely, this second Repair Install (RI) experience differed
somewhat from the first one. The most notable was not an option
after selecting Install after booting from the XP+SP2 slipstream
CD. I replaced several windows\system32\config files with versions
windows\repair, as directed in KB307545. Then the repair option
came up. The slipstream-based RI went well.
Windows Updating bothered me a little: There were >90 updates.
Which took several hours to process (some of which was me literally
falling asleep at the keyboard).
In any case, that was Th night and I spent Fri and most of today
(Sat) updating software and running MSRT, Defender, virus, fxsasser
and fixblast scans. (Though there are no indications the latter
ever has been a concern, in that I understand that one of its
impacts is to make connecting to the net difficult.) No sasser
infections were found - I assume sasser motivated your suggestion
that I re-re-intall.
Those scans takes time!: ~5 hrs for a MSRT scan, 3 hrs for
Defender and rirus scans, and ~1.5 hrs for each worm scan. And
they require that I blow away restore points . . . and I now know
the importance of restore points!
I am still paranoid about security . . .
Bu the computer is stable, and I am close to the point where I
will take a new snapshot of the drive, for future reference.
I have learned a thing or two. The most important thing I learned
is that I can ask questions on the web, and get good advice.
Again, thanks for your input!
Regards,
Tim
What do you think about using SP3 instead of SP2?
SP3 is still beta and it probably will continue to be until Jun-08
(educated guess/YMMV). The machine will have to have either WinXP SP1 or
WinXP SP2 installed in order to be able to install SP3.
Do you think I can create a slipstream CD with XP/SP3?
One /can/ create a slipstream CD with SP3 included. Again, SP3 has not
been released yet. Any/all current support for WinXP SP3 will be found
here:
http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=2010&SiteID=17
--
WinXP-specific newsgroup:
news://msnews.microsoft.com/microsoft.public.windowsxp.general
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
Tim wrote:PA Bear:
I looked into the page you pointed me to . . . I am happy, except as
noted
below *.
I plan to do the format/install. . . . I hope you have time to answer a
couple of quickies?
1. What do you think about using SP3 instead of SP2?
There are ~100 update downloads from SP2, and there was an issue with
getting these updates . . .
2. Do you think I can create a slipstream CD with XP/SP3?
*I am sure about my computer firewall being on, and my McAffee virus
program
was on. I need to check on the firewall situation with my router. I have
been told that I am safe, as I am running a router (for wireless) off of a
cable modem - though I am using WEP (128), which I hear is not as good as
WPA.
Regards,
Tim
"PA Bear [MS MVP]" wrote:
Reposting the most important part of my last reply:
After doing the Repair Install (or even a format & reinstall), did you
take
care of /everything/ on the following web-page before otherwise
connecting
the machine to the internet (to, e.g., browse; check email; chat;
download)? => http://www.cert.org/tech_tips/before_you_plug_in.html
If you did NOT, I'd recommend another format & reinstall, Tim, and taking
care of everything on that web-page before doing anything else. You
should
be an old hand at it by now. <eg>
--
~PA Bear
Tim wrote:I have seen/read your posts in the last week of my largely self-induced
PC
turmoil . . . My experience would no doubt serve as a good case study
on
why one should not accept what is written on the web, even when it seems
to
be a common opinion.
I think the following is more than you wanted to see . . ..
This whole thing started with me trying to fix the following problem:
It took ~15 seconds to access "My Computer" or "Save As" items. Though
this
has been the case for some time, it recently became a particular burden.
My attempts to fix this problem started with web searches.
Unfortunately,
I
followed a path that took me to the point where my computer (T60) would
not
boot. I did not start logging my actions until a couple of days ago, and
I
don't have a clear recollection of my late-night/poor choices. I do
remember
it started with accepting suggestions about Services (the starting point
was
disabling DCOM) and copying files (replacing files that may have been
corrupted). I have a second T60 configured in almost the same way as my
primary T60. So, I
used some files from that machine. That apparently was not wise.
(Though
the second T60 was very useful over the past week.)
Another set of actions surrounded my trying to do a chkdsk - the
'well-known' (no to me) issue of XP and SATA drives. My actions trying
to
get this done also helped lead me to the bottom of the pit.
Unfortunately, one of my actions was to shut off "system restore" . . .
which limited my 'downstream' options.
(Note also that the interaction between MS system support software and
the
vendor supplied Thinkvantage software confused me.)
My primary T60 contains 'my life' wrt communications and documents for
the
last half a dozen years (rolled forward my files during yearly computer
upgrades). I do have backups. I also made a copy (xcopyi) of my drive to
a
usb HD.
After several days on this issue, I ended up learning (at least
following
along) how to create a BARTPE.
I took a 'snapshot' of the drive. I then installed XP and SP2. After I
realized the amount of effort it would take to get back to where I was
in
terms of software and connectivity, I decided to take big action - I
reformatted the HD and reloaded the snapshot.
I then did the slipstream repair install of XP SP2.
Again, I don't have a good log - I started logging at about the time of
my
snaphot restore - but the above is how I remember things.
(I don't think I left any window open for malicious software to get on
the
computer. I think one of the issues with the first SP2 install is that I
forgot to disable the virus software. )
I am paranoid, and the computer was shutting down at random times, so I
ran
all of the scans I mentioned in my previous post. (In practice, I scan
daily.)
I bookmarked the page you pointed me to, for future reference. Looks
like
good info. (I am one of those guys who used to have IT support . . )
I
was using the other T60 for most interactions with the e-world.
Regards,
Tim
"PA Bear [MS MVP]" wrote:What "issues" necessitated a Repair Install in the first place? Have
you
considered a format & reinstall?
After doing the Repair Install (or even a format & reinstall), did you
take
care of /everything/ on the following web-page before otherwise
connecting
the machine to the internet (to, e.g., browse; check email; chat;
download)? => http://www.cert.org/tech_tips/before_you_plug_in.html
--
~PA Bear
Tim wrote:Jerry, David:
Jerry is correct. After going through the repair install fiasco
(mostly
through my own issues), I wanted to make sure that nothing had crept
into
my
system. I did a virus scan, a Spybot scan, a Adaware scan, a Defender
scan,
land a MRT (this is apparently the acronym used) quick scan.
Though those passed, with the usual many minor (cookie and MRU) issues
and
a
couple of firewall issues detected by Spybot, which I attribute to my
attempt to do a SP2 install after my first repair install of XP. So, I
ran
full scans using a command line execution once; however, I also used a
'double-click execution' once.
Note that I omitted a perhaps important point the background
information
I
provided in my opening post: After the second, slipstreamp-based
repair
install, the computer shut down a couple of times. It seemed to
stabilize
after doing some work on "Thinkvatage" software - reinstalls.
But these random shutdowns made me concerned that malicious code had
been
introduced during the episode.
BTW: I received an email notification that my opening post had been
replied
to; however, the link provided did not open a page. Is there something
I
need to do to get such links to work? No instructions were included in
the
email.
This is the first time I have ever done a post in this (or any)
community
.
. .
Regards,
Tim
"Jerry" wrote:
If he's running it Full Scan he probably downloaded it and is running
it
from his machine directly.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%238uFt6FlIHA.5396@xxxxxxxxxxxxxxxxxxxxxxx
From: "Tim" <Tim@xxxxxxxxxxxxxxxxxxxxxxxxx>
Please let me know if there is a more appropriate discussion forum
for
this question.
Is there a maximum number of files that MSRT will check?
I ask this because on two occasions now, my display has gone
'unretrievably black' (HD still being accessed) afer about 2.5
hours
of
MSRT execution (Full Scan). I noticed on the second scan that there
were
almost a million files processed. After 'doing something else for a
bit', I found the situation described above (for the second time).
Background:
I have just done a repair install of XP SP2 on a T60. Actually,
this
was
after doing an XP repair install, and messing up an SP2 upgrade. I
then
did the XP SP2 repair install using a slipstream CD. Nice. Next
time,
I
will try to add drivers; e.g., for the XP SATA 'issue'.
Regards,
Tim
Tim:
Are your running the MRT from command line or are you just obtaining
it
through Auto Updates
?
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- References:
- Malicious Software Removal Tool
- From: Tim
- Re: Malicious Software Removal Tool
- From: David H. Lipman
- Re: Malicious Software Removal Tool
- From: Jerry
- Re: Malicious Software Removal Tool
- From: Tim
- Re: Malicious Software Removal Tool
- From: PA Bear [MS MVP]
- Re: Malicious Software Removal Tool
- From: Tim
- Re: Malicious Software Removal Tool
- From: PA Bear [MS MVP]
- Re: Malicious Software Removal Tool
- From: Tim
- Re: Malicious Software Removal Tool
- From: PA Bear [MS MVP]
- Re: Malicious Software Removal Tool
- From: Tim
- Malicious Software Removal Tool
- Prev by Date: RE: "Realtek AC'97 Audio" update
- Next by Date: Re: Vista Home Prem 32Bit SP!....Logitech Lvuvc.sys
- Previous by thread: Re: Malicious Software Removal Tool
- Next by thread: Malicious software removal tool
- Index(es):
Relevant Pages
|
