Virus Disabled System Restore & Windows Security - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Virus Disabled System Restore & Windows Security




| Funny that MBAM didn't do that for you. Sometimes code in a new version
| of a malware can be close enough to code in a previous version that a
| detector misidentifies version 'b' as version 'a' and the resulting
| cleaning becomes incomplete. I don't suppose you have the original
| malware quarantined somewhere?

He never answer my question.

"You said you used MBAM "Some months back".  Have you updated it to v1.46 and
run an scan
since you found these problems ?"



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



Quoted text here. Click to load it

Don't you just hate that? :oD

He's edited the registry and moved on...



Re: Virus Disabled System Restore & Windows Security





Quoted text here. Click to load it



| Don't you just hate that? :oD

| He's edited the registry and moved on...

{ sigh }

Yes.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security





| He's edited the registry and moved on...


Surely that's the *only* way to 'fix' things if malware has caused a
registry alteration?

--
Dave



Re: Virus Disabled System Restore & Windows Security



Quoted text here. Click to load it

If the program was out of date and perhaps misidentifying a malware
instance, what other settings might it have missed correcting? It would
be better to confirm or deny the use of the most recent version of the
removal program. What if version 'b' edits the registry *and* drops
another malware item and version 'a' gets identified and removed? Sure,
he can manually edit the registry entry he finds amiss back to what it
should be, but it would be better to execute an updated version of MBAM
or another removal tool such as SAS.



Re: Virus Disabled System Restore & Windows Security




| >
| >
| > | He's edited the registry and moved on...
| >
| >
| > Surely that's the *only* way to 'fix' things if malware has caused a
| > registry alteration?
|
| If the program was out of date and perhaps misidentifying a malware
| instance, what other settings might it have missed correcting? It
would
| be better to confirm or deny the use of the most recent version of the
| removal program. What if version 'b' edits the registry *and* drops
| another malware item and version 'a' gets identified and removed?
Sure,
| he can manually edit the registry entry he finds amiss back to what it
| should be, but it would be better to execute an updated version of
MBAM
| or another removal tool such as SAS.


What if MBAM itself was dropping a malware item after cleaning a
machine?

Who would ever know?

SAS might do likewise!

Just a thought!

--
Dave



Re: Virus Disabled System Restore & Windows Security





|| >
|| >
|| > | He's edited the registry and moved on...
|| >
|| >
|| > Surely that's the *only* way to 'fix' things if malware has caused a
|| > registry alteration?

|| If the program was out of date and perhaps misidentifying a malware
|| instance, what other settings might it have missed correcting? It
| would
|| be better to confirm or deny the use of the most recent version of the
|| removal program. What if version 'b' edits the registry *and* drops
|| another malware item and version 'a' gets identified and removed?
| Sure,
|| he can manually edit the registry entry he finds amiss back to what it
|| should be, but it would be better to execute an updated version of
| MBAM
|| or another removal tool such as SAS.


| What if MBAM itself was dropping a malware item after cleaning a
| machine?

| Who would ever know?

| SAS might do likewise!

| Just a thought!

That "thought" is called FUD.  Your process is called trolling.

You are deliberately introducing Fear Uncertainty and Doubt when there is none.

You say "Who would ever know?"
There is a large body within the anti malware community that does checks and
balances and
they "know".

MBAM and SAS do *NOT* drop malware!

EoD

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security




[...]

Quoted text here. Click to load it

*Someone* would soon discover it - we covered this possibility already
in a previous discussion.

[...]



Re: Virus Disabled System Restore & Windows Security




|
| [...]
|
| > What if MBAM itself was dropping a malware item after cleaning a
| > machine?
| >
| > Who would ever know?
|
| *Someone* would soon discover it - we covered this possibility already
| in a previous discussion.
|
| [...]

Perhaps you are right ........... perhaps not! ;-)

I'd really like to know just *who* in the anti-malware community has
actually carried out such a check and where a 'clean bill of health' has
been posted for inspection. Has such an independent check been carried
out?

Maybe Malwarebytes itself should commission an independent check by a
reputable organisation (how about Sophos?) and have the results posted
on the 'net to which anyone might refer if concerned about the
organisation's integrity.



Re: Virus Disabled System Restore & Windows Security



@news.eternal-september.org:

Quoted text here. Click to load it

BD, you seem to be the only person voicing that he may not trust the
program. In that event, perhaps you yourself should pay to have an
independent lab do the work you so desperatly want done. On your dime, as
I see no reason for malwarebytes to spend unneccessary funds to prove
what everyone else already knows; it's a safe and reliable program.



--
Are you a former BBSer? Want to go back in time to the old days of
ANSI and Renegade? Fire up telnet and go here then: ttb.slyip.com


Re: Virus Disabled System Restore & Windows Security



They only drop Apple malware.



| >
| >
| > | He's edited the registry and moved on...
| >
| >
| > Surely that's the *only* way to 'fix' things if malware has caused a
| > registry alteration?
|
| If the program was out of date and perhaps misidentifying a malware
| instance, what other settings might it have missed correcting? It
would
| be better to confirm or deny the use of the most recent version of the
| removal program. What if version 'b' edits the registry *and* drops
| another malware item and version 'a' gets identified and removed?
Sure,
| he can manually edit the registry entry he finds amiss back to what it
| should be, but it would be better to execute an updated version of
MBAM
| or another removal tool such as SAS.


What if MBAM itself was dropping a malware item after cleaning a
machine?

Who would ever know?

SAS might do likewise!

Just a thought!

--
Dave



Re: Virus Disabled System Restore & Windows Security




As I mentioned, I am not computer literate so I probably didn't do
things correctly.
I was infected about 3-4 months ago with an unknown virus that screwed
things up good. After running numerous anti virus programs I finally
got my PC back to normal. I didn't save or log anything (I will in the
future) as my PC was running fine. I do update the anti virus files on
a regular basis so yes, they are current.
When I posted to this group (as well as others) earlier this week I
had just noticed that I couldn't access Restore or Security Center. I
was searching the newsgroups and internet looking for a fix when I
found an article telling me what to look for in the registry. I
followed those instructions and deleted the line that was making
Restore inaccessable. Next time I will do more homework before I try
anything and I will cross post, not multi post which really seemed to
annoy some people. After reading through some suggestions from this
group I uploaded some questionable files to 2 sites that were
recommended here. They both came back with 10-25% hits for being
infected. For the heck of it I archived a 13 MB file with a bunch of
stuff that I knew was clean and uploaded to those same 2 sites. This
absolutely clean file came back witth 20-30% hits for being infected.
The one thing I've learned from this (besides NO cross posting) is
that there is evidently no way to determine what is clean and what is
not! And, I do appreciate your attempts to help me.

http://www.virustotal.com/analisis/9e252a1178ab190f8df6b628671920b2f1ca65d80e6da46c7865eaf05778047e-1274990659

http://virusscan.jotti.org/en/scanresult/115cc0f6502183072d1a9ea2737b7e3313b2bb67




On Tue, 25 May 2010 13:10:03 -0400, Doug R

Quoted text here. Click to load it


Re: Virus Disabled System Restore & Windows Security





| As I mentioned, I am not computer literate so I probably didn't do
| things correctly.
| I was infected about 3-4 months ago with an unknown virus that screwed
| things up good. After running numerous anti virus programs I finally
| got my PC back to normal. I didn't save or log anything (I will in the
| future) as my PC was running fine. I do update the anti virus files on
| a regular basis so yes, they are current.
| When I posted to this group (as well as others) earlier this week I
| had just noticed that I couldn't access Restore or Security Center. I
| was searching the newsgroups and internet looking for a fix when I
| found an article telling me what to look for in the registry. I
| followed those instructions and deleted the line that was making
| Restore inaccessable. Next time I will do more homework before I try
| anything and I will cross post, not multi post which really seemed to
| annoy some people. After reading through some suggestions from this
| group I uploaded some questionable files to 2 sites that were
| recommended here. They both came back with 10-25% hits for being
| infected. For the heck of it I archived a 13 MB file with a bunch of
| stuff that I knew was clean and uploaded to those same 2 sites. This
| absolutely clean file came back witth 20-30% hits for being infected.
| The one thing I've learned from this (besides NO cross posting) is
| that there is evidently no way to determine what is clean and what is
| not! And, I do appreciate your attempts to help me.

| http://www.virustotal.com/analisis /
| 9e252a1178ab190f8df6b628671920b2f1ca65d80e6da46c7865eaf05778047e-1274990659

|
http://virusscan.jotti.org/en/scanresult/115cc0f6502183072d1a9ea2737b7e3313b2bb67

CORRECTION:

You stated...
"The one thing I've learned from this (besides NO cross posting) is..."

Cross-Posting is good, Multi-Posting is bad.

That is Cross-Posting is good if you limit the number of groups the message goes
to and
the subject matter is On Topic for the groups being Cross-Posted to.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



Duly noted:  Cross Post.....GOOD
                      Multi Post.......BAD




On Thu, 27 May 2010 16:53:09 -0400, "David H. Lipman"

Quoted text here. Click to load it


Re: Virus Disabled System Restore & Windows Security




| Duly noted:  Cross Post.....GOOD
|                       Multi Post.......BAD

:-)



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus Disabled System Restore & Windows Security



Quoted text here. Click to load it
http://www.virustotal.com/analisis/9e252a1178ab190f8df6b628671920b2f1ca65d80e6da46c7865eaf05778047e-1274990659
Quoted text here. Click to load it
http://virusscan.jotti.org/en/scanresult/115cc0f6502183072d1a9ea2737b7e3313b2bb67
Quoted text here. Click to load it

You can thank virus writing/passing swine like Raid/Dustin
Cook for all your troubles.






























Re: Virus Disabled System Restore & Windows Security



As a footnote, I've now got 5 or 6 programs on my PC that I'm afraid
to install. They mostly come back as clean but some databases show
them as infected. I'd give 10-1 odds that they are clean but it's just
not worth the risk.
I've downloaded sandbox but being the PC boob that I am, I'm afraid
that I won't use it right and I will have to start this whole process
over again.





On Tue, 25 May 2010 13:10:03 -0400, Doug R

Quoted text here. Click to load it


Site Timeline