XP Home infected , cannot restore - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: XP Home infected , cannot restore




Quoted text here. Click to load it

Bill Clinton employed a team of Lickin Sexretaries!
(All female)

Quoted text here. Click to load it

His Holeingress mastubates to the word in Latin.
"I did not have sexual relations with that Cardinal,
Father Lewinsky."

Re: XP Home infected , cannot restore



Quoted text here. Click to load it

Absolutely! I should have said that the individuals in a group of
mediumshippers are mediums.

Q. Why did the cannibal undercook the fortune teller.
A. He liked his medium rare.



Re: XP Home infected , cannot restore






tommy wrote:
Quoted text here. Click to load it

I ran all 4 av clients in Multi-Av, and still couldn't fix it that way.
It does have a D: recovery drive, and it does appear to work.
So, thats probably what will happen, using the recovery reinstall.



Re: XP Home infected , cannot restore



How are you certain this was caused by a virus?

--



Quoted text here. Click to load it



Re: XP Home infected , cannot restore






The Central Scrutinizer wrote:
Quoted text here. Click to load it

The guy said he had experienced re-direction dating back to 6 mos ago.
He has little pc experience.
There were viruses on there. Malwarebytes took off 6 of them.
Important programs were blocked by policy [permissions], including all
antivirus pgms. [ I had to change names for any AV client to run ]
He has a restore partition, but wants to do that himself.
I was able to install gpedit, but no policies had been set.

--
Tommy






Re: XP Home infected , cannot restore



sounds like the whole operation needs to be nuked! Holy crap
on all of that!!!!

--



Quoted text here. Click to load it



Re: XP Home infected , cannot restore



On Fri, 16 Oct 2009 09:42:51 -0500, "tommy"

Quoted text here. Click to load it
    My friend, boot a nice little linux dist, move as much of your
data as you can to some other media (burn it to DVDs), then reformat,
reinstall windows. Your "executable" "open-withs" are probably all
re-directed to the bag-guy-worm/trojan.
    Not much you can do, about it. Unless you don't mind weeks and
weeks of painful cleaning-up.
    A linux dist with clamav or f-prot will probably clean up the
bad guy, but not the registry damage.
    Format.
    []'s
    Is that really 500Mb or a typo ? Or are you referring to ram ?

Re: XP Home infected , cannot restore






Shadow wrote:
Quoted text here. Click to load it

500 mb ram
I have used TRK Trinity Rescue Kit which is similar to what you suggest.
Do you know of more like TRK?

The kit is going to reinstall. He wants to do it himself. There is a drive
D: restore partition activated by hitting F10

I have gotten lots of these cleaned by using MBAM and followup by some other
gerneral purpose AV clients. This is just an unusually difficult one.



Re: XP Home infected , cannot restore



On Fri, 23 Oct 2009 22:40:48 -0500, "tommy"

Quoted text here. Click to load it
    If you are not familiar with linux it is probably the best
choice. I had a brief look at the home page and it appears to be made
for these cases. But any live-cd bootable linux dist will do, slax,
puppy, LFS, even ubuntu.
    If you have a fast connection, you can download f-prot or
Clamav and the latest databases to most of these (I'm sure you can
with ubuntu), to scan the harddisk. Not sure what TRK comes with.
Quoted text here. Click to load it
    Good. I'd scan that D: drive first. It might be where the
bad-guy is. Use the "scan all file types" option.
Quoted text here. Click to load it
    They always leave a "broken" system behind. Unless you are
keeping the data for "sentimental" purposes, I'd just reformat. I
still have DOS 6.2 on a partition, can't even boot it, it's there
because ... well, because :)
Quoted text here. Click to load it
    PS. Ignore the nasty guy. He's just a bot.

Re: XP Home infected , cannot restore






Shadow wrote:
Quoted text here. Click to load it
TRK includes ClamAV dos. and three others , you have to have the internet
connected to use the others.
I was hoping you were familiar with TRK or some others that have this
capability built in.

Quoted text here. Click to load it
Done [ not too long ago ]

Quoted text here. Click to load it



Re: XP Home infected , cannot restore



Quoted text here. Click to load it


 They have a point in a way. Their position is that since a lot of
malware downloads and installs other malware packages, combined with the
fact that no anti-virus/malware package finds and cleans ALL malware, you
can never be sure that your computer is truly clean. In effect, since you
cannot prove a negative (that your computer is NOT infected), your only
recourse is to wipe everything clean and reinstall from a known, clean
source.

 If you follow that logic just a little further, you run into other
troubling thoughts. Since new malware vectors are being found all the
time, and new malware packages that are not yet detectable are also being
released all the time, you can never _prove_ your PC is not currently
infected by some new package via a new vector. Therefore, the only
logical thing to do is to completely wipe your PC clean and reinstall
everything from a known, clean source every single day. Of course, that
is an equally silly stance.

 What it all boils down to is that you need to evaluate the situation and
decide on the apropriate action for that situation. A system that is used
for basic purposes by a home user, which has had a rogueAV installed on
it and is quickly taken off the net before it is brought to you for
cleaning is one thing. A system that handles sensitive information and/or
has multiple infections including various rootkits, policy setting
changes, etc. is another thing entirely. And then there are the available
tools issues. Those who advocate "an immediate wipe and reinstall from
backup image" are completely ignoring the fact that the vast majority of
home users never _have_ a "backup image". Hell, a lot of them don't even
have OS reinstallation disks! They bought low end machines that only have
a "recovery partition" which cannot be trusted on a badly infected
machine. On the other hand, in a corporate or educational environment
where a backup image is often immediately available, it's quicker and
easier to "cure" even a minor infection by wiping and reinstalling.

 The bottom line is you need to look at the system, evaluate the
situation and available tools, then make the best cost/benefit analysis
that you can. In some cases, a wipe and reinstall are called for. In
others a thorough cleaning may be called for.

 Anyway, that's my 2 cents worth.....



--
Rick Simon               rsimon@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

Re: XP Home infected , cannot restore






Rick wrote:
Quoted text here. Click to load it

IK



Site Timeline