If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Malware infection
I never thought it would happen to me but somehow several adware programs
have infiltrated my ME machine. Too many to recite here, but they came from running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal build 6.181 and Spybot. Both have been updated to their limits and did what they could. A Panda Titanium 2005 scan removed 4 viruses but could not remove the adware because it was an online scan. All that is left is the stubborn adware. (I removed my Norton AV based on the bad reports here and was 'tween AV's when this happened) Panda suggested the following: How to eliminate viruses and other threats completely from the restore folder. Click Start. Select Settings. Select Control Panel. Double-click on System. Select the Performance tab. Click File System. Click the Troubleshooting tab. Enable the Disable System Restore checkbox. Click Apply. Disable the Disable System Restore checkbox. Click Apply. Save the changes by clicking OK. The computer will ask you if you want to restart. Do it and when you start it again, the viruses and other threats detected will disappeared from _restore folder . Carry out a full scan of your computer using the antivirus program in order to ensure that it correctly disinfected. (I've seen this recommended in this NG before) Is this what I should do, or 2) a system restore or 3) just get an AV/malware program and run that? If so, is there a preferred way to install the AV in the presence of the malware? I hate being a bozo and realize I was carelessly unsafely browsing. Now just to get back to where I belong... Thanks to all. Bart |
#2
|
|||
|
|||
From: "Bart"
| I never thought it would happen to me but somehow several adware programs | have infiltrated my ME machine. Too many to recite here, but they came from | running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal | build 6.181 and Spybot. Both have been updated to their limits and did what | they could. A Panda Titanium 2005 scan removed 4 viruses but could not | remove the adware because it was an online scan. All that is left is the | stubborn adware. (I removed my Norton AV based on the bad reports here and | was 'tween AV's when this happened) Panda suggested the following: | | How to eliminate viruses and other threats completely from the restore | folder. | Click Start. | Select Settings. | Select Control Panel. | Double-click on System. | Select the Performance tab. | Click File System. | Click the Troubleshooting tab. | Enable the Disable System Restore checkbox. | Click Apply. | Disable the Disable System Restore checkbox. | Click Apply. | Save the changes by clicking OK. | The computer will ask you if you want to restart. Do it and when you start | it again, the viruses and other threats detected will disappeared from | _restore folder . | Carry out a full scan of your computer using the antivirus program in order | to ensure that it correctly disinfected. | | (I've seen this recommended in this NG before) | | Is this what I should do, or 2) a system restore or 3) just get an | AV/malware program and run that? If so, is there a preferred way to install | the AV in the presence of the malware? | | I hate being a bozo and realize I was carelessly unsafely browsing. Now | just to get back to where I belong... | Thanks to all. | | Bart | Ad-aware6 is no longer supported nor updated ! You need Ad-aware SE v1.05. Please follow the below instructions set... Download and install Ad-aware SE http://www.lavasoftusa.com/ Update Ad-aware with the latest definitions and then exit the software. Dump the contents of the IE Temporary Internet Folder cache (TIF) Start -- Settings -- Control Panel -- Internet Options -- Delete Files Dump the contents of the Mozilla FireFox Cache { if you use FireFox } Tools -- Options -- Privacy -- Cache -- Clear Download CLEAN.EXE from the URL -- http://www.ik-cs.com/programs/virtools/clean.exe It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file. GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to allow the FTP utility to download the needed files CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan. DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm I need you to perform the following... Execute; CLEAN.EXE Choose; Unzip Choose; Close Execute; c:\mcafee\GetFiles.BAT { or Double-click on 'GetFiles Link' in c:\mcafee } Reboot the PC into Safe Mode [F8 key during boot] Shutdown as many applications as possible ! Execute; c:\mcafee\CLEAN.BAT { or Double-click on 'Clean Link' in c:\mcafee } Execute Ad-aware SE and perform a full system scan and have the software clean/delete all parasites found. A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#3
|
|||
|
|||
In order of preference:
(1) A comprehensive cleaning process, like the one at http://rgharper.mvps.org/cleanit.htm should be tried first. (2) If you have a reasonable idea of when the infection started AND it is not too far in the past (days would be reasonable, weeks would be pushing it, months would definitely be too far out) you could try a System Restore. Under no circumstances should you flush the System Restore cache before cleaning! Never!! Ever!!! If you succeed in cleaning something and your system winds up trashed because the malware screwed up essential system files you can at least restore back to your infected-but-working state as long as you haven't flushed the SR cache. But if you flush it first and then try cleaning ... you're probably up the creek without a paddle at that point if the cleaning process goes pear-shaped. -- Richard G. Harper [MVP Shell/User] * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Bart" wrote in message ... I never thought it would happen to me but somehow several adware programs have infiltrated my ME machine. Too many to recite here, but they came from running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal build 6.181 and Spybot. Both have been updated to their limits and did what they could. A Panda Titanium 2005 scan removed 4 viruses but could not remove the adware because it was an online scan. All that is left is the stubborn adware. (I removed my Norton AV based on the bad reports here and was 'tween AV's when this happened) Panda suggested the following: How to eliminate viruses and other threats completely from the restore folder. Click Start. Select Settings. Select Control Panel. Double-click on System. Select the Performance tab. Click File System. Click the Troubleshooting tab. Enable the Disable System Restore checkbox. Click Apply. Disable the Disable System Restore checkbox. Click Apply. Save the changes by clicking OK. The computer will ask you if you want to restart. Do it and when you start it again, the viruses and other threats detected will disappeared from _restore folder . Carry out a full scan of your computer using the antivirus program in order to ensure that it correctly disinfected. (I've seen this recommended in this NG before) Is this what I should do, or 2) a system restore or 3) just get an AV/malware program and run that? If so, is there a preferred way to install the AV in the presence of the malware? I hate being a bozo and realize I was carelessly unsafely browsing. Now just to get back to where I belong... Thanks to all. Bart |
#4
|
|||
|
|||
Thanks for the procedure. I did perform the scans as you directed. I did,
however, install Panda's Titanium 2005 AV and Spyware/Adware program and scanned. It reported several infections and fixed all. However on subsequent scans with Panda and with at least 3 online scan tools, the reports were all similar to what your programs scan told me: the various Trojans and adware infections were in the C:\restore\archive\FS2947 folder, in the C:\Windows\Temp\cfin folder and in the C:\program files\Spybot-Search and Destroy\recovery folders. The McAfee report follows. 05/12/2005 19:57:25 Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /MIME /HTML "C:\MCAFEE\SCANREPORT.HTML" Scanning C: [MICRONPC] Scanning C:\*.* C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077167.CPY ... Found potentially unwanted program Adware-Websearch. C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077173.CPY ... Found potentially unwanted program Adware-Websearch. C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077197.CPY ... Found potentially unwanted program Adware-Websearch. C:\_RESTORE\ARCHIVE\FS2955.CAB\W0110929.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077043.CPY ... Found potentially unwanted program Adware-Websearch. C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077121.CPY\00025d 40.EXE ... Found potentially unwanted program Adware-abetterintrnt. C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077128.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077130.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077133.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2953.CAB\A0077270.CPY\00025d 40.EXE ... Found potentially unwanted program Adware-abetterintrnt. C:\_RESTORE\ARCHIVE\FS2954.CAB\A0077405.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2963.CAB\W0111843.CPY\W01118 43.CPY ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077533.CPY ... Found potentially unwanted program Adware-abetterintrnt. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077539.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077541.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077542.CPY ... Found potentially unwanted program Downloader-KL. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077547.CPY ... Found potentially unwanted program Adware-DFC. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077548.CPY\A00775 48.CPY\0000b470.EXE\0000b4 70.EXE ... Found the Downloader-LG.dll Trojan !!! C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077578.CPY\A00775 78.CPY ... Found potentially unwanted program Adware-EliteBar. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077581.CPY ... Found potentially unwanted program Adware-Apropos. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077590.CPY ... Found potentially unwanted program Adware-Apropos. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077597.CPY ... Found potentially unwanted program Adware-DealHelper. C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077613.CPY\A00776 13.CPY ... Found the Downloader-LG Trojan !!! C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077456.CPY\A00774 56.CPY ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077458.CPY\A00774 58.CPY ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077459.CPY\A00774 59.CPY\0000b660.EXE\0000b6 60.EXE ... Found potentially unwanted program Adware-EliteBar. C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077463.CPY\A00774 63.CPY ... Found the Downloader-LG Trojan !!! C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077465.CPY\A00774 65.CPY ... Found the Downloader-XA Trojan !!! C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077466.CPY\A00774 66.CPY ... Found the Downloader-LG.dll Trojan !!! C:\_RESTORE\ARCHIVE\FS2948.CAB\W0110393.CPY ... Found potentially unwanted program Adware-SAHAgent. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0075636.CPY ... Found the AdClicker-BA Trojan !!! C:\_RESTORE\ARCHIVE\FS2947.CAB\A0075923.CPY\A00759 23.CPY ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076233.CPY\000119 68.EXE\00011968.EXE ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076240.CPY\A00762 40.CPY ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076242.CPY\A00762 42.CPY ... Found the Generic StartPage.c Trojan !!! C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076243.CPY\A00762 43.CPY\0000b660.EXE\0000b6 60.EXE ... Found potentially unwanted program Adware-EliteBar. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076255.CPY ... Found potentially unwanted program Adware-abetterintrnt.dldr. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076368.CPY\00025d 40.EXE ... Found potentially unwanted program Adware-abetterintrnt. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076376.CPY ... Found potentially unwanted program Adware-Apropos. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076379.CPY ... Found potentially unwanted program Adware-DFC. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076385.CPY ... Found potentially unwanted program Adware-Websearch. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076402.CPY ... Found potentially unwanted program Adware-Apropos. C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076420.CPY ... Found potentially unwanted program Adware-Websearch. C:\WINDOWS\TEMP\cfin\cfin ... Found potentially unwanted program Adware-DFC. The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 77331 Clean: ................. 77206 Possibly Infected: ..... 13 Cleaned: ............... 0 Deleted: ............... 1 Non-critical Error(s): 2 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 I understand that Ad-Aware SE is very popular, but will it do more than what Panda did? Since I already owned the program but did not have it installed before the infection, I thought I would try it. My guess now is that the infections found by all scans are either residing in the restore folder or in a "quarantine" folder in Spybot and unable to cause problems unless I were to restore to that restore date. Now, Mr. Harper has also responded to my dilemma and prescribed a mode of action which I intend to follow tomorrow. Please review and give me your opinion on my status and what any possible next step should be. I should say that my machine "seem" to be OK now with no recurring symptoms so far. Thank you, Mr. Lipman, for your concern and help. Bart "David H. Lipman" wrote in message ... From: "Bart" | I never thought it would happen to me but somehow several adware programs | have infiltrated my ME machine. Too many to recite here, but they came from | running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal | build 6.181 and Spybot. Both have been updated to their limits and did what | they could. A Panda Titanium 2005 scan removed 4 viruses but could not | remove the adware because it was an online scan. All that is left is the | stubborn adware. (I removed my Norton AV based on the bad reports here and | was 'tween AV's when this happened) Panda suggested the following: | | How to eliminate viruses and other threats completely from the restore | folder. | Click Start. | Select Settings. | Select Control Panel. | Double-click on System. | Select the Performance tab. | Click File System. | Click the Troubleshooting tab. | Enable the Disable System Restore checkbox. | Click Apply. | Disable the Disable System Restore checkbox. | Click Apply. | Save the changes by clicking OK. | The computer will ask you if you want to restart. Do it and when you start | it again, the viruses and other threats detected will disappeared from | _restore folder . | Carry out a full scan of your computer using the antivirus program in order | to ensure that it correctly disinfected. | | (I've seen this recommended in this NG before) | | Is this what I should do, or 2) a system restore or 3) just get an | AV/malware program and run that? If so, is there a preferred way to install | the AV in the presence of the malware? | | I hate being a bozo and realize I was carelessly unsafely browsing. Now | just to get back to where I belong... | Thanks to all. | | Bart | Ad-aware6 is no longer supported nor updated ! You need Ad-aware SE v1.05. Please follow the below instructions set... Download and install Ad-aware SE http://www.lavasoftusa.com/ Update Ad-aware with the latest definitions and then exit the software. Dump the contents of the IE Temporary Internet Folder cache (TIF) Start -- Settings -- Control Panel -- Internet Options -- Delete Files Dump the contents of the Mozilla FireFox Cache { if you use FireFox } Tools -- Options -- Privacy -- Cache -- Clear Download CLEAN.EXE from the URL -- http://www.ik-cs.com/programs/virtools/clean.exe It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file. GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to allow the FTP utility to download the needed files CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan. DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm I need you to perform the following... Execute; CLEAN.EXE Choose; Unzip Choose; Close Execute; c:\mcafee\GetFiles.BAT { or Double-click on 'GetFiles Link' in c:\mcafee } Reboot the PC into Safe Mode [F8 key during boot] Shutdown as many applications as possible ! Execute; c:\mcafee\CLEAN.BAT { or Double-click on 'Clean Link' in c:\mcafee } Execute Ad-aware SE and perform a full system scan and have the software clean/delete all parasites found. A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#5
|
|||
|
|||
From: "Bart"
| Thanks for the procedure. I did perform the scans as you directed. I did, | however, install Panda's Titanium 2005 AV and Spyware/Adware program and | scanned. It reported several infections and fixed all. However on | subsequent scans with Panda and with at least 3 online scan tools, the | reports were all similar to what your programs scan told me: the various | Trojans and adware infections were in the C:\restore\archive\FS2947 folder, | in the C:\Windows\Temp\cfin folder and in the C:\program files\Spybot-Search | and Destroy\recovery folders. The McAfee report follows. | | 05/12/2005 19:57:25 | | Options: McAfee CLS snipped | I understand that Ad-Aware SE is very popular, but will it do more than what | Panda did? Since I already owned the program but did not have it installed | before the infection, I thought I would try it. My guess now is that the | infections found by all scans are either residing in the restore folder or | in a "quarantine" folder in Spybot and unable to cause problems unless I | were to restore to that restore date. Now, Mr. Harper has also responded | to my dilemma and prescribed a mode of action which I intend to follow | tomorrow. | | Please review and give me your opinion on my status and what any possible | next step should be. I should say that my machine "seem" to be OK now with | no recurring symptoms so far. | | Thank you, Mr. Lipman, for your concern and help. | | Bart Bart: Please, call me Dave. ;-) The vast majority were in the System Restore cache. Only one infector was found in the TEMP folder. Basically your System Restore cache is full of sh!t. If you were to restore to a previous Restore Point you will get infected. You should use Ad-aware SE and perform an full scan, deep scan, of the computer. Since you indicate your PC is working OK, it would definitely be best to dump the cache and then re-enable it. It is my suggestion that you dump the contents of the System Restore cache by disabling it, rebooting and then re-enabling it with a cache size from 400~600MB. I would also suggest cleaning the TEMP folder. Much of what was found in the System Restore cache were non-viral malware. The rest were Trojans. McAfee is geared towards viral malware but, as you see, it can find many forms of malware. Panda is like McAfee, in that it is geared towards viral malware Since McAfee and Panda are *better* at viruses than adware/spyware it is suggested that you scan using Ad-aware SE v1.05 -- http://www.lavasoftusa.com/ which is geared for adware/spyware and not viruses. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#6
|
|||
|
|||
Dave,
I appreciate your modesty as much as I appreciate your assistance. However, your concern and advice indicate you are certainly worthy of a "Mister". Thank you. I will obtain Ad-Aware SE 1.05 and do the deep scans and flush the System Restore cache and hopefully "get back to where I belong". One question: With all the maneuvering and ups and downs and stress of using cleaners and scanners and whatever to remove malware, when is it just as easy to fdisk/mbr, format and reinstall? The Win9x family tends to get constipated over time and a colonic, so to speak, seems to be the best prescription. That way all the detritus that one thinks they need is gone, and the OS is clean, simple and speedy. I once thought I needed umpteen fonts and cute little programs that looked nice but did little. One time down the format avenue and I now use only the basic fonts and store only *.doc, *.qpw, etc which are backed up anyway. All my pictures are on CD and any music is burned and jewel-cased. Can this be the best way to go? K-I-S-S (keep it simple, stupid) is my motto now. Thanks again. (cold and snowy here in the northern plains of USA, 12 inches of white wet stuff) Bart "David H. Lipman" wrote in message ... From: "Bart" | Thanks for the procedure. I did perform the scans as you directed. I did, | however, install Panda's Titanium 2005 AV and Spyware/Adware program and | scanned. It reported several infections and fixed all. However on | subsequent scans with Panda and with at least 3 online scan tools, the | reports were all similar to what your programs scan told me: the various | Trojans and adware infections were in the C:\restore\archive\FS2947 folder, | in the C:\Windows\Temp\cfin folder and in the C:\program files\Spybot-Search | and Destroy\recovery folders. The McAfee report follows. | | 05/12/2005 19:57:25 | | Options: McAfee CLS snipped | I understand that Ad-Aware SE is very popular, but will it do more than what | Panda did? Since I already owned the program but did not have it installed | before the infection, I thought I would try it. My guess now is that the | infections found by all scans are either residing in the restore folder or | in a "quarantine" folder in Spybot and unable to cause problems unless I | were to restore to that restore date. Now, Mr. Harper has also responded | to my dilemma and prescribed a mode of action which I intend to follow | tomorrow. | | Please review and give me your opinion on my status and what any possible | next step should be. I should say that my machine "seem" to be OK now with | no recurring symptoms so far. | | Thank you, Mr. Lipman, for your concern and help. | | Bart Bart: Please, call me Dave. ;-) The vast majority were in the System Restore cache. Only one infector was found in the TEMP folder. Basically your System Restore cache is full of sh!t. If you were to restore to a previous Restore Point you will get infected. You should use Ad-aware SE and perform an full scan, deep scan, of the computer. Since you indicate your PC is working OK, it would definitely be best to dump the cache and then re-enable it. It is my suggestion that you dump the contents of the System Restore cache by disabling it, rebooting and then re-enabling it with a cache size from 400~600MB. I would also suggest cleaning the TEMP folder. Much of what was found in the System Restore cache were non-viral malware. The rest were Trojans. McAfee is geared towards viral malware but, as you see, it can find many forms of malware. Panda is like McAfee, in that it is geared towards viral malware Since McAfee and Panda are *better* at viruses than adware/spyware it is suggested that you scan using Ad-aware SE v1.05 -- http://www.lavasoftusa.com/ which is geared for adware/spyware and not viruses. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#7
|
|||
|
|||
From: "Bart"
| Dave, | I appreciate your modesty as much as I appreciate your assistance. | However, your concern and advice indicate you are certainly worthy of a | "Mister". Thank you. | I will obtain Ad-Aware SE 1.05 and do the deep scans and flush the | System Restore cache and hopefully "get back to where I belong". One | question: With all the maneuvering and ups and downs and stress of using | cleaners and scanners and whatever to remove malware, when is it just as | easy to fdisk/mbr, format and reinstall? The Win9x family tends to get | constipated over time and a colonic, so to speak, seems to be the best | prescription. That way all the detritus that one thinks they need is gone, | and the OS is clean, simple and speedy. I once thought I needed umpteen | fonts and cute little programs that looked nice but did little. One time | down the format avenue and I now use only the basic fonts and store only | *.doc, *.qpw, etc which are backed up anyway. All my pictures are on CD and | any music is burned and jewel-cased. Can this be the best way to go? | K-I-S-S (keep it simple, stupid) is my motto now. | Thanks again. (cold and snowy here in the northern plains of USA, 12 | inches of white wet stuff) | | Bart Bart: Please, call me Dave. I am here to help but I am informal. If you have *all* your data on backup media then the decision to wipe the hard disk and reinstall the software is purly your choice. There are some locations you may not have thought of that should be backed up... c:\My Documents c:\WINDOWS\All Users c:\WINDOWS\Application Data c:\WINDOWS\Desktop c:\WINDOWS\Favorites c:\WINDOWS\Start Menu If you want to spend the time installing, updating and restoring data that's your decision. I can't make it for you. However, you should NOT reinstall WinME and all updates without making sure you have a recent version of anti virus software running and a copy of Ad-aware SE installed. This will help you to prevent being in this position 6 months or so later down the road. I also suggest you read about Safe Hex practices. http://www.claymania.com/safe-hex.html BTW: You have my sympathies on the weather. Except for a brisk and cool wind coming off the Atlantic Ocean, it is a beautiful Spring day here on the Jersey shore. { see attached } -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#8
|
|||
|
|||
First of all, I apologize for being tardy in replying. It has been a zoo
here. I went to your site and followed the procedure as you outline it. I can say to all interested that the procedure is concise and filled with common sense. I had used Dave's program earlier and with yours I was able to confirm that the infection has been taken care of. A/V is installed and updated, Ad-Aware SE is up and running, Spybot has been executed twice and no trace of any malware is evident. I did purge the System Restore cache once I was sure my machine was clean. In addition, a firewall was installed as well. Thank you for responding to my dilemma and offering great advice. Dumping the restore would have been disastrous as I was advised from outside this NG. I can trust you folks to the n-th degree! Bart "Richard G. Harper" wrote in message ... In order of preference: (1) A comprehensive cleaning process, like the one at http://rgharper.mvps.org/cleanit.htm should be tried first. (2) If you have a reasonable idea of when the infection started AND it is not too far in the past (days would be reasonable, weeks would be pushing it, months would definitely be too far out) you could try a System Restore. Under no circumstances should you flush the System Restore cache before cleaning! Never!! Ever!!! If you succeed in cleaning something and your system winds up trashed because the malware screwed up essential system files you can at least restore back to your infected-but-working state as long as you haven't flushed the SR cache. But if you flush it first and then try cleaning ... you're probably up the creek without a paddle at that point if the cleaning process goes pear-shaped. -- Richard G. Harper [MVP Shell/User] * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Bart" wrote in message ... I never thought it would happen to me but somehow several adware programs have infiltrated my ME machine. Too many to recite here, but they came from running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal build 6.181 and Spybot. Both have been updated to their limits and did what they could. A Panda Titanium 2005 scan removed 4 viruses but could not remove the adware because it was an online scan. All that is left is the stubborn adware. (I removed my Norton AV based on the bad reports here and was 'tween AV's when this happened) Panda suggested the following: How to eliminate viruses and other threats completely from the restore folder. Click Start. Select Settings. Select Control Panel. Double-click on System. Select the Performance tab. Click File System. Click the Troubleshooting tab. Enable the Disable System Restore checkbox. Click Apply. Disable the Disable System Restore checkbox. Click Apply. Save the changes by clicking OK. The computer will ask you if you want to restart. Do it and when you start it again, the viruses and other threats detected will disappeared from _restore folder . Carry out a full scan of your computer using the antivirus program in order to ensure that it correctly disinfected. (I've seen this recommended in this NG before) Is this what I should do, or 2) a system restore or 3) just get an AV/malware program and run that? If so, is there a preferred way to install the AV in the presence of the malware? I hate being a bozo and realize I was carelessly unsafely browsing. Now just to get back to where I belong... Thanks to all. Bart |
#9
|
|||
|
|||
I'm glad I was able to help you get your problems cleared up.
-- Richard G. Harper [MVP Shell/User] * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Bart" wrote in message ... First of all, I apologize for being tardy in replying. It has been a zoo here. I went to your site and followed the procedure as you outline it. I can say to all interested that the procedure is concise and filled with common sense. I had used Dave's program earlier and with yours I was able to confirm that the infection has been taken care of. A/V is installed and updated, Ad-Aware SE is up and running, Spybot has been executed twice and no trace of any malware is evident. I did purge the System Restore cache once I was sure my machine was clean. In addition, a firewall was installed as well. Thank you for responding to my dilemma and offering great advice. Dumping the restore would have been disastrous as I was advised from outside this NG. I can trust you folks to the n-th degree! Bart "Richard G. Harper" wrote in message ... In order of preference: (1) A comprehensive cleaning process, like the one at http://rgharper.mvps.org/cleanit.htm should be tried first. (2) If you have a reasonable idea of when the infection started AND it is not too far in the past (days would be reasonable, weeks would be pushing it, months would definitely be too far out) you could try a System Restore. Under no circumstances should you flush the System Restore cache before cleaning! Never!! Ever!!! If you succeed in cleaning something and your system winds up trashed because the malware screwed up essential system files you can at least restore back to your infected-but-working state as long as you haven't flushed the SR cache. But if you flush it first and then try cleaning ... you're probably up the creek without a paddle at that point if the cleaning process goes pear-shaped. -- Richard G. Harper [MVP Shell/User] * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Bart" wrote in message ... I never thought it would happen to me but somehow several adware programs have infiltrated my ME machine. Too many to recite here, but they came from running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal build 6.181 and Spybot. Both have been updated to their limits and did what they could. A Panda Titanium 2005 scan removed 4 viruses but could not remove the adware because it was an online scan. All that is left is the stubborn adware. (I removed my Norton AV based on the bad reports here and was 'tween AV's when this happened) Panda suggested the following: How to eliminate viruses and other threats completely from the restore folder. Click Start. Select Settings. Select Control Panel. Double-click on System. Select the Performance tab. Click File System. Click the Troubleshooting tab. Enable the Disable System Restore checkbox. Click Apply. Disable the Disable System Restore checkbox. Click Apply. Save the changes by clicking OK. The computer will ask you if you want to restart. Do it and when you start it again, the viruses and other threats detected will disappeared from _restore folder . Carry out a full scan of your computer using the antivirus program in order to ensure that it correctly disinfected. (I've seen this recommended in this NG before) Is this what I should do, or 2) a system restore or 3) just get an AV/malware program and run that? If so, is there a preferred way to install the AV in the presence of the malware? I hate being a bozo and realize I was carelessly unsafely browsing. Now just to get back to where I belong... Thanks to all. Bart |
#10
|
|||
|
|||
I congratulate you for having the exceptional good sense to follow Messrs.
Lipman and Harpers' good advice. Symantec's advice, and that from others, to purge the WinME System Restore cache, PRIOR to ensuring that the system is running well, amounts to criminal negligence, IMO. As Mike M has repeatedly pointed out, SR maybe all that is left with which to recover, in some particularly bad situations. Throwing out the parachute before one is on the ground is a sure recipe for disaster. So, kudos to you, for doing the right thing here, Bart. -- Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS Help us help you: http://www.dts-L.org/goodpost.htm In Memorium: Alex Nichol http://www.microsoft.com/windowsxp/e...ts/nichol.mspx Your cooperation is very appreciated. ------ "Bart" wrote in message ... First of all, I apologize for being tardy in replying. It has been a zoo here. I went to your site and followed the procedure as you outline it. I can say to all interested that the procedure is concise and filled with common sense. I had used Dave's program earlier and with yours I was able to confirm that the infection has been taken care of. A/V is installed and updated, Ad-Aware SE is up and running, Spybot has been executed twice and no trace of any malware is evident. I did purge the System Restore cache once I was sure my machine was clean. In addition, a firewall was installed as well. Thank you for responding to my dilemma and offering great advice. Dumping the restore would have been disastrous as I was advised from outside this NG. I can trust you folks to the n-th degree! Bart "Richard G. Harper" wrote in message ... In order of preference: (1) A comprehensive cleaning process, like the one at http://rgharper.mvps.org/cleanit.htm should be tried first. (2) If you have a reasonable idea of when the infection started AND it is not too far in the past (days would be reasonable, weeks would be pushing it, months would definitely be too far out) you could try a System Restore. Under no circumstances should you flush the System Restore cache before cleaning! Never!! Ever!!! If you succeed in cleaning something and your system winds up trashed because the malware screwed up essential system files you can at least restore back to your infected-but-working state as long as you haven't flushed the SR cache. But if you flush it first and then try cleaning ... you're probably up the creek without a paddle at that point if the cleaning process goes pear-shaped. -- Richard G. Harper [MVP Shell/User] * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Bart" wrote in message ... I never thought it would happen to me but somehow several adware programs have infiltrated my ME machine. Too many to recite here, but they came from running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal build 6.181 and Spybot. Both have been updated to their limits and did what they could. A Panda Titanium 2005 scan removed 4 viruses but could not remove the adware because it was an online scan. All that is left is the stubborn adware. (I removed my Norton AV based on the bad reports here and was 'tween AV's when this happened) Panda suggested the following: How to eliminate viruses and other threats completely from the restore folder. Click Start. Select Settings. Select Control Panel. Double-click on System. Select the Performance tab. Click File System. Click the Troubleshooting tab. Enable the Disable System Restore checkbox. Click Apply. Disable the Disable System Restore checkbox. Click Apply. Save the changes by clicking OK. The computer will ask you if you want to restart. Do it and when you start it again, the viruses and other threats detected will disappeared from _restore folder . Carry out a full scan of your computer using the antivirus program in order to ensure that it correctly disinfected. (I've seen this recommended in this NG before) Is this what I should do, or 2) a system restore or 3) just get an AV/malware program and run that? If so, is there a preferred way to install the AV in the presence of the malware? I hate being a bozo and realize I was carelessly unsafely browsing. Now just to get back to where I belong... Thanks to all. Bart |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Virus scans and safe mode | Earl | General | 15 | November 22nd 05 01:24 AM |
System always "NOT RESPONDING" | Francis Chew | General | 5 | April 23rd 05 01:33 PM |
Malware attacks AntiSpyware Beta Program | Dan | General | 2 | February 14th 05 03:15 AM |
Malwa There is no 'silver bullet' solution (webcast) | PA Bear | General | 0 | September 22nd 04 07:48 PM |
?Unremovable malware, continued 302 kb sys file additions | pjd190 | Internet | 2 | June 27th 04 06:06 AM |