Loading ...
Sorry, an error occurred while loading the content.

OT: virus problem

Expand Messages
  • Evan Koblentz
    I m helping a non-technical friend* to rid his computer of malware. He s got XP SP 2. I started by removing all of his obvious crapware and P2P apps. I
    Message 1 of 20 , Apr 30, 2009
    • 0 Attachment
      I'm helping a non-technical friend* to rid his computer of malware.
      He's got XP SP 2.

      I started by removing all of his obvious crapware and P2P apps. I
      enabled his firewall (it was wide open) and disable a zillion TSR
      programs. Also removed his numerous and overlapping security apps, some
      of which looked like they could be malware!!

      I installed my favorite anti-malware program (Spybot) and it caught and
      zapped more than a dozen problems. Good stuff.

      Then I tried to install my favorite A-V program (Avast). It wasn't able
      to complete the installation; apparently the existing viruses blocked
      it. So I called Kelly and had him download the installation file and
      host it using a fake name. Then I was able to download that directly
      and run it. It found and fixed 23 viruses (not a typo!)

      Two pieces of malware remain, which I haven't yet cured:
      - win32.agent.pz
      - pws.ldpinchie

      I found many Google results for both of these, but most of the results
      just say, "Try using XYZ proprietary software" .... practically one of
      the results say, "Here is a known-good fix."

      Any tips?

      * By "friend" I mean that quite literally. LOL, it's not me and my PC,
      under an assumed name. :)
    • Sridhar Ayengar
      ... Run the fix under safe mode. Peace... Sridhar
      Message 2 of 20 , Apr 30, 2009
      • 0 Attachment
        Evan Koblentz wrote:
        > I'm helping a non-technical friend* to rid his computer of malware.
        > He's got XP SP 2.
        >
        > I started by removing all of his obvious crapware and P2P apps. I
        > enabled his firewall (it was wide open) and disable a zillion TSR
        > programs. Also removed his numerous and overlapping security apps, some
        > of which looked like they could be malware!!
        >
        > I installed my favorite anti-malware program (Spybot) and it caught and
        > zapped more than a dozen problems. Good stuff.
        >
        > Then I tried to install my favorite A-V program (Avast). It wasn't able
        > to complete the installation; apparently the existing viruses blocked
        > it. So I called Kelly and had him download the installation file and
        > host it using a fake name. Then I was able to download that directly
        > and run it. It found and fixed 23 viruses (not a typo!)
        >
        > Two pieces of malware remain, which I haven't yet cured:
        > - win32.agent.pz
        > - pws.ldpinchie
        >
        > I found many Google results for both of these, but most of the results
        > just say, "Try using XYZ proprietary software" .... practically one of
        > the results say, "Here is a known-good fix."
        >
        > Any tips?
        >
        > * By "friend" I mean that quite literally. LOL, it's not me and my PC,
        > under an assumed name. :)

        Run the fix under safe mode.

        Peace... Sridhar
      • B Degnan
        ... We talked about that...Evan did you try deleting the files under safe mode? You may have done this already but: 1. Run your anti-spyware program in safe
        Message 3 of 20 , Apr 30, 2009
        • 0 Attachment

          
          Two pieces of malware remain, which I haven't yet cured:
          - win32.agent.pz
          - pws.ldpinchie
          
          I found many Google results for both of these, but most of the results 
          just say, "Try using XYZ proprietary software" .... practically one of 
          the results say, "Here is a known-good fix."
          
          Any tips?
          
          * By "friend" I mean that quite literally.  LOL, it's not me and my PC, 
          under an assumed name.  :)
              
          Run the fix under safe mode.
          
          Peace...  Sridhar
          
          
            
          We talked about that...Evan did you try deleting the files under safe mode? 

          You may have done this already but:

          1.  Run your anti-spyware program in safe mode, that would give better results. 

          2.  Also in safe mode, go into msconfig (RUN "msconfig")
          Locate the startup folder, and look up every single program that is listed in the startup section.  uncheck everything you can and then reboot in normal mode.  Remember that spyware masquerades as legit programs, so you may have to uncheck a few things that are legit to experiment.    You'll get an error message when you reboot, but turn that off.

          3.  Each time you remove a program, reboot.  You may have to reboot 20 times before you're done cleaning everything out. 

          4.  If it were me, I would reformat the system and rebuild the OS, faster.  I assume you can back up the data.

          Bill
        • evan@snarc.net
          ... I don t think that will help. From what I read, the virus in question activates as soon as Windows starts.
          Message 4 of 20 , Apr 30, 2009
          • 0 Attachment
            >>> Run the fix under safe mode.

            I don't think that will help. From what I read, the virus in question activates as soon as Windows starts.
          • Bill Degnan
            In regular mode. ... activates as soon as Windows starts.
            Message 5 of 20 , Apr 30, 2009
            • 0 Attachment
              In regular mode.

              -------- Original Message --------
              > From: evan@...
              > Sent: Thursday, April 30, 2009 11:03 AM
              > To: "Yahoo MARCH Yahoo" <midatlanticretro@yahoogroups.com>
              > Subject: Re: [midatlanticretro] OT: virus problem
              >
              > >>> Run the fix under safe mode.
              >
              > I don't think that will help. From what I read, the virus in question
              activates as soon as Windows starts.
              >
              >
              > ------------------------------------
              >
              > Yahoo! Groups Links
              >
              >
              >
            • Sridhar Ayengar
              ... But it won t in Safe Mode, unless the kernel has been patched, in which case you re screwed anyway. Peace... Sridhar
              Message 6 of 20 , Apr 30, 2009
              • 0 Attachment
                evan@... wrote:
                >>>> Run the fix under safe mode.
                >
                > I don't think that will help. From what I read, the virus in question activates as soon as Windows starts.

                But it won't in Safe Mode, unless the kernel has been patched, in which
                case you're screwed anyway.

                Peace... Sridhar
              • Kelly D. Leavitt
                I ve had OK luck on some of these troublesome ones by pulling the drive and connecting it using one of those really cheap USB/IDE adapter cables. Start a known
                Message 7 of 20 , Apr 30, 2009
                • 0 Attachment
                  I've had OK luck on some of these troublesome ones by pulling the drive and connecting it using one of those really cheap USB/IDE adapter cables. Start a known good computer, make sure AUTO RUN is not on, then plug the drive/adapter into the known good machine. Scan from there.

                  Kelly

                  -----Original Message-----
                  From: midatlanticretro@yahoogroups.com on behalf of Sridhar Ayengar
                  Sent: Thu 4/30/2009 1:35 PM
                  To: midatlanticretro@yahoogroups.com
                  Cc:
                  Subject: Re: [midatlanticretro] OT: virus problem





                  evan@... <mailto:evan%40snarc.net> wrote:
                  >>>> Run the fix under safe mode.
                  >
                  > I don't think that will help. From what I read, the virus in question activates as soon as Windows starts.

                  But it won't in Safe Mode, unless the kernel has been patched, in which
                  case you're screwed anyway.

                  Peace... Sridhar
                • Bill Degnan
                  ... activates as soon as Windows starts. ... If you re trying to avoid formatting and rebuilding the OS (which is the best solution) because you don t have a
                  Message 8 of 20 , Apr 30, 2009
                  • 0 Attachment
                    > >>>> Run the fix under safe mode.
                    > >
                    > > I don't think that will help. From what I read, the virus in question
                    activates as soon as Windows starts.
                    >
                    > But it won't in Safe Mode, unless the kernel has been patched, in which
                    > case you're screwed anyway.
                    >

                    If you're trying to avoid formatting and rebuilding the OS (which is the
                    best solution) because you don't have a data backup or for some other
                    reason, running the fix programs in safe mode is at least worth a try.

                    bd
                  • Bill Degnan
                    ... and connecting it using one of those really cheap USB/IDE adapter cables. Start a known good computer, make sure AUTO RUN is not on, then plug the
                    Message 9 of 20 , Apr 30, 2009
                    • 0 Attachment
                      >
                      > I've had OK luck on some of these troublesome ones by pulling the drive
                      and connecting it using one of those really cheap USB/IDE adapter cables.
                      Start a known good computer, make sure AUTO RUN is not on, then plug the
                      drive/adapter into the known good machine. Scan from there.
                      >

                      that's a good idea too.
                    • evan@snarc.net
                      ... Three reasons -- not my computer, already promised I d be able to fix it, and the best reason of all -- man v machine and I don t like to lose!!
                      Message 10 of 20 , Apr 30, 2009
                      • 0 Attachment
                        >>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason

                        Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                      • Bill Dromgoole
                        ... From: To: Yahoo MARCH Yahoo Sent: Thursday, April 30, 2009 2:08 PM Subject: Re: [midatlanticretro]
                        Message 11 of 20 , Apr 30, 2009
                        • 0 Attachment
                          ----- Original Message -----
                          From: <evan@...>
                          To: " Yahoo MARCH Yahoo" <midatlanticretro@yahoogroups.com>
                          Sent: Thursday, April 30, 2009 2:08 PM
                          Subject: Re: [midatlanticretro] OT: virus problem


                          >>> If you're trying to avoid formatting and rebuilding the OS (which is the
                          >>> best solution) because you don't have a data backup or for some other reason

                          Three reasons -- not my computer, already promised I'd be able to fix it, and
                          the best reason of all -- man v machine and I don't like to lose!!


                          ------------------------------------
                          I like Kelly's idea.

                          "I've had OK luck on some of these troublesome ones by pulling the drive and
                          connecting it using one of those really cheap USB/IDE adapter cables. Start a
                          known good computer, make sure AUTO RUN is not on, then plug the drive/adapter
                          into the known good machine. Scan from there.

                          Kelly"

                          I never tried it that way but none of the files would be in use and the virus
                          code would not be running.
                          It sounds good, only question is --- Is there any risk of infecting the host
                          system?

                          Bill Dromgoole
                        • Kelly D. Leavitt
                          ... I like Kelly s idea. I ve had OK luck on some of these troublesome ones by pulling the drive and connecting it using one of those really cheap USB/IDE
                          Message 12 of 20 , Apr 30, 2009
                          • 0 Attachment
                             
                             
                          • Kelly D. Leavitt
                            ... If you do anything other than scan it, then yes there is a chance. I have a plain vanilla XP Pro machine here that is nothing other than the OS, SP3, and
                            Message 13 of 20 , Apr 30, 2009
                            • 0 Attachment
                              > ------------------------------------
                              > I like Kelly's idea.
                              >
                              >> "I've had OK luck on some of these troublesome ones by pulling the drive and
                              >> connecting it using one of those really cheap USB/IDE adapter cables. Start a
                              >> known good computer, make sure AUTO RUN is not on, then plug the drive/adapter
                              >> into the known good machine. Scan from there.
                              >>
                              >> Kelly"

                              > I never tried it that way but none of the files would be in use and the virus
                              > code would not be running.
                              > It sounds good, only question is --- Is there any risk of infecting the host
                              > system?
                              >
                              > Bill Dromgoole .

                              If you do anything other than scan it, then yes there is a chance. I have a plain vanilla XP Pro machine here that is nothing other than the OS, SP3, and security updates. I try to use this machine for scanning in severe cases. I have not buggered it up yet, but just in case...

                              Kelly
                            • madodel
                              ... Well the one good thing is all this feverish activity makes me appreciate that I don t run any microsoft anything here. :-) Good luck. Advise them in the
                              Message 14 of 20 , Apr 30, 2009
                              • 0 Attachment
                                evan@... wrote:
                                >>>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason
                                >
                                > Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                                >

                                Well the one good thing is all this feverish activity makes me appreciate
                                that I don't run any microsoft anything here. :-) Good luck. Advise them
                                in the future to buy a Mac or install Linux. No one needs this headache
                                any more.

                                Mark
                              • Jeffrey Frady
                                That is just ignorance. If you can t handle an OS, simply moving to another doesn t solve the problem, it avoids it. I use Windows Vista/XP, Linux, and Mac OS
                                Message 15 of 20 , Apr 30, 2009
                                • 0 Attachment
                                  That is just ignorance.

                                  If you can't handle an OS, simply moving to another doesn't solve the problem, it avoids it.  I use Windows Vista/XP, Linux, and Mac OS X daily.  I appreciate them all equally.

                                  PS: I'm not trying to start a flame war or anything.  Just stating my opinion.

                                  On Thu, Apr 30, 2009 at 8:13 PM, madodel <madodel@...> wrote:


                                  evan@... wrote:
                                  >>>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason
                                  >
                                  > Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                                  >

                                  Well the one good thing is all this feverish activity makes me appreciate
                                  that I don't run any microsoft anything here. :-) Good luck. Advise them
                                  in the future to buy a Mac or install Linux. No one needs this headache
                                  any more.

                                  Mark




                                  --
                                  See you space cowboy...
                                • Evan Koblentz
                                  I m shocked that Mark suggested Linux and not OS/2! :)
                                  Message 16 of 20 , Apr 30, 2009
                                  • 0 Attachment
                                    I'm shocked that Mark suggested Linux and not OS/2!  :)

                                    That is just ignorance.

                                    If you can't handle an OS, simply moving to another doesn't solve the problem, it avoids it.  I use Windows Vista/XP, Linux, and Mac OS X daily.  I appreciate them all equally.

                                    PS: I'm not trying to start a flame war or anything.  Just stating my opinion.

                                    On Thu, Apr 30, 2009 at 8:13 PM, madodel <madodel@...> wrote:


                                    evan@... wrote:
                                    >>>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason
                                    >
                                    > Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                                    >

                                    Well the one good thing is all this feverish activity makes me appreciate
                                    that I don't run any microsoft anything here. :-) Good luck. Advise them
                                    in the future to buy a Mac or install Linux. No one needs this headache
                                    any more.

                                    Mark




                                    --
                                    See you space cowboy...

                                  • madodel
                                    ... It is not ignorance, it is plain fact. Some folks just can t handle that and I can appreciate that. ... Bully for you. But Macs, Linux (and to make
                                    Message 17 of 20 , Apr 30, 2009
                                    • 0 Attachment
                                      Jeffrey Frady wrote:
                                      >
                                      >
                                      > That is just ignorance.
                                      >

                                      It is not ignorance, it is plain fact. Some folks just can't handle that
                                      and I can appreciate that.

                                      > If you can't handle an OS, simply moving to another doesn't solve the
                                      > problem, it avoids it. I use Windows Vista/XP, Linux, and Mac OS X
                                      > daily. I appreciate them all equally.

                                      Bully for you. But Macs, Linux (and to make Evan happy) OS/2-eCS don't
                                      have these problems. You are free to believe what you wish. Personally
                                      I'm tired of reading about "computer" or "pc" viruses, when they are all
                                      microsoft related.

                                      >
                                      > PS: I'm not trying to start a flame war or anything. Just stating my
                                      > opinion.
                                      >

                                      And no flamewar was intended on my part since it was directed to Evan and
                                      he is appreciative of my low opinion of poorly designed software. However
                                      you are the one using inflammatory language.

                                      Mark
                                    • Dan Roganti
                                      madodel wrote: Bully for you. But Macs, Linux (and to make Evan happy) OS/2-eCS don t have these problems. You are free to believe what you wish. Personally
                                      Message 18 of 20 , May 1 5:12 AM
                                      • 0 Attachment


                                        madodel wrote:
                                        Bully for you.  But Macs, Linux (and to make Evan happy) OS/2-eCS don't 
                                        have these problems.  You are free to believe what you wish.  Personally 
                                        I'm tired of reading about "computer" or "pc" viruses, when they are all 
                                        microsoft related.
                                          
                                        The reason there's more of this is basically more people hate Microsoft and try to sabotage their OS.
                                        None of these 'personal' operating systems are virus-proof

                                        The virus threat to Linux
                                        How to write a Linux virus in 5 easy steps

                                        Apple Admits Virus Threat, Recommends Antivirus Utilities
                                        OSX/Puper.a   trojan which pretends to be a  HDTV player

                                        =Dan
                                        [ = http://www2.applegate.org/~ragooman/   ]


                                      • Kelly D. Leavitt
                                        Apple - Security through obscurity. ... From: midatlanticretro@yahoogroups.com on behalf of Dan Roganti Sent: Fri 5/1/2009 8:12 AM To:
                                        Message 19 of 20 , May 1 6:19 AM
                                        • 0 Attachment
                                          Apple -> Security through obscurity.

                                          -----Original Message-----
                                          From: midatlanticretro@yahoogroups.com on behalf of Dan Roganti
                                          Sent: Fri 5/1/2009 8:12 AM
                                          To: midatlanticretro@yahoogroups.com
                                          Cc:
                                          Subject: Re: [midatlanticretro] OT: virus problem







                                          madodel wrote:


                                          Bully for you. But Macs, Linux (and to make Evan happy) OS/2-eCS don't
                                          have these problems. You are free to believe what you wish. Personally
                                          I'm tired of reading about "computer" or "pc" viruses, when they are all
                                          microsoft related.


                                          The reason there's more of this is basically more people hate Microsoft and try to sabotage their OS.
                                          None of these 'personal' operating systems are virus-proof

                                          The virus threat to Linux <http://www.desktoplinux.com/articles/AT3307459975.html>
                                          How to write a Linux virus in 5 easy steps <http://www.geekzone.co.nz/foobar/6229>

                                          Apple Admits Virus Threat, Recommends Antivirus Utilities <http://www.google.com/url?sa=t&source=web&ct=res&cd=3&url=http%3A%2F%2Fnews.softpedia.com%2Fnews%2FApple-Admits-Virus-Threat-Recommends-Antivirus-Utilities-98982.shtml&ei=g9r6SfbnMMbktgfT6MGQBw&usg=AFQjCNH7rEYy-Sj1rN9fo3v1KOcjsSsQQQ>
                                          OSX/Puper.a trojan which pretends to be a <http://vil.nai.com/vil/content/v_154438.htm> HDTV player <http://en.wikipedia.org/wiki/High-definition_television>

                                          =Dan

                                          [ = http://www2.applegate.org/~ragooman/ <http://www2.applegate.org/~ragooman/> ]
                                        • Jim Scheef
                                          Evan and all, I came in on this thread at the end and all of the advise so far has been good. I ll add two quotes from a security class I took some time back:
                                          Message 20 of 20 , May 1 10:08 AM
                                          • 0 Attachment
                                            Evan and all,

                                            I came in on this thread at the end and all of the advise so far has
                                            been good. I'll add two quotes from a security class I took some time back:

                                            "Once bad people have run code on your machine, you no longer own it,
                                            they do."

                                            "Once there is malware on your machine, you can never be sure you have
                                            removed it all. How can you ever be sure?"

                                            The best advice was to reinstall. I would wipe the hard disk with
                                            Darik's Boot 'n Nuke so even the partition table and MBR are wiped clean
                                            and then reinstall to what the computer believes is a brand new hard drive.

                                            Evan, your ego will be hurt far more when you declare the machine clean
                                            and this crap reinstalls itself. Bite the bullet now and give the guy a
                                            truly clean machine, with all patches applied and a completely up to
                                            date AV. When you reinstall, download XP SP3 to another machine so you
                                            can apply it before you connect to the Internet and then make the first
                                            connection be Windows Update.

                                            Good luck,
                                            Jim

                                            Kelly D. Leavitt wrote:
                                            >
                                            >
                                          Your message has been successfully submitted and would be delivered to recipients shortly.