Loading ...
Sorry, an error occurred while loading the content.

Re: [midatlanticretro] OT: virus problem

Expand Messages
  • Sridhar Ayengar
    ... Run the fix under safe mode. Peace... Sridhar
    Message 1 of 20 , Apr 30, 2009
    • 0 Attachment
      Evan Koblentz wrote:
      > I'm helping a non-technical friend* to rid his computer of malware.
      > He's got XP SP 2.
      >
      > I started by removing all of his obvious crapware and P2P apps. I
      > enabled his firewall (it was wide open) and disable a zillion TSR
      > programs. Also removed his numerous and overlapping security apps, some
      > of which looked like they could be malware!!
      >
      > I installed my favorite anti-malware program (Spybot) and it caught and
      > zapped more than a dozen problems. Good stuff.
      >
      > Then I tried to install my favorite A-V program (Avast). It wasn't able
      > to complete the installation; apparently the existing viruses blocked
      > it. So I called Kelly and had him download the installation file and
      > host it using a fake name. Then I was able to download that directly
      > and run it. It found and fixed 23 viruses (not a typo!)
      >
      > Two pieces of malware remain, which I haven't yet cured:
      > - win32.agent.pz
      > - pws.ldpinchie
      >
      > I found many Google results for both of these, but most of the results
      > just say, "Try using XYZ proprietary software" .... practically one of
      > the results say, "Here is a known-good fix."
      >
      > Any tips?
      >
      > * By "friend" I mean that quite literally. LOL, it's not me and my PC,
      > under an assumed name. :)

      Run the fix under safe mode.

      Peace... Sridhar
    • B Degnan
      ... We talked about that...Evan did you try deleting the files under safe mode? You may have done this already but: 1. Run your anti-spyware program in safe
      Message 2 of 20 , Apr 30, 2009
      • 0 Attachment

        
        Two pieces of malware remain, which I haven't yet cured:
        - win32.agent.pz
        - pws.ldpinchie
        
        I found many Google results for both of these, but most of the results 
        just say, "Try using XYZ proprietary software" .... practically one of 
        the results say, "Here is a known-good fix."
        
        Any tips?
        
        * By "friend" I mean that quite literally.  LOL, it's not me and my PC, 
        under an assumed name.  :)
            
        Run the fix under safe mode.
        
        Peace...  Sridhar
        
        
          
        We talked about that...Evan did you try deleting the files under safe mode? 

        You may have done this already but:

        1.  Run your anti-spyware program in safe mode, that would give better results. 

        2.  Also in safe mode, go into msconfig (RUN "msconfig")
        Locate the startup folder, and look up every single program that is listed in the startup section.  uncheck everything you can and then reboot in normal mode.  Remember that spyware masquerades as legit programs, so you may have to uncheck a few things that are legit to experiment.    You'll get an error message when you reboot, but turn that off.

        3.  Each time you remove a program, reboot.  You may have to reboot 20 times before you're done cleaning everything out. 

        4.  If it were me, I would reformat the system and rebuild the OS, faster.  I assume you can back up the data.

        Bill
      • evan@snarc.net
        ... I don t think that will help. From what I read, the virus in question activates as soon as Windows starts.
        Message 3 of 20 , Apr 30, 2009
        • 0 Attachment
          >>> Run the fix under safe mode.

          I don't think that will help. From what I read, the virus in question activates as soon as Windows starts.
        • Bill Degnan
          In regular mode. ... activates as soon as Windows starts.
          Message 4 of 20 , Apr 30, 2009
          • 0 Attachment
            In regular mode.

            -------- Original Message --------
            > From: evan@...
            > Sent: Thursday, April 30, 2009 11:03 AM
            > To: "Yahoo MARCH Yahoo" <midatlanticretro@yahoogroups.com>
            > Subject: Re: [midatlanticretro] OT: virus problem
            >
            > >>> Run the fix under safe mode.
            >
            > I don't think that will help. From what I read, the virus in question
            activates as soon as Windows starts.
            >
            >
            > ------------------------------------
            >
            > Yahoo! Groups Links
            >
            >
            >
          • Sridhar Ayengar
            ... But it won t in Safe Mode, unless the kernel has been patched, in which case you re screwed anyway. Peace... Sridhar
            Message 5 of 20 , Apr 30, 2009
            • 0 Attachment
              evan@... wrote:
              >>>> Run the fix under safe mode.
              >
              > I don't think that will help. From what I read, the virus in question activates as soon as Windows starts.

              But it won't in Safe Mode, unless the kernel has been patched, in which
              case you're screwed anyway.

              Peace... Sridhar
            • Kelly D. Leavitt
              I ve had OK luck on some of these troublesome ones by pulling the drive and connecting it using one of those really cheap USB/IDE adapter cables. Start a known
              Message 6 of 20 , Apr 30, 2009
              • 0 Attachment
                I've had OK luck on some of these troublesome ones by pulling the drive and connecting it using one of those really cheap USB/IDE adapter cables. Start a known good computer, make sure AUTO RUN is not on, then plug the drive/adapter into the known good machine. Scan from there.

                Kelly

                -----Original Message-----
                From: midatlanticretro@yahoogroups.com on behalf of Sridhar Ayengar
                Sent: Thu 4/30/2009 1:35 PM
                To: midatlanticretro@yahoogroups.com
                Cc:
                Subject: Re: [midatlanticretro] OT: virus problem





                evan@... <mailto:evan%40snarc.net> wrote:
                >>>> Run the fix under safe mode.
                >
                > I don't think that will help. From what I read, the virus in question activates as soon as Windows starts.

                But it won't in Safe Mode, unless the kernel has been patched, in which
                case you're screwed anyway.

                Peace... Sridhar
              • Bill Degnan
                ... activates as soon as Windows starts. ... If you re trying to avoid formatting and rebuilding the OS (which is the best solution) because you don t have a
                Message 7 of 20 , Apr 30, 2009
                • 0 Attachment
                  > >>>> Run the fix under safe mode.
                  > >
                  > > I don't think that will help. From what I read, the virus in question
                  activates as soon as Windows starts.
                  >
                  > But it won't in Safe Mode, unless the kernel has been patched, in which
                  > case you're screwed anyway.
                  >

                  If you're trying to avoid formatting and rebuilding the OS (which is the
                  best solution) because you don't have a data backup or for some other
                  reason, running the fix programs in safe mode is at least worth a try.

                  bd
                • Bill Degnan
                  ... and connecting it using one of those really cheap USB/IDE adapter cables. Start a known good computer, make sure AUTO RUN is not on, then plug the
                  Message 8 of 20 , Apr 30, 2009
                  • 0 Attachment
                    >
                    > I've had OK luck on some of these troublesome ones by pulling the drive
                    and connecting it using one of those really cheap USB/IDE adapter cables.
                    Start a known good computer, make sure AUTO RUN is not on, then plug the
                    drive/adapter into the known good machine. Scan from there.
                    >

                    that's a good idea too.
                  • evan@snarc.net
                    ... Three reasons -- not my computer, already promised I d be able to fix it, and the best reason of all -- man v machine and I don t like to lose!!
                    Message 9 of 20 , Apr 30, 2009
                    • 0 Attachment
                      >>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason

                      Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                    • Bill Dromgoole
                      ... From: To: Yahoo MARCH Yahoo Sent: Thursday, April 30, 2009 2:08 PM Subject: Re: [midatlanticretro]
                      Message 10 of 20 , Apr 30, 2009
                      • 0 Attachment
                        ----- Original Message -----
                        From: <evan@...>
                        To: " Yahoo MARCH Yahoo" <midatlanticretro@yahoogroups.com>
                        Sent: Thursday, April 30, 2009 2:08 PM
                        Subject: Re: [midatlanticretro] OT: virus problem


                        >>> If you're trying to avoid formatting and rebuilding the OS (which is the
                        >>> best solution) because you don't have a data backup or for some other reason

                        Three reasons -- not my computer, already promised I'd be able to fix it, and
                        the best reason of all -- man v machine and I don't like to lose!!


                        ------------------------------------
                        I like Kelly's idea.

                        "I've had OK luck on some of these troublesome ones by pulling the drive and
                        connecting it using one of those really cheap USB/IDE adapter cables. Start a
                        known good computer, make sure AUTO RUN is not on, then plug the drive/adapter
                        into the known good machine. Scan from there.

                        Kelly"

                        I never tried it that way but none of the files would be in use and the virus
                        code would not be running.
                        It sounds good, only question is --- Is there any risk of infecting the host
                        system?

                        Bill Dromgoole
                      • Kelly D. Leavitt
                        ... I like Kelly s idea. I ve had OK luck on some of these troublesome ones by pulling the drive and connecting it using one of those really cheap USB/IDE
                        Message 11 of 20 , Apr 30, 2009
                        • 0 Attachment
                           
                           
                        • Kelly D. Leavitt
                          ... If you do anything other than scan it, then yes there is a chance. I have a plain vanilla XP Pro machine here that is nothing other than the OS, SP3, and
                          Message 12 of 20 , Apr 30, 2009
                          • 0 Attachment
                            > ------------------------------------
                            > I like Kelly's idea.
                            >
                            >> "I've had OK luck on some of these troublesome ones by pulling the drive and
                            >> connecting it using one of those really cheap USB/IDE adapter cables. Start a
                            >> known good computer, make sure AUTO RUN is not on, then plug the drive/adapter
                            >> into the known good machine. Scan from there.
                            >>
                            >> Kelly"

                            > I never tried it that way but none of the files would be in use and the virus
                            > code would not be running.
                            > It sounds good, only question is --- Is there any risk of infecting the host
                            > system?
                            >
                            > Bill Dromgoole .

                            If you do anything other than scan it, then yes there is a chance. I have a plain vanilla XP Pro machine here that is nothing other than the OS, SP3, and security updates. I try to use this machine for scanning in severe cases. I have not buggered it up yet, but just in case...

                            Kelly
                          • madodel
                            ... Well the one good thing is all this feverish activity makes me appreciate that I don t run any microsoft anything here. :-) Good luck. Advise them in the
                            Message 13 of 20 , Apr 30, 2009
                            • 0 Attachment
                              evan@... wrote:
                              >>>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason
                              >
                              > Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                              >

                              Well the one good thing is all this feverish activity makes me appreciate
                              that I don't run any microsoft anything here. :-) Good luck. Advise them
                              in the future to buy a Mac or install Linux. No one needs this headache
                              any more.

                              Mark
                            • Jeffrey Frady
                              That is just ignorance. If you can t handle an OS, simply moving to another doesn t solve the problem, it avoids it. I use Windows Vista/XP, Linux, and Mac OS
                              Message 14 of 20 , Apr 30, 2009
                              • 0 Attachment
                                That is just ignorance.

                                If you can't handle an OS, simply moving to another doesn't solve the problem, it avoids it.  I use Windows Vista/XP, Linux, and Mac OS X daily.  I appreciate them all equally.

                                PS: I'm not trying to start a flame war or anything.  Just stating my opinion.

                                On Thu, Apr 30, 2009 at 8:13 PM, madodel <madodel@...> wrote:


                                evan@... wrote:
                                >>>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason
                                >
                                > Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                                >

                                Well the one good thing is all this feverish activity makes me appreciate
                                that I don't run any microsoft anything here. :-) Good luck. Advise them
                                in the future to buy a Mac or install Linux. No one needs this headache
                                any more.

                                Mark




                                --
                                See you space cowboy...
                              • Evan Koblentz
                                I m shocked that Mark suggested Linux and not OS/2! :)
                                Message 15 of 20 , Apr 30, 2009
                                • 0 Attachment
                                  I'm shocked that Mark suggested Linux and not OS/2!  :)

                                  That is just ignorance.

                                  If you can't handle an OS, simply moving to another doesn't solve the problem, it avoids it.  I use Windows Vista/XP, Linux, and Mac OS X daily.  I appreciate them all equally.

                                  PS: I'm not trying to start a flame war or anything.  Just stating my opinion.

                                  On Thu, Apr 30, 2009 at 8:13 PM, madodel <madodel@...> wrote:


                                  evan@... wrote:
                                  >>>> If you're trying to avoid formatting and rebuilding the OS (which is the best solution) because you don't have a data backup or for some other reason
                                  >
                                  > Three reasons -- not my computer, already promised I'd be able to fix it, and the best reason of all -- man v machine and I don't like to lose!!
                                  >

                                  Well the one good thing is all this feverish activity makes me appreciate
                                  that I don't run any microsoft anything here. :-) Good luck. Advise them
                                  in the future to buy a Mac or install Linux. No one needs this headache
                                  any more.

                                  Mark




                                  --
                                  See you space cowboy...

                                • madodel
                                  ... It is not ignorance, it is plain fact. Some folks just can t handle that and I can appreciate that. ... Bully for you. But Macs, Linux (and to make
                                  Message 16 of 20 , Apr 30, 2009
                                  • 0 Attachment
                                    Jeffrey Frady wrote:
                                    >
                                    >
                                    > That is just ignorance.
                                    >

                                    It is not ignorance, it is plain fact. Some folks just can't handle that
                                    and I can appreciate that.

                                    > If you can't handle an OS, simply moving to another doesn't solve the
                                    > problem, it avoids it. I use Windows Vista/XP, Linux, and Mac OS X
                                    > daily. I appreciate them all equally.

                                    Bully for you. But Macs, Linux (and to make Evan happy) OS/2-eCS don't
                                    have these problems. You are free to believe what you wish. Personally
                                    I'm tired of reading about "computer" or "pc" viruses, when they are all
                                    microsoft related.

                                    >
                                    > PS: I'm not trying to start a flame war or anything. Just stating my
                                    > opinion.
                                    >

                                    And no flamewar was intended on my part since it was directed to Evan and
                                    he is appreciative of my low opinion of poorly designed software. However
                                    you are the one using inflammatory language.

                                    Mark
                                  • Dan Roganti
                                    madodel wrote: Bully for you. But Macs, Linux (and to make Evan happy) OS/2-eCS don t have these problems. You are free to believe what you wish. Personally
                                    Message 17 of 20 , May 1, 2009
                                    • 0 Attachment


                                      madodel wrote:
                                      Bully for you.  But Macs, Linux (and to make Evan happy) OS/2-eCS don't 
                                      have these problems.  You are free to believe what you wish.  Personally 
                                      I'm tired of reading about "computer" or "pc" viruses, when they are all 
                                      microsoft related.
                                        
                                      The reason there's more of this is basically more people hate Microsoft and try to sabotage their OS.
                                      None of these 'personal' operating systems are virus-proof

                                      The virus threat to Linux
                                      How to write a Linux virus in 5 easy steps

                                      Apple Admits Virus Threat, Recommends Antivirus Utilities
                                      OSX/Puper.a   trojan which pretends to be a  HDTV player

                                      =Dan
                                      [ = http://www2.applegate.org/~ragooman/   ]


                                    • Kelly D. Leavitt
                                      Apple - Security through obscurity. ... From: midatlanticretro@yahoogroups.com on behalf of Dan Roganti Sent: Fri 5/1/2009 8:12 AM To:
                                      Message 18 of 20 , May 1, 2009
                                      • 0 Attachment
                                        Apple -> Security through obscurity.

                                        -----Original Message-----
                                        From: midatlanticretro@yahoogroups.com on behalf of Dan Roganti
                                        Sent: Fri 5/1/2009 8:12 AM
                                        To: midatlanticretro@yahoogroups.com
                                        Cc:
                                        Subject: Re: [midatlanticretro] OT: virus problem







                                        madodel wrote:


                                        Bully for you. But Macs, Linux (and to make Evan happy) OS/2-eCS don't
                                        have these problems. You are free to believe what you wish. Personally
                                        I'm tired of reading about "computer" or "pc" viruses, when they are all
                                        microsoft related.


                                        The reason there's more of this is basically more people hate Microsoft and try to sabotage their OS.
                                        None of these 'personal' operating systems are virus-proof

                                        The virus threat to Linux <http://www.desktoplinux.com/articles/AT3307459975.html>
                                        How to write a Linux virus in 5 easy steps <http://www.geekzone.co.nz/foobar/6229>

                                        Apple Admits Virus Threat, Recommends Antivirus Utilities <http://www.google.com/url?sa=t&source=web&ct=res&cd=3&url=http%3A%2F%2Fnews.softpedia.com%2Fnews%2FApple-Admits-Virus-Threat-Recommends-Antivirus-Utilities-98982.shtml&ei=g9r6SfbnMMbktgfT6MGQBw&usg=AFQjCNH7rEYy-Sj1rN9fo3v1KOcjsSsQQQ>
                                        OSX/Puper.a trojan which pretends to be a <http://vil.nai.com/vil/content/v_154438.htm> HDTV player <http://en.wikipedia.org/wiki/High-definition_television>

                                        =Dan

                                        [ = http://www2.applegate.org/~ragooman/ <http://www2.applegate.org/~ragooman/> ]
                                      • Jim Scheef
                                        Evan and all, I came in on this thread at the end and all of the advise so far has been good. I ll add two quotes from a security class I took some time back:
                                        Message 19 of 20 , May 1, 2009
                                        • 0 Attachment
                                          Evan and all,

                                          I came in on this thread at the end and all of the advise so far has
                                          been good. I'll add two quotes from a security class I took some time back:

                                          "Once bad people have run code on your machine, you no longer own it,
                                          they do."

                                          "Once there is malware on your machine, you can never be sure you have
                                          removed it all. How can you ever be sure?"

                                          The best advice was to reinstall. I would wipe the hard disk with
                                          Darik's Boot 'n Nuke so even the partition table and MBR are wiped clean
                                          and then reinstall to what the computer believes is a brand new hard drive.

                                          Evan, your ego will be hurt far more when you declare the machine clean
                                          and this crap reinstalls itself. Bite the bullet now and give the guy a
                                          truly clean machine, with all patches applied and a completely up to
                                          date AV. When you reinstall, download XP SP3 to another machine so you
                                          can apply it before you connect to the Internet and then make the first
                                          connection be Windows Update.

                                          Good luck,
                                          Jim

                                          Kelly D. Leavitt wrote:
                                          >
                                          >
                                        Your message has been successfully submitted and would be delivered to recipients shortly.