Re: Safe to create Ghost image of infected partition?

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 03/09/05


Date: Tue, 8 Mar 2005 19:59:27 -0500

From: "Sue" <noone@comcast.net>

| Seems like an ongoing pattern of complaints I see from lay people, such as
| myself, with us not so knowledgeable folks getting 'slammed' for being
| stupid, ignorant etc by certain 'Professionals' on here.
|
| The whole purpose of newsgroups such is this, is to help those that do not
| have a desire to become an MVP or whatever it is you guys/gals go through to
| obtain your skills/certificates.
|
| It almost makes us not want to ask a question for fear of what the come back
| will be. As a NonTech person, I found the newsgroups to be somewhat
| reassuring that someone out there could help me. Thank God some of you are
| not Teachers, or you would certainly be fired.
|
| Remember, if you don't have patience for us asking something you think we
| should know, then you should not be on here.
| What is important to us, will be simple to you. Again, speaking for myself,
| I could care less about learning all this stuff, it is why I ask on the
| boards.
|
| You must understand from where we sit, the average person who works in a non
| technical environment, isn't going to know what you know. I.E....... a pif
| file.
|
| I don't recall who made the comment about ' how many people didn't know what
| it was', how the hell are we going to know? We don't bury our heads in tech
| stuff 24/7, we have other interests. WE obviously value/respect all of you
| who have the passion for computers, or we wouldn't be coming here, as we
| should be respected for not having or sharing that same passion.
|
| And if you will notice, those that have been slammed with condescending
| advice/remarks, never reply back or even post again.
|
| Take it for what it's worth.
|
| Sue
|

Sue:

The difference here is that Zvi Netiv is NOT some MVP wantabe !

He makes all of us, such as myself, just mere assistants. Zvi is a "defacto Subject Matter
Expert." We should all be very pleased and thankful that a tsadik such as Zvi is taking
time from his busy schedule to assist all of us with problems with infectors. Zvi has
posted here, albeit infequently, for a long time.

As for the statement...
| And if you will notice, those that have been slammed with condescending
| advice/remarks, never reply back or even post again.

That's becuase it is not about a flame war or personal attack. A condemnation of action (or
lack of action) is not to be constued as an attack on a person and replying back-and-forth
just creates a flame war and it goes no-where.

People often forget the concept of "you have to be cruel to be kind". When a poster is
ridiculed for stupidity it sometimes is needed as they will remember the lesson more by the
situation at hand than if they are treated to sweet responses. The same goes for 3rd party
thread readers. The whole dialogue sticks in their mids and they remember.

I have been "slammed" all to often for my straight to the point, no-nonsens approach. If I
am wrong, I will admit it and apologize for my action but if I make a statement like -- "If
you got the PC used and you didn't wipe it to begin with, well you aksed for problems." I
will NOT apologize nor alter a statement such as that. It is the "truth" and is direct
answer to the problem. It is not unlike buying a used car without taking it to a trusted
mechanic to check it out before the purchase. It was bought "as is" and you are stuck with
the decision you made.

Now take this thread and examine the infector list

Adware.TSAdBot
W32.Beagle.X@mm
W32.Bugbear.B@mm
AnnaKournikova.jpg.vbs
W32.Sven.A@mm
W32.Netsky.K@mm
W32.Netsky.Y@mm
W32.Bugbear@mm
PWS.Hooker.Trojan
W32.Magistr.39921@mm

What the OP has hear are not simple Trojans but some some very nasty infectors. The Magistr
and the Bugbear are indicative of a platform that is unsecured and open to the world. The
Password Stealing Trojan Hooker has left the OP in a vulnerable state even if his PC is
clean. Who knows what personal data was stolen off his computer that can be used against
him like identity theft or back account withdrawls. The Netsky, Swen and Bagle indicate a
lack of Safe Hex practices and probably launched them from email attachments.

PWS.Hooker.Trojan
W32.Magistr.39921@mm
W32.Bugbear.B@mm

McAfee names and respective Library URLs --
W32/Bugbear@MM -- http://vil.nai.com/vil/content/v_99728.htm
W32/Magistr.a@MM -- http://vil.nai.com/vil/content/v_99040.htm
PWS-Hooker -- http://vil.nai.com/vil/content/v_103603.htm

The OP asked -- "What am I missing here?"
Zvi replied -- "Common sense!"

Succinct, to the point and accurate. I back Zvi and stand by him and I will take any/all
criticism for doing so but it was a "tough love" answer that was very truthful. The OP
lacked "comon sense" in the use of his computer and compromised both his platform and his
personal security by his own actions.

This is *all* I am going to say on this topic. I will post no reply to support nor defend
this stance.

-- 
Dave