Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- From: "RJK" <notatospam@xxxxxxxxxxx>
- Date: Fri, 3 Oct 2008 20:57:19 +0100
BTW, I did take on board Geoff's advice that, in as many words, the malware
could be "hiding" when av-cls is running, even in Safe Mode, on the infected
hd itself !
Having said that, and as Geoff said, the malware is 5 years old, I wonder
how it got in there, because this is a machine that I "hardened up" for
internet use !!!
Relevant of course is that the innfected owners son installed a bunch of
"free" software !!!!!
regards, Richard
"RJK" <notatospam@xxxxxxxxxxx> wrote in message
news:OA8sy$YJJHA.4144@xxxxxxxxxxxxxxxxxxxxxxx
mmmm... seeing as things are so fast running a clean m/c, in Windows
normal mode, with an infected hd attached as a slave hd, ...and seeing as
I can scan a "specific location or folder," ...is it as beneficial to run
the four cls's in Windows normal mode - on a slave hd I:\ - as it is
running it in SLooooooW Safe Mode (i.e. mobo bus master drivers aren't
being used etc.), on the infected Windows hd itself, if it were running
in Safe Mode in its' normal home / system box ....if you see what I mean !
To clarify, I've done as Geoff suggested - infected hd is connected as a
slave hd in my 2nd PC, (and luckily in my 2nd PC everything is SATA -
meaning an unused motherboard IDE port is available), and so, I'm now
running a David H. Lipmans Multi-av sweep on this infected slave IDE hd,
and of course it's running like lightning because the Windows platform on
that PC ....my 2nd PC, ...to which the infected hd is attached, ...is
running in Windows normal mode, ....if you see what I mean " ???
regards, Richard
"RJK" <notatospam@xxxxxxxxxxx> wrote in message
news:%23MzBfsYJJHA.5992@xxxxxxxxxxxxxxxxxxxxxxx
Here we go again, this evening I'm in a "put some effort into it mood."
!!
I've pulled the hd out, and attatched it to the unused motherboard IDE
port, in my 2nd PC, and tweaked the bios so that it's in the bios list of
hd's.
XP Home ed. allocated it the letter I:\ ...and AVG 8.0 full internet
security suite is doing its' "thing" on it. ...i.e. a full
anti-everything sweep ! :-)
After this, I suppose I ought to run David H. Lipmans multi-av / av-cls
4 cls's ...which should run at lightning speed seeing as my "clean" 2nd
PC is treating the infected hd as a slave drive. ...as I speak AVG 8.0
has scanned over 133,000 files and it's only been going a few minutes !
regards, Richard
(...there is an Athlon 64 x6000 in my 2nd PC :-) ...I suppose that
makes a difference !
"Geoff" <geoff@xxxxxxxxxxxxxxx> wrote in message
news:qcoae4hs758lertggjdck4h6tba5no13if@xxxxxxxxxx
On Thu, 2 Oct 2008 23:31:03 +0100, "RJK" <notatospam@xxxxxxxxxxx> wrote:
It turned out to be:-
http://www.threatexpert.com/report.aspx?uid=eb751fd2-742f-4f4b-9a11-42e9c180a17f
Multi-AV Kaspersky CLS deleted:-
c:\docume~1\alluse~1\applic~1\aboutt~1\extrap~1.exe
Yesterday during my hotch-potch approach, PrevX had located a file that
I
didn't note the name of,
there were aboout five files in that folder including one called
"FileBoob.exe" and I deleted those myself.
*boob* in a filename seems to tally with onfo on above URL
ooooh, how I wish I'd let Kasperky cls finish its' sweep, ...had to
start it
again !
...have been reading
http://www.symantec.com/security_response/writeup.jsp?docid=2003-092919-5421-99&tabid=3
..not very clear.
LOP is a very old adware that would have been intercepted if your A-V
product were not impaired or compromised in some way, either by being
blocked by other malware, turned off, or not up to date. (LOP is around
5
years old now)
The Symantec site is very clear about it's characteristics and how to
remove it. If you can't eradicate it automatically I recommend you print
the Technical Details and Removal pages and get to work in Safe Mode.
As for terminating the virus scans, I don't know why you feel you must
terminate them when you go to bed. I'd let them run overnight or get up
early and let them run while I did other things. There is no real reason
to
sit there and watch them unless they are popping up so many dialogs that
you have to click them to make progress. In that case I think you are
fighting a demon and you need to format the hard drive and reinstall and
call it a lost cause. I wouldn't trust anything on that disk if such is
the
case.
My wife let her brother use her notebook computer in Asia on a trip. The
A-V was not up to date. When she finally brought it home it had some
640+
infected files with all kinds of malware and viruses on it. (WANSO was
main
demon) I fought with that machine for 3 days and finally got smart and
pulled the HDD out and scanned it with my computer's tools. That finally
eliminated the infection and preserved the data. I installed a better
A-V
product (NOD32) and demoted her account to disallow program
installations.
Anything she needs on there, I can install and test for her. :)
I strongly recommend you scan that hard disk with a known clean system
since you cannot trust A-V's on the active system since they ALL should
have detected LOP by this time.
.
- Follow-Ups:
- Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- From: Geoff
- Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- From: David H. Lipman
- Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- References:
- Prev by Date: Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- Next by Date: Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- Previous by thread: Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- Next by thread: Re: my besieged by ie pop-up ads post 01/10/2008 16:21
- Index(es):
Relevant Pages
|
