Re: my besieged by ie pop-up ads post 01/10/2008 16:21



On Fri, 3 Oct 2008 20:53:15 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

From: "Geoff" <geoff@xxxxxxxxxxxxxxx>


| Hopefully the files were not deleted to the recycle bin but were deleted
| forever so they can't be recovered accidentally.

| I think you will find the system doesn't have the popups and malware now.
| Any programs targeted to run at boot in the registry will fail. Now you can
| safely clean the registry of the keys pointing to those files with
| conventional scanners like CCleaner or Adaware. Don't forget to make sure
| the IE or any other browser temp file folders are cleaned too.

| Once you have safely killed the files that are protecting themselves and
| the registry keys they depend on, the cleanup of bad keys is relatively
| easy in the live system in the original machine.

Maybe the easy RUN type keys but not keys such as in LSA. You also have to consider that
there are load time DLL keys that can be inserted and thus if the DLLs are removed the the
OS will no longer boot and fail in a BSoD complaining that a needed DLL could not be
found.

Which is why I recommended Autoruns in the first place since it allows easy
access to and backup of such keys. You can even turn them off with a
checkbox before deleting the key itself if you find you need to restore it.
Autoruns even works in Safe Mode so if it did BSOD he would still be able
to fix it there. There are actually very few DLLs that, if missing, will
cause a BSOD or that couldn't be properly reinstalled with their authentic
executables by running "SFC /scannow" in safe mode or command line only
mode. If it gets that bad, a relevel and reinstall was in the making
anyway. If that were the case, slaving it, pulling off any user essential
data and programs would be a necessary part of the process since a known
clean system would be needed to be sure the backup was trustworthy.
.