Re: my besieged by ie pop-up ads post 01/10/2008 16:21



On Fri, 3 Oct 2008 20:53:15 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

From: "Geoff" <geoff@xxxxxxxxxxxxxxx>


| Hopefully the files were not deleted to the recycle bin but were deleted
| forever so they can't be recovered accidentally.

| I think you will find the system doesn't have the popups and malware now.
| Any programs targeted to run at boot in the registry will fail. Now you can
| safely clean the registry of the keys pointing to those files with
| conventional scanners like CCleaner or Adaware. Don't forget to make sure
| the IE or any other browser temp file folders are cleaned too.

| Once you have safely killed the files that are protecting themselves and
| the registry keys they depend on, the cleanup of bad keys is relatively
| easy in the live system in the original machine.

Maybe the easy RUN type keys but not keys such as in LSA. You also have to consider that
there are load time DLL keys that can be inserted and thus if the DLLs are removed the the
OS will no longer boot and fail in a BSoD complaining that a needed DLL could not be
found.

Which is why I recommended Autoruns in the first place since it allows easy
access to and backup of such keys. You can even turn them off with a
checkbox before deleting the key itself if you find you need to restore it.
Autoruns even works in Safe Mode so if it did BSOD he would still be able
to fix it there. There are actually very few DLLs that, if missing, will
cause a BSOD or that couldn't be properly reinstalled with their authentic
executables by running "SFC /scannow" in safe mode or command line only
mode. If it gets that bad, a relevel and reinstall was in the making
anyway. If that were the case, slaving it, pulling off any user essential
data and programs would be a necessary part of the process since a known
clean system would be needed to be sure the backup was trustworthy.
.



Relevant Pages

  • "Class doesnt support Automation" error
    ... simple SQL Server jobs which run VBScript code to call the assembly. ... Other classes in the DLL are called by an ASP.NET application. ... The relevant registry keys follow. ... Windows Registry Editor Version 5.00 ...
    (microsoft.public.dotnet.framework.interop)
  • New Tools from Imperva ADC
    ... Imperva's Application Defense Center has released two new security ... This can be useful for identifying a dll that is related ... existance of an encryption key inside an executable file (based on Adi ... Shamir's "Playing hide and seek with encryption keys"). ...
    (Pen-Test)
  • Re: Problems Enumerating Software on Server 2003
    ... That DLL definitely sounds like it has the code I want to use but I am not ... > The WMI method can only list software installed with ... > listed under Uninstall and App Paths keys. ... > is what the above script does. ...
    (microsoft.public.scripting.vbscript)
  • RE: AIC Development using C#
    ... Created a strong name Keys for 'btstlb.snk' and 'MyAIC.snk'. ... As i understand it this dll would have to be ... Now when i try to run regsvcs command line i get an error message: ... i navigate to my projects' Bin directory and type in: regsvcs MyAIC.dll ...
    (microsoft.public.biztalk.general)
  • Re: How to generate a Windows style license key
    ... >> Keep in mind that if someone reverse engineers your dll, ... The point of license keys is not to say "you can NEVER break in" it's ... Make sure you have a valid license prior to clicking OK. ...
    (sci.crypt)