Re: Microsoft Security Guidance Kit

From: PA Bear (PABear_at_mvps.org)
Date: 07/02/04 

Date: Fri, 2 Jul 2004 01:50:12 -0400

Check your system for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
     http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

Also:

1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow all Removal steps.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957 

-- 
~PA Bear
Bettie wrote:
> No, I'm a normal MCSE.  I did find the readme comment
> about two .NET frameworks and deleted them both and
> allowed the  kit to load the framework.  This had no
> affect.
>
> Actually, this is from a CD sent to me by Microsoft, but
> I suspect it is the same as the URL you list.
>> -----Original Message-----
>> This one?...
> http://www.microsoft.com/security/guidance/order/default.m
> spx
>>
>> Are you a home user?
>> --
>> HTH - Please Reply to This Thread
>>
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE), AH-VSOP
>>
>> AumHa Forums
>> http://forum.aumha.org
>>
>> Protect Your PC
>> http://www.microsoft.com/security/protect
>>
>> Bettie wrote:
>>> I received this CD and it looks great, but I cannot
>>> install it.  It starts paging like mad and then I cannot
>>> kill it with task manager or the cancel button.  I tired
>>> both.  I have to reboot to get my PC back.  Any ideas on
>>> how I could get it to load?  It looks really good.
>>>
>>> B
>> .