HELP ! My PC has been compromised !!

  • Thread starter penang@freemail.c3.hu
  • Start date
L

Lanwench [MVP - Exchange]

Guest
Straight Talk <b__nice@hotmail.com> wrote:

<snipped for length><span style="color:blue"><span style="color:green"><span style="color:darkred">

>>>

>>> You should of course revert to the latest known clean state - which

>>> ultimately means flatten and rebuild.</span>

>>

>> Well, that's a bit dire - it may not be at all necessary.</span>

>

> Problem is, you wouldn't be able to tell whether it is or not unless

> you have a baseline.

><span style="color:green">

>> It might be, but it isn't the first thing I'd try.</span>

>

> Trial and error against malware is a common but very stupid approach.</span>

Nonsense. It depends entirely on the severity of the infestation. I won't

spend hours and hours on a troubled workstation, but if I can pretty easily

remove a not-very-invasive piece of malware or two, I simply do so. I don't

tell a client, "Sorry; I saw a popup - it's format time!" What is a "stupid

approach" (I merely quote you; I tend not to use such derogatory language)

is any hard and fast rule applied blindly regardless of situation.

 
S

Straight Talk

Guest
On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

<span style="color:blue">

>Straight Talk <b__nice@hotmail.com> wrote:</span>

<span style="color:blue"><span style="color:green">

>> Trial and error against malware is a common but very stupid approach.</span>

>

>Nonsense. </span>

Not really.

<span style="color:blue">

>It depends entirely on the severity of the infestation. </span>

Precisely. A severity you cannot determine without having a baseline.

<span style="color:blue">

>I won't spend hours and hours on a troubled workstation, but if I can pretty easily

>remove a not-very-invasive piece of malware or two, I simply do so. </span>

And how exactly do you verify that the machine is now back in a

reliable state?

 
L

Lanwench [MVP - Exchange]

Guest
Straight Talk <b__nice@hotmail.com> wrote:<span style="color:blue">

> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

><span style="color:green">

>> Straight Talk <b__nice@hotmail.com> wrote:</span>

><span style="color:green"><span style="color:darkred">

>>> Trial and error against malware is a common but very stupid

>>> approach.</span>

>>

>> Nonsense.</span>

>

> Not really.

><span style="color:green">

>> It depends entirely on the severity of the infestation.</span>

>

> Precisely. A severity you cannot determine without having a baseline.

><span style="color:green">

>> I won't spend hours and hours on a troubled workstation, but if I

>> can pretty easily remove a not-very-invasive piece of malware or

>> two, I simply do so.</span>

>

> And how exactly do you verify that the machine is now back in a

> reliable state?</span>

Because it works and has no further symptoms when I run thorough scans.

That's generally good enough for a home user. Sorry, I'm bored now - done

with this thread. Have fun storming the castle.

 
S

Straight Talk

Guest
On Tue, 11 Mar 2008 12:13:12 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

<span style="color:blue">

>Straight Talk <b__nice@hotmail.com> wrote:<span style="color:green">

>> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>><span style="color:darkred">

>>> Straight Talk <b__nice@hotmail.com> wrote:</span>

>><span style="color:darkred">

>>>> Trial and error against malware is a common but very stupid

>>>> approach.

>>>

>>> Nonsense.</span>

>>

>> Not really.

>><span style="color:darkred">

>>> It depends entirely on the severity of the infestation.</span>

>>

>> Precisely. A severity you cannot determine without having a baseline.

>><span style="color:darkred">

>>> I won't spend hours and hours on a troubled workstation, but if I

>>> can pretty easily remove a not-very-invasive piece of malware or

>>> two, I simply do so.</span>

>>

>> And how exactly do you verify that the machine is now back in a

>> reliable state?</span>

>

>Because it works and has no further symptoms when I run thorough scans. </span>

This coming from someone bragging to be an MVP. Very sad.

<span style="color:blue">

>That's generally good enough for a home user. </span>

That's very good news for malware writers.

<span style="color:blue">

>Sorry, I'm bored now - done

>with this thread. Have fun storming the castle.</span>

Oh, yes. Go back to sleep, MVP bragger.

 
F

FromTheRafters

Guest
"Straight Talk" <b__nice@hotmail.com> wrote in message

news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...<span style="color:blue">

> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

><span style="color:green">

>>Straight Talk <b__nice@hotmail.com> wrote:</span>

><span style="color:green"><span style="color:darkred">

>>> Trial and error against malware is a common but very stupid approach.</span>

>>

>>Nonsense.</span>

>

> Not really.

><span style="color:green">

>>It depends entirely on the severity of the infestation.</span>

>

> Precisely. A severity you cannot determine without having a baseline.

><span style="color:green">

>>I won't spend hours and hours on a troubled workstation, but if I can

>>pretty easily

>>remove a not-very-invasive piece of malware or two, I simply do so.</span>

>

> And how exactly do you verify that the machine is now back in a

> reliable state?</span>

If you know what changes a malware made, you

can often reverse those changes and get the system

back to as reliable as it was before the malware hit.

Yes...it is that 'if' that is the ******. Many malwares

allow communication outside the system so you no

longer know exactly what changes were made and

it is time to flatten and rebuild if you desire any sense

of confidence in its integrity.

 
S

Straight Talk

Guest
On Tue, 11 Mar 2008 17:35:35 -0400, "FromTheRafters"

<Erratic@ne.rr.com> wrote:

<span style="color:blue">

>

>"Straight Talk" <b__nice@hotmail.com> wrote in message

>news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...<span style="color:green">

>> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>><span style="color:darkred">

>>>Straight Talk <b__nice@hotmail.com> wrote:</span>

>><span style="color:darkred">

>>>> Trial and error against malware is a common but very stupid approach.

>>>

>>>Nonsense.</span>

>>

>> Not really.

>><span style="color:darkred">

>>>It depends entirely on the severity of the infestation.</span>

>>

>> Precisely. A severity you cannot determine without having a baseline.

>><span style="color:darkred">

>>>I won't spend hours and hours on a troubled workstation, but if I can

>>>pretty easily

>>>remove a not-very-invasive piece of malware or two, I simply do so.</span>

>>

>> And how exactly do you verify that the machine is now back in a

>> reliable state?</span>

>

>If you know what changes a malware made, you

>can often reverse those changes and get the system

>back to as reliable as it was before the malware hit.</span>

That's true. Which, as I said, requires a baseline and a thorough

understanding. Most users don't have that.

<span style="color:blue">

>Yes...it is that 'if' that is the ******. Many malwares

>allow communication outside the system so you no

>longer know exactly what changes were made and

>it is time to flatten and rebuild if you desire any sense

>of confidence in its integrity. </span>

Yup.

 
D

Delta

Guest
Ok, you are victim of a internet worm, that seem to spread by mail.

a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like

"explroer.exe".

best would be making a hijackthis log and sending it to some people, known

to handle them (or here).

 
S

Sandy Mann

Guest
"Delta" <bla@bla.net> wrote in message

news:93B6E4D1-7E61-4E53-A4C3-6EC502809B7D@microsoft.com...<span style="color:blue">

> Ok, you are victim of a internet worm, that seem to spread by mail.

> a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names

> like "explroer.exe".

> best would be making a hijackthis log and sending it to some people, known

> to handle them (or here).

></span>

I assume that Delta meant "(NOT here)"

from a old post by Frank Saunders:

First eliminate any scumware. See Dealing with Unwanted

Malware, Parasites, Toolbars and Search Engines

http://mvps.org/winhelp2002/unwanted.htm especially

http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note that AdAware and SpyBot S & D will each catch some

things the other won't. Also, each needs to be updated

with the program's update function before every use, even

when just downloaded. There's also a lot more to do than

just those two programs. CWShredder is also available

here:

http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip

Post your HijackThis log to

http://forums.spywareinfo.com/ or the Spyware forum at

http://forum.aumha.org/ for expert analysis, not here.

Alternative download pages for Ad-Aware, Spybot,

HijackThis and CWShredder may be found on this page:

http://aumha.org/a/parasite.htm.

If nothing there helps, please post back to this thread.

--

HTH

Sandy

 
D

David H. Lipman

Guest
From: "Delta" <bla@bla.net>

| Ok, you are victim of a internet worm, that seem to spread by mail.

| a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like

| "explroer.exe".

| best would be making a hijackthis log and sending it to some people, known

| to handle them (or here).

No HJT logs posted in any Microsoft news group or posted to Usenet at large.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 
You must log in or register to reply here.
Top Bottom