HELP ! My PC has been compromised !!

March 9, 2008

Last nite my PC behaves normally, but this morning, it took over 1

hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being

sent out !

I have not configure this PC to send out emails. I use webmails. But

now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on

those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

March 9, 2008

From: <penang@freemail.c3.hu>

| Last nite my PC behaves normally, but this morning, it took over 1

| hour to boot up the XP.

|

| Now, in the tasking tray, I see tons and tons of messages are being

| sent out !

|

| I have not configure this PC to send out emails. I use webmails. But

| now my PC is sending out tons and tons of emails !!

|

| The symantec norton antivirus is doing the "Symantec Email Scan" on

| those emails and the emails are jamming up the system.

|

| What can I do ????

|

| What software should I use to remove this security breach ????

|

| Please help !!!!

|

| Thank you !!

Download and execute HiJack This! (HJT)

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:

http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

Suggested tertiary:

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.atribune.org/forums/index.php?showforum=9

http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://forum.networktechs.com/forumdisplay.php?f=130

http://forums.maddoktor2.com/index.php?showforum=17

http://www.spywarewarrior.com/viewforum.php?f=5

http://forums.spywareinfo.com/index.php?showforum=18

http://forums.techguy.org/f54-s.html

http://forums.tomcoyote.org/index.php?showforum=27

http://forums.subratam.org/index.php?showforum=7

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://www.malwarebytes.org/forums/index.php?showforum=7

http://makephpbb.com/phpbb/viewforum.php?f=2

http://forums.techguy.org/54-security/

http://forums.security-central.us/forumdisplay.php?f=13

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

March 9, 2008

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal...n:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2....emoving_Malware

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.

It will help you to both identify and remove any hijackware/spyware with

assistance from an expert. Post your log to

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html,

http://forums.subratam.org/index.php?showforum=7,

http://aumha.net/viewforum.php?f=30, or other appropriate forums for review

by an expert in such matters, not here.

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA) computer repair shop.

penang@freemail.c3.hu wrote:

> Last nite my PC behaves normally, but this morning, it took over 1

> hour to boot up the XP.

>

> Now, in the tasking tray, I see tons and tons of messages are being

> sent out !

>

> I have not configure this PC to send out emails. I use webmails. But

> now my PC is sending out tons and tons of emails !!

>

> The symantec norton antivirus is doing the "Symantec Email Scan" on

> those emails and the emails are jamming up the system.

>

> What can I do ????

>

> What software should I use to remove this security breach ????

>

> Please help !!!!

>

> Thank you !!

March 9, 2008

<penang@freemail.c3.hu> wrote in message

news:284d05e7-7d2a-425d-87fe-4279d9af68c8@e6g2000prf.googlegroups.com...

> Last nite my PC behaves normally, but this morning, it took over 1

> hour to boot up the XP.

>

> Now, in the tasking tray, I see tons and tons of messages are being

> sent out !

>

> I have not configure this PC to send out emails. I use webmails. But

> now my PC is sending out tons and tons of emails !!

>

> The symantec norton antivirus is doing the "Symantec Email Scan" on

> those emails and the emails are jamming up the system.

>

> What can I do ????

>

> What software should I use to remove this security breach ????

>

> Please help !!!!

>

> Thank you !!

The very first thing you should do is to disconnect the PC from any network

connection or telephone line, so that it cannot send anything. Then, you

can start scanning and manually searching for files that shouldn't be

running or in existence. Process Explorer and Hijack This are good

starting points.

Look for .exe and .dll files that have apparently random names. If you

delete them and new ones come back, there is another file that is creating

them you've missed.

Often these files are hidden away, so doing searches for hidden and system

files can often identify malware. Go to a command prompt, and from the

root directory use the dir command with the /a:h and /a:s switches to show

system and hidden files, and the /S switch to search all subdirectories.

At the end of the command, use the redirect to file to get a file you can

actually read: dir /ah /S >>list.txt

Clear all the temp folders and content.ie5 folders. This is a prime

location and entry point for malware. Look in the System32 folder for

files that shouldn't be there.

You can attach that drive to another well-protected system and scan it as a

hosted drive. Trying to gain control of an actively infected drive can be

difficult, but hosting it makes the process a lot easier since the

infections can't launch at boot.

Because you don't boot from it, there is very limited opportunity for

infection to spread to the host system. You might try using the Trend

Micro Housecall online scanner; since its files are online they are much

harder to compromise.

HTH

-pk

March 9, 2008

On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:

>Last nite my PC behaves normally, but this morning, it took over 1

>hour to boot up the XP.

>

>Now, in the tasking tray, I see tons and tons of messages are being

>sent out !

>

>I have not configure this PC to send out emails. I use webmails. But

>now my PC is sending out tons and tons of emails !!

>

>The symantec norton antivirus is doing the "Symantec Email Scan" on

>those emails and the emails are jamming up the system.

>

>What can I do ????

>

>What software should I use to remove this security breach ????

>

>Please help !!!!

>

>Thank you !!

You should of course revert to the latest known clean state - which

ultimately means flatten and rebuild.

March 9, 2008

Straight Talk <b__nice@hotmail.com> wrote:

> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:

>

>> Last nite my PC behaves normally, but this morning, it took over 1

>> hour to boot up the XP.

>>

>> Now, in the tasking tray, I see tons and tons of messages are being

>> sent out !

>>

>> I have not configure this PC to send out emails. I use webmails. But

>> now my PC is sending out tons and tons of emails !!

>>

>> The symantec norton antivirus is doing the "Symantec Email Scan" on

>> those emails and the emails are jamming up the system.

>>

>> What can I do ????

>>

>> What software should I use to remove this security breach ????

>>

>> Please help !!!!

>>

>> Thank you !!

>

> You should of course revert to the latest known clean state - which

> ultimately means flatten and rebuild.

Well, that's a bit dire - it may not be at all necessary. It might be, but

it isn't the first thing I'd try.

March 9, 2008

> >Thank you !!

>

> You should of course revert to the latest known clean state - which

> ultimately means flatten and rebuild.

1. Get some nice free spyware remover, or at least scanner to get the

names of parasites. SuperAntiSpyware or Malwarebytes anti-malware to

name a few that have free versions, spyware terminator, etc.

2. If you opt for software that offers free scans only (Spyware

Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it

finds, there might be free solutions/information about these

parasites. Especially if you want to get out from this freely. You can

pay for them, if you wish.

3. Post hijackthis logs in forums and wait for help.

For the future, I strongly suggest updating browser if you still use

IE older than 6. IE 7 is much better if your PC can handle it.

March 10, 2008

Lanwench [MVP - Exchange] wrote:

> Straight Talk <b__nice@hotmail.com> wrote:

>

>>On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:

>>

>>

>>>Last nite my PC behaves normally, but this morning, it took over 1

>>>hour to boot up the XP.

>>>

>>>Now, in the tasking tray, I see tons and tons of messages are being

>>>sent out !

>>>

>>>I have not configure this PC to send out emails. I use webmails. But

>>>now my PC is sending out tons and tons of emails !!

>>>

>>>The symantec norton antivirus is doing the "Symantec Email Scan" on

>>>those emails and the emails are jamming up the system.

>>>

>>>What can I do ????

>>>

>>>What software should I use to remove this security breach ????

>>>

>>>Please help !!!!

>>>

>>>Thank you !!

>>

>>You should of course revert to the latest known clean state - which

>>ultimately means flatten and rebuild.

>

> Well, that's a bit dire - it may not be at all necessary. It might be, but

> it isn't the first thing I'd try.

>

>

Well, you've certainly picked up some malware. I wonder how Symantec

missed it.

March 10, 2008

Tom <t.wyckoff@verizon.net> wrote:

> Lanwench [MVP - Exchange] wrote:

>> Straight Talk <b__nice@hotmail.com> wrote:

>>

>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu

>>> wrote:

>>>> Last nite my PC behaves normally, but this morning, it took over 1

>>>> hour to boot up the XP.

>>>>

>>>> Now, in the tasking tray, I see tons and tons of messages are being

>>>> sent out !

>>>>

>>>> I have not configure this PC to send out emails. I use webmails.

>>>> But now my PC is sending out tons and tons of emails !!

>>>>

>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on

>>>> those emails and the emails are jamming up the system.

>>>>

>>>> What can I do ????

>>>>

>>>> What software should I use to remove this security breach ????

>>>>

>>>> Please help !!!!

>>>>

>>>> Thank you !!

>>>

>>> You should of course revert to the latest known clean state - which

>>> ultimately means flatten and rebuild.

>>

>> Well, that's a bit dire - it may not be at all necessary. It might

>> be, but it isn't the first thing I'd try.

>>

>>

> Well, you've certainly picked up some malware. I wonder how Symantec

> missed it.

I have? Oh my god! And I don't even have Symantec software on here!

Wait. Symantec is malware, and you must not have meant to reply to me .

:-)

March 10, 2008

"Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message

news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...

> Tom <t.wyckoff@verizon.net> wrote:

>> Lanwench [MVP - Exchange] wrote:

>>> Straight Talk <b__nice@hotmail.com> wrote:

>>>

>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu

>>>> wrote:

>>>>> Last nite my PC behaves normally, but this morning, it took over 1

>>>>> hour to boot up the XP.

>>>>>

>>>>> Now, in the tasking tray, I see tons and tons of messages are being

>>>>> sent out !

>>>>>

>>>>> I have not configure this PC to send out emails. I use webmails.

>>>>> But now my PC is sending out tons and tons of emails !!

>>>>>

>>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on

>>>>> those emails and the emails are jamming up the system.

>>>>>

>>>>> What can I do ????

>>>>>

>>>>> What software should I use to remove this security breach ????

>>>>>

>>>>> Please help !!!!

>>>>>

>>>>> Thank you !!

>>>>

>>>> You should of course revert to the latest known clean state - which

>>>> ultimately means flatten and rebuild.

>>>

>>> Well, that's a bit dire - it may not be at all necessary. It might

>>> be, but it isn't the first thing I'd try.

>>>

>>>

>> Well, you've certainly picked up some malware. I wonder how Symantec

>> missed it.

>

> <looks around frantically, in sudden terror>

>

> I have? Oh my god! And I don't even have Symantec software on here!

>

> Wait. Symantec is malware, and you must not have meant to reply to me

> .

>

> :-)

>

You must be the only one that doesn't have Symantec. ;-)

--

Computers make very fast, very accurate mistakes.

March 10, 2008

Ricky <rsjoiner@NO_SPAMbellsouth.net> wrote:

> "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in

> message news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...

>> Tom <t.wyckoff@verizon.net> wrote:

>>> Lanwench [MVP - Exchange] wrote:

>>>> Straight Talk <b__nice@hotmail.com> wrote:

>>>>

>>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu

>>>>> wrote:

>>>>>> Last nite my PC behaves normally, but this morning, it took over

>>>>>> 1 hour to boot up the XP.

>>>>>>

>>>>>> Now, in the tasking tray, I see tons and tons of messages are

>>>>>> being sent out !

>>>>>>

>>>>>> I have not configure this PC to send out emails. I use webmails.

>>>>>> But now my PC is sending out tons and tons of emails !!

>>>>>>

>>>>>> The symantec norton antivirus is doing the "Symantec Email Scan"

>>>>>> on those emails and the emails are jamming up the system.

>>>>>>

>>>>>> What can I do ????

>>>>>>

>>>>>> What software should I use to remove this security breach ????

>>>>>>

>>>>>> Please help !!!!

>>>>>>

>>>>>> Thank you !!

>>>>>

>>>>> You should of course revert to the latest known clean state -

>>>>> which ultimately means flatten and rebuild.

>>>>

>>>> Well, that's a bit dire - it may not be at all necessary. It

>>>> might be, but it isn't the first thing I'd try.

>>>>

>>> Well, you've certainly picked up some malware. I wonder how

>>> Symantec missed it.

>>

>> <looks around frantically, in sudden terror>

>>

>> I have? Oh my god! And I don't even have Symantec software on here!

>>

>> Wait. Symantec is malware, and you must not have meant to reply to

>> me .

>>

>> :-)

>>

> You must be the only one that doesn't have Symantec. ;-)

Oh, not by a long shot!

March 10, 2008

From: "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>

>> You must be the only one that doesn't have Symantec. ;-)

|

| Oh, not by a long shot!

|

I wish people would not confuse Norton AV with Symantec AV.

The difference between the corporate offering (Symantec AV) vs. the retail offering (Norton

AV) is night and day.

It is the retail version that pisses people off.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

March 10, 2008

David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:

> From: "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>

>

>

>>> You must be the only one that doesn't have Symantec. ;-)

>>

>> Oh, not by a long shot!

>>

>

> I wish people would not confuse Norton AV with Symantec AV.

> The difference between the corporate offering (Symantec AV) vs. the

> retail offering (Norton AV) is night and day.

>

> It is the retail version that pisses people off.

Well, I'm pretty pissed off at Symantec's abyssmal tech support for their

enterprise products, so I don't think I fall into the category of person to

which you refer. The only Symantec stuff I use at any client site is

BackupExec, and that's because I used to adore Veritas and Symantec hasn't

managed to entirely kill off that good product yet.

March 10, 2008

On Sun, 9 Mar 2008 11:09:17 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>Straight Talk <b__nice@hotmail.com> wrote:

>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:

>>

>>> Last nite my PC behaves normally, but this morning, it took over 1

>>> hour to boot up the XP.

>>>

>>> Now, in the tasking tray, I see tons and tons of messages are being

>>> sent out !

>>>

>>> I have not configure this PC to send out emails. I use webmails. But

>>> now my PC is sending out tons and tons of emails !!

>>>

>>> The symantec norton antivirus is doing the "Symantec Email Scan" on

>>> those emails and the emails are jamming up the system.

>>>

>>> What can I do ????

>>>

>>> What software should I use to remove this security breach ????

>>>

>>> Please help !!!!

>>>

>>> Thank you !!

>>

>> You should of course revert to the latest known clean state - which

>> ultimately means flatten and rebuild.

>

>Well, that's a bit dire - it may not be at all necessary.

Problem is, you wouldn't be able to tell whether it is or not unless

you have a baseline.

>It might be, but it isn't the first thing I'd try.

Trial and error against malware is a common but very stupid approach.

March 10, 2008

On Sun, 9 Mar 2008 09:01:08 -0700 (PDT), giedrius.majauskas@gmail.com

wrote:

>

>> >Thank you !!

>>

>> You should of course revert to the latest known clean state - which

>> ultimately means flatten and rebuild.

>

>1. Get some nice free spyware remover, or at least scanner to get the

>names of parasites.

How about getting a clue instead.

>SuperAntiSpyware or Malwarebytes anti-malware to

>name a few that have free versions, spyware terminator, etc.

What makes you believe these will work? - Advertising?

>2. If you opt for software that offers free scans only (Spyware

>Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it

>finds, there might be free solutions/information about these

>parasites. Especially if you want to get out from this freely. You can

>pay for them, if you wish.

Yeah, fill up your machine with anti-crap.....

>3. Post hijackthis logs in forums and wait for help.

>

>For the future, I strongly suggest updating browser if you still use

>IE older than 6. IE 7 is much better if your PC can handle it.

Better stay away from IE completely (with IE7 on Vista in protected

mode as a possible exception).

March 10, 2008

On Sun, 9 Mar 2008 21:39:46 -0500, "Ricky"

<rsjoiner@NO_SPAMbellsouth.net> wrote:

>

>"Lanwench [MVP - Exchange]"

><lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message

>news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...

>> Tom <t.wyckoff@verizon.net> wrote:

>>> Lanwench [MVP - Exchange] wrote:

>>>> Straight Talk <b__nice@hotmail.com> wrote:

>>>>

>>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu

>>>>> wrote:

>>>>>> Last nite my PC behaves normally, but this morning, it took over 1

>>>>>> hour to boot up the XP.

>>>>>>

>>>>>> Now, in the tasking tray, I see tons and tons of messages are being

>>>>>> sent out !

>>>>>>

>>>>>> I have not configure this PC to send out emails. I use webmails.

>>>>>> But now my PC is sending out tons and tons of emails !!

>>>>>>

>>>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on

>>>>>> those emails and the emails are jamming up the system.

>>>>>>

>>>>>> What can I do ????

>>>>>>

>>>>>> What software should I use to remove this security breach ????

>>>>>>

>>>>>> Please help !!!!

>>>>>>

>>>>>> Thank you !!

>>>>>

>>>>> You should of course revert to the latest known clean state - which

>>>>> ultimately means flatten and rebuild.

>>>>

>>>> Well, that's a bit dire - it may not be at all necessary. It might

>>>> be, but it isn't the first thing I'd try.

>>>>

>>> Well, you've certainly picked up some malware. I wonder how Symantec

>>> missed it.

>>

>> <looks around frantically, in sudden terror>

>>

>> I have? Oh my god! And I don't even have Symantec software on here!

>>

>> Wait. Symantec is malware, and you must not have meant to reply to me

>> .

>>

>> :-)

>>

>You must be the only one that doesn't have Symantec. ;-)

Had it on my first comp back in `99 for a month .

March 10, 2008

From: "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>

|

| Well, I'm pretty pissed off at Symantec's abyssmal tech support for their

| enterprise products, so I don't think I fall into the category of person to

| which you refer. The only Symantec stuff I use at any client site is

| BackupExec, and that's because I used to adore Veritas and Symantec hasn't

| managed to entirely kill off that good product yet.

|

That, I agree with you.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

March 10, 2008

"Ricky" <rsjoiner@NO_SPAMbellsouth.net> wrote in message

news:Wb1Bj.5481$r76.533@bignews8.bellsouth.net...

>

> "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in

> message news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...

>>

>> Wait. Symantec is malware, and you must not have meant to reply to me

>> .

>>

>> :-)

>>

> You must be the only one that doesn't have Symantec. ;-)

Wouldn't have it anywhere near one of my machines or a customer's.

--

Frank Saunders MS-MVP IE,OE/WM

www.fjsmjs.com

Do not reply with email

March 10, 2008

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:WK1Bj.2731$HA3.948@trnddc02...

> From: "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>

>

>

>>> You must be the only one that doesn't have Symantec. ;-)

> |

> | Oh, not by a long shot!

> |

>

> I wish people would not confuse Norton AV with Symantec AV.

> The difference between the corporate offering (Symantec AV) vs. the retail

> offering (Norton

> AV) is night and day.

>

> It is the retail version that pisses people off.

If they foist that crap on the poor, ignorant public they don't deserve

respect for anything.

--

Frank Saunders MS-MVP IE,OE/WM

www.fjsmjs.com

Do not reply with email

March 10, 2008

Straight Talk <b__nice@hotmail.com> wrote:

>>>

>>> You should of course revert to the latest known clean state - which

>>> ultimately means flatten and rebuild.

>>

>> Well, that's a bit dire - it may not be at all necessary.

>

> Problem is, you wouldn't be able to tell whether it is or not unless

> you have a baseline.

>

>> It might be, but it isn't the first thing I'd try.

>

> Trial and error against malware is a common but very stupid approach.

Nonsense. It depends entirely on the severity of the infestation. I won't

spend hours and hours on a troubled workstation, but if I can pretty easily

remove a not-very-invasive piece of malware or two, I simply do so. I don't

tell a client, "Sorry; I saw a popup - it's format time!" What is a "stupid

approach" (I merely quote you; I tend not to use such derogatory language)

is any hard and fast rule applied blindly regardless of situation.

March 11, 2008

On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>Straight Talk <b__nice@hotmail.com> wrote:

>> Trial and error against malware is a common but very stupid approach.

>

>Nonsense.

Not really.

>It depends entirely on the severity of the infestation.

Precisely. A severity you cannot determine without having a baseline.

>I won't spend hours and hours on a troubled workstation, but if I can pretty easily

>remove a not-very-invasive piece of malware or two, I simply do so.

And how exactly do you verify that the machine is now back in a

reliable state?

March 11, 2008

Straight Talk <b__nice@hotmail.com> wrote:

> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>

>> Straight Talk <b__nice@hotmail.com> wrote:

>

>>> Trial and error against malware is a common but very stupid

>>> approach.

>>

>> Nonsense.

>

> Not really.

>

>> It depends entirely on the severity of the infestation.

>

> Precisely. A severity you cannot determine without having a baseline.

>

>> I won't spend hours and hours on a troubled workstation, but if I

>> can pretty easily remove a not-very-invasive piece of malware or

>> two, I simply do so.

>

> And how exactly do you verify that the machine is now back in a

> reliable state?

Because it works and has no further symptoms when I run thorough scans.

That's generally good enough for a home user. Sorry, I'm bored now - done

with this thread. Have fun storming the castle.

March 11, 2008

On Tue, 11 Mar 2008 12:13:12 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>Straight Talk <b__nice@hotmail.com> wrote:

>> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>>

>>> Straight Talk <b__nice@hotmail.com> wrote:

>>

>>>> Trial and error against malware is a common but very stupid

>>>> approach.

>>>

>>> Nonsense.

>>

>> Not really.

>>

>>> It depends entirely on the severity of the infestation.

>>

>> Precisely. A severity you cannot determine without having a baseline.

>>

>>> I won't spend hours and hours on a troubled workstation, but if I

>>> can pretty easily remove a not-very-invasive piece of malware or

>>> two, I simply do so.

>>

>> And how exactly do you verify that the machine is now back in a

>> reliable state?

>

>Because it works and has no further symptoms when I run thorough scans.

This coming from someone bragging to be an MVP. Very sad.

>That's generally good enough for a home user.

That's very good news for malware writers.

>Sorry, I'm bored now - done

>with this thread. Have fun storming the castle.

Oh, yes. Go back to sleep, MVP bragger.

March 11, 2008

"Straight Talk" <b__nice@hotmail.com> wrote in message

news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...

> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>

>>Straight Talk <b__nice@hotmail.com> wrote:

>

>>> Trial and error against malware is a common but very stupid approach.

>>

>>Nonsense.

>

> Not really.

>

>>It depends entirely on the severity of the infestation.

>

> Precisely. A severity you cannot determine without having a baseline.

>

>>I won't spend hours and hours on a troubled workstation, but if I can

>>pretty easily

>>remove a not-very-invasive piece of malware or two, I simply do so.

>

> And how exactly do you verify that the machine is now back in a

> reliable state?

If you know what changes a malware made, you

can often reverse those changes and get the system

back to as reliable as it was before the malware hit.

Yes...it is that 'if' that is the bugger. Many malwares

allow communication outside the system so you no

longer know exactly what changes were made and

it is time to flatten and rebuild if you desire any sense

of confidence in its integrity.

March 12, 2008

On Tue, 11 Mar 2008 17:35:35 -0400, "FromTheRafters"

<Erratic@ne.rr.com> wrote:

>

>"Straight Talk" <b__nice@hotmail.com> wrote in message

>news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...

>> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"

>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>>

>>>Straight Talk <b__nice@hotmail.com> wrote:

>>

>>>> Trial and error against malware is a common but very stupid approach.

>>>

>>>Nonsense.

>>

>> Not really.

>>

>>>It depends entirely on the severity of the infestation.

>>

>> Precisely. A severity you cannot determine without having a baseline.

>>

>>>I won't spend hours and hours on a troubled workstation, but if I can

>>>pretty easily

>>>remove a not-very-invasive piece of malware or two, I simply do so.

>>

>> And how exactly do you verify that the machine is now back in a

>> reliable state?

>

>If you know what changes a malware made, you

>can often reverse those changes and get the system

>back to as reliable as it was before the malware hit.

That's true. Which, as I said, requires a baseline and a thorough

understanding. Most users don't have that.

>Yes...it is that 'if' that is the bugger. Many malwares

>allow communication outside the system so you no

>longer know exactly what changes were made and

>it is time to flatten and rebuild if you desire any sense

>of confidence in its integrity.

Yup.

Sign In

HELP ! My PC has been compromised !!

Recommended Posts

Guest penang@freemail.c3.hu

Popular Days

Popular Days

Guest David H. Lipman

Guest PA Bear [MS MVP]

Guest Patrick Keenan

Guest Straight Talk

Guest Lanwench [MVP - Exchange]

Guest giedrius.majauskas@gmail.com

Guest Tom

Guest Lanwench [MVP - Exchange]

Guest Ricky

Guest Lanwench [MVP - Exchange]

Guest David H. Lipman

Guest Lanwench [MVP - Exchange]

Guest Straight Talk

Guest Straight Talk

Guest bojimbo26one@aol.com

Guest David H. Lipman

Guest Frank Saunders MS-MVP IE,OE/WM

Guest Frank Saunders MS-MVP IE,OE/WM

Guest Lanwench [MVP - Exchange]

Guest Straight Talk

Guest Lanwench [MVP - Exchange]

Guest Straight Talk

Guest FromTheRafters

Guest Straight Talk

Join the conversation

Browse

Activity

Support