Search results for query: *

@ Ghost... Today I had a very similar situation to the one you described where a customer reported that their PC had been reinfected. She said that since I had cleaned it, she had only visited foodnetwork.com, and checked her email on Yahoo Webmail (through her pop.att.yahoo.com webmail...

I have found common registry installation points for these infections. If someone can find a way to block these keys from changes, lock out new entries -- or the equivalent -- it would go a long way towards a fast-and-simple solution. (Of course, it may not be possible -- this isn't my area of...

Speaking of sharing, I had a very rewarding virus-hunting experience today. Today, I documented some substantial evidence of how this fraudware is loading. Initial symptom: Every time the customer powered up his laptop it would eventually display: "Error loading...

The only reason I consider PDF's as a possible vector, is that when I clean up PC's that have had these infections, I almost always find at least one read-only PDF file with a "gibberish" name, in one or more of the temp folders -- which I rarely find when tuning up a non-infected PC. This...

@ghost123uk... Just out of curiosity, is there any correlation between the people who get the infections, and their use of PDF documents?

Ok, that explains the differences in experiences. I start at the other end of the process... I almost always boot to UBCD first, find and quarantine the viral components, and clean the hostile startups, BHOs, Toolbars, and logons. That "breaks" the virus. Then I reboot and use the AV/AM...

@kjv1611 Not soliciting any trade secrets, but just out of curiosity... What do you do for infections like Sysguard and IS2010, when the system will only boot to a warning message and go no further, or boots completely, but won't allow any other processes to run...? (In normal OR Safe mode?)...

@kjv1611... Frankly, I haven't seen much change in the performance of Spybot over the past two years -- it still works pretty much as well for me now as it did then. Adaware is still bad. I had another bad run-in with it on a customer's PC just yesterday. Spybot is pretty much passive the...

You can always trust a condescending, smarter-than-thou techie with an ego the size of Texas. ...Especially if he criticizes people he doesn't know, with backgrounds, skills, and experience that may be more impressive than his...! ...You can take my word on this, because I'm an expert on...

@ fj62alex WinsockFix doesn't tell you what it found (or didn't find.) If you don't care whether anything was actually found or corrected, use it instead. I find Spybot and MBAM roughly equal, with different strengths and weaknesses, because they use different methods to do what they do...

P.S. Nothing *functional* could live through a format. Hypothetically. What lives in the bootsector is another matter entirely.

Tonight I have been working on cleaning a new variation of the Internet Security 2010 infection that somehow got past Kaspersky... The first I have seen to do that. ...Which only goes to support my answer to your question. There are none that fit all of your requirements. ...And if there...

1.) Download Spybot S&D and the manual update -- and LSPFix to a USB drive. (You can get all three from Majorgeeks.com) 2.) Disconnect your Internet connection. 3.) Run LSPFix to delete helper32.dll from your LSP. 4.) Check your Internet connection settings, you will probably find that...

If you need guaranteed results -- "wipe and reload" is the only acceptable guaranteed answer. Anything else entails a greater amount of risk. I have yet to find a tool that will allow me to verifiably repair an MBR infection -- and I want one very badly. Frankly, I'm a little skeptical that...

Missed a post from Goom that I have to respond to here: UBCD is NOT a Linux CD. It is a Windows Pre-Environment based on BartPE.

From my customers, I am seeing infections through pretty much ALL security apps -- including Avira and Eset (which are two of the "top three" I recommend -- the third being Kaspersky.) This is just a limited observation, of course. I'm just a "one-tech shop".

I define "manual" as any tool that does not make distinctions between normal and hostile components, and completely relies on the expertise of the user to decide what elements to delete or modify. I consider HJT a "manual" tool for exactly that reason. All it does is report components from...

@ jamesbird and electronicsfreak: Sorry I missed this thread when it was fresh. I'm an independent PC tech, and I crave sharing good info with peers, but I don't get much opportunity. 1.) The vast majority of IT techs focus on using automated tools to clean infections. I have found that to...

Did you check the hosts file? I just found one today that had almost all the search engine sites listed in it as 127.0.0.1. If you were using HJT, click on "other tools" and see if you can open and check the hosts file. If you find a long list of cr*p, reset it. If you already did this...

Simon-- That is certainly a viable option, and I have also done that. It's really a question of what resources and environments are available to the technician. For me, it's usually faster to pull the drive and clean it "externally" using both manual and automated processes. My key point...