Post #316,882
11/7/09 2:14:47 PM
|
XP Issue
Laptop other than mine, which does run Ubuntu, so please spare me the reformat and reinstall linux chatter ;-),
was infected with a particular nasty, which I got most of...BUT it has disabled regedit and task manager...
I can run the group sec manager and get them back temporarily...but the issue re-occurs fairly quickly, even without reboot...
Where and what should I be looking for to kill this particular reset? Registry keys?..this one has me duped for now and I don't want to spend hours on it and I REALLY don't want to have to do a full blown reinstall, though that probably is the wisest course of action...but then I have to reset everything, backup Outlook, restore it..call MS to get clearance for the office install...yadda...
Any ideas are welcome.
I will choose a path that's clear. I will choose freewill.
|
Post #316,884
11/7/09 2:29:22 PM
|
I know!
1) Reboot.
2) Defragment your hard disk.
3) Install the latest service pack.
4) Uninstall all 3rd party applications.
5) Buy a copy of MS Office.
6) Install Vista^w7.
Was I close?
(Sorry.)
Brontok? http://www.raymond.c...isabled-by-virus/
Some removal tools: http://www.raymond.c...an-brontok-virus/
HTH a little. Good luck.
Cheers,
Scott.
|
Post #316,888
11/7/09 4:43:41 PM
|
Well..
..I already bought Office 07. But its a home/enterprise copy with limited installs...So the fact that the desktop already died once and this is the second go around on the laptop...I've hit the install counter...so I have to call to enable...PITA that I dont want to deal with.
RRT is pretty much a virus in itself. Very annoying adware unless you pay.
I will choose a path that's clear. I will choose freewill.
|
Post #316,887
11/7/09 4:12:09 PM
|
Re: XP Issue
Had one like that three weeks ago. Booting in safe mode was also disabled.
These are getting pretty hard to clean out now.
I did the Ctrl-Alt-Del to bring up the process manager and stopped processes until "Can't run Programs" message didn't come up any more. Then I ran ComboFix and MalwareBytes.
Then I could boot in safe mode and ran ComboFix again letting it come back up in standard mode to do it's final clean-up.
Ran them both again in standard mode and cleaned up any junk I could see using Hijack This.
Then I installed AVG Antivirus and scanned again, but it didn't find anything.
|
Post #316,889
11/7/09 4:46:17 PM
|
Thanks, I'll give those a try
they are getting really hard to clean now. This is the first real stumper for me. Even deleting the registry keys for the policy editor re: taskman and regedit doesn't work..whatever they put in there is buried pretty well.
I will choose a path that's clear. I will choose freewill.
|
Post #316,894
11/7/09 5:41:09 PM
|
One important point.
Get your ComboFix from Bleeping Computer. The bad guys have plenty of sites from which you can download "ComboFix" but not the one that works.
|
Post #316,947
11/9/09 3:15:42 AM
|
Where do these people go...
...on the internet in order to get these ferociously unpleasant infections?
Serious question.
|
Post #316,948
11/9/09 3:23:58 AM
11/9/09 3:36:50 AM
|
To date . . .
. . not a one of them has any idea. Some who have picked them up are rather conservative in their browsing habits.
Legit servers are increasingly being invaded and compromised - maybe that's where they encounter them.
Since I do a lot of searching, every few days I click on a link, and instead of the site I get a "spyware checker" that pretends to have started scanning my disks for infections, putting up very Windows-like messages and progress bar. Of course the "Cancel" button doesn't work. Of course the "checker" also doesn't know I'm running OS/2.
It's probably things like that that inject the infections.
|
Post #316,951
11/9/09 7:05:52 AM
|
Lost mine last night. Wasn't even at the computer.
firefox and chrome were left open on multiple sites.
Point, no click was required. Guessing it was flash borne.
I will choose a path that's clear. I will choose freewill.
|
Post #317,000
11/9/09 6:26:27 PM
|
There is a problem with ad networks reselling ad space.
They buy and sell space to from other ad networks, to the extend that some sites have no idea what sorts of ads will be shown. Then when one ad gets obnoxious and the site gets complaints, they try to trace it back and discover that the transaction went through four people, for instance.
Most ad networks take very hard lines against problematic ads because sites and networks can and do turn off advertising from whole vendors. But all it takes is one network to sell to someone dodgy, even by accident, and for a short time something nefarious can be on even the most blue-ribbon site.
Wade.
Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
|
Post #317,104
11/11/09 9:11:00 AM
|
I have seen that
When my computer at work got hit with a trojan it was through a flash/PDF exploit in an ad on Digg.
Jay
|