Dismiss Notice
Guest, I have a big favor to ask you. We've been working very hard to establish ourselves on social media. If you like/follow our pages it would be a HUGE help to us. SoSH on Facebook and Inside the Pylon Thanks! Nip

Spyware 201

Discussion in 'BYTE ME: Technology discussion' started by Blacken, Jul 12, 2008.

  1. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Preemptive Defense (and a few tips for enjoyment of your computer):
    • Get Firefox 3.5. Firefox 3 is a lot more responsive than Firefox 2 was. It also fixes a number of bugs that were pretty gnarly (using up over a gigabyte of memory at a time? yeah, I'll pass). It is CPU-dependent, however, and slower, older computers (I'd say below 1GHz Pentium III and 1.4GHz Pentium IV) should stick to Firefox 2. You can download Firefox 3 for Windows here. If you already use Firefox it may automatically upgrade to Firefox 3, but by default it will not (their automatic updater won't update major version revisions, so 2.whatever won't automatically update to 3.0).

      There have been a couple of changes to the user interface you were probably used to in Firefox 2. The new method of history searching is awesome. You don't have to type just web addresses because it searches your cache on the fly, both URLs and page titles--so to reach the SoSH Car Salesman thread, all I'd need to do is type in "SoSH Car Salesman," Firefox would pop up any pages I've visited with "SoSH Car Salesman" in the page title or in the URL. This is a brilliant feature that you will love. The downside to this is that the new dropdown bar layout they use looks like canned ass. I recommend the OldBar extension to fix the way it looks (but keep the Firefox 3 history search function, because, like I said, it's awesome). You can visit the OldBar Firefox Add-ons page.
      • Get AdBlock Plus to save your sanity. SoxScout was spot-on with this. If I have to use somebody else's computer now I start getting an eye twitch from all the ads. I haven't seen them, except on sites I choose to unblock (because I like the site and want them to make their money off my hits), for years. Once you install Firefox 3, you can install AdBlock Plus just by going to the Firefox Add-ons page for it.
    • Get a virus scanner. Some people will recommend AVG, by Grisoft. I will disagree most strongly with them because their business practices really, really, really suck and their software is slow and kind of iffy. Like SoxScout, I recommend Avast!, which is free for home use. Install it, let it schedule a boot-time scan, and it'll find anything that's currently in ur computer, killin' ur perf. Do not use McAfee or Norton; they are shit (Symantec is not bad...but I'd personally rather Avast!.) Trend Micro is crap too, but at least it's working crap. Among all the commercial antivirus applications, the only one I've ever seen significant benefits over Avast! is Kapersky. Kapersky is not cheap, but it's good.

      Keep in mind that you are not invulnerable when you have a virus scanner, it won't catch everything, and you need to still use your head when browsing the web, running applications, etc. The consequences for not doing so can be pretty dire. I will enumerate some helpful suggestions below.
    • Get a firewall. This is easy. Windows XP (Service Pack 2 or later--if you aren't running Service Pack 2 or Service Pack 3, you can download SP2 at that link, I don't have a SP3 link offhand), Windows 2003, Windows Vista, and Windows 2008 all come with Windows Firewall. It's as good as anything you can buy or download. Turn it on in the Control Panel's Security Center.

      Do not use ZoneAlarm or other equivalent crap. Most of the problems I encounter that are firewall-related come from ZoneAlarm shitting the bed.
    • Get a spyware scanner. In the Bad Old Days, you were responsible for your own spyware protection. Programs like Ad-Aware and Spybot were all the rage. Spybot is still useful, but its interface sucks, it's not good at telling the user what's dangerous (spyware) and what's not (tracking cookies), and it's just...kind of average. There are better tools. Avoid shit like Spyware Terminator or any of the other fly-by-night programs out there; they won't help much compared to the below programs.

      Normally I don't recommend Microsoft software, but Windows Defender is good (no surprise, they bought it from someone else). It has real-time protection, which nobody else does well, and it's a pretty solid spyware tracker and eliminator to boot. If you have Windows Vista, Defender came with it. If you're on Windows XP or Windows 2003, you can get it here. If you're still using Windows 2000, you can get Defender too, but you'll need to jump through some hoops; if you don't understand how to follow the steps outlined in this Knowledge Base article, you really shouldn't still be using Windows 2000. If you're still on 98SE, ME, or 95, go fucking upgrade right now.

      Generally, if you get spyware'd, Spybot and the like might kill it--and might not, too. That's why you will want to get and install this program ahead of time: HijackThis, the only good thing Trend Micro has ever published, mostly because they bought it from the guys who wrote it. HijackThis is a very, very high-powered, entirely user-unfriendly tool that will find and fix damn near any problem you encounter. Spyware, invasive IE toolbars (which you shouldn't have installed; see the notes below), all that crap will die in a fire when HijackThis comes to town. Keep in mind that this tool is very dangerous to use without guidance or a lot of knowledge about how Windows works. Unless you know what you're doing (as a rule, if I'm telling you anything new with this post, you don't know what you're doing), you should only ever use this tool with assistance. HijackThis can create log files which you can share with those who can tell you what items in it are safe and what items are not. Post 'em here if you want, I or someone else can look it over.

      Also good, and thanks to a ton of people who mentioned it, is Malwarebytes. It's similar in approach to Spybot, but seems (totally apocryphally) faster, and generally seems to do a better job of rooting out the little fuckers.

      If you come posting "I tried to use HijackThis without help and now my computer won't run," I will laugh at your stupid, stupid face.
    If You Get Infected--Mounting A Resistance:
    • Make peace with your god or gods of choice. This is Step 1 because it is important to realize that, in the majority of cases, it is not a practical idea to try to eradicate the spyware or viruses infesting your computer. In almost all cases I have ever encountered, it was cheaper, faster, and much, much easier to just format the computer and reinstall Windows. There are very few good reasons to attempt a recovery.
    • Run HijackThis and get somebody knowledgeable to go over it. Post it here if you want (as an attachment, don't just flood the thread)--I'm sure somebody will go over it. Try not to do anything with the computer once you've done this. Don't turn it off, just let it sit. The reason for this is that a lot of viruses tend to do things at boot time and shutdown time. Your HijackThis log can be invalidated if you reboot the computer, because some viruses will shift around. Once you get a response from your guru of choice, check the items he flags as "bad" in HijackThis and click "Fix Checked." Do not reboot the computer yet.
    • Run your virus scanner in boot scan mode. This is a menu option in Avast!; since that's all I use, I can't help you with other AV solutions. Do this before you reboot after running HijackThis, because the one-two punch can sometimes knock out the viruses. (Don't get your hopes up. It will usually fail.)
    • Consider bringing it to a professional. This is, realistically, about as much as you can do to fix it. (Please, please don't ask your relatives or friends who are good with computers to come fix your computer unless you're willing to pay. Computer professionals hate that shit.) Geek Squad sucks, but in some areas it might be all you can do. Ask around before taking your computer to anybody--everybody's got horror stories of snooped computers. A professional will be likely to just pave the thing and hand you a DVD of your data, quite possibly after having looked through your financial spreadsheets and copied all your porn to their private stash. If you have anything you don't want anybody else to see, do not take it to anyone else.
    • If bringing it to a professional to fix is not an option, get ready to reformat and reinstall. First order of business--make sure you have your install CD. (It'll say "Installation CD," not "Recovery CD.") If you have a restore disc for your computer, treat this as a lesson: do not buy a computer without installation media. Go BitTorrent one or something if all you have is a recovery or system restore CD, because I can't help you and neither can most people. Second order of business--have your drivers. Most computers come with a CD full of drivers. If you've lost this, go punch yourself in the balls. If you didn't get a driver CD (or, after you've punched yourself in the balls, if you've lost the CD), go to the manufacturer's website. There's usually a Support section where you can punch in your computer's unique ID/serial number and download all the drivers.
    • Get your data off the machine. Boot the computer (if it's unbootable, post here and I or somebody else can try to help you) and copy data to CDs or a flash drive. Then scan the CD/flash drive for viruses. Hopefully it's clean; if it's not, you can delete the bad data and reburn the CD or rescan the flash drive. Some viruses infect the boot sector or cause it to autorun and install viruses on any system they're plugged into. Make sure this isn't the case, or you will be going through this song and dance again.
    • Reinstall. Put the install CD in the drive and reboot. (If it tries to boot from the hard drive, you'll need to select a boot device. Most computers will have a "press (some key) to select boot device" line on the splash screen when the computer first starts up--press it and select CDROM. Go through the steps of the install. Select the defaults unless you have a pressing reason not to.
    • Go reapply all the steps under "preemptive defense". Self-explanatory.
    Using Your Computer Safely
    I'll add to this as time goes on/questions pop up.
    • Don't use Internet Explorer. This is an iron-fucking-clad directive. IE is fucking bad. Yes, IE7 is better. It's still bad. Unless you know how to be safe about your computer, delete the IE shortcut off your desktop and your start menu. If you have a website that requires IE (using ActiveX or something), I recommend that you use the IETab extension for Firefox; you can get it at its Firefox Add-ons page. It's still IE, so it's insecure (don't browse using IETab except for those sites that require it), but it minimizes your use of it and the available attack surface.
    • This is IMPORTANT: avoid stuff like Andoscan or "Antispyware 2008" or whatever. Lots and lots of malware programs are masquerading as real stuff. I would honestly suggest just sticking to stuff in this thread, and stuff in this thread only; if there's something you have a question about, post here, somebody here can probably tell you if it's safe.
    Apropos of nothing:
    • Registry cleaners are (almost entirely) useless. This is the computer equivalent of snake oil. There are some cases where a registry cleaner can be helpful to remove a specific program that doesn't have an uninstaller (or, more likely, the installer puked on your shoes), the vast, vast, vast majority of the time they are useless. Sometimes (such as with XP Media Center), they can render your computer nonfunctional because they delete "unnecessary" keys that are actually...err...necessary. "Performance improvements" from registry cleaners are almost entirely in your head. You might save a tiny, tiny scrap of RAM here and there or maybe shave a second off your boot time, but the risk:reward ratio is waaaaaaaaay too high. I don't know anybody who recommends the use of this stuff.

      In addition, I'd stay way the hell away from any of the cleaners advertised in banner ads, popups, etc.--you cannot verify their authenticity and they're a very common entry point for spyware. And if they want you to pay for it, give them the finger.

      This is not a blanket indictment of all tools that happen to have registry cleaning functionality; some are fine programs that have "registry cleaner" as a feature tickmark to get the attention of people who think that's somehow a good thing. One program that comes to mind that I would generally advise against using is CCleaner, however, as I've heard reports (nothing substantiated) that it can hose your machine. I haven't seen any reliable tests that point to a significant performance benefit from CCleaner, so I have to advise against it.
    EDIT: A bunch of edits and updates to the information in here. Thanks particularly to Rev for suggesting the bit about Andoscan and the other fake-apps and to the bajillion people who rightly said I was completely wrong about Malwarebytes.
     
  2. DJnVa

    DJnVa Yes

    Messages:
    17,253
    Heh--the newbie is a NERD.
     
  3. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Nerds have no social skills. I'm a geek, motherfucker.

    Nerds - technical knowledge, no social skills
    Geeks - technical knowledge, social skills (Nip an exception?)
    Dweebs - dumb as a post, no social skills

    (No, I'm not sure I'm joking.)
     
  4. Sille Skrub

    Sille Skrub Dope Dope

    Messages:
    4,222
    Welcome to Spyware 201! I think we can move on from the thread that was started in 2005.

    Where do dorks fit in in this scenario?
     
  5. DannyHeep

    DannyHeep well trained post artisan Lifetime Member SoSH Member

    Messages:
    17,398

    Average intelligence, below average fighting and social skills.
     
  6. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Check your nearest trash can.
     
  7. wibi

    wibi Member SoSH Member

    Messages:
    10,187
    I wouldnt be joking about this post. I am a Geek and proud of it.

    Great post BTW
     
  8. Foulkey Reese

    Foulkey Reese foulkiavelli SoSH Member

    Messages:
    21,785
    Yea now that Firefox has fixed their memory leak issues, there's just no excuse for anybody to still be using Internet Explorer.

    Great post.
     
  9. Rod Becks Mullet

    Rod Becks Mullet Member SoSH Member

    Messages:
    2,023
    I just loaded Firefox V3 and now Sportsline doesn't work on my computer. Anybody else have this issue or know about it? Any way of fixing it. I have all my fantasy leagues through Sportsline and don't want to have to keep switching to IE to check them.
     
  10. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
    This is the one and only thing I hate about Firefox... I've been following along with this thread in the Mozilla forums but no one has an answer. It really sucks.

    Sportsline says:
    I have tried everything I could think of and all the suggestions in that tread with no avail.

    What I have been using is IE Tab, you right click on your fantasy bookmark and click "Open in IE Tab", and the tab opens inside your Firefox browser. Not the ideal fix, but better than opening IE all together.
     
  11. Rod Becks Mullet

    Rod Becks Mullet Member SoSH Member

    Messages:
    2,023
    Very annoying, whatever the issue is, I'm having it when I go to Deadspin also.
     
  12. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Both work for me. What version of Flash do you have installed?
     
  13. Rod Becks Mullet

    Rod Becks Mullet Member SoSH Member

    Messages:
    2,023
    I've got 9.0.124.0 installed according to the website. Not sure where to find this on my computer to verify it though.
     
  14. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Huh. That's what I have installed, and it's fine. IETab is probably the easiest solution.
     
  15. drleather2001

    drleather2001 given himself a skunk spot SoSH Member

    Messages:
    25,015
    I'm having some serious malware issues (computer running slow, browser hijacks up the ass, wallpaper changed and won't change back...). Can someone help me with the HiJack this process?

    Thanks.
     
  16. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Run it, save the log, upload the log, link to the log. (Don't post it here in the topic, please.)
     
  17. grantb

    grantb Couldn't get into a real school Silver Supporter SoSH Member

    Messages:
    2,022
    Some good, free programs that will help keep your system safe.

    Spyware Doctor (simple, straightforward spyware immunization, detector and remover)
    Download
    Spybot Search & Destroy (in addition to many of the features of Spyware Doctor, in the tools option, has a feature that shows all the startup programs and will allow you to disable many of the hijacking programs, allowing you to manually fix files)
    Download
    AVG Anti-Virus Free (does a little bit of everything, but most importantly it protects and removes virus' and spyware)
    Download

    Now, once your computer is clean (or it is a new computer) you can download a program that will "deep freeze" your system. What this means is that when your computer restarts, it will reload exactly as it was when you "froze" it. All virus, spyware or changes to windows that could harm your system are reversed back to their original state. This also means your internet history, any saved files, cookies, etc. are lost if they were not on the system when you froze it. You can unfreeze your computer, but this requires a restart that will again, reload the original point. The program I use, Returnil Virtual System, is free, and allows you to create a virtual partition that allows you to save files to the hard drive without unfreezing the system. This program is really the best way to prevent your system from slowing, getting a virus, or failing all together. I highly recommend it.
    Download
     
  18. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    AVG is crap. Spybot is old crap. Spyware Doctor is worse. I covered that in the first post.

    Returnil doesn't give you a significant advantage over something like Volume Shadow Copy, which comes with Vista (for XP, there are a number of better solutions, such as Ghosting your drive), and requires a subscription to get the version that's actually worthwhile, so if you let your subscription lapse there's no guarantee you can continue to manipulate your data. Recommending this for somebody who doesn't already know what they're doing is, frankly, irresponsible--and people who do know don't need it.
     
  19. grantb

    grantb Couldn't get into a real school Silver Supporter SoSH Member

    Messages:
    2,022
    I understand you think it's crap, but it's certainly some of the best free software out there that the regular computer user can function without screwing their system. I have to admit I've never used Avast!, but with Returnil I haven't had any reason to.

    One disadvantage ghosting has (Vista is new crap) is that it takes up a good amount of memory and harddrive disk space. In addition, you may never know exactly when the virus or spyware started, making it difficult to accurately determine which past copy to use. You have to buy ghosting programs and an external device to record the images onto as well. Certainly not free.

    As far as your assertions about Returnil, I couldn't disagree more. You've obviously never used the free version of the program; it is very user friendly. 95% of users could completely and adequately protect their computers with system protection mode or session locking alone, which is included in the free version. The virtual partition is a nice bonus that is also included in the free version. There is no term to how long you can use the free version, so there is no risk in not being able to manipulate data. In addition, you can always uninstall the program when in an unprotected mode. I originally used a trial version of DeepFreeze, and had no problem uninstalling it when the trial term expired.
    Without any virus protection or spyware detection, Returnil could protect your computer 100% when activated.
     
  20. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    You're right, I haven't used it. I avoid that sort of crapware. If I wanted a state permanence program, I would vgo buy DeepFreeze, which is a one-time fee and a supported application by a well-known company.

    Wrong. It's fairly trivial for a rootkit to defeat these sorts of tools (writing to the BIOS or the MBR), because your recommendation, instead of preventing damage, would rather go "oh well, just rewind" instead of learning not to install shitware. It suddenly becomes A-OK to download virus-laden software and trojans because you are protected!...except you're not. Furthermore, how do you know when you're infected? You un-freeze it to install an app, re-freeze it, and heeeey, your PROTECTED! drive is now a carrier. (Anybody who says that that doesn't happen doesn't know users.) At least with VSC or other ghosting solutions you can recover from that.

    And don't say "well, my virus scanner would catch it"--because unless you screw with the defaults (and maybe even then), your virus definitions won't persist outside of the current session when the application reverts to the "frozen" state.

    And when the computer goes tits-up and somebody has to recover the data? Or are you suggesting that the computer guru install the app on his computer?

    See above. The fun part is that it's not even that hard for a malware author to exploit that false sense of security.
     
  21. ookami7m

    ookami7m Well-Known Member Lifetime Member SoSH Member

    Messages:
    4,558
    You can also set certain sites to always open in IE Tabs in the IETab preference window FYI
     
  22. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,748
    Good piece on the dreaded malware "XP Antivirus 2008" now up at The Register.
     
  23. Steve Dillard

    Steve Dillard wishes drew noticed him instead of sweet & sour SoSH Member

    Messages:
    4,459
    Vista Service Pack download says it will do me the favor of checking for malware and unauthorized software. That's great, but umm, as a hypo, is an unregistered Microsoft Office Suite considered unauthorized software, or do they mean bad unauthorized software?

    Should I download Service Pack 1?
     
  24. Dogman2

    Dogman2 Yukon Cornelius Dope

    Messages:
    13,536
    Question. My machine is still picking up spyware but it is getting blocked by Spyware Dr. Anything else I can do that is precautionary? Run a boot scan with Avast consistently?
     
  25. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    What's the spyware it's detecting?
     
  26. Dogman2

    Dogman2 Yukon Cornelius Dope

    Messages:
    13,536
    Residual from XPantispyware 2009. Spyware purged it and I haven't picked up anything since.
     
  27. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Boot into safe mode and delete the files directly, I'd guess.
     
  28. David Laurila

    David Laurila Barbara Walters' Illegitimate Son Lifetime Member SoSH Member

    Messages:
    1,730
    Anyone know the best way to get rid of the Internet Speed Monitor virus? This irritating little bastard repeatedly fills your screen with pop-up ads.
     
  29. grantb

    grantb Couldn't get into a real school Silver Supporter SoSH Member

    Messages:
    2,022
  30. PaulinMyrBch

    PaulinMyrBch Don't touch his dog food Lifetime Member SoSH Member

    Messages:
    8,206
    I'm in the middle of the av2009 infections. I think I've knocked it out, but I'm monitoring.
     
  31. geoduck no quahog

    geoduck no quahog Well-Known Member Lifetime Member SoSH Member

    Messages:
    10,590
    I'm downloading Avast now. Following along with other recommendations here, I should also download Defender and Hijack This.

    Question: My computer has the Comcast McAfee Security Suite installed. Should I disable all or part of this Suite? I'm concerned with the potential for all of these programs (really only Defender vs. McAfee, I guess) slowing my computer down by doing redundant functions.

    These are the McAfee Switches:

    Automatic Updates
    Alerts

    Virus Protection (automatic file scanning)
    Spyware Protection
    System Protection
    Script Scanning Protection

    Personal Information Protection

    E-Mail Protection
     
  32. PedroSpecialK

    PedroSpecialK Comes at you like a tornado of hair and the NHL sa Silver Supporter SoSH Member

    Messages:
    23,791
    On my Windows Vista Ultimate, I keep getting a popup by something that's trying to look like a windows security center message that tells me I have a trojan and links me to this site. I've already run Adaware, HiJackThis, AVG etc. Haven't found any answers on this French forum, other than it's a recognized glitch or what have you. It's just annoying as hell. If it helps, here's a picture of the popup:

    [​IMG]
     
  33. geoduck no quahog

    geoduck no quahog Well-Known Member Lifetime Member SoSH Member

    Messages:
    10,590
    I downloaded and installed Avast as recommended. Outlook 2003 has not been able to send e-mails ever since. I've gone to all of the support forums and done what they suggested. I've spoken with my provider. Apparently Avast changed something in my program that the uninstall left corrupted. I'll need to seek professional help now.

    The Avast site is pretty user unfriendly. It won't even let me register with the e-mailed registration key in order to submit a ticket. It's located in Czechoslovakia so there's no one to call.

    Please be careful if you're considering installing Avast. From the user forums, I'm apparently not the only one having these problems.

    It could be me, but I doubt it.

    {edit: Microsoft was able to solve the problem with a remote connect. I have no idea what they did as all of the settings appear to be identical to what they were. It's possible that the problem had nothing to do with Avast, but it would be a surprising coincidence. Who knows. It's too bad because I liked it when I had it}
     
  34. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    There's bigger problems than slowdowns. McAfee is pretty notorious for thinking that other AV systems are viruses.

    I can't speak as to your problem with Outlook 2003, though it just sounds like you could have disabled Mail Shield to allow SMTP to your mail server.
     
  35. mabrowndog

    mabrowndog Ask me about total zone...or paint Lifetime Member SoSH Member

    Messages:
    39,676
    Geoduck, I had the McAfee Security Suite as well, free from Comcast. I removed the entire thing and haven't missed it one bit. Avast and Windows Defender Firewall are handling things very nicely.

    I'll never cease to be amazed at how intrusive and disruptive McAfee and Norton Anti-Virus were.
     
  36. Harry Hooper

    Harry Hooper Well-Known Member Lifetime Member SoSH Member

    Messages:
    24,748

    PSK, you can try THIS.
     
  37. Jneen

    Jneen America's Dairyland Lifetime Member SoSH Member

    Messages:
    10,617
    I'm trying to dowload Avast on a brand new Dell mini laptop, but it keeps getting to about 17% installed, then stopping dead.

    WTF?
     
  38. HomeBrew1901

    HomeBrew1901 Has Season 1 of "Manimal" on Blu Ray SoSH Member

    Messages:
    9,225
    My computer has gotten overrun with viruses, it seems to have started with Microsoft 09 thing above.

    I've downloaded Avast and that started to fix the problem, I also downloaded firefox 3 and I keep getting annoying pop-ups for stupid shit. How do I stop those?

    I also just downloaded the malwarebytes.

    Anything else I should be doing? Is my best bet to take it to Best Buy or some other computer store and have them take everything off and perform a new install?

    Thanks
     
  39. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Don't need to read any further. Pave it. (Once they're there, it's not usually worth trying to recover it.)

    Most reasonably competent people can do it themselves; going to Best Buy is asking to get fleeced, but probably the smart move if you don't feel comfortable doing it.
     
  40. SoxScout

    SoxScout Well-Known Member Lifetime Member SoSH Member

    Messages:
    30,142
  41. DJnVa

    DJnVa Yes

    Messages:
    17,253

    System restore should work, no?
     
  42. Jneen

    Jneen America's Dairyland Lifetime Member SoSH Member

    Messages:
    10,617
    not that anyone cares, but I tried the Avast download again and it worked fine- set it for boot scan as recommended here.

    Maybe they were just overloaded with requests for download on Christmas morning or something.
     
  43. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Depends on how far back the infection is. A system restore of a day or two is OK (although there are viruses that can hide in areas that don't get touched by System Restore). It sounds like this is an ongoing issue, and system restoring across longer periods of time has this charming habit of leaving the Windows Registry as swiss cheese (installed apps/plugins/doodads/whatever are still on the hard disk, but have no registry entries).

    As a rule I won't System Restore past a week or so unless a) I'm sure that they haven't done anything system-persistent and b) I know exactly when the infection occurred.
     
  44. wibi

    wibi Member SoSH Member

    Messages:
    10,187
    I strongly suggest running No Script for Firefox.

    I just got tagged (still have no clue how) with the wdmaud.sys file issue which causes all my searches to redirect through 7.7.7.0 and ends up borking google and yahoo search capabilies.

    Only way to fix it is to either run No Script or delete wdmaud.sys from your System32 folder.

    It appears that running an older version of Acrobat Reader allowed my FIL to send me an infected file. This issue uses javascript as its shortcut which is why No Script defeats it.
     
  45. DannyHeep

    DannyHeep well trained post artisan Lifetime Member SoSH Member

    Messages:
    17,398
    Pave it?
     
  46. mabrowndog

    mabrowndog Ask me about total zone...or paint Lifetime Member SoSH Member

    Messages:
    39,676
    As in "Paradise, put up a parking lot."
     
  47. wibi

    wibi Member SoSH Member

    Messages:
    10,187
    AKA reformat and reinstall OS
     
  48. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    NoScript is nice, but I found it to be a hassle. Good if you're willing to put up with it, though.

    An easier solution would probably be to gank the infection, though.
     
  49. wibi

    wibi Member SoSH Member

    Messages:
    10,187
    No Script was my interim fix since the virus was borking my Google and Yahoo searches. Ask! worked just fine though ... LOL
     
  50. Blacken

    Blacken Robespierre in a Cape SoSH Member

    Messages:
    11,980
    Ask! is probably not important enough for a virus to block it. :)
     

Share This Page