| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Remove TrojanHorseDialer virus by hand twiddling files and the regi |
From: Mike N. On Thu, 03 Feb 2005 16:28:27 -0800, Randall Parker wrote: >Can I hope to get the virus off her machine without a complete reinstall? You can likely remove it, but fully repairing / restoring from the damage it caused or settings it changed is unknown and depends on fhe virus. A quick fix for the top 50 viruses is - Stinger from http://vil.nai.com/vil/stinger/ It's often better than standard AV software in removing a virus. One of my favorite techniques for real problem cases is to boot from a BartPE CD http://www.nu2.nu/pebuilder/ with a USB flash drive containing a toolkit of the current version and signatures my AV tools. Upon booting, I have full rights to the C: drive and can see all files regardless of any possible previous attempts by the virus to hide or lock itself. Then in my toolkit on the USB Flash, run F-prot anti virus. I can run the command line scanner fpcmd.exe to scan for all current viruses. After trashing the virus, disconnect from the internet and try to restore the machine so it won't be reinfected. There are several ways it might have primed the machine so it can reinfect after removal. Use HijackThis to get a list of all startups and pay particular attention to BHOs (browser helper objects, which could redownload the virus as soon as the browser is opened). Hijack This: http://www.merijn.org/files/hijackthis.zip HijackThis output interpreter help: http://www.hijackthis.de/en Silent Runners - very complete http://www.silentrunners.org/sr_thescript.html Uninstall suspicious looking "searchbar" type of applications. Scan with SpyBot and AdAware. >How do viruses implant themselves? In the registry to run when the OS starts? Into OS >files? Yes to all the above; some will rename the OS execuable so they are invoked each time the OS executable was intended, then they chain the original OS executable. The original infection probably came via E-mail or the Browser. Although with XP SP2, the browser is less likely to be the infection vector unless there was an intentional install of a browser download or active-X control. >Can one download the service pak from MS not using WindowsUpdate and just slam it on >top of the virus-infected files? I've never tried this type of technique. --- BBBS/NT v4.01 Flag-5* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45) SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.