Locked out
in [Viruses]
|
From: 123Jim on 29 Jun 2010 17:53 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9DA6B130FCFC1HHI2948AJD832(a)69.16.185.250... > "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in > news:i0d49k$l82$1(a)news.eternal-september.org: > >> I should have said .. before any of that .. try a system restore in >> safe mode .. .. but if that does not restore your access to the web .. >> then go ahead try internet options reset, as suggested in my earlier >> post. >> >> >> > > Do *NOT* initiate a system restore if your hit by one of those rogue > applications. First, system restore should have been taken offline by it, > second, system restore can do further damage in this case by replacing > files it thinks are damaged with actually modified ones. Not to mention > the > registry issues you'll be dealing with. > > It's too late now for System Restore to help you. > Do you have a link that substantiates your statement? I don't think antivirus 7 is that clever: http://www.bleepingcomputer.com/virus-removal/remove-antivirus7
From: Dustin Cook on 29 Jun 2010 18:21 "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in news:i0dq1m$ejb$1(a)news.eternal-september.org: > "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message > news:Xns9DA6B130FCFC1HHI2948AJD832(a)69.16.185.250... >> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >> news:i0d49k$l82$1(a)news.eternal-september.org: >> >>> I should have said .. before any of that .. try a system restore in >>> safe mode .. .. but if that does not restore your access to the web >>> .. then go ahead try internet options reset, as suggested in my >>> earlier post. >>> >>> >>> >> >> Do *NOT* initiate a system restore if your hit by one of those rogue >> applications. First, system restore should have been taken offline by >> it, second, system restore can do further damage in this case by >> replacing files it thinks are damaged with actually modified ones. >> Not to mention the >> registry issues you'll be dealing with. >> >> It's too late now for System Restore to help you. >> > > Do you have a link that substantiates your statement? A link to confirm system restore is usually disabled? Or that it won't fix things? -- I'm just an ordinary average guy. My friends are all boring, and so am I. We're just ordinary average guys. We all lead ordinary lives, with average kids and average wifes. We all go bowling at the bowling lanes; drink a few beers bowl a few frames. We're just ordinary average guys.
From: 123Jim on 29 Jun 2010 19:01 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9DA6BB03EEB48HHI2948AJD832(a)69.16.185.247... > "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in > news:i0dq1m$ejb$1(a)news.eternal-september.org: > >> "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message >> news:Xns9DA6B130FCFC1HHI2948AJD832(a)69.16.185.250... >>> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >>> news:i0d49k$l82$1(a)news.eternal-september.org: >>> >>>> I should have said .. before any of that .. try a system restore in >>>> safe mode .. .. but if that does not restore your access to the web >>>> .. then go ahead try internet options reset, as suggested in my >>>> earlier post. >>>> >>>> >>>> >>> >>> Do *NOT* initiate a system restore if your hit by one of those rogue >>> applications. First, system restore should have been taken offline by >>> it, second, system restore can do further damage in this case by >>> replacing files it thinks are damaged with actually modified ones. >>> Not to mention the >>> registry issues you'll be dealing with. >>> >>> It's too late now for System Restore to help you. >>> >> >> Do you have a link that substantiates your statement? > > A link to confirm system restore is usually disabled? Or that it won't > fix things? > You say: "system restore can do further damage in this case by replacing files it thinks are damaged with actually modified ones." I am interested to read about this behaviour by a rogue AV, or other malware. .. I don't find that to be the case for Antivirus 7 .. (the rogue referred to by the OP). I find system restore often fails even on clean systems in normal boot mode. It usually works in safe mode though, as long as there is a suitable restore point. (yes a restore point can contain active malware, but if it does, just select an earlier restore point - whichever one allows access to the websites required to remove all malware, as linked in Peter's post for example) Also the OP only needs to access the web page I linked in my earlier post to download files and alternative, but also useful advice on removing 'Antivirus 7' .. but this rogue is clever enough to prevent the opening of that page as it is blocking web access except through its special 'pay up now' webpage. cheers
From: Dustin Cook on 29 Jun 2010 19:12 "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in news:i0du05$sq3$1(a)news.eternal-september.org: > "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message > news:Xns9DA6BB03EEB48HHI2948AJD832(a)69.16.185.247... >> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >> news:i0dq1m$ejb$1(a)news.eternal-september.org: >> >>> "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message >>> news:Xns9DA6B130FCFC1HHI2948AJD832(a)69.16.185.250... >>>> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >>>> news:i0d49k$l82$1(a)news.eternal-september.org: >>>> >>>>> I should have said .. before any of that .. try a system restore >>>>> in safe mode .. .. but if that does not restore your access to the >>>>> web .. then go ahead try internet options reset, as suggested in >>>>> my earlier post. >>>>> >>>>> >>>>> >>>> >>>> Do *NOT* initiate a system restore if your hit by one of those >>>> rogue applications. First, system restore should have been taken >>>> offline by it, second, system restore can do further damage in this >>>> case by replacing files it thinks are damaged with actually >>>> modified ones. Not to mention the >>>> registry issues you'll be dealing with. >>>> >>>> It's too late now for System Restore to help you. >>>> >>> >>> Do you have a link that substantiates your statement? >> >> A link to confirm system restore is usually disabled? Or that it >> won't fix things? >> > > You say: "system restore can do further damage in this case by > replacing files it thinks are damaged with actually modified ones." Yes. it's not difficult for malware to patch key system files. You understand that system restore relies on a local stored copy of the supposed "good" file, right? I have seen numerous malware samples patch windows critical files in realtime, and the "clean" backups as well; And windows will happily copy those files over anytime I tried to fix the bad one. System restore is a treasure trove for re-infecting a system. Everytime an executable in the windows folder is deleted or modified, windows backs it up. it'll happily restore that bad copy when you tell it too. Once a system is comprimised, system restore is no longer reliable and it's safe points should be purged. They may very well contain other nasties he's already cleaned up. > I find system restore often fails even on clean systems in normal boot > mode. It usually works in safe mode though, as long as there is a > suitable restore point. (yes a restore point can contain active > malware, but if it does, just select an earlier restore point - > whichever one allows access to the websites required to remove all > malware, as linked in Peter's post for example) I see. Are you one of those psuedo techies or something? > Also the OP only needs to access the web page I linked in my earlier > post to download files and alternative, but also useful advice on > removing 'Antivirus 7' .. but this rogue is clever enough to prevent > the opening of that page as it is blocking web access except through > its special 'pay up now' webpage. I have a strong suspicion the antivirus rogue will also try and block executing sas, malwarbytes and a slew of other antimalware applications. Based on your understanding that you present here of what's happening... the OP isn't going to benefit from a system restore. it will likely, only make things worse. -- I'm just an ordinary average guy. My friends are all boring, and so am I. We're just ordinary average guys. We all lead ordinary lives, with average kids and average wifes. We all go bowling at the bowling lanes; drink a few beers bowl a few frames. We're just ordinary average guys.
From: 123Jim on 30 Jun 2010 03:26 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9DA6C3BBFD13FHHI2948AJD832(a)69.16.185.250... > "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in > news:i0du05$sq3$1(a)news.eternal-september.org: > >> "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message >> news:Xns9DA6BB03EEB48HHI2948AJD832(a)69.16.185.247... >>> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >>> news:i0dq1m$ejb$1(a)news.eternal-september.org: >>> >>>> "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message >>>> news:Xns9DA6B130FCFC1HHI2948AJD832(a)69.16.185.250... >>>>> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >>>>> news:i0d49k$l82$1(a)news.eternal-september.org: >>>>> >>>>>> I should have said .. before any of that .. try a system restore >>>>>> in safe mode .. .. but if that does not restore your access to the >>>>>> web .. then go ahead try internet options reset, as suggested in >>>>>> my earlier post. >>>>>> >>>>>> >>>>>> >>>>> >>>>> Do *NOT* initiate a system restore if your hit by one of those >>>>> rogue applications. First, system restore should have been taken >>>>> offline by it, second, system restore can do further damage in this >>>>> case by replacing files it thinks are damaged with actually >>>>> modified ones. Not to mention the >>>>> registry issues you'll be dealing with. >>>>> >>>>> It's too late now for System Restore to help you. >>>>> >>>> >>>> Do you have a link that substantiates your statement? >>> >>> A link to confirm system restore is usually disabled? Or that it >>> won't fix things? >>> >> >> You say: "system restore can do further damage in this case by >> replacing files it thinks are damaged with actually modified ones." > > Yes. it's not difficult for malware to patch key system files. You > understand that system restore relies on a local stored copy of the > supposed "good" file, right? I have seen numerous malware samples patch > windows critical files in realtime, and the "clean" backups as well; And > windows will happily copy those files over anytime I tried to fix the bad > one. System restore is a treasure trove for re-infecting a system. > Everytime an executable in the windows folder is deleted or modified, > windows backs it up. it'll happily restore that bad copy when you tell it > too. Once a system is comprimised, system restore is no longer reliable > and it's safe points should be purged. They may very well contain other > nasties he's already cleaned up. > >> I find system restore often fails even on clean systems in normal boot >> mode. It usually works in safe mode though, as long as there is a >> suitable restore point. (yes a restore point can contain active >> malware, but if it does, just select an earlier restore point - >> whichever one allows access to the websites required to remove all >> malware, as linked in Peter's post for example) > > I see. Are you one of those psuedo techies or something? > >> Also the OP only needs to access the web page I linked in my earlier >> post to download files and alternative, but also useful advice on >> removing 'Antivirus 7' .. but this rogue is clever enough to prevent >> the opening of that page as it is blocking web access except through >> its special 'pay up now' webpage. > > I have a strong suspicion the antivirus rogue will also try and block > executing sas, malwarbytes and a slew of other antimalware applications. > Based on your understanding that you present here of what's happening... > the OP isn't going to benefit from a system restore. it will likely, only > make things worse. > > Anything is possible I suppose, but most likely it would simply fail to restore. If I was fixing the OP's system I would use the Avira rescue disk first of all, but I am asumming that the OP can't access the web through the browser and couldn't begin that process ..
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: I want some source code to study it Next: Virus, Worm, Rootkit or ? |