Locked out
in [Viruses]
|
From: David Kaye on 30 Jun 2010 10:29 "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote: >If you are unable to access the above websites .. you may need to close IE, >then reset IE to it's original state: >Control Panel > internet options > advanced > reset > apply > ok >Now restart IE and go ahead with Peter's suggestions. If IE fails to connect to websites, be sure to go into Tools, Internet Options, Connections tab, LAN Settings, and uncheck "Use a proxy server". Lots of malware programs set this.
From: David Kaye on 30 Jun 2010 10:33 Dustin Cook <bughunter.dustin(a)gmail.com> wrote: >Do *NOT* initiate a system restore if your hit by one of those rogue >applications. First, system restore should have been taken offline by it, >second, system restore can do further damage in this case by replacing >files it thinks are damaged with actually modified ones. Not to mention the >registry issues you'll be dealing with. > >It's too late now for System Restore to help you. I'm inclined to agree with this, but I have found a manual restore works really well. Unfortunately for the casual user, a manual restore is a big BIG pain to do. It involves booting from a non-windows environment on CD, going to their file manager and manually copying the 5 critical registry files to the config folder. This is not for the amateur; it's too easy to screw up. And be sure to restore to a date at least a few days before the infection was visible.
From: Dustin Cook on 30 Jun 2010 14:49 "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in news:i0erjh$n4k$1(a)news.eternal-september.org: > "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message > news:Xns9DA6C3BBFD13FHHI2948AJD832(a)69.16.185.250... >> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >> news:i0du05$sq3$1(a)news.eternal-september.org: >> >>> "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message >>> news:Xns9DA6BB03EEB48HHI2948AJD832(a)69.16.185.247... >>>> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >>>> news:i0dq1m$ejb$1(a)news.eternal-september.org: >>>> >>>>> "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message >>>>> news:Xns9DA6B130FCFC1HHI2948AJD832(a)69.16.185.250... >>>>>> "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote in >>>>>> news:i0d49k$l82$1(a)news.eternal-september.org: >>>>>> >>>>>>> I should have said .. before any of that .. try a system restore >>>>>>> in safe mode .. .. but if that does not restore your access to >>>>>>> the web .. then go ahead try internet options reset, as >>>>>>> suggested in my earlier post. >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> Do *NOT* initiate a system restore if your hit by one of those >>>>>> rogue applications. First, system restore should have been taken >>>>>> offline by it, second, system restore can do further damage in >>>>>> this case by replacing files it thinks are damaged with actually >>>>>> modified ones. Not to mention the >>>>>> registry issues you'll be dealing with. >>>>>> >>>>>> It's too late now for System Restore to help you. >>>>>> >>>>> >>>>> Do you have a link that substantiates your statement? >>>> >>>> A link to confirm system restore is usually disabled? Or that it >>>> won't fix things? >>>> >>> >>> You say: "system restore can do further damage in this case by >>> replacing files it thinks are damaged with actually modified ones." >> >> Yes. it's not difficult for malware to patch key system files. You >> understand that system restore relies on a local stored copy of the >> supposed "good" file, right? I have seen numerous malware samples >> patch windows critical files in realtime, and the "clean" backups as >> well; And windows will happily copy those files over anytime I tried >> to fix the bad one. System restore is a treasure trove for >> re-infecting a system. Everytime an executable in the windows folder >> is deleted or modified, windows backs it up. it'll happily restore >> that bad copy when you tell it too. Once a system is comprimised, >> system restore is no longer reliable and it's safe points should be >> purged. They may very well contain other nasties he's already cleaned >> up. >> >>> I find system restore often fails even on clean systems in normal >>> boot mode. It usually works in safe mode though, as long as there is >>> a suitable restore point. (yes a restore point can contain active >>> malware, but if it does, just select an earlier restore point - >>> whichever one allows access to the websites required to remove all >>> malware, as linked in Peter's post for example) >> >> I see. Are you one of those psuedo techies or something? >> >>> Also the OP only needs to access the web page I linked in my earlier >>> post to download files and alternative, but also useful advice on >>> removing 'Antivirus 7' .. but this rogue is clever enough to >>> prevent the opening of that page as it is blocking web access except >>> through its special 'pay up now' webpage. >> >> I have a strong suspicion the antivirus rogue will also try and block >> executing sas, malwarbytes and a slew of other antimalware >> applications. Based on your understanding that you present here of >> what's happening... the OP isn't going to benefit from a system >> restore. it will likely, only make things worse. >> >> > > Anything is possible I suppose, but most likely it would simply fail > to restore. | Here's the list of most important changes: | - improved interaction with Windows System Restore; namely, avast now auto-repairs itself when it detects a corrupted VPS due to a System Restore (or other reasons) This is one of the changes made to the newest release of Avast antivirus. That's a case of system restore corrupting a legitimate program if it's used to "go back" prior to getting infected. I maintain that once you have confirmed somethings on the machine, System Restore is no longer a viable option. The only purpose it has at that point is possibly good registry hives. The executables would be suspect until confirmed clean. -- I hate when I just miss a call by the last ring (Hello? Hello? Damn it!), but when I immediately call back, it rings nine times and goes to voicemail. What did you do after I didn't answer? Drop the phone and run away?
From: David on 30 Jun 2010 20:29 Thank you, I did contact the them and they gave me the instruction, I dont think it was an accident, I think the site is set up in such a way so you need to pay them so you can open any other programmes. David "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:i0fkd6$mu1$4(a)news.eternal-september.org... > "123Jim" <jnkjnjnini(a)uhnuhnunuhnuy.invalid> wrote: > >>If you are unable to access the above websites .. you may need to close >>IE, >>then reset IE to it's original state: >>Control Panel > internet options > advanced > reset > apply > ok >>Now restart IE and go ahead with Peter's suggestions. > > If IE fails to connect to websites, be sure to go into Tools, Internet > Options, Connections tab, LAN Settings, and uncheck "Use a proxy server". > Lots of malware programs set this. >
First
|
Prev
|
Pages: 1 2 3 Prev: I want some source code to study it Next: Virus, Worm, Rootkit or ? |