From: ship on
On Jan 21, 12:48 pm, "FromTheRafters" <erratic @nomail.afraid.org>
wrote:
> "ship" <ship...(a)gmail.com> wrote in message
>
> news:f75bd367-13c9-4a0b-8bc3-a07f31d4d3e6(a)14g2000yqp.googlegroups.com...
>
> >> Also, he made another post
> >> and I'm pretty sure there was no evidence his OS even had an
> >> infection;
> >> that is, his AV program found suspect files in the the temp directory
> >> and unopened e-mail attachments.
>
> > How can I discover *for sure* whether I have an actual infection or
> > whether
> > the above a just viruses that have been lying dormant (e.g. in emails)
> > and which have never
> > actually been exectuted?
>
> The fact that they reside in temp files is no guarantee that they don't
> exist elsewhere as well.
>
> You can attempt to fix your computer by using the various antimalware
> programs available, but if you want to feel confident about the results
> it is best to restore to factory specifications and rebuild from there.
> My gut feeling, in view of how many things were reportedly found, is
> that safe practices were not in place on this computer - all the more
> reason to flatten and rebuild at this point.
>
> The lying thief "The Real Truth MVP" (even its moniker is a lie) may be
> right about the temp files. If you clear the temp files out, a
> subsequent scan may come up clean. If you are happy with that as a
> result, then so be it. Personally, I feel that you should familiarize
> yourself with the use of the restore partition and getting the updates
> installed.

Ok... one thing though - what is to stop a virus from infecting all
your
previous restore points? (not to mention the restore process
itself...)

I am certainly leaning toward a complete flatten plus rebuild.

(I remain nervous that reinstalling msWindowsXP may prove hard even
though I have a valid Product Key on the back... but shall probably
risk it anyhow!)

Ship

From: Daave on
I really think you are worrying yourself needlessly, ship!

More comments inline.

ship wrote:
> On Jan 21, 12:48 pm, "FromTheRafters" <erratic @nomail.afraid.org>
> wrote:
>> "ship" <ship...(a)gmail.com> wrote in message
>>
>> news:f75bd367-13c9-4a0b-8bc3-a07f31d4d3e6(a)14g2000yqp.googlegroups.com...
>>
>>>> Also, he made another post
>>>> and I'm pretty sure there was no evidence his OS even had an
>>>> infection;
>>>> that is, his AV program found suspect files in the the temp
>>>> directory and unopened e-mail attachments.
>>
>>> How can I discover *for sure* whether I have an actual infection or
>>> whether
>>> the above a just viruses that have been lying dormant (e.g. in
>>> emails) and which have never
>>> actually been exectuted?
>>
>> The fact that they reside in temp files is no guarantee that they
>> don't exist elsewhere as well.
>>
>> You can attempt to fix your computer by using the various antimalware
>> programs available, but if you want to feel confident about the
>> results it is best to restore to factory specifications and rebuild
>> from there. My gut feeling, in view of how many things were
>> reportedly found, is that safe practices were not in place on this
>> computer - all the more reason to flatten and rebuild at this point.
>>
>> The lying thief "The Real Truth MVP" (even its moniker is a lie) may
>> be right about the temp files. If you clear the temp files out, a
>> subsequent scan may come up clean. If you are happy with that as a
>> result, then so be it. Personally, I feel that you should familiarize
>> yourself with the use of the restore partition and getting the
>> updates installed.
>
> Ok... one thing though - what is to stop a virus from infecting all
> your
> previous restore points? (not to mention the restore process
> itself...)

If a person had an *actual* infection at one point in time (this is
_not_ the same thing as suspicious temp files and unopened e-mail
attachments), then using System Restore to go back to a point in time
when the infection was active would be a very bad thing to do! That is
why it is recommended to turn it off, then on again (this deletes all
the old restore points) once the infection is successfully removed. But
if you never had an infection, those points aren't necessarily
"infected." Still, it would be wise to clean house anyway (with regard
to System Restore).

> I am certainly leaning toward a complete flatten plus rebuild.

It may very well not be necessary, but at least you would finally have
peace of mind. :-)

> (I remain nervous that reinstalling msWindowsXP may prove hard even
> though I have a valid Product Key on the back... but shall probably
> risk it anyhow!)

It depends on the method you use. If you use the hidden recovery
partition, there might not even be a need to enter a Product Key (I know
Dells work that way). If you obtain a generic OEM XP Pro installation
CD, then your Product Key from the COA sticker *will* work. If for some
reason, automatic activation over the Internet doesn't occur, simply
follow the prompts for telephone activation.

I'm sure your recovery partition is fine. I doubt very much that the
malware writers were targetting *your* particular make and model of PC!
If you're truly that paranoid, take out the hard drive and obliterate it
and purchase a new one. :-) (Then again, you might start worrying about
your CMOS chip being infected... :-) )

But seriously, stop being so nervous!


From: David H. Lipman on
From: "ship" <shiphen(a)gmail.com>

| From carmel:
>> It has some information that might prove useful to you. You might be
>> interested in: DriverMax <http://www.innovative-sol.com/drivermax/>
>> also. It could save you a lot of time. Prior to running it, do insure
>> that you have the latest drivers installed.

| Driver max sounds like it allows you to upload your current drivers
| onto
| their website and then download them again into your freshly formatted
| computer.

| But surely this is extremely dangerous in my case where I have been
| infected, because a virus could burn itself into one of my drivers and
| would then be unwittingly re-installed, no?

| Ship

What viruses ?

NONE were viruses in your log excerpts !

Therefore -- NO!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: "FromTheRafters" erratic on
"ship" <shiphen(a)gmail.com> wrote in message
news:d0c573ce-cd58-40ea-ab62-9f1b3ff5fdca(a)b9g2000yqd.googlegroups.com...

FTR said [some stuff]

[...]

> You can attempt to fix your computer by using the various antimalware
> programs available, but if you want to feel confident about the
> results
> it is best to restore to factory specifications and rebuild from
> there.
> My gut feeling, in view of how many things were reportedly found, is
> that safe practices were not in place on this computer - all the more
> reason to flatten and rebuild at this point.

[...]

> Personally, I feel that you should familiarize yourself
> with the use of the restore partition and getting the
> updates installed.

....and then you - "ship" said...

Ok... one thing though - what is to stop a virus from infecting all
your previous restore points? ...

***
Don't confuse "Restore Points" with the EISA restore partition. These
are totally different things.
***

.... (not to mention the restore process itself...)

***
This is known to have happened (not infection specifically, but
interference nonetheless).
***

I am certainly leaning toward a complete flatten plus rebuild.

(I remain nervous that reinstalling msWindowsXP may prove hard even
though I have a valid Product Key on the back... but shall probably
risk it anyhow!)

[...]

***
After several attempts to install and dual boot Linux/Windows XP on this
laptop, I finally gave up. I figured I'd just use an XP Pro CD that I
had to reinstall XP. I discovered the "Access IBM" button brought up the
option to restore from the hidden partition.

Easy as falling off a log - as they say.

Afterward, to avoid having to go through the update process (service
packs) in the future, I imaged the harddrive (with MaxBlast - powered by
Acronis) so I could recover more easily the next time. I *still* have
the EISA partition intact even though I probably won't need to use it
again.
***