From: John Navas on
On Tue, 10 Aug 2010 20:44:55 -0400, in
<i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters"
<erratic(a)nomail.afraid.org> wrote:

>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com...
>> On Tue, 10 Aug 2010 07:45:46 -0400, in
>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
>> <erratic(a)nomail.afraid.org> wrote:
>>
>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>
>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>>>>
>>>>>> I thought "this class of virus" would be specific enough,
>>>>>> but you're right that I should have been clearer,
>>>>>> and I thank you for the clarification.
>>>>>
>>>>>Just curious, what did you mean by 'this class of virus' and the
>>>>>infection of possibly needed executables?
>>>>
>>>> I meant the class of virus that implants its own executable files,
>>>> and protects them from most methods of removal. Sorry for not being
>>>> more clear.
>>>
>>>That's okay. You are correct that self-contained replicator files can
>>>be
>>>deleted outright - there is nothing there that needs to be salvaged,
>>>but
>>>Ramnit.a actually modifies (infects/trojanizes) preexisting program
>>>files (although not with a replicant).
>>
>> That depends on the actual problem, what the anti-virus system is or
>> is
>> not able to remove and disinfect on its own. According to this
>> report:
>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
>> Win32/RAMNIT.A modifies few essential executables. My own experience
>> with Microsoft Security Essentials (cf OP) is that only non-essential
>> files are missed in this case. Do you have experience to the
>> contrary?
>
>No, but I think I understand what you are saying now.

I understood what I was saying in the first post, thank you very much.

--
John

"Never argue with an idiot. He'll drag you down to his level
and then beat you with experience." -Dr. Alan Zimmerman
From: FromTheRafters on
"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com...
> On Tue, 10 Aug 2010 20:44:55 -0400, in
> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters"
> <erratic(a)nomail.afraid.org> wrote:
>
>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com...
>>> On Tue, 10 Aug 2010 07:45:46 -0400, in
>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
>>> <erratic(a)nomail.afraid.org> wrote:
>>>
>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>>
>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>>>>>
>>>>>>> I thought "this class of virus" would be specific enough,
>>>>>>> but you're right that I should have been clearer,
>>>>>>> and I thank you for the clarification.
>>>>>>
>>>>>>Just curious, what did you mean by 'this class of virus' and the
>>>>>>infection of possibly needed executables?
>>>>>
>>>>> I meant the class of virus that implants its own executable files,
>>>>> and protects them from most methods of removal. Sorry for not
>>>>> being
>>>>> more clear.
>>>>
>>>>That's okay. You are correct that self-contained replicator files
>>>>can
>>>>be
>>>>deleted outright - there is nothing there that needs to be salvaged,
>>>>but
>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting program
>>>>files (although not with a replicant).
>>>
>>> That depends on the actual problem, what the anti-virus system is or
>>> is
>>> not able to remove and disinfect on its own. According to this
>>> report:
>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
>>> Win32/RAMNIT.A modifies few essential executables. My own
>>> experience
>>> with Microsoft Security Essentials (cf OP) is that only
>>> non-essential
>>> files are missed in this case. Do you have experience to the
>>> contrary?
>>
>>No, but I think I understand what you are saying now.
>
> I understood what I was saying in the first post, thank you very much.

Oh, that's rich. The old "I knew what I meant".

Unfortunately, some users might consider some non-essential files as
needed files and they don't always have backups of them. Your stated
method does nothing to retain or recover them.


From: John Navas on
On Wed, 11 Aug 2010 07:13:33 -0400, in
<i3u0l1$eel$1(a)news.eternal-september.org>, "FromTheRafters"
<erratic(a)nomail.afraid.org> wrote:

>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com...
>> On Tue, 10 Aug 2010 20:44:55 -0400, in
>> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters"
>> <erratic(a)nomail.afraid.org> wrote:
>>
>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com...
>>>> On Tue, 10 Aug 2010 07:45:46 -0400, in
>>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>
>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>>>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>>>
>>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>>>>>>
>>>>>>>> I thought "this class of virus" would be specific enough,
>>>>>>>> but you're right that I should have been clearer,
>>>>>>>> and I thank you for the clarification.
>>>>>>>
>>>>>>>Just curious, what did you mean by 'this class of virus' and the
>>>>>>>infection of possibly needed executables?
>>>>>>
>>>>>> I meant the class of virus that implants its own executable files,
>>>>>> and protects them from most methods of removal. Sorry for not
>>>>>> being
>>>>>> more clear.
>>>>>
>>>>>That's okay. You are correct that self-contained replicator files
>>>>>can
>>>>>be
>>>>>deleted outright - there is nothing there that needs to be salvaged,
>>>>>but
>>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting program
>>>>>files (although not with a replicant).
>>>>
>>>> That depends on the actual problem, what the anti-virus system is or
>>>> is
>>>> not able to remove and disinfect on its own. According to this
>>>> report:
>>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
>>>> Win32/RAMNIT.A modifies few essential executables. My own
>>>> experience
>>>> with Microsoft Security Essentials (cf OP) is that only
>>>> non-essential
>>>> files are missed in this case. Do you have experience to the
>>>> contrary?
>>>
>>>No, but I think I understand what you are saying now.
>>
>> I understood what I was saying in the first post, thank you very much.
>
>Oh, that's rich. The old "I knew what I meant".
>
>Unfortunately, some users might consider some non-essential files as
>needed files and they don't always have backups of them. Your stated
>method does nothing to retain or recover them.

Are you rude by nature, or do you have to work at it?

--
John

"Never argue with an idiot. He'll drag you down to his level
and then beat you with experience." -Dr. Alan Zimmerman
From: FromTheRafters on
"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
news:v5e566tpfo771brf2g3tnvpfgv8hqiv5ma(a)4ax.com...
> On Wed, 11 Aug 2010 07:13:33 -0400, in
> <i3u0l1$eel$1(a)news.eternal-september.org>, "FromTheRafters"
> <erratic(a)nomail.afraid.org> wrote:
>
>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com...
>>> On Tue, 10 Aug 2010 20:44:55 -0400, in
>>> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters"
>>> <erratic(a)nomail.afraid.org> wrote:
>>>
>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com...
>>>>> On Tue, 10 Aug 2010 07:45:46 -0400, in
>>>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
>>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>>
>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>>>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>>>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>>>>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>>>>
>>>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>>>>>>>
>>>>>>>>> I thought "this class of virus" would be specific enough,
>>>>>>>>> but you're right that I should have been clearer,
>>>>>>>>> and I thank you for the clarification.
>>>>>>>>
>>>>>>>>Just curious, what did you mean by 'this class of virus' and the
>>>>>>>>infection of possibly needed executables?
>>>>>>>
>>>>>>> I meant the class of virus that implants its own executable
>>>>>>> files,
>>>>>>> and protects them from most methods of removal. Sorry for not
>>>>>>> being
>>>>>>> more clear.
>>>>>>
>>>>>>That's okay. You are correct that self-contained replicator files
>>>>>>can
>>>>>>be
>>>>>>deleted outright - there is nothing there that needs to be
>>>>>>salvaged,
>>>>>>but
>>>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting
>>>>>>program
>>>>>>files (although not with a replicant).
>>>>>
>>>>> That depends on the actual problem, what the anti-virus system is
>>>>> or
>>>>> is
>>>>> not able to remove and disinfect on its own. According to this
>>>>> report:
>>>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
>>>>> Win32/RAMNIT.A modifies few essential executables. My own
>>>>> experience
>>>>> with Microsoft Security Essentials (cf OP) is that only
>>>>> non-essential
>>>>> files are missed in this case. Do you have experience to the
>>>>> contrary?
>>>>
>>>>No, but I think I understand what you are saying now.
>>>
>>> I understood what I was saying in the first post, thank you very
>>> much.
>>
>>Oh, that's rich. The old "I knew what I meant".
>>
>>Unfortunately, some users might consider some non-essential files as
>>needed files and they don't always have backups of them. Your stated
>>method does nothing to retain or recover them.
>
> Are you rude by nature, or do you have to work at it?

I took the statement "I understood what I was saying in the first post,
thank you very much." as rude and responded in kind.

Good bye.


From: John Navas on
On Wed, 11 Aug 2010 12:04:27 -0400, in
<i3uhme$qrv$1(a)news.eternal-september.org>, "FromTheRafters"
<erratic(a)nomail.afraid.org> wrote:

>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>news:v5e566tpfo771brf2g3tnvpfgv8hqiv5ma(a)4ax.com...
>> On Wed, 11 Aug 2010 07:13:33 -0400, in
>> <i3u0l1$eel$1(a)news.eternal-september.org>, "FromTheRafters"
>> <erratic(a)nomail.afraid.org> wrote:
>>
>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com...
>>>> On Tue, 10 Aug 2010 20:44:55 -0400, in
>>>> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters"
>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>
>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com...
>>>>>> On Tue, 10 Aug 2010 07:45:46 -0400, in
>>>>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters"
>>>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>>>
>>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com...
>>>>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in
>>>>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters"
>>>>>>>> <erratic(a)nomail.afraid.org> wrote:
>>>>>>>>
>>>>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message
>>>>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com...
>>>>>>>>
>>>>>>>>>> I thought "this class of virus" would be specific enough,
>>>>>>>>>> but you're right that I should have been clearer,
>>>>>>>>>> and I thank you for the clarification.
>>>>>>>>>
>>>>>>>>>Just curious, what did you mean by 'this class of virus' and the
>>>>>>>>>infection of possibly needed executables?
>>>>>>>>
>>>>>>>> I meant the class of virus that implants its own executable
>>>>>>>> files,
>>>>>>>> and protects them from most methods of removal. Sorry for not
>>>>>>>> being
>>>>>>>> more clear.
>>>>>>>
>>>>>>>That's okay. You are correct that self-contained replicator files
>>>>>>>can
>>>>>>>be
>>>>>>>deleted outright - there is nothing there that needs to be
>>>>>>>salvaged,
>>>>>>>but
>>>>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting
>>>>>>>program
>>>>>>>files (although not with a replicant).
>>>>>>
>>>>>> That depends on the actual problem, what the anti-virus system is
>>>>>> or
>>>>>> is
>>>>>> not able to remove and disinfect on its own. According to this
>>>>>> report:
>>>>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
>>>>>> Win32/RAMNIT.A modifies few essential executables. My own
>>>>>> experience
>>>>>> with Microsoft Security Essentials (cf OP) is that only
>>>>>> non-essential
>>>>>> files are missed in this case. Do you have experience to the
>>>>>> contrary?
>>>>>
>>>>>No, but I think I understand what you are saying now.
>>>>
>>>> I understood what I was saying in the first post, thank you very
>>>> much.
>>>
>>>Oh, that's rich. The old "I knew what I meant".
>>>
>>>Unfortunately, some users might consider some non-essential files as
>>>needed files and they don't always have backups of them. Your stated
>>>method does nothing to retain or recover them.
>>
>> Are you rude by nature, or do you have to work at it?
>
>I took the statement "I understood what I was saying in the first post,
>thank you very much." as rude and responded in kind.

When you treat someone with discourtesy,
it's a bit disingenuous to complain about some mild pushback.

>Good bye.

Good bye to you too.

--
John

"Never argue with an idiot. He'll drag you down to his level
and then beat you with experience." -Dr. Alan Zimmerman