Captain Colonoscopy
2[H]4U
- Joined
- Feb 19, 2004
- Messages
- 3,861
hmmm, yeah, works now.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Very good guide. However, Spybot's best days are long long past gone. Now it's slow, buggy and can't detect meaningful spyware anymore.
Very good guide. However, Spybot's best days are long long past gone. Now it's slow, buggy and can't detect meaningful spyware anymore.
MBAM, it seems, is becoming too popular. The last three Vundo variants I've seen I have been unable to install or run MBAM at all. For some reason, though, I've been able to install SuperAntiSpyware and actually run it to remove them....
Yeah I ran into a few machines several months ago that were hit with that REALLY nasty new variant of Windows Police Pro. That variant was the toughest one I've ever run across. Anyways, one of it's features...blocked installs, and running...of your usual cleaning programs.
MalwareBytes for example, I renamed the installer "installmwb.com"...and then the executable to launch it from mbam.exe to something like mally.com...and run it.
SymantecUnhookexec.inf restores some of the shell\open\command functions which are hosed by the rogues.
man I hate to be such a downer but I really cant agree with the philosophy of this thread.
Not all spyware can be removed, and from a security standpoint if thats true in my mind it means that no spyware can be removed, or at least any machine once infected and then "cleaned" can never be trusted again.
Computers have been abstracted to such a high degree by so many people and for so many people that planting something in a spot nobody checks isn't impossible. Furthermore its in the spyware authors best intrest to not be found, and not be noticed. Spam-relays are intrested in routing spam and if the code thinks your after it, maybe it modifies its routine to only run between 2AM and 6AM to avoid being discovered. Who knows. These are the same people who've invented (annoyingly strong) polymorphic programs, the only effect solution is a reformat (and even then, there are known ROM-firmware infections).
The only way to really remove spyware as an issue is to remove the vectors it comes in over. To avoid malicious actions against you via computing you need to modify your behavior. Convienience is often the enemy of security; use long passwords and never use the same one twice, check your (inbound and outbound) port activity from time to time, check the certificates/encryption that people claim to be using (MD5 has been cracked!), dont trust every google result you find, and make sure you're updated!!
Anyone use GMER?
It's very potent if you don't know what you're doing. The same could be said about many of these tools, but GMER is particularly touchy (it was built for an online community such as ours and the person who wrote it was there to train others on it), and as such I'd caution people who are just giving it a try. It is extremely useful in some situations (for those that don't know, it is somewhat like a very powerful HijackThis with scanning features built in) but I have seen people on forums just click away on it and completely screw their system up to the point where they had to be walked through a repair method or just decide to reformat.
Here's another good little utility for our "USB bag of tricks"..
Fix Win
http://www.thewindowsclub.com/repair-fix-windows-7-vista-problems-with-fixwin-utility
Specific to the topic of this thread, this utility has some tools to re-enable/fix some items that some malware whacks on your system, such as regedit, task manager, tcp/winsock, etc.
Looks interesting. Have you had a chance to play with it in the wild?
I haven't. Is it free?
Posted via [H] Mobile Device
There's a 30 day free version, after that..it's scan and report only. It uses several AV vendors engines wrapped up in one package...cloud based along with Eset, GData, AntiVir I think...and I forget the others...I think it was 5x total.
When you run combofix doesn't it say not to download from several sites and combofix.org is one of them