VanguardLH <(E-Mail Removed)> wrote in news:jee28d$4qf$(E-Mail Removed):

> Dennis wrote:
>
>> On Sun, 8 Jan 2012 19:13:15 -0500, "David H. Lipman"
>> <DLipman~nospam~@Verizon.Net> wrote:
>>
>>>From: "Dennis" <(E-Mail Removed)>
>>>
>>>> On Sun, 8 Jan 2012 13:57:10 -0500, "David H. Lipman"
>>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>>
>>>>> From: "Dennis" <(E-Mail Removed)>
>>>>>
>>>>>> Can someone point me to a good set of instructions on how to
>>>>>> remove the consrv.dll (detected by MBAM) on my daughter's
>>>>>> Win7/64 system? The MBAM screen is still sitting there waiting
>>>>>> for me to quarantine it, but I don't want to do that until I am
>>>>>> sure that it is the correct procedure.
>>>>>
>>>>> Just let MBAM do its thing which includes quarantining the DLL.
>>>>
>>>> Just out of curiosity, besides quarantining the dll, will MBAM
>>>> perform any other steps icw this malware? For example, will it
>>>> remove any malicious registry entries? And other things like
>>>> that...
>>>>
>>>
>>>Yes. They too would be quarantined.
>>
>> Well, my daughter finally finished what she was doing on her PC and
>> turned it over to me. I let MBAM quarantine the file (only gave me
>> the one message) and then rebooted. The system started up just fine.
>> I then ran an MBAM quick scan and no problems were reported. I just
>> completed an SAS complete scan and only tracking cookies were found.
>> I plan on running an MBAM full scan overnight. I hope that took care
>> of the problem.
>
> If the pest got onto her host, it's likely to happen again. Same
> user, same behavior, same result. Time for another image backup.

Neither of you seem to be concerned with the potential for malware to be
backed up on those images. Neither of you have recommended he teach his
daughter better computer use practices. I would almost be willing to
wajor that if she isn't practicing safer-hex, she'll find the backups
"inconvenient" and not do them. What do you think?




--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

From: "Dustin" <(E-Mail Removed)>

>> Once a system is infected, review my reply to you in a recent post to you.
>>
>
> infected=virus. Trojan<>infected. One a system is trojanized, it's easy
> enough to repair. Depending on the virus, it can also be repaired.
> That's the lack of knowledge you have on this field rearing it's ugly
> head on you again.
>
>

I wouldn't agree there. Once malware is resident and acting upon a host that host is
infected.
In animal hosts they can be infected by; yeasts/molds, parasites, bacteria and viruses.
It is no different than with a computer host.

So I don't think; infected=virus Trojan<>infected is apropos.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:(E-Mail Removed):

> From: "Dustin" <(E-Mail Removed)>
>
>>> Once a system is infected, review my reply to you in a recent post
>>> to you.
>>>
>>
>> infected=virus. Trojan<>infected. One a system is trojanized, it's
>> easy enough to repair. Depending on the virus, it can also be
>> repaired. That's the lack of knowledge you have on this field
>> rearing it's ugly head on you again.
>>
>>
>
> I wouldn't agree there. Once malware is resident and acting upon a
> host that host is infected.
> In animal hosts they can be infected by; yeasts/molds, parasites,
> bacteria and viruses. It is no different than with a computer host.

No. It's a resident trojan. Still, not infected. Unless said trojan is
patching files to continue it's own existance. If not, then it's not
actually "infecting" anything. Creating an exe and a registry key to
load it later isn't infecting a machine.

> So I don't think; infected=virus Trojan<>infected is apropos.

Well, I hail from the virus/trojan terminology. Although I'm retired, I
still prefer to use the correct terminology when discussing them.




--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Dustin <(E-Mail Removed)> wrote in
news:Xns9FD79EE7895D0HHI2948AJD832@no:

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:(E-Mail Removed):
>
>> From: "Dustin" <(E-Mail Removed)>
>>
>>>> Once a system is infected, review my reply to you in a recent post
>>>> to you.
>>>>
>>>
>>> infected=virus. Trojan<>infected. One a system is trojanized, it's
>>> easy enough to repair. Depending on the virus, it can also be
>>> repaired. That's the lack of knowledge you have on this field
>>> rearing it's ugly head on you again.
>>>
>>>
>>
>> I wouldn't agree there. Once malware is resident and acting upon a
>> host that host is infected.
>> In animal hosts they can be infected by; yeasts/molds, parasites,
>> bacteria and viruses. It is no different than with a computer host.
>
> No. It's a resident trojan. Still, not infected. Unless said trojan
> is patching files to continue it's own existance. If not, then it's
> not actually "infecting" anything. Creating an exe and a registry key
> to load it later isn't infecting a machine.
>
>> So I don't think; infected=virus Trojan<>infected is apropos.
>
> Well, I hail from the virus/trojan terminology. Although I'm retired,
> I still prefer to use the correct terminology when discussing them.

I've got to retract this. I spoke with David via IM and I was unclear on
what he meant by host. My bad. Should have read then replied.

if we're discussing a host as a whole, then it's infected via a trojan
which overwhelmes the systems defences and takes hold via a load point or
residency. While it's not infecting files, it does have the system.

Sorry for any confusion I've caused.



--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by,
and the only thing that's wrong is to get caught. - J.C. Watts

On 1/11/2012 1:56 PM, Dustin wrote:
> VanguardLH<(E-Mail Removed)> wrote in news:jee249$4n8$(E-Mail Removed):
>
>> I haven't used ComboFix. Hopefully before doing any cleaning, it
>> shows you what it plans to do.
>
> It doesn't. It does it's thing, and if it made a mistake, and you don't
> read the logs and you reboot, you're dead in the water. Don't recommend it
> to be run by novices. It's automated.
>
>
>
But extreme novices are directed to run it all the time from afar. You
can counter with it is directed to be run by a 'helper' but they give
you a few basic things to do prior and set you onto the download link
and tell you to run it and then post the log if you can.

You should always have at the very least an image of the infected system
before you attempt any cleaning. IMO, if you become infected and you
don't have a clean system image to restore...you have no one to blame
but yourself and you should give easy money to someone who claims to
know how to fix it...though you can never be sure it's fixed/clean
unless you restore a know clean state.

--
Bear
http://bearware.info
Must Do: System image and automatic real-time off-site data backup
Recommended tools: EaseUS Todo Backup and SugarSync

On 1/11/2012 1:58 PM, Dustin wrote:
> Dennis<(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> On Sun, 8 Jan 2012 19:13:15 -0500, "David H. Lipman"
>> <DLipman~nospam~@Verizon.Net> wrote:
>>
>>> From: "Dennis"<(E-Mail Removed)>
>>>
>>>> On Sun, 8 Jan 2012 13:57:10 -0500, "David H. Lipman"
>>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>>
>>>>> From: "Dennis"<(E-Mail Removed)>
>>>>>
>>>>>> Can someone point me to a good set of instructions on how to
>>>>>> remove the consrv.dll (detected by MBAM) on my daughter's Win7/64
>>>>>> system? The MBAM screen is still sitting there waiting for me to
>>>>>> quarantine it, but I don't want to do that until I am sure that
>>>>>> it is the correct procedure.
>>>>>
>>>>> Just let MBAM do its thing which includes quarantining the DLL.
>>>>
>>>> Just out of curiosity, besides quarantining the dll, will MBAM
>>>> perform any other steps icw this malware? For example, will it
>>>> remove any malicious registry entries? And other things like
>>>> that...
>>>>
>>>
>>> Yes. They too would be quarantined.
>>
>> Well, my daughter finally finished what she was doing on her PC and
>> turned it over to me. I let MBAM quarantine the file (only gave me
>> the one message) and then rebooted. The system started up just fine.
>> I then ran an MBAM quick scan and no problems were reported. I just
>> completed an SAS complete scan and only tracking cookies were found.
>> I plan on running an MBAM full scan overnight. I hope that took care
>> of the problem.
>>
>
> Hi Dennis.
>
> I suspect you didn't like my initial post to you. Ignoring me tho, isn't
> always in your best interest. The scans you've performed will eliminate
> the issue you presently have, but it's not fixing the problem. The
> problem is the malware getting on the machine in the first place.
>
> Spend a little time on google looking up "safer hex" and implement those
> practices. While I'm a smartass at times, it's really for your benefit.
>
>
>
There is nothing anyone can do to be absolutely certain they will not
gain infections. Your statement to him is obtuse. Some people have
better understanding than others as to how best to reduce the
opportunity of infections...but even the best laid plans fall to prey.

You then are only left with fixing the problem and hope it doesn't
happen again.

The best thing to advise the OP is to learn how to image his system and
protect his data. That way, if infection does happen...he can recover
easily without bothering with cleaning.

For the OP, thoroughly read:
http://bearware.info/security.html especially the Comprehensive Security
Plan.



--
Bear
http://bearware.info
Must Do: System image and automatic real-time off-site data backup
Recommended tools: EaseUS Todo Backup and SugarSync

On 1/11/2012 1:59 PM, Dustin wrote:
> Bear<bearbottoms1+(E-Mail Removed)> wrote in
> news:4f0a591f$0$291$(E-Mail Removed):
>
>> On 1/8/2012 8:12 PM, Dennis wrote:
>>> On Sun, 8 Jan 2012 19:13:15 -0500, "David H. Lipman"
>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>
>>>> From: "Dennis"<(E-Mail Removed)>
>>>>
>>>>> On Sun, 8 Jan 2012 13:57:10 -0500, "David H. Lipman"
>>>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>>>
>>>>>> From: "Dennis"<(E-Mail Removed)>
>>>>>>
>>>>>>> Can someone point me to a good set of instructions on how to
>>>>>>> remove the consrv.dll (detected by MBAM) on my daughter's
>>>>>>> Win7/64 system? The MBAM screen is still sitting there waiting
>>>>>>> for me to quarantine it, but I don't want to do that until I am
>>>>>>> sure that it is the correct procedure.
>>>>>>
>>>>>> Just let MBAM do its thing which includes quarantining the DLL.
>>>>>
>>>>> Just out of curiosity, besides quarantining the dll, will MBAM
>>>>> perform any other steps icw this malware? For example, will it
>>>>> remove any malicious registry entries? And other things like
>>>>> that...
>>>>>
>>>>
>>>> Yes. They too would be quarantined.
>>>
>>> Well, my daughter finally finished what she was doing on her PC and
>>> turned it over to me. I let MBAM quarantine the file (only gave me
>>> the one message) and then rebooted. The system started up just fine.
>>> I then ran an MBAM quick scan and no problems were reported. I just
>>> completed an SAS complete scan and only tracking cookies were found.
>>> I plan on running an MBAM full scan overnight. I hope that took care
>>> of the problem.
>>>
>> Once a system is infected, review my reply to you in a recent post to
>> you.
>>
>
> infected=virus. Trojan<>infected. One a system is trojanized, it's easy
> enough to repair. Depending on the virus, it can also be repaired.
> That's the lack of knowledge you have on this field rearing it's ugly
> head on you again.
>
>
You like to make that claim even though you are very wrong...it boosts
your own ego. You can't be sure that a variety of infections haven't
happened or that you have found them all or the remants of same. Of
course it is possible to perform a complete file by file thorough
inspection which takes hours...when it could be remedied easily in minutes.

You also like to preach cleaning and telling people how stupid they are
and you are the only one with the knowledge to clean.

What you should be doing is telling them how to protect themselves and
restore quickly and easily to a known clean state. Those that haven't
learned how or done so fall prey to your abuse.

http://bearware.info/security.html

--
Bear
http://bearware.info
Must Do: System image and automatic real-time off-site data backup
Recommended tools: EaseUS Todo Backup and SugarSync

On 1/11/2012 2:27 PM, Dustin wrote:
> "David H. Lipman"<DLipman~nospam~@Verizon.Net> wrote in
> news:(E-Mail Removed):
>
>> From: "Dustin"<(E-Mail Removed)>
>>
>>>> Once a system is infected, review my reply to you in a recent post
>>>> to you.
>>>>
>>>
>>> infected=virus. Trojan<>infected. One a system is trojanized, it's
>>> easy enough to repair. Depending on the virus, it can also be
>>> repaired. That's the lack of knowledge you have on this field
>>> rearing it's ugly head on you again.
>>>
>>>
>>
>> I wouldn't agree there. Once malware is resident and acting upon a
>> host that host is infected.
>> In animal hosts they can be infected by; yeasts/molds, parasites,
>> bacteria and viruses. It is no different than with a computer host.
>
> No. It's a resident trojan. Still, not infected. Unless said trojan is
> patching files to continue it's own existance. If not, then it's not
> actually "infecting" anything. Creating an exe and a registry key to
> load it later isn't infecting a machine.
>
>> So I don't think; infected=virus Trojan<>infected is apropos.
>
> Well, I hail from the virus/trojan terminology. Although I'm retired, I
> still prefer to use the correct terminology when discussing them.
>

....and telling people how stupid they are without the slightest
knowledge of their actual expertise nor does it matter with the
simplicity of the right knowledge of easy means to protect yourself.

Common discussion always includes "My machine is infected with...." and
whether terminology is correct or not, that is how it is generally
discussed. Get over yourself.

--
Bear
http://bearware.info
Must Do: System image and automatic real-time off-site data backup
Recommended tools: EaseUS Todo Backup and SugarSync

On 1/11/2012 2:00 PM, Dustin wrote:
> VanguardLH<(E-Mail Removed)> wrote in news:jee28d$4qf$(E-Mail Removed):
>
>> Dennis wrote:
>>
>>> On Sun, 8 Jan 2012 19:13:15 -0500, "David H. Lipman"
>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>
>>>> From: "Dennis"<(E-Mail Removed)>
>>>>
>>>>> On Sun, 8 Jan 2012 13:57:10 -0500, "David H. Lipman"
>>>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>>>
>>>>>> From: "Dennis"<(E-Mail Removed)>
>>>>>>
>>>>>>> Can someone point me to a good set of instructions on how to
>>>>>>> remove the consrv.dll (detected by MBAM) on my daughter's
>>>>>>> Win7/64 system? The MBAM screen is still sitting there waiting
>>>>>>> for me to quarantine it, but I don't want to do that until I am
>>>>>>> sure that it is the correct procedure.
>>>>>>
>>>>>> Just let MBAM do its thing which includes quarantining the DLL.
>>>>>
>>>>> Just out of curiosity, besides quarantining the dll, will MBAM
>>>>> perform any other steps icw this malware? For example, will it
>>>>> remove any malicious registry entries? And other things like
>>>>> that...
>>>>>
>>>>
>>>> Yes. They too would be quarantined.
>>>
>>> Well, my daughter finally finished what she was doing on her PC and
>>> turned it over to me. I let MBAM quarantine the file (only gave me
>>> the one message) and then rebooted. The system started up just fine.
>>> I then ran an MBAM quick scan and no problems were reported. I just
>>> completed an SAS complete scan and only tracking cookies were found.
>>> I plan on running an MBAM full scan overnight. I hope that took care
>>> of the problem.
>>
>> If the pest got onto her host, it's likely to happen again. Same
>> user, same behavior, same result. Time for another image backup.
>
> Neither of you seem to be concerned with the potential for malware to be
> backed up on those images. Neither of you have recommended he teach his
> daughter better computer use practices. I would almost be willing to
> wajor that if she isn't practicing safer-hex, she'll find the backups
> "inconvenient" and not do them. What do you think?
>
>
>
>
For one so concerned with correct terminology, you certainly aren't
concerned with spelling. She will either learn or continue to have
problems...certainly no reason not to try and teach her better ways of
all sorts.

--
Bear
http://bearware.info
Must Do: System image and automatic real-time off-site data backup
Recommended tools: EaseUS Todo Backup and SugarSync

David H. Lipman wrote:
> From: "Dustin"<(E-Mail Removed)>
>
>>> Once a system is infected, review my reply to you in a recent post to you.
>>>
>>
>> infected=virus. Trojan<>infected. One a system is trojanized, it's easy
>> enough to repair. Depending on the virus, it can also be repaired.
>> That's the lack of knowledge you have on this field rearing it's ugly
>> head on you again.
>>
>>
>
> I wouldn't agree there. Once malware is resident and acting upon a host that host is
> infected.
> In animal hosts they can be infected by; yeasts/molds, parasites, bacteria and viruses.
> It is no different than with a computer host.
>
> So I don't think; infected=virus Trojan<>infected is apropos.
>
Yeah, I often see "infected" used even with non-replicating malware. The
term 'infected' is used wherever malicious code attaches to other
(preexisting) code even if such code doesn't itself replicate.

I'm okay with that, but if there are no programs being modified
(trojanized) then I agree with Snapper's suggestion of "infests" rather
than "infects".

As for Bear, I agree with imaging being one of the best ways to restore
your system after an infection introduces 'unknowns' to your system. A
downloader for instance that may have downloaded and executed a variety
of malware 'unknown to detectors'. OTOH, if you know what you've got, it
may be overkill to resort to restoration when a removal tool will get
the job done.