worm-detection/removal ???

Hi!

I would like to know how I can get rid of any worm that has infected a
WINDOWS XP-system.
I know about the worm removal tools, but there is just 1 tool for every worm
and you have to run ALL of them to find which worm has infected your system.
this takes A LOT of time with a nearly full 80GB hard-disc ...

My only solution so far was to to do a clean new install of WINDOWS-XP
with the appropriate MS-RPC-patch, but this is pretty time-consuming too...

What about NAV 2003/2004, can I use it for the worm-detection/cleaning ?

Any help with this would be greatly appreciated,
thanx in advance!

best regards,
Hans Pesata

------------------------------------------------------

My eMail-address has been changed due to spam.
eMail-replies can be sent to hpesata@chello.at

Have a look here ! http://www.bitdefender.com/html/free_tools.php

Stephen

"Hans Pesata" <dummy.user@dummy.com> wrote in message
news:ONNMb.103077$Tz1.86871@news.chello.at...
> Hi!
>
> I would like to know how I can get rid of any worm that has infected a
> WINDOWS XP-system.
> I know about the worm removal tools, but there is just 1 tool for every
worm
> and you have to run ALL of them to find which worm has infected your
system.
> this takes A LOT of time with a nearly full 80GB hard-disc ...
>
> My only solution so far was to to do a clean new install of WINDOWS-XP
> with the appropriate MS-RPC-patch, but this is pretty time-consuming
too...
>
> What about NAV 2003/2004, can I use it for the worm-detection/cleaning ?
>
> Any help with this would be greatly appreciated,
> thanx in advance!
>
> best regards,
> Hans Pesata
>
> ------------------------------------------------------
>
> My eMail-address has been changed due to spam.
> eMail-replies can be sent to hpesata@chello.at
>
>
>
>
>
>

On Tue, 13 Jan 2004 08:14:38 GMT, "Hans Pesata" <dummy.user@dummy.com>
wrote:

>Hi!
>
>I would like to know how I can get rid of any worm that has infected a
>WINDOWS XP-system.
>I know about the worm removal tools, but there is just 1 tool for every worm
>and you have to run ALL of them to find which worm has infected your system.
>this takes A LOT of time with a nearly full 80GB hard-disc ...
>
>My only solution so far was to to do a clean new install of WINDOWS-XP
>with the appropriate MS-RPC-patch, but this is pretty time-consuming too...

Aside from general worm removal aides, you might take a look at
Trend's Sysclean which handles a large number (hundreds) of current
malwares. See my web site for a download.

More generally, there are utilities (see a couple of links at my web
site) which show practically the entire startup axis ... the registry
run keys, running processses, ini files, etc. But the use of them
requires knowledge of what a normal system looks like in this regard.
In the case of HijackThis there is a web site forum available with
fairly expert help from what I hear.

It's best to do this work in Safe Mode, BTW.


Art
http://www.epix.net/~artnpeg

In Message-ID:<ge6800psnpn39ao285bt9cjljfgtja5bgh@4ax.com> posted on
Tue, 13 Jan 2004 16:25:41 GMT, null@zilch.com wrote:

>It's best to do this work in Safe Mode, BTW.

(facetious mode)

Is web surfing in "Safe Mode" the same as "Safe Hex"? ;-)

(/facetious mode)


--

Bart

"Hans Pesata" <dummy.user@dummy.com> wrote in
news:ONNMb.103077$Tz1.86871@news.chello.at:

> Hi!
>
> I would like to know how I can get rid of any worm that has infected a
> WINDOWS XP-system.
> I know about the worm removal tools, but there is just 1 tool for every
> worm and you have to run ALL of them to find which worm has infected
> your system. this takes A LOT of time with a nearly full 80GB hard-disc
> ...
>
> My only solution so far was to to do a clean new install of WINDOWS-XP
> with the appropriate MS-RPC-patch, but this is pretty time-consuming
> too...
>
> What about NAV 2003/2004, can I use it for the worm-detection/cleaning
> ?
>
> Any help with this would be greatly appreciated,
> thanx in advance!
>
> best regards,
> Hans Pesata
>
> ------------------------------------------------------
>
> My eMail-address has been changed due to spam.
> eMail-replies can be sent to hpesata@chello.at
>
>
>
>
>
>

Well, it seems that you are trying to do things backward.

First, develop habits that make infections less likely.

Second, install software that blocks malware from getting installed in the
first place. NAV will work, but you probably can find something else that
is less expensive and has less overhead.

Third, regularly scan with good detection software (with recent definition
updates).

THEN check into removal tools for anything that's found, or if you have
symptoms of something specific. I certainly wouldn't use a removal tool
for (as an example) Swen unless I were pretty sure that I had been
infected with it.

Hi!

> Well, it seems that you are trying to do things backward.
> First, develop habits that make infections less likely.

my job is to help people with their computer-problems and a lot of
problems are related to viruses/worms. I try to teach people how to protect
their PCs, but first I have to fix them.

> Second, install software that blocks malware from getting installed in the
> first place. NAV will work, but you probably can find something else that
> is less expensive and has less overhead.

I have seen a lot of PCs with NAV runing and worms disturbing everything in
the system.
it seems that the only way to fight this is the MS-RPC-patch and a firewall.

> Third, regularly scan with good detection software (with recent definition
updates).
> THEN check into removal tools for anything that's found, or if you have
> symptoms of something specific. I certainly wouldn't use a removal tool
> for (as an example) Swen unless I were pretty sure that I had been
> infected with it.

I need a way to repair infected systems with minimal time-effort.
I cant know which worm has infected a system, to use a specific tool to fix
it.
I just see that something is pretty wrong. therefore I need good tools to
help me with this.

best regards,
Hans

Hi!

> Have a look here ! http://www.bitdefender.com/html/free_tools.php

thanx for the hint, but these are single tools similar to the ones Symantec
provides.
I need one that is able to kill them all.

best regards,
Hans

"Hans Pesata" <dummy.user@dummy.com> wrote in message
news:L%bNb.122956$Tz1.39502@news.chello.at...
> Hi!
>
> > Have a look here ! http://www.bitdefender.com/html/free_tools.php
>
> thanx for the hint, but these are single tools similar to the ones
Symantec
> provides.
> I need one that is able to kill them all.
>
> best regards,
> Hans

Trend Micro's Sysclean: http://www.epix.net/%7Eartnpeg/SYS-UP.ZIP (via Art's
updater) and McAfee's Avert Stinger: http://vil.nai.com/vil/stinger/ sound
more like what you're after.

Shane

Hans Pesata wrote:
> Hi!
>
>
>>Have a look here ! http://www.bitdefender.com/html/free_tools.php
>
>
> thanx for the hint, but these are single tools similar to the ones Symantec
> provides.
> I need one that is able to kill them all.

well then, for your purposes i suggest you think the following way...

worms = viruses

and use an anti-virus product...

--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"

Hans Pesata wrote:
[snip]
> I need a way to repair infected systems with minimal time-effort.
> I cant know which worm has infected a system,

*STOP*

think to yourself, you want to repair the damage done by a worm but you
can't be bothered to figure out which worm it was - thereby completely
skipping the step about finding out exactly what damage was done...

does that sound reasonable to you? if it does, then you're in the wrong
line of work...

> to use a specific tool to fix
> it.
> I just see that something is pretty wrong. therefore I need good tools to
> help me with this.

use an anti-virus product to figure out what it was, then use a
dedicated removal tool if one exists or the anti-virus product itself
if no dedicated removal tool exists... dedicated removal tools are
preferable over the av itself as the av will often times simply
neutralize the worm/virus/whatever...

--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"