G
Guest
opperating XP . it's hiding in Temp Internet File where all attempts to
locate, remove, etc has failed. any sugestions?
locate, remove, etc has failed. any sugestions?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
David H. Lipman
From: "tsavo53" <[email protected]>
| opperating XP . it's hiding in Temp Internet File where all attempts to
| locate, remove, etc has failed. any sugestions?
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
What virus ?
What anti virus software has identified this as a virus ?
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
| opperating XP . it's hiding in Temp Internet File where all attempts to
| locate, remove, etc has failed. any sugestions?
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
What virus ?
What anti virus software has identified this as a virus ?
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
C
Carey Frisch [MVP]
Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html
--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/
---------------------------------------------------------------------------Â----------------
:
| opperating XP . it's hiding in Temp Internet File where all attempts to
| locate, remove, etc has failed. any sugestions?
http://www.michaelstevenstech.com/cleanxpinstall.html
--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/
---------------------------------------------------------------------------Â----------------
:
| opperating XP . it's hiding in Temp Internet File where all attempts to
| locate, remove, etc has failed. any sugestions?
D
David H. Lipman
From: "Carey Frisch [MVP]" <[email protected]>
| Clean Install Windows XP
| http://www.michaelstevenstech.com/cleanxpinstall.html
|
Q: My car has a broken spark plug wire. How do I fix it ?
A: Replace the engine.
| Clean Install Windows XP
| http://www.michaelstevenstech.com/cleanxpinstall.html
|
Q: My car has a broken spark plug wire. How do I fix it ?
A: Replace the engine.
R
RonK
LOL
G
Guest
A virus infected computer is a security compromised
computer. The only assurance one has to "uncompromise"
a virus infected computer is to wipe the drive and reinstall
the operating system. Many viruses change regisrty permissions
and can even reappear as they can hide in a "stealth mode"
which makes them next to impossible to remove.
Remember, cleaning viruses from a computer gives no
assurance that the damage inflicted by the virus was undone.
computer. The only assurance one has to "uncompromise"
a virus infected computer is to wipe the drive and reinstall
the operating system. Many viruses change regisrty permissions
and can even reappear as they can hide in a "stealth mode"
which makes them next to impossible to remove.
Remember, cleaning viruses from a computer gives no
assurance that the damage inflicted by the virus was undone.
D
David H. Lipman
From: "Carey Frisch [MVP]" <[email protected]>
| A virus infected computer is a security compromised
| computer. The only assurance one has to "uncompromise"
| a virus infected computer is to wipe the drive and reinstall
| the operating system. Many viruses change regisrty permissions
| and can even reappear as they can hide in a "stealth mode"
| which makes them next to impossible to remove.
|
| Remember, cleaning viruses from a computer gives no
| assurance that the damage inflicted by the virus was undone.
|
What virus ?
I didn't see a virus identified in that post. In fact that post was lacking facts.
Many newbies call any form of malware a virus. Therefore without further information it is
a hasty recomendation.
Additionally, the OP has indicated the un-named infector was found in the TIF. This is a
sure sign of a low-level threat. Its not like a legitimate DLL or EXE was replaced by
malware.
| A virus infected computer is a security compromised
| computer. The only assurance one has to "uncompromise"
| a virus infected computer is to wipe the drive and reinstall
| the operating system. Many viruses change regisrty permissions
| and can even reappear as they can hide in a "stealth mode"
| which makes them next to impossible to remove.
|
| Remember, cleaning viruses from a computer gives no
| assurance that the damage inflicted by the virus was undone.
|
What virus ?
I didn't see a virus identified in that post. In fact that post was lacking facts.
Many newbies call any form of malware a virus. Therefore without further information it is
a hasty recomendation.
Additionally, the OP has indicated the un-named infector was found in the TIF. This is a
sure sign of a low-level threat. Its not like a legitimate DLL or EXE was replaced by
malware.
D
David Candy
Senior MS programmers agree with Carey. The issue is assurance.
"The reality is that once I got infected I had no choice but to reformat my machine, I was just holding off on the inevitable. Why would I have to reformat the machine? Well, because there’s no way of knowing what the payload of the infection is. It could have been an innocuous payload that popped up a “Hey, you got infected!” popup every 10 minutes – Annoying but harmless. It could have been a rootkit that would use my machine as a doorway for hackers to gain access to the Microsoft corporate network. And once you’re rooted, there is NO way of knowing that you’re rooted – A good root kit covers its tracks so that it is essentially undetectable."
http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx
"The reality is that once I got infected I had no choice but to reformat my machine, I was just holding off on the inevitable. Why would I have to reformat the machine? Well, because there’s no way of knowing what the payload of the infection is. It could have been an innocuous payload that popped up a “Hey, you got infected!” popup every 10 minutes – Annoying but harmless. It could have been a rootkit that would use my machine as a doorway for hackers to gain access to the Microsoft corporate network. And once you’re rooted, there is NO way of knowing that you’re rooted – A good root kit covers its tracks so that it is essentially undetectable."
http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx
D
David H. Lipman
From: "David Candy" <.>
| Senior MS programmers agree with Carey. The issue is assurance.
|
| "The reality is that once I got infected I had no choice but to reformat my machine, I was
| just holding off on the inevitable. Why would I have to reformat the machine? Well,
| because there’s no way of knowing what the payload of the infection is. It could have
| been an innocuous payload that popped up a “Hey, you got infected!” popup every 10 minutes
| – Annoying but harmless. It could have been a rootkit that would use my machine as a
| doorway for hackers to gain access to the Microsoft corporate network. And once you’re
| rooted, there is NO way of knowing that you’re rooted – A good root kit covers its tracks
| so that it is essentially undetectable."
| http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx --
| ------------------------------------------------------------------------------------------
* The post was sparse in facts. *
Again, I state the reply is too hasty, too early. Without specific facts it is a knee jerk
dracoanian response that is the last resort, not the first response.
For all we know this could just be a simple Trojan Proxy.
You might want to talk in general terms. I'm not. I am advising based upon THIS post and
w/o further information a rebuild the OS is just plain contraindicated.
| Senior MS programmers agree with Carey. The issue is assurance.
|
| "The reality is that once I got infected I had no choice but to reformat my machine, I was
| just holding off on the inevitable. Why would I have to reformat the machine? Well,
| because there’s no way of knowing what the payload of the infection is. It could have
| been an innocuous payload that popped up a “Hey, you got infected!” popup every 10 minutes
| – Annoying but harmless. It could have been a rootkit that would use my machine as a
| doorway for hackers to gain access to the Microsoft corporate network. And once you’re
| rooted, there is NO way of knowing that you’re rooted – A good root kit covers its tracks
| so that it is essentially undetectable."
| http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx --
| ------------------------------------------------------------------------------------------
* The post was sparse in facts. *
Again, I state the reply is too hasty, too early. Without specific facts it is a knee jerk
dracoanian response that is the last resort, not the first response.
For all we know this could just be a simple Trojan Proxy.
You might want to talk in general terms. I'm not. I am advising based upon THIS post and
w/o further information a rebuild the OS is just plain contraindicated.
D
David Candy
I just saw your replies as more Carey bashing. Gee, what would you all do without a scapegoat.
L
Larry Samuels
I agree completely with that assessment for corporate use. I do not agree
when it comes to home users who have no backups.
If a machine has been compromised in a business environment I always
recommend flattening it and starting from scratch (after attempting to learn
the source of the breach). I am more inclined to try to clean a machine for
home use,but I always give the customer the option to backup and flatten. I
make sure they understand the potential risk of attempted cleaning.
--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone-
"David Candy" <.> wrote in message
Senior MS programmers agree with Carey. The issue is assurance.
"The reality is that once I got infected I had no choice but to reformat my
machine, I was just holding off on the inevitable. Why would I have to
reformat the machine? Well, because there’s no way of knowing what the
payload of the infection is. It could have been an innocuous payload that
popped up a “Hey, you got infected!” popup every 10 minutes – Annoying but
harmless. It could have been a rootkit that would use my machine as a
doorway for hackers to gain access to the Microsoft corporate network. And
once you’re rooted, there is NO way of knowing that you’re rooted – A good
root kit covers its tracks so that it is essentially undetectable."
http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx
when it comes to home users who have no backups.
If a machine has been compromised in a business environment I always
recommend flattening it and starting from scratch (after attempting to learn
the source of the breach). I am more inclined to try to clean a machine for
home use,but I always give the customer the option to backup and flatten. I
make sure they understand the potential risk of attempted cleaning.
--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone-
"David Candy" <.> wrote in message
Senior MS programmers agree with Carey. The issue is assurance.
"The reality is that once I got infected I had no choice but to reformat my
machine, I was just holding off on the inevitable. Why would I have to
reformat the machine? Well, because there’s no way of knowing what the
payload of the infection is. It could have been an innocuous payload that
popped up a “Hey, you got infected!” popup every 10 minutes – Annoying but
harmless. It could have been a rootkit that would use my machine as a
doorway for hackers to gain access to the Microsoft corporate network. And
once you’re rooted, there is NO way of knowing that you’re rooted – A good
root kit covers its tracks so that it is essentially undetectable."
http://blogs.msdn.com/larryosterman/archive/2004/06/18/159482.aspx
D
David Candy
When I see home machines, and I refuse to look at them now, they tend to have thousands of infections. Corporate machines I tend to want to identify the source to train or whatever to prevent future infections.
B
Beck
David said:I didn't see a virus identified in that post. In fact that post was
lacking facts.
Many newbies call any form of malware a virus. Therefore without
further information it is a hasty recomendation.
Additionally, the OP has indicated the un-named infector was found in
the TIF. This is a sure sign of a low-level threat. Its not like a
legitimate DLL or EXE was replaced by malware.
I have not had a virus in a long time but about 5 years back I got a few in
about 12 months succession. I personally would always reformat if I got a
virus where a delete was not possible. Trying to find the source of a virus
and cleaning it up can be more time consuming and less effective than wiping
the slate clean. I don't ever have stuff on my computer that I need to
backup so its a painless option for me.
D
David H. Lipman
From: "David Candy" <.>
| I just saw your replies as more Carey bashing. Gee, what would you all do without a
| scapegoat.
|
No. It was NOT Carey bashing. I can not and will not bash Carey. Too much GOOD advice.
| I just saw your replies as more Carey bashing. Gee, what would you all do without a
| scapegoat.
|
No. It was NOT Carey bashing. I can not and will not bash Carey. Too much GOOD advice.
S
steam3801
opperating XP . it's hiding in Temp Internet File where all attempts to
locate, remove, etc has failed. any sugestions?
To answer your question
1) clean out your cache - open IE -> Tools -> Internet Options ->
Temporary Internet Files section -> Delete Files ... (tick Offline
content, also)
2) Diskcleanup - open My Computer -> right click C drive -> Properties
-> Disk Cleanup -> tick everything, OK
3) Update your virus software (manually - don't rely on auto
updates!!) and do a full scan
3) download ccleaner from www.ccleaner.com (free) and run it - you'll
lose all your www history, saved passwords, etc (i.e. just have to
type them in again next time you need to) but worth it.
4) then run the online virus scanner from trendmicro
http://www.trendmicro.com.au/consumer/housecall/housecall_launch.php -
won't clean but will tell you if still infected.
Then, and only then, you just might have to consider a HDD wipe and a
clean install of XP
M
MAP
David said:Q: My car has a broken spark plug wire. How do I fix it ?
A: Replace the engine.
ROFL
P
Plato
=?Utf-8?B?dHNhdm81Mw==?= said:opperating XP . it's hiding in Temp Internet File where all attempts to
locate, remove, etc has failed. any sugestions?
Delete all files in temp/tmp.