P
PA Bear [MS MVP]
[Scares me!]
Buffalo wrote:
Buffalo wrote:
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Buffalo
Works like a charm.PA said:
No viruses or major adware or malware problems for over 2yrs.
Almost never a BSOD, if fact, I can't remember the last one.
ECS K7S5a rev 3.1 mb, AMD Palomino2100,1GB DDR ram,8500LE Radeon, CD Player
and DVD Burner,Realtec sound card,450W PSU
120BG Maxtor HDD with a 160GB Buffalo External HDD for backup
I'm looking into upgrading to XP for better online game playing. Any
suggestions for a do it yourself setup?
ie: mb,cpu,vid card etc
D
Dustin Cook
(e-mail address removed) wrote in
In most cases, very sound advice. In the case of Malwarebytes, no. It's
actually designed to run best in normal Mode. The reason being, in safe
mode, some registry keys and programs fail to be initialized/run.
Malwarebytes hueristic engine actually looks for some of these things, so
when it's run in safemode, they won't be present and it can't deal with
them.
I thought it was preferable to do these thing (e.g. anti virus scans)
in Safe Mode to prevent stealth virii from going into stealth mode.
The only thing safer than the Safe Mode is to boot up from a WIN PE or
BART PE CD ?
In most cases, very sound advice. In the case of Malwarebytes, no. It's
actually designed to run best in normal Mode. The reason being, in safe
mode, some registry keys and programs fail to be initialized/run.
Malwarebytes hueristic engine actually looks for some of these things, so
when it's run in safemode, they won't be present and it can't deal with
them.
D
Dustin Cook
[snip]David said:The saga continues.After the initial cleanup using Malwarebytes Anti-Malware and
SUPERAntiSpyware,
MBAM found an additional Trojan.Downloader in a system restore
point. Next day, it found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows \iepinit_dlls (Spyware.Agent.H) ->
Quarantined and deleted successfully.
and C:\WINDOWS\system32\nvaux32.dll (Spyware.Agent.H)Next day,
my Computer Associates AntiVirus v8 reported a couple of instances
of: Win32/Pruserinf.Y
on the infected laptop, and now also on a Desktop PC that was shared
via a network share!Win32::Zbot-ASN [Trj]I Installed avast! on the laptop, and during the initial boot up
scan, it found:
Win32::Invo [Cryp]
But now, CA anti-virus on the laptop crashes (conflict with avast!
?)My laptop Firewall (ZoneAlarm free) reports outbound requests in the
middle of the night from strangely named .exe file from the Windows
\temp folder.I've also upgrade the MSIE on the laptop to v7, but use Firefox v3
as the default.Is there something still hiding in the laptop, and generating all
these other trojans?
You can have only one fully installed anti virus application
performing both "On Demand" and "On Access" scanning. You can't have
two.
You can however supplement that one fully installed anti virus
application with additional "On Demand" anti virus scanners. These
can be online scanners or command line scanners than run locally.
You are still infected. There should be NO applications running from
the TEMP folder. So if ZA is indicating there is "...outbound
requests in the
middle of the night from strangely named .exe file from the Windows
.\temp folder..." you still have a problem.
Start by uninstalling Avast and see if that corrects CA anti-virus.
Shouldn't he shut off his System Restore since the virus(s) seem to be
in there and empty out his temp and TIF files?
Not right away. One could lose useful registry data and/or potentially
good files.
D
Dustin Cook
Why? Not too shabby for OSes... Vista on the other hand... ewww
B
Buffalo
Dustin said:David said:From: <[email protected]>
The saga continues.
After the initial cleanup using Malwarebytes Anti-Malware and
SUPERAntiSpyware,
MBAM found an additional Trojan.Downloader in a system restore
point. Next day, it found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows \iepinit_dlls (Spyware.Agent.H) ->
Quarantined and deleted successfully.
and C:\WINDOWS\system32\nvaux32.dll (Spyware.Agent.H)
Next day,
my Computer Associates AntiVirus v8 reported a couple of instances
of: Win32/Pruserinf.Y
on the infected laptop, and now also on a Desktop PC that was
shared via a network share!
I Installed avast! on the laptop, and during the initial boot up
scan, it found:
Win32::Zbot-ASN [Trj]
Win32::Invo [Cryp]
But now, CA anti-virus on the laptop crashes (conflict with avast!
?)
My laptop Firewall (ZoneAlarm free) reports outbound requests in
the middle of the night from strangely named .exe file from the
Windows \temp folder.
I've also upgrade the MSIE on the laptop to v7, but use Firefox v3
as the default.
Is there something still hiding in the laptop, and generating all
these other trojans?
You can have only one fully installed anti virus application
performing both "On Demand" and "On Access" scanning. You can't
have two.
You can however supplement that one fully installed anti virus
application with additional "On Demand" anti virus scanners. These
can be online scanners or command line scanners than run locally.
You are still infected. There should be NO applications running
from the TEMP folder. So if ZA is indicating there is "...outbound
requests in the
middle of the night from strangely named .exe file from the Windows
.\temp folder..." you still have a problem.
Start by uninstalling Avast and see if that corrects CA anti-virus.
[snip]
Shouldn't he shut off his System Restore since the virus(s) seem to
be in there and empty out his temp and TIF files?
Not right away. One could lose useful registry data and/or potentially
good files.
Thanks.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.