SP3 and CCleaner

[Kayman]

It's impossible to know if an installation is 100% clean unless one
uses some heavy duty forensics / auditing apps on it. And even then. A
PC is as clean as it's latest AV defs and anti-mal defs are capable of
detection and removal. I have had instances where a month down the
line some vestige of an earlier baddie was detected and removed and
it's not unusual. It's never been anythign harmful but it has
happened. AV and Anti-Malware software writers will always be a few
steps behind the latest and greatest threats out there. 10 years ago I
would have said they were nearly in step, today, no way. Threats come
out at a rate that alarms even me an exploits for vulnerabilities even
faster. It's cat and mouse.


That's a very old article and I was aware of it before you passed it
along. The information is applicable for someone who doesn't have
access to a knowledgeable tech and doesn't care about their data. The
author's facts, while correct for the situation, are a lot of FUD. A
skilled tech will know if there are any remaining threats by running
other tools besids AV / Anti-mal.


Authors of malware or virii or bots want to make sure their apps
typically disable anything that would normally disallow it to get out
on the Internet (Firewall, AV, Antispy, etc.) or to be removed by AV
and they add code to their apps to target and disable known exe's for
running. Thankfully this very behavior is what allows detection. The
authors design their badware to reveal itself to AV and Anti-mal apps
because they want it running and doing its deed, not disable and
hidden. This is the Achilles heel. What their apps don't target are
the slew of forensic tools, both GUI and command line, that can assist
in detection and removal. A good tech who knows their tools will know
what looks out of place and can spot behavior that isn't normal or
indicative of compromise.


While my time is valuable, I have to evaluate the situation and see if
it's worth both my and the customer's time and if they have backups of
their data. Home users and backups are like oil and water. I have yet
to encounter a home user who actually does regular backups of
important data. In this particular situation, I knew CCleaner just had
to run its course and do its thing to get rid of all the junk entries
IEFilter threw in there. Even if it took running 48 hours straight. I
was fortunate that the customer didn't need their machine back for a
few days and did appraise them of how long it was going to take.
Cheers.

Thanks for detailed response, TCW.
I (and I talk about me) remain unconvinced that and horribly invested PC
can be 'cleaned' effectively and AFAIC reformatting the HDD and
reinstalling the OS would in this case my preferred course of action.
Best wishes...

 

[Thee Chicago Wolf]

I thought I'd changed that paragraph. Oh, well. (I had to switch to a test

setup to check it out for sure.)

Thing is, when you scan the Registry using CCleaner, and you Select All and
right-click (the only way you can do anything, pretty much) it just lets you
make a text list of the entries flagged. Absolutely useless for easy
restoring. Thus my initial claim.

Then looked real deep and found something about a prompt to backup before
deleting in Settings, so I thought, "Maybe they do have an Undo function",
tested what happens when I deleted the stuff that was found, and it prompted
me to create REG file. But there is NO undo function in the app itself. You
can only, simply (if you know WTF a REG file is in the first place.) And
that's an all or nothing proposition. Certainly not an expert way to write
an expert's utility. Add to that the fact that, again, we are talking about
*average* unknowledgeable users being hyped that the thing is all you need
to make your system run like new.

That's why it's called a *cleaner* not a backup / restore or undo
utility. Re-importing a reg file is, in effect, an undo. It doesn't
take a brain surgeon. That's why there are restore points via system
restore, no? Come on, your conclusions and argument are disingenuous
at best.

In short, it is ONLY suitable for experts and any real expert would laugh
(or spit) in your face for calling yourself an expert AND using CCleaner.

Sarcasm noted. Thanks for your input.

- Thee Chicago Wolf