Virus Disabled System Restore & Windows Security

[FromTheRafters]

| He's edited the registry and moved on...


Surely that's the *only* way to 'fix' things if malware has caused a
registry alteration?

If the program was out of date and perhaps misidentifying a malware
instance, what other settings might it have missed correcting? It would
be better to confirm or deny the use of the most recent version of the
removal program. What if version 'b' edits the registry *and* drops
another malware item and version 'a' gets identified and removed? Sure,
he can manually edit the registry entry he finds amiss back to what it
should be, but it would be better to execute an updated version of MBAM
or another removal tool such as SAS.

 

[Doug R]

As I mentioned, I am not computer literate so I probably didn't do
things correctly.
I was infected about 3-4 months ago with an unknown virus that screwed
things up good. After running numerous anti virus programs I finally
got my PC back to normal. I didn't save or log anything (I will in the
future) as my PC was running fine. I do update the anti virus files on
a regular basis so yes, they are current.
When I posted to this group (as well as others) earlier this week I
had just noticed that I couldn't access Restore or Security Center. I
was searching the newsgroups and internet looking for a fix when I
found an article telling me what to look for in the registry. I
followed those instructions and deleted the line that was making
Restore inaccessable. Next time I will do more homework before I try
anything and I will cross post, not multi post which really seemed to
annoy some people. After reading through some suggestions from this
group I uploaded some questionable files to 2 sites that were
recommended here. They both came back with 10-25% hits for being
infected. For the heck of it I archived a 13 MB file with a bunch of
stuff that I knew was clean and uploaded to those same 2 sites. This
absolutely clean file came back witth 20-30% hits for being infected.
The one thing I've learned from this (besides NO cross posting) is
that there is evidently no way to determine what is clean and what is
not! And, I do appreciate your attempts to help me.

http://www.virustotal.com/analisis/...b2f1ca65d80e6da46c7865eaf05778047e-1274990659

http://virusscan.jotti.org/en/scanresult/115cc0f6502183072d1a9ea2737b7e3313b2bb67

 

[Doug R]

As a footnote, I've now got 5 or 6 programs on my PC that I'm afraid
to install. They mostly come back as clean but some databases show
them as infected. I'd give 10-1 odds that they are clean but it's just
not worth the risk.
I've downloaded sandbox but being the PC boob that I am, I'm afraid
that I won't use it right and I will have to start this whole process
over again.

 

[David H. Lipman]

From: "Doug R" <[email protected]>


| As I mentioned, I am not computer literate so I probably didn't do
| things correctly.
| I was infected about 3-4 months ago with an unknown virus that screwed
| things up good. After running numerous anti virus programs I finally
| got my PC back to normal. I didn't save or log anything (I will in the
| future) as my PC was running fine. I do update the anti virus files on
| a regular basis so yes, they are current.
| When I posted to this group (as well as others) earlier this week I
| had just noticed that I couldn't access Restore or Security Center. I
| was searching the newsgroups and internet looking for a fix when I
| found an article telling me what to look for in the registry. I
| followed those instructions and deleted the line that was making
| Restore inaccessable. Next time I will do more homework before I try
| anything and I will cross post, not multi post which really seemed to
| annoy some people. After reading through some suggestions from this
| group I uploaded some questionable files to 2 sites that were
| recommended here. They both came back with 10-25% hits for being
| infected. For the heck of it I archived a 13 MB file with a bunch of
| stuff that I knew was clean and uploaded to those same 2 sites. This
| absolutely clean file came back witth 20-30% hits for being infected.
| The one thing I've learned from this (besides NO cross posting) is
| that there is evidently no way to determine what is clean and what is
| not! And, I do appreciate your attempts to help me.

| http://www.virustotal.com/analisis/
| 9e252a1178ab190f8df6b628671920b2f1ca65d80e6da46c7865eaf05778047e-1274990659

| http://virusscan.jotti.org/en/scanresult/115cc0f6502183072d1a9ea2737b7e3313b2bb67

CORRECTION:

You stated...
"The one thing I've learned from this (besides NO cross posting) is..."

Cross-Posting is good, Multi-Posting is bad.

That is Cross-Posting is good if you limit the number of groups the message goes to and
the subject matter is On Topic for the groups being Cross-Posted to.

 

[Doug R]

Duly noted: Cross Post.....GOOD
Multi Post.......BAD

 

[David H. Lipman]

From: "Doug R" <[email protected]>

| Duly noted: Cross Post.....GOOD
| Multi Post.......BAD

 

[~BD~]

| | >
| > | >
| > | He's edited the registry and moved on...
| >
| >
| > Surely that's the *only* way to 'fix' things if malware has caused a
| > registry alteration?
|
| If the program was out of date and perhaps misidentifying a malware
| instance, what other settings might it have missed correcting? It
would
| be better to confirm or deny the use of the most recent version of the
| removal program. What if version 'b' edits the registry *and* drops
| another malware item and version 'a' gets identified and removed?
Sure,
| he can manually edit the registry entry he finds amiss back to what it
| should be, but it would be better to execute an updated version of
MBAM
| or another removal tool such as SAS.


What if MBAM itself was dropping a malware item after cleaning a
machine?

Who would ever know?

SAS might do likewise!

Just a thought!

 

[David H. Lipman]

From: "~BD~" <[email protected]>


| || || >
|| > || >
|| > | He's edited the registry and moved on...
|| >
|| >
|| > Surely that's the *only* way to 'fix' things if malware has caused a
|| > registry alteration?

|| If the program was out of date and perhaps misidentifying a malware
|| instance, what other settings might it have missed correcting? It
| would
|| be better to confirm or deny the use of the most recent version of the
|| removal program. What if version 'b' edits the registry *and* drops
|| another malware item and version 'a' gets identified and removed?
| Sure,
|| he can manually edit the registry entry he finds amiss back to what it
|| should be, but it would be better to execute an updated version of
| MBAM
|| or another removal tool such as SAS.


| What if MBAM itself was dropping a malware item after cleaning a
| machine?

| Who would ever know?

| SAS might do likewise!

| Just a thought!

That "thought" is called FUD. Your process is called trolling.

You are deliberately introducing Fear Uncertainty and Doubt when there is none.

You say "Who would ever know?"
There is a large body within the anti malware community that does checks and balances and
they "know".

MBAM and SAS do *NOT* drop malware!

EoD

 

[Anonymous]

As I mentioned, I am not computer literate so I probably
didn't do things correctly. I was infected about 3-4
months ago with an unknown virus that screwed things up
good. After running numerous anti virus programs I finally
got my PC back to normal. I didn't save or log anything (I
will in the future) as my PC was running fine. I do update
the anti virus files on a regular basis so yes, they are
current. When I posted to this group (as well as others)
earlier this week I had just noticed that I couldn't
access Restore or Security Center. I was searching the
newsgroups and internet looking for a fix when I found an
article telling me what to look for in the registry. I
followed those instructions and deleted the line that was
making Restore inaccessable. Next time I will do more
homework before I try anything and I will cross post, not
multi post which really seemed to annoy some people. After
reading through some suggestions from this group I
uploaded some questionable files to 2 sites that were
recommended here. They both came back with 10-25% hits for
being infected. For the heck of it I archived a 13 MB file
with a bunch of stuff that I knew was clean and uploaded
to those same 2 sites. This absolutely clean file came
back witth 20-30% hits for being infected. The one thing
I've learned from this (besides NO cross posting) is that
there is evidently no way to determine what is clean and
what is not! And, I do appreciate your attempts to help
me.

http://www.virustotal.com/analisis/...b2f1ca65d80e6da46c7865eaf05778047e-1274990659

http://virusscan.jotti.org/en/scanresult/115cc0f6502183072d1a9ea2737b7e3313b2bb67

You can thank virus writing/passing swine like Raid/Dustin
Cook for all your troubles.

 

[FromTheRafters]

[...]

What if MBAM itself was dropping a malware item after cleaning a
machine?

Who would ever know?

*Someone* would soon discover it - we covered this possibility already
in a previous discussion.

[...]

 

[~BD~]

| |
| [...]
|
| > What if MBAM itself was dropping a malware item after cleaning a
| > machine?
| >
| > Who would ever know?
|
| *Someone* would soon discover it - we covered this possibility already
| in a previous discussion.
|
| [...]

Perhaps you are right ........... perhaps not! ;-)

I'd really like to know just *who* in the anti-malware community has
actually carried out such a check and where a 'clean bill of health' has
been posted for inspection. Has such an independent check been carried
out?

Maybe Malwarebytes itself should commission an independent check by a
reputable organisation (how about Sophos?) and have the results posted
on the 'net to which anyone might refer if concerned about the
organisation's integrity.

 

[Dustin Cook]

| |
| [...]
|
| > What if MBAM itself was dropping a malware item after cleaning a
| > machine?
| >
| > Who would ever know?
|
| *Someone* would soon discover it - we covered this possibility already
| in a previous discussion.
|
| [...]

Perhaps you are right ........... perhaps not! ;-)

I'd really like to know just *who* in the anti-malware community has
actually carried out such a check and where a 'clean bill of health'

BD, you seem to be the only person voicing that he may not trust the
program. In that event, perhaps you yourself should pay to have an
independent lab do the work you so desperatly want done. On your dime, as
I see no reason for malwarebytes to spend unneccessary funds to prove
what everyone else already knows; it's a safe and reliable program.