Re: consrv.dll

eric x wrote:
On Jan 19, 11:14 pm, FromTheRafters<erra...@xxxxxxxxxxxxxxxxx> wrote:
eric x wrote:


Please do not be too particular on trojan jargon workable solution
is what an infected and helpless pc user wish for , anything that
help although phrasing may be different but all are done with the
same objective , we are all trying our best to help them.

While this is true, it is also true that getting users to use correct
terminology also helps. "Help me, my computer is sick" will get
different answers than "Help me my computer has a virus".

Please do not insist that experts 'dumb down' their responses in the
face of such illogical resistance to the use of correct terminology.

Have you ever searched a machine to see what is being started from the
registry or any of the many other autostart methods? Many times this is
done so that one can disable the startup of the malware so that
investigation can proceed without interference from the malware still
running. This could be a monumental waste of time if you are dealing
with a virus, as a virus will start when its host program is run and
doesn't need the other autostart methods that you can search for in that

Sure, the 'victim' doesn't care - but they *should*. If it weren't for
antivirus scanners being able to find known viruses within infected
files, the standard answer to victims of viral attack would be to
flatten and rebuild and *do not* reload your image or any backed up
*programs* you may have. This is not so for most other malware types
because they don't infect preexisting programs with copies of themselves
and insinuate themselves into your backups.



I agree , I think the most important is to help the victim and educate
them about the offline registry editing method to resolve the
malwares or trojan depending to what extend the window registry is
being corrupted.

I disagree. It is best to educate the great unwashed in defensive/preventative techniques where malware is concerned. They should already have been educated in backup/recovery schemes to cover them in case of disaster. The two schemes should be separate.Removal of malware after the fact of infestation can be well beyond their *ability* to comprehend and is best left to professionals.

....but yes, the ability to access the dormant registry on a drive in a surrogate computer is definitely a plus.