Re: consrv.dll



eric x wrote:
On Jan 19, 11:14 pm, FromTheRafters<erra...@xxxxxxxxxxxxxxxxx> wrote:
eric x wrote:

[...]

Please do not be too particular on trojan jargon workable solution
is what an infected and helpless pc user wish for , anything that
help although phrasing may be different but all are done with the
same objective , we are all trying our best to help them.

While this is true, it is also true that getting users to use correct
terminology also helps. "Help me, my computer is sick" will get
different answers than "Help me my computer has a virus".

Please do not insist that experts 'dumb down' their responses in the
face of such illogical resistance to the use of correct terminology.

Have you ever searched a machine to see what is being started from the
registry or any of the many other autostart methods? Many times this is
done so that one can disable the startup of the malware so that
investigation can proceed without interference from the malware still
running. This could be a monumental waste of time if you are dealing
with a virus, as a virus will start when its host program is run and
doesn't need the other autostart methods that you can search for in that
manner.

Sure, the 'victim' doesn't care - but they *should*. If it weren't for
antivirus scanners being able to find known viruses within infected
files, the standard answer to victims of viral attack would be to
flatten and rebuild and *do not* reload your image or any backed up
*programs* you may have. This is not so for most other malware types
because they don't infect preexisting programs with copies of themselves
and insinuate themselves into your backups.

[...]

Hello,

I agree , I think the most important is to help the victim and educate
them about the offline registry editing method to resolve the
malwares or trojan depending to what extend the window registry is
being corrupted.

I disagree. It is best to educate the great unwashed in defensive/preventative techniques where malware is concerned. They should already have been educated in backup/recovery schemes to cover them in case of disaster. The two schemes should be separate.Removal of malware after the fact of infestation can be well beyond their *ability* to comprehend and is best left to professionals.

....but yes, the ability to access the dormant registry on a drive in a surrogate computer is definitely a plus.

[...]
.



Relevant Pages

  • Re: consrv.dll
    ... investigation can proceed without interference from the malware still ... because they don't infect preexisting programs with copies of ... them about the offline registry editing method to resolve the ... The attendant spends 10 minutes looking under the hood and then goes back to the driver and states "Sir, I think you've blown a seal". ...
    (alt.comp.anti-virus)
  • Re: consrv.dll
    ... investigation can proceed without interference from the malware still ... the 'victim' doesn't care - but they *should*. ... because they don't infect preexisting programs with copies of ... them about the offline registry editing method to resolve the ...
    (alt.comp.anti-virus)
  • Re: Malwarebyte Anti-Malware finds many trojans, while others .... why?
    ... malware is known to alter. ... modified policy keys in place, ... Most users don't know what those registry ... MBAM doesn't alert on me for those changes. ...
    (alt.comp.anti-virus)
  • @@ Nasty computer worm devours files today (February 3, 2006) @@
    ... The email doesn't have to be opened to infect a system -- it spreads by itself ... This worm has been given a 'moderate' threat rating by Microsoft. ... Microsoft wants to make customers aware of the Mywife mass mailing malware variant ... Customers using Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server ...
    (soc.culture.iranian)
  • Re: malicious software removal tool
    ... have never had this program on your computer, you still have malware. ... Event Type: Error ... error include insufficient security rights or a corrupt local profile. ... Windows was unable to load the registry. ...
    (microsoft.public.windowsxp.security_admin)