Re: Removal Tools
- From: "Simon Cooper" <swcooper@xxxxxxxxxxxx>
- Date: Tue, 6 Sep 2005 16:08:10 -0400
"Tony Houghton" <this.address.is.fake@xxxxxxxxxxx> wrote in message
news:slrndhof1k.35j.this.address.is.fake@xxxxxxxxxxxxxx
> In <dfhbp8$h0p$1$8300dec7@xxxxxxxxxxxxxxxx>,
> Jim Howes <sewoh.mij@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > If you _need_ to scan your entire C: drive for viruses on a regular
> > basis, then something is wrong with your setup. Full system scans are
> > not a security procedure, just a check that existing security
> > procedures are being properly performed.
I think this is spot on. I ran Norton for a year until it's subscriptions
ran out, I don't think it ever found anything I didn't already know was
suspect, and when I actually caught Blaster worm, it didn't know anything
about it.
Removing Blaster manually included a step checking to see if there were any
nasties being loaded at startup, in a registry key labelled :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
And just about every one I've seen since has launched from the same place.
In my view anything launching from here is basically malware, and common
culprits are realplayer, quicktime, nero, winzip. I suppose laptop users
may need their wireless config utility, people might want their audio mixer,
and I'll admit to launching P2P on one machine from there. Here:s a
legitimate set:
http://mywebpages.comcast.net/swcooper/reg.jpg
Getting rid of them is then reasonably easy - anything there will have
loaded, so clear the list of anything obvious, and if you think it might be
genuine, find the file specified. The properties -> Version tab is usually
quite telling. Almost all legitimate software has good publisher
information and the like. Almost all illegitimate doesn't. If you can't
delete illegitimate stuff, rename it. It can't load then. Or rename it's
folder (assuming that's an option). Once you reboot, it should be quite
possible to purge it. You can always backup the contents of that registry
branch into a file you can easily edit and restore.
Then go run windows update to stop picking these things up without your own
actions. So then your own actions:
>The only way to keep your machine secure is to not get
>infected in the first place. There are ways of doing this. Not using IE,
>except for those annoying but trusted sites that only accept IE is one.
It's just so true....
As the headers will likely attest, I use Outlook Express**, and don't catch
anything - so maybe it's OK. But I don't run attachments promising me Anna
Kournikova or even more innocuous text files - here's one I got recently and
kept for a while as a novelty:
http://mywebpages.comcast.net/swcooper/virus.jpg
Naturally after a while I forgot what these details were and didn't have the
screen formatted to get the .scr at the end...
> Surely it can't be that hard to write effective preventative AV.
I've been puzzled by this. I find it very easy to check for and cleanse
most little nasties that my friends inevitably have in abundance, 'cos they
all try in the same way.
> [1] For incoming email, rather than having the curious philosophy of
> Windows firewalls that seem to let anything and everything in and only
> check what's trying to get out.
I would guess this is because Windows machines have been so easily turned
into zombie machines that relay thousands of random spam mails. But then I
might be attributing a little more credit than is strictly deserved...
**It checks my hotmail...
.
- References:
- Removal Tools
- From: archierob
- Re: Removal Tools
- From: Jim Howes
- Re: Removal Tools
- From: Tony Houghton
- Removal Tools
- Prev by Date: Connecting Audigy 2 ZS to Hi-Fi
- Next by Date: Re: MP3 player and usb
- Previous by thread: Re: Removal Tools
- Next by thread: Re: Removal Tools
- Index(es):
Relevant Pages
|
