Discussion:
OT: offline malware removal tool for windoze
(too old to reply)
Sid Lane
2007-08-13 17:45:53 UTC
Permalink
pls don't flame me for asking this but...

one of my son's teachers asked me to look at her laptop which I would
ordinarily NEVER do but she is a teacher & her son is one of mine's friends.

anyhoos, I booted it (off our network naturally) and am running what tools
it has on it (M$ & Brave-Sentry?) but the BS thing won't remove anything w/o
activating (paying) & apparently M$'s won't work offline.

this thing is owned bigtime to the point I'm afraid to plug it into my
network at home (forget about work) for fear it could be a pron zombie
(which happened to someone I know in '03 & they're still dealing w/the legal
fallout but at least aren't in prison - yet...) - I don't have any specific
reason to suspect it is other than Brave-Sentry(?) has found 67 pieces of
malware on this thing, several of which are zombie-warz. I could/would
install other/better tools but I'm afraid to connect this thing to the net.

does anyone know of any malware removal tools I could run from a CD/offline
(ideally booting from it as well)?

I'll tell her to get legit anti-virus/etc but at this point I don't trust
anything that's running from within windoze to fix the problem.

thanks for any advice!
-------------- next part --------------
An HTML attachment was scrubbed...
Robert L. Harris
2007-08-13 17:52:00 UTC
Permalink
http://www.livecdlist.com/?pick=Linux_x86&showonly=Windows+Antivirus&sort=&sm=1
Post by Sid Lane
pls don't flame me for asking this but...
one of my son's teachers asked me to look at her laptop which I would
ordinarily NEVER do but she is a teacher & her son is one of mine's friends.
anyhoos, I booted it (off our network naturally) and am running what tools
it has on it (M$ & Brave-Sentry?) but the BS thing won't remove anything
w/o activating (paying) & apparently M$'s won't work offline.
this thing is owned bigtime to the point I'm afraid to plug it into my
network at home (forget about work) for fear it could be a pron zombie
(which happened to someone I know in '03 & they're still dealing w/the
legal fallout but at least aren't in prison - yet...) - I don't have any
specific reason to suspect it is other than Brave-Sentry(?) has found 67
pieces of malware on this thing, several of which are zombie-warz. I
could/would install other/better tools but I'm afraid to connect this
thing to the net.
does anyone know of any malware removal tools I could run from a
CD/offline (ideally booting from it as well)?
I'll tell her to get legit anti-virus/etc but at this point I don't trust
anything that's running from within windoze to fix the problem.
thanks for any advice!
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
:wq!
---------------------------------------------------------------------------
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS With Dreams To Be A King,
ALONE. I speak for First One Should Be A Man
no-one else. - Manowar

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Brian Pitts
2007-08-13 18:09:24 UTC
Permalink
Post by Sid Lane
does anyone know of any malware removal tools I could run from a
CD/offline (ideally booting from it as well)?
I don't know of any linux tools to remove spyware on windows, so your
best bet may be to build a windows live-cd with BartPE and include some
antivirus and antispyware plugins.

http://www.nu2.nu/pebuilder/

-Brian
Brian
2007-08-13 18:19:01 UTC
Permalink
Might I suggest creating a BartPE CD-ROM with McAfee and SpyBot installed on it?

(you can later try getting it to work via network boot, but let's
disinfect first)

BartPE: http://www.nu2.nu/pebuilder
SpyBot Search & Destroy: http://www.safer-networking.org/en/home/index.html
McAfee: http://www.bootcd.us/BartPE_Plugin_Details/124/Mcafee-Ramdisk+Autoupdater.html

With the Sherpya McAfee plugin, you can do updates if you have network
support loaded into BartPE.

Under the pebuilderXXX/plugins directory, you'll see SPYBOTSD. The
.htm file there will describe what files you need to copy from the
SpyBot installation to make it work in PE. This will also let you do
updates from the PE eniviroment (to RAM only, but, it updates).

You can expand BartPE as needed, and even make it work off of network
boots and USB keys.

bnm
Post by Sid Lane
pls don't flame me for asking this but...
one of my son's teachers asked me to look at her laptop which I would
ordinarily NEVER do but she is a teacher & her son is one of mine's friends.
anyhoos, I booted it (off our network naturally) and am running what tools
it has on it (M$ & Brave-Sentry?) but the BS thing won't remove anything w/o
activating (paying) & apparently M$'s won't work offline.
this thing is owned bigtime to the point I'm afraid to plug it into my
network at home (forget about work) for fear it could be a pron zombie
(which happened to someone I know in '03 & they're still dealing w/the legal
fallout but at least aren't in prison - yet...) - I don't have any specific
reason to suspect it is other than Brave-Sentry(?) has found 67 pieces of
malware on this thing, several of which are zombie-warz. I could/would
install other/better tools but I'm afraid to connect this thing to the net.
does anyone know of any malware removal tools I could run from a CD/offline
(ideally booting from it as well)?
I'll tell her to get legit anti-virus/etc but at this point I don't trust
anything that's running from within windoze to fix the problem.
thanks for any advice!
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
Sid Lane
2007-08-13 19:28:55 UTC
Permalink
thanks everyone!

I'm building the boot CD w/the required revoval tools...

I've GOT to start doing like the guy next to me and tell people I'm a
palentologist.
-------------- next part --------------
An HTML attachment was scrubbed...
Mike Harrison
2007-08-13 19:51:47 UTC
Permalink
Post by Sid Lane
I've GOT to start doing like the guy next to me and tell people I'm a
palentologist.
Sometimes I tell people I'm a welder.
Preston Boyington
2007-08-13 20:03:59 UTC
Permalink
Post by Mike Harrison
Post by Sid Lane
I've GOT to start doing like the guy next to me and tell people I'm a
palentologist.
Sometimes I tell people I'm a welder.
for me it is "I'm a proctologist."

then i attempt to shake their hand...
Jeff Lightner
2007-08-13 20:10:51 UTC
Permalink
I think I'd rather have people talk to me about computer problems than
what they might if they thought I was a proctologist...


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
To: ale at ale.org
Preston Boyington
Sent: Monday, August 13, 2007 4:04 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] OT: offline malware removal tool for windoze
Post by Mike Harrison
Post by Sid Lane
I've GOT to start doing like the guy next to me and tell people I'm a
palentologist.
Sometimes I tell people I'm a welder.
for me it is "I'm a proctologist."

then i attempt to shake their hand...
Robert Reese
2007-08-13 20:25:40 UTC
Permalink
Hi Sid,

*********** REPLY SEPARATOR ***********
Post by Sid Lane
does anyone know of any malware removal tools I could run from a CD/offline
(ideally booting from it as well)?
Don't forget Hijack This! http://www.download.com/HijackThis/3000-8022_4-10379544.html and Rootkit Revealer http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx from the company formerly known as Systernals. BartPE is definitely the way to go for a full-scale attack on the problem *if* they don't want to backup the data and wipe and reinstall Windows. Unfortunately, even with BartPE the system remains permanently hosed until it is redone from scratch. Of course, you'll need to ensure there's no rootkit no matter what. If there is, you'll want to put your Linux skills to use to clean out the hidden parts of the harddrive where the rootkit(s) reside before installing Windows.

In other words, think of it as putting a band-aid on the situation. Plus, you'll find that it takes about as long to sanitize an existing Windows installation (and the damage will never be really mitigated) as it does to backup the harddrive so all the data isn't lost and to reinstall Windows and add the necessary patches, and then reinstall the programs. I'd suggest to the teacher that you go this route rather than try and clean it.

Obviously, a lesson in computing safety plus a couple of free Comodo products http://www.comodo.com will help the teacher tremendously. If you do go the route of wiping and reinstalling, help the teacher out by preinstalling Firefox and/or Opera as well as a good alternative to Outlook/Outlook Express (in addition to the free antimalware and firewall Comodo products). I'd also recommend installing OpenOffice.org just in case, as the potential for infection from an MS Office document is significant. Worst case scenario is that you've spend an extra 20 minutes installing software the teacher never uses; best case scenario is that the teacher thwarts 99% of the threats she faces.

I do SMB Windows support, and on my own machine I use a non-html email client, Opera 9.x browser, and OpenOffice.org. I'm always trying out different firewalls and have various anti-spyware and anti-malware programs (all of which are turned OFF) and a Comodo anti-virus that stays OFF. Nonetheless, I don't unintentionally get infected. Ever. :c)

If you need help or get into a tight spot, contact me off-list if you wish.

Cheers,
Robert Reese~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Brian Pitts
2007-08-13 20:50:40 UTC
Permalink
Post by Robert Reese
Obviously, a lesson in computing safety plus a couple of free Comodo products http://www.comodo.com will help the teacher tremendously.
Interesting stuff. AVG was the only free Windows antivirus I knew of
with on-access scanning until now.

-Brian
Warren Myers
2007-08-13 20:52:22 UTC
Permalink
I think anti-vir does on-access, too... but i'm not positive.

WMM
Post by Robert Reese
Post by Robert Reese
Obviously, a lesson in computing safety plus a couple of free Comodo
products http://www.comodo.com will help the teacher tremendously.
Interesting stuff. AVG was the only free Windows antivirus I knew of
with on-access scanning until now.
-Brian
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
--
http://warrenmyers.com
"God may not play dice with the universe, but something strange is going on
with the prime numbers." --Paul Erd?s
"It's not possible. We are the type of people who have everything in our
favor going against us." --Ben Jarhvi, Short Circuit 2
-------------- next part --------------
An HTML attachment was scrubbed...
Jay Loden
2007-08-13 22:33:09 UTC
Permalink
Anti-Vir does, but they've gone and added annoying nagware into the product (think occasional screen-wide 'please purchase' windows) so I've since stopped recommending them. AVG works decently, and I've also heard a lot of good things about BitDefender. They now offer a free version of their software for Windows, with all the usual features: http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

I will also take a moment to plug my own removal tool, AIMFix - http://jayloden.com/AIMFix.exe ;-) It's focused on IM worms but it removes several thousand different pieces of malware so it's worth running in general since running time is just a few seconds.

Other than that, I'll second a recommendation for HijackThis - but the catch is it's only if you know what you're looking for. I've read thousands of HijackThis logs in doing antivirus work, so I can spot the 'wrong' entries very quickly, but they love to hide them with duplicated system file names, obscure startup entries, windows service entries, etc.

I highly recommend posting the HijackThis log to a forum such as http://subratam.org where they can help diagnose malware issues for you based on the log entries. You're also welcome to post it on the list (or if you prefer you can send it to me off-list) and I can take a look and update AIMFix to remove items if you'd like.

HTH,

-Jay
Post by Warren Myers
I think anti-vir does on-access, too... but i'm not positive.
WMM
On 8/13/07, *Brian Pitts* <brian at polibyte.com
Post by Robert Reese
Obviously, a lesson in computing safety plus a couple of free
Comodo products http://www.comodo.com will help the teacher
tremendously.
Interesting stuff. AVG was the only free Windows antivirus I knew of
with on-access scanning until now.
Robert Reese
2007-08-13 22:26:52 UTC
Permalink
Hi Brian,

*********** REPLY SEPARATOR ***********
Post by Robert Reese
Post by Robert Reese
Obviously, a lesson in computing safety plus a couple of free Comodo
products http://www.comodo.com will help the teacher tremendously.
Interesting stuff. AVG was the only free Windows antivirus I knew of
with on-access scanning until now.
IIRC, Avast! does as well. http://www.avast.com/eng/avast_4_home.html

But you're right, there aren't many. OTOH, antivirus isn't as necessary today as much as a two-way firewall, which thankfully there are quite a few decent ones. A good firewall keeps malware from working period, in my humble opinion... problem is, there isn't that good of a firewall out there for Windows. Nevertheless, I keep from infection simply by knowing my vulnerabilities, the risks, and so forth. The reason so many people with Windows get infected is they can't be bothered to learn the risks, how to avoid them, and to use products that minimize the risk (or, more to the point NOT use products that maximize their risk). But mostly is because they can't be bothered *and* think their risk is lower than what it really is (the ol' 'ostrich' manuever).

Sorry, I accidentally tripped and landed on that there soapbox. I'll hop down now and put it back for the next person to trip over.

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
H. A. Story
2007-08-13 22:43:14 UTC
Permalink
You are wasting your time. Get a USB to IDE adapter. Mount the drive
onto a LINUX machine and recover data such as
pictures,docs,music,favorites and etc... Once that is done erase the
drive. Put it back in the laptop and reload the OS.

Yeah, You don't figure out what was actually wrong and you have to
reinstall programs.

But you can spend about 4 hours scanning a drive and never really fix
the problem.

Keep in mind a lot of AV software doesn't even touch spyware, malware,
and adware. Then there are the reinstall on boot programs.

If you want to have fun with the BartPE still. Look into remotely
loading the registry.
Post by Sid Lane
pls don't flame me for asking this but...
one of my son's teachers asked me to look at her laptop which I would
ordinarily NEVER do but she is a teacher & her son is one of mine's friends.
anyhoos, I booted it (off our network naturally) and am running what
tools it has on it (M$ & Brave-Sentry?) but the BS thing won't remove
anything w/o activating (paying) & apparently M$'s won't work offline.
this thing is owned bigtime to the point I'm afraid to plug it into my
network at home (forget about work) for fear it could be a pron zombie
(which happened to someone I know in '03 & they're still dealing w/the
legal fallout but at least aren't in prison - yet...) - I don't have
any specific reason to suspect it is other than Brave-Sentry(?) has
found 67 pieces of malware on this thing, several of which are
zombie-warz. I could/would install other/better tools but I'm afraid
to connect this thing to the net.
does anyone know of any malware removal tools I could run from a
CD/offline (ideally booting from it as well)?
I'll tell her to get legit anti-virus/etc but at this point I don't
trust anything that's running from within windoze to fix the problem.
thanks for any advice!
------------------------------------------------------------------------
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
Preston Boyington
2007-08-13 23:01:56 UTC
Permalink
Post by H. A. Story
You are wasting your time. Get a USB to IDE adapter. Mount the drive
onto a LINUX machine and recover data such as
pictures,docs,music,favorites and etc...
<snipped>

Is the LinuxDefender Live! cd project still active? i wonder if you
used a knoppix disk to boot, backed up personal documents and such, then
used it to access some of the online scanners to scan the mounted drive.

if you are concerned about your network, go grab a cup of coffee
someplace that has free wifi.
Scott Castaline
2007-08-13 23:30:40 UTC
Permalink
Post by Preston Boyington
Post by H. A. Story
You are wasting your time. Get a USB to IDE adapter. Mount the drive
onto a LINUX machine and recover data such as
pictures,docs,music,favorites and etc...
<snipped>
Is the LinuxDefender Live! cd project still active? i wonder if you
used a knoppix disk to boot, backed up personal documents and such, then
used it to access some of the online scanners to scan the mounted drive.
if you are concerned about your network, go grab a cup of coffee
someplace that has free wifi.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
Yes the project is still alive, just downloaded the current version and
burned it. Haven't had a chance to test it yet. Still based on Knoppix.
Will probably test it on wifey's PC manana.
Paul Cartwright
2007-08-14 00:31:38 UTC
Permalink
Post by Scott Castaline
Yes the project is still alive, just downloaded the current version and
burned it. Haven't had a chance to test it yet. Still based on Knoppix.
Will probably test it on wifey's PC manana.
the web page I saw was 3 years old, didn't look like a new version. What web
site are you looking at??
--
Paul Cartwright
Registered Linux user # 367800
Ubuntu User number is # 12459
Scott Castaline
2007-08-14 02:07:06 UTC
Permalink
Post by Paul Cartwright
Post by Scott Castaline
Yes the project is still alive, just downloaded the current version and
burned it. Haven't had a chance to test it yet. Still based on Knoppix.
Will probably test it on wifey's PC manana.
the web page I saw was 3 years old, didn't look like a new version. What web
site are you looking at??
The one in a prior e-mail. I thought it was more recent than 3 years. It
has write ability to NTFS using XP drivers. It requires 2 files from
winxp cd I can't remember off hand.
Evan Pitstick
2007-08-14 02:54:17 UTC
Permalink
Hey Sid!,
I used to do this all the time... this will take a while but if you want
to do it right, well its M$ and it takes a lot of work.

Boot into windows and turn off the restore feature. Download Crap
Cleaner and run. Then..

Download TRK and burn it to a CD. Boot and follow instructions for the
AVG and clam scans.

Then boot back into windows and download, install, run

1. CounterSpy
2. Ewido Spyware scaner
3. AdAware
4. Spybot Seaarch Distroy

then remove any crappy AV they might have.
then use RegSrub XP
then install a fresh copy of AVG anti-virus

YAY!!! computers fixed.. oh also tell them to come to a install fest so
they can start using Free and Open software and never deal with this again.
Paul Cartwright
2007-08-14 11:10:11 UTC
Permalink
Post by Evan Pitstick
Boot into windows and turn off the restore feature. Download Crap
Cleaner and run. Then..
Download TRK and burn it to a CD. Boot and follow instructions for the
AVG and clam scans.
never heard of it, but it is now known as CCleaner:
http://filehippo.com/download_ccleaner/?570
Post by Evan Pitstick
Then boot back into windows and download, install, run
1. CounterSpy
2. Ewido Spyware scaner
3. AdAware
4. Spybot Seaarch Distroy
then remove any crappy AV they might have.
then use RegSrub XP
then install a fresh copy of AVG anti-virus
--
Paul Cartwright
Registered Linux user # 367800
Ubuntu User number is # 12459
Preston Boyington
2007-08-14 11:58:26 UTC
Permalink
Post by Evan Pitstick
Hey Sid!,
I used to do this all the time... this will take a while but if you want
to do it right, well its M$ and it takes a lot of work.
<snipped>

I don't load a lot of programs back onto Windows anymore. it seemed
that the people didn't update them anyway.

I use several different online sites. i figure they are more up-to-date
than whatever package i am downloading (and then updating).

once in Windows you can fire up IE and point it to:

http://www.spywareinfo.com/xscan.php
(Spyware & Adware Scanning)

http://www.bitdefender.com/scan8/ie.html
(BitDefender Free Online Virus Scan)

and if it is still active
http://virusscan.jotti.org/
(online malware scan)

the virus found in the archive/snapshot/backup that Windows keeps are
easily removed with Knoppix or similar livecd.

for extra fun play with the beryl 3d desktop while cleaning their
windows. knoppix (with switch at boot prompt) and sabayon are two that
come to mind.
Sid Lane
2007-08-16 12:36:53 UTC
Permalink
well,

my paranoia may have been well founded - I ran spybot & avg on it which
claimed to identify & remove ~80-90 threats EACH, gave it back to her
yesterday and this morning she's telling me it popping up pron. I told her
she needed to cut her losses & reinstall windoze but she said she wasn't
sure if she had the disk(s). I kind of wonder if it's a legit copy anyway
as it was still SP1 and I wasn't about to be responsible for SP2 killing it
or WGA making it commit suicide (besides, that would have required
connecting to a network & I wasn't about to put it on an address I was
responsible for). she says "I'm not saying you did it" - um, yea,
considering I never connected the stupid thing to the internet I'd say it's
possible it was there before...

folks, I have officially done my LAST hands-on attempt to help somebody -
verbal advice, fine, but given what's happened(/ing) to this other person I
know it's just not worth the risk...

it's a rough net out there - I think I'll stick to databases, preferrably
ones that don't launch dos attacks on the entire internet & run on an os
quite so prone to hostile takeovers...

if you EVER see me post another ? related to helping someone outside of work
PLEASE send someone over to smack me in the face w/a pie (some of you know
where I am).
Post by Sid Lane
pls don't flame me for asking this but...
one of my son's teachers asked me to look at her laptop which I would
ordinarily NEVER do but she is a teacher & her son is one of mine's friends.
anyhoos, I booted it (off our network naturally) and am running what tools
it has on it (M$ & Brave-Sentry?) but the BS thing won't remove anything w/o
activating (paying) & apparently M$'s won't work offline.
this thing is owned bigtime to the point I'm afraid to plug it into my
network at home (forget about work) for fear it could be a pron zombie
(which happened to someone I know in '03 & they're still dealing w/the legal
fallout but at least aren't in prison - yet...) - I don't have any specific
reason to suspect it is other than Brave-Sentry(?) has found 67 pieces of
malware on this thing, several of which are zombie-warz. I could/would
install other/better tools but I'm afraid to connect this thing to the net.
does anyone know of any malware removal tools I could run from a
CD/offline (ideally booting from it as well)?
I'll tell her to get legit anti-virus/etc but at this point I don't trust
anything that's running from within windoze to fix the problem.
thanks for any advice!
-------------- next part --------------
An HTML attachment was scrubbed...
Vernard Martin
2007-08-16 13:18:27 UTC
Permalink
Post by Sid Lane
folks, I have officially done my LAST hands-on attempt to help
somebody - verbal advice, fine, but given what's happened(/ing) to
this other person I know it's just not worth the risk...
I've discovered that telling folks with issues like these to go the Geek
Squad at Best Buy to get it fixed is the best solution. For two good
reasons:

1) They get someone they can call and blame when things don't work.
2) Once they have written a large check to pay for these services they
learn to appreciate the free help that folks like you give.

Vernard
James P. Kinney III
2007-08-16 14:32:19 UTC
Permalink
Post by Vernard Martin
Post by Sid Lane
folks, I have officially done my LAST hands-on attempt to help
somebody - verbal advice, fine, but given what's happened(/ing) to
this other person I know it's just not worth the risk...
I've discovered that telling folks with issues like these to go the Geek
Squad at Best Buy to get it fixed is the best solution. For two good
1) They get someone they can call and blame when things don't work.
2) Once they have written a large check to pay for these services they
learn to appreciate the free help that folks like you give.
3) Once they realize the large check did NOT solve the problem through
geeksquad they become better targets for OS replacements. Macs aren't
perfect but they are a huge step up from the slime that geeksquad
collect support fees for and they are more suitable for people with no
admin skills and specifically no desire to acquire any.
Post by Vernard Martin
Vernard
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
770-493-8244
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Robert Reese
2007-08-16 17:53:13 UTC
Permalink
*********** REPLY SEPARATOR ***********
Post by Sid Lane
responsible for). she says "I'm not saying you did it" - um, yea,
considering I never connected the stupid thing to the internet I'd say it's
possible it was there before...
Remind her that it wasn't you that didn't keep the operating system up-to-date, nor her antivirus and antispyware and firewall up-to-date, and it wasn't you that used Internet Explorer and answered "yes" to everything that popped up without bothering to read or understand the message, and it wasn't you that used unsafe email programs and surfed unsafe websites. Most likely what you did was kill one spyware program that was preventing another spyware program from operating. Oddly enough, spyware companies are quite competitive and do attack each other, preventing each other from operating. Remind her it isn't your fault she's using pirated software and can't reinstall the OS nor install needed updates.

Or at least look her in the eye and tell her damn right you didn't do it.

Now if you feel a little vindictive, suggest she consider a very reasonably priced (as in under $500/$600) laptop with Vista. Tell her it's more virus and spyware-proof. You won't be lying, since it really is safer than XP sp1!

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Preston Boyington
2007-08-16 18:40:36 UTC
Permalink
Remind her that it wasn't you that didn't keep the operating system up-to-date...
<snipped>

if i were a betting person, i would wager it to be something like a file
sharing service and she was getting music or some such.
Robert Reese
2007-08-16 19:16:56 UTC
Permalink
*********** REPLY SEPARATOR ***********
Post by Robert Reese
Remind her that it wasn't you that didn't keep the operating system
up-to-date...
<snipped>
if i were a betting person, i would wager it to be something like a file
sharing service and she was getting music or some such.
I wouldn't be surprised. When I find these systems that have been downloading tons of music/video/pr0n, etc., I always point out that that is probably the biggest reason for their infection in addition to all the things they should have or have not done to protect themselves. Of course, once they know they've been 'busted' for (potential) piracy they are more receptive to my information as well as my large invoice. ;c)

BTW, I'm also willing to wager she used Outlook/Outlook Express (probably the latter). Both do such an awesome job of instantly firing any kind of malicious html and related dangerous chaff the moment you pass over it while going to another message via the arrow key. In other words, since HTML viewing is on and so is the preview pane by default, using the arrow keys on the keyboard to traverse messages will activate each and every message highlighted, even if it is just for a micro-second. There's many a system infected because of a malicious html email message sent to an unprotected person using outlook and outlook express.

Truth be told, if I see that someone is using OE I automatically assume they're infected. If they use AOL, I'm certain of it. ;c)

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Jeff Lightner
2007-08-16 19:32:00 UTC
Permalink
Of course turning off the preview pane helps. I use Outlook on my
company provided desktop and have yet to see it open a link on which I
didn't click.

I've always thought it should be called preview "pain". To me such
previews are annoying as hell and take up screen real estate. If I
can't tell from the sender and subject whether I want to open it (sorry
my Paypal account alert isn't going to be opened since I don't have a
Paypal account) then I simply delete it.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
To: ale at ale.org
Robert Reese
Sent: Thursday, August 16, 2007 3:17 PM
To: ale at ale.org
Subject: Re: [ale] OT: offline malware removal tool for windoze

*********** REPLY SEPARATOR ***********
Post by Robert Reese
Remind her that it wasn't you that didn't keep the operating system
up-to-date...
<snipped>
if i were a betting person, i would wager it to be something like a file
sharing service and she was getting music or some such.
I wouldn't be surprised. When I find these systems that have been
downloading tons of music/video/pr0n, etc., I always point out that that
is probably the biggest reason for their infection in addition to all
the things they should have or have not done to protect themselves. Of
course, once they know they've been 'busted' for (potential) piracy they
are more receptive to my information as well as my large invoice. ;c)

BTW, I'm also willing to wager she used Outlook/Outlook Express
(probably the latter). Both do such an awesome job of instantly firing
any kind of malicious html and related dangerous chaff the moment you
pass over it while going to another message via the arrow key. In other
words, since HTML viewing is on and so is the preview pane by default,
using the arrow keys on the keyboard to traverse messages will activate
each and every message highlighted, even if it is just for a
micro-second. There's many a system infected because of a malicious
html email message sent to an unprotected person using outlook and
outlook express.

Truth be told, if I see that someone is using OE I automatically assume
they're infected. If they use AOL, I'm certain of it. ;c)

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Robert Reese
2007-08-16 19:55:41 UTC
Permalink
*********** REPLY SEPARATOR ***********
Post by Jeff Lightner
Of course turning off the preview pane helps. I use Outlook on my
company provided desktop and have yet to see it open a link on which I
didn't click.
I've always thought it should be called preview "pain". To me such
previews are annoying as hell and take up screen real estate. If I
can't tell from the sender and subject whether I want to open it (sorry
my Paypal account alert isn't going to be opened since I don't have a
Paypal account) then I simply delete it.
Yes, you are absolutely right; in fact one of the single biggest good things someone who is so much at risk can do is turn off the preview pane. Unfortunately, MS makes it incredibly difficult to discover where to turn it off in some of its products. Just as bad is they make html the default format to read *and* send and make they make turning off HTML either impossible or at the very least rather difficult all the while hassling you about the supposed advantages of html.

It's not all MS's fault, though. Too many people think Outlook Express (OE) is the *official* email program of the world _and_ they think reading their email via the preview pane is the way you are supposed to read it. Heck, I've met too many people that had no clue that you could double-click on a message and it would open in its own window. Of course, once I showed them they didn't like it because it was too much of a pain to go from one message to another that way. I learned out a long time ago not to feel sorry for ignorant people (ignorant in the true meaning where they have been exposed to information and choose to _ignore_ it) and charge them accordingly. I figure either they'll get clued in and not want the expense of repair, or they won't get it and I'll have another payday from them at some point. I do cover my karmic butt by giving them the aforementioned information. ;c)

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Jeff Lightner
2007-08-17 12:02:44 UTC
Permalink
Funny about the charging people to make them learn. I once had a job
doing support for a company that made hotel software. There was a
nightly maintenance job the end user's (called night auditors) had to
run but it could only be run once per night (because it tallied the
day's business as well as moved the "business day" ahead by one).

On occasion we would get a site that would run it twice despite
admonitions not to do so for one reason or another (it was taking too
long so they aborted and restarted or some other crazy reason). We
would:
1) Make them restore the previous night's backup.
2) Make them re-input all transactions for the time since that backup (a
day)
3) Charge them a fee for "assisting" them with the above since it was
deemed "user error".

Despite all the above there was at least one user site that every 2
weeks (at a minimum) would run this process not just twice but multiple
times before calling us. Some people NEVER learn not matter how
painful the lessons are.


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
To: ale at ale.org
Robert Reese
Sent: Thursday, August 16, 2007 3:56 PM
To: ale at ale.org
Subject: Re: [ale] OT: offline malware removal tool for windoze

*********** REPLY SEPARATOR ***********
Post by Jeff Lightner
Of course turning off the preview pane helps. I use Outlook on my
company provided desktop and have yet to see it open a link on which I
didn't click.
I've always thought it should be called preview "pain". To me such
previews are annoying as hell and take up screen real estate. If I
can't tell from the sender and subject whether I want to open it (sorry
my Paypal account alert isn't going to be opened since I don't have a
Paypal account) then I simply delete it.
Yes, you are absolutely right; in fact one of the single biggest good
things someone who is so much at risk can do is turn off the preview
pane. Unfortunately, MS makes it incredibly difficult to discover where
to turn it off in some of its products. Just as bad is they make html
the default format to read *and* send and make they make turning off
HTML either impossible or at the very least rather difficult all the
while hassling you about the supposed advantages of html.

It's not all MS's fault, though. Too many people think Outlook Express
(OE) is the *official* email program of the world _and_ they think
reading their email via the preview pane is the way you are supposed to
read it. Heck, I've met too many people that had no clue that you could
double-click on a message and it would open in its own window. Of
course, once I showed them they didn't like it because it was too much
of a pain to go from one message to another that way. I learned out a
long time ago not to feel sorry for ignorant people (ignorant in the
true meaning where they have been exposed to information and choose to
_ignore_ it) and charge them accordingly. I figure either they'll get
clued in and not want the expense of repair, or they won't get it and
I'll have another payday from them at some point. I do cover my karmic
butt by giving them the aforementioned information. ;c)

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Robert Reese
2007-08-17 15:19:40 UTC
Permalink
*********** REPLY SEPARATOR ***********
Post by Jeff Lightner
Funny about the charging people to make them learn. I once had a job
doing support for a company that made hotel software. There was a
nightly maintenance job the end user's (called night auditors) had to
run but it could only be run once per night (because it tallied the
day's business as well as moved the "business day" ahead by one).
On occasion we would get a site that would run it twice despite
admonitions not to do so for one reason or another (it was taking too
long so they aborted and restarted or some other crazy reason). We
1) Make them restore the previous night's backup.
2) Make them re-input all transactions for the time since that backup (a
day)
3) Charge them a fee for "assisting" them with the above since it was
deemed "user error".
Hmm, I always wondered what a "night auditor" did. Thanks for the glimpse into the industry.
Post by Jeff Lightner
Despite all the above there was at least one user site that every 2
weeks (at a minimum) would run this process not just twice but multiple
times before calling us. Some people NEVER learn not matter how
painful the lessons are.
Yes, I've a few clients like that. Ironically, as frustrating as they are, I actually like having them because they pay the most and I can *almost* count on the income. ;c)

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
Jeff Lightner
2007-08-17 17:39:54 UTC
Permalink
Night audit arose out of the need for:
1) Someone to watch the front desk in the middle of the night on the
off chance guests showed up (there's more than you'd think).
2) The lack of enough work for that person so far as guests went to
keep him/her busy for 8 hours thereby allowing work to be palmed off
that was previously done by accounting during the day.

Actually I was a Night Auditor myself in my prior life. At my first
audit job we used an electric (not electronic) cash register that had a
hand crank so it could be used if the power went out. All the paperwork
was done by hand. Over time I moved on to electronic register systems
that could merge totals then to more sophisticated ones that were
essentially computers with tiny monitors and finally on to full fledged
computerized systems. Of course in accounting they also started using
PCs with Lotus 123 which was a big driver of the growth of PCs for
business early on.

It always amazed me in later years how people that hadn't started with
manual systems would freak when the computers went down. Did they think
commerce didn't exist before computers? The great thing about the
experience was it let me know the behind the scenes "practical" problems
being solved by computer systems. Also since hotels pay almost nothing
it let me work my way up to the point where without a degree I could be
Financial Controller of multi-million dollar businesses and later move
into doing systems administration for a living when that got old.


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
To: ale at ale.org
Robert Reese
Sent: Friday, August 17, 2007 11:20 AM
To: ale at ale.org
Subject: Re: [ale] OT: offline malware removal tool for windoze

*********** REPLY SEPARATOR ***********
Post by Jeff Lightner
Funny about the charging people to make them learn. I once had a job
doing support for a company that made hotel software. There was a
nightly maintenance job the end user's (called night auditors) had to
run but it could only be run once per night (because it tallied the
day's business as well as moved the "business day" ahead by one).
On occasion we would get a site that would run it twice despite
admonitions not to do so for one reason or another (it was taking too
long so they aborted and restarted or some other crazy reason). We
1) Make them restore the previous night's backup.
2) Make them re-input all transactions for the time since that backup (a
day)
3) Charge them a fee for "assisting" them with the above since it was
deemed "user error".
Hmm, I always wondered what a "night auditor" did. Thanks for the
glimpse into the industry.
Post by Jeff Lightner
Despite all the above there was at least one user site that every 2
weeks (at a minimum) would run this process not just twice but multiple
times before calling us. Some people NEVER learn not matter how
painful the lessons are.
Yes, I've a few clients like that. Ironically, as frustrating as they
are, I actually like having them because they pay the most and I can
*almost* count on the income. ;c)

Cheers,
Robert~

------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------

SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)

2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States

Loading...