Nice article about What To Do If Your Computer Locks Up

[Thorin]

So AVIRA AntiVir found 54 items related to about 20 viruses, trojans, worms, exploits, and a rootkit.  Unfortunately their Rescue Disk had some run-time exception that caused it not to fix anything.  ESET Nod32 found 19 items, although it bunched things together.  It missed the rootkit, though.

After running these two, the machine was supposedly clean, but still locked up randomly and wouldn't run Disk Defragmenter.

Enter Trojan Remover from Simply Super Software!  It found the rootkit, disabled it, and found the other trojans that had been stealthed by the rootkit.  Suddenly, Disk Defragmenter started working and the laptop stopped locking up.

So there's a new one for you all to use, once you've been infected.  There's a 30 day trial, but it's pay for use.  It did what it advertises - found rootkits and trojans and disabled/deleted them.  And it did it quickly.  Four and a half minutes, then a reboot, and it was done.  I'm pretty sure it doesn't scan files for viruses as you access them, though, so a good virus scanner is still required.

[Melbosa]

Another good one for the trojan, spyware, and rootkit stuff has been MalwareBytes.  We've used it numerous times at work, and it usually can clean a system while the offender is even in active ram, which we are very impressed with.  No requirement for that Safemode boot.

[Mr. Analog]

Man, that Chinese curse "may your life be interesting"? Thorin's picture right next to it.

Sorry to hear about all the headaches buddy, we can pummel those in with some sweet, sweet MSG on Friday though!

[Thorin]

MSG, thy will be mine!
For I have missed a taste of thine,
Since squirreled in the hinterlands.
I shall eat thee with mine hands!

Or maybe chopsticks.

[Mr. Analog]

MSG, thy will be mine!
For I have missed a taste of thine,
Since squirreled in the hinterlands.
I shall eat thee with mine hands!

Or maybe chopsticks.

LOL!!

[Thorin]

MSG, thy will be mine!
For I have missed a taste of thine,
Since squirreled in the hinterlands.
I shall eat thee with mine hands!

Or maybe chopsticks.

LOL!!

I thought you might like that   Damn, I can taste it already...

Another good one for the trojan, spyware, and rootkit stuff has been MalwareBytes.  We've used it numerous times at work, and it usually can clean a system while the offender is even in active ram, which we are very impressed with.  No requirement for that Safemode boot.

Now you tell me!  Just kidding   Trojan Remover is specifically meant to catch stuff that's running and active, also no booting into Safe Mode.

Speaking of Safe Mode, apparently you can stop an XP computer from booting into Safe Mode by deleting the following registry key:

  HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot

If this is missing, booting into any kind of "Safe Mode" causes a Blue Screen of Death, because Windows tries to read it and can't and doesn't know what to do next.  And of course, one of the pieces of malware on the laptop had removed this key.  Thank god I found a fix on Didier Steven's blog.

Funny how this post transformed from being about an article that I found well-written to surprising things that malware can do these days.

[Mr. Analog]

That's actually pretty handy there, thanks!

[Tom]

Its for stuff like this that I wish the wiki was still open. Theres been the occasion that I wanted to write some Linux related stuff (network tuning, KVM/LVM/RAID setup) some place, and I don't have a private wiki atm, so no place to put any of it.

[Melbosa]

If you want access, let me know, as the wiki still exists.  https://wiki.servuit.com

I have it open to many for updating.  There is Linux, Windows, Games, etc all in one place

[Tom]

Thats the problem, Id have had to ask... Normally its not worth the trouble But sure I'll take an account.. and book mark it so I remember the address...

[Melbosa]

PM me a username and password

[Darren Dirt]

Its for stuff like this that I wish the wiki was still open. Theres been the occasion that I wanted to write some Linux related stuff (network tuning, KVM/LVM/RAID setup) some place, and I don't have a private wiki atm, so no place to put any of it.

related "how to clean yer infected compyooter" thread:
http://pokerforums.fulltiltpoker.com/how-to-clean-your-computer-of-keyloggers-spywares-t100021.html

[Thorin]

Hah, they finally decided to buy antiviral software!  We are now (well, will soon be) the proud new owners of ESET Smart Security 4.  Hopefully I never have to fix another laptop again.

Of course, someone's gotta manage uninstalling all the old, expired, no-longer-updating antiviral scanners and firewalls and spyware finders.  I DON'T WANT THAT TO BE ME.

But yeah, I was surprised as hell that they actually listened.  Maybe I should tell them about this new technology called "backups", and how off-site backups are used by EVERYONE ELSE BUT US.

[Tom]

Hah, they finally decided to buy antiviral software!  We are now (well, will soon be) the proud new owners of ESET Smart Security 4.  Hopefully I never have to fix another laptop again.

Of course, someone's gotta manage uninstalling all the old, expired, no-longer-updating antiviral scanners and firewalls and spyware finders.  I DON'T WANT THAT TO BE ME.

But yeah, I was surprised as hell that they actually listened.  Maybe I should tell them about this new technology called "backups", and how off-site backups are used by EVERYONE ELSE BUT US.

Most people don't understand how important it is till they loose all their data so good luck trying to push that through

[Mr. Analog]

So funny story about McAfee...

I always knew Windows was a virus!