08 Sep 10
Originally posted by sonhouseNo. It will kill the thumb drive before you can say 'boo'.
Maybe if you just go into safe mode and don't fire anything up on that HD, the thumb drive anti could do it's thing and nail it, maybe?
As long as you are trying to start up in safe mode, you're onto a loser. You also need to remove your system restore record.... you can bet your bottom dollar that if this is an RKill copy it's in there. Each time you restart, whether in safe or not, sys restore is running. They are the real culprit viruses.
08 Sep 10
3 edits
Originally posted by mikelomRkill is a short program written by a MS programmer, 1/3 meg, that stops an active virus from being active to allow anti's like Malwarebytes to work. Can I kill restore while in safe mode? What kind of tactic works in this situation? What do you think about the secondary/primary HD idea?
No. It will kill the thumb drive before you can say 'boo'.
As long as you are trying to start up in safe mode, you're onto a loser. You also need to remove your system restore record.... you can bet your bottom dollar that if this is an RKill copy it's in there. Each time you restart, whether in safe or not, sys restore is running. They are the real culprit viruses.
So maybe if I can kill restore temporarily after MWB does it's thing and says it needs to reboot to finish, maybe that will do the job? I can see sys restore starting up those shyteware things after reboot. I forgot about that problem.
Well, MWB just finished, so before rebooting I went to sys restore and got this message:
"Sys restore has been turned off by group policy. To turn on SR, contact your domain administrator"
Wow. Not even sure what 'group policy' means. Could that be being controlled by the virus? Could it really be the sys restore is really turned on but I don't have access to it because of this virus?
Well I did the services thing in normal mode and got it pasted to a folder on the desktop. I don't immediately get the 'microft security essentials alert' window but I know something is still there because if I do something like try to download Ad Aware or Spybot, just attempting to go to those sites causes a redirect so something is still active(that is my test to see if the virus is still active. I don't really want to download that stuff but I want to see if it redirects)
That is after malwarebytes did it's thing and I did a normal reboot, so I am now at least, typing this from the compromised computer. Do you want me to put the exported service list in a pm, if it will allow that large a dump, its all of 22 K.
The only thing about that exported version, it doesn't show up like the original, it doesn't have links, or any of the stuff in the original, it just is a list of what is there, not if it's running or stopped and the explanation of what X service does. Do you want that? I didn't see anything suspicious there.
08 Sep 10
Originally posted by sonhouseForget what the MWB wants to do.
Rkill is a short program written by a MS programmer, 1/3 meg, that stops an active virus from being active to allow anti's like Malwarebytes to work. Can I kill restore while in safe mode? What kind of tactic works in this situation? What do you think about the secondary/primary HD idea?
So maybe if I can kill restore temporarily after MWB does it's thi ...[text shortened]... the sys restore is really turned on but I don't have access to it because of this virus?
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore.
If a "DisableSR" value doesn't exist, go to the Edit menu, select New, DWORD value, and create the value.
Set the value to 1 to disable System Restore or 0 to enable System Restore.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr to prevent the System Restore service from starting.
Double-click Start, and set the value to 4 to stop the service from starting or to 0 for normal startup. Close the registry editor.
Log off and come back in in safe mode.
Then Log on with Admin Privileges and Type : %systemroot%\system32\restore\rstrui.exe. Then press enter.
Let me know,,,,,, but I'm off to bed soon...... that should kill off the virus... IMHO.
08 Sep 10
1 edit
Originally posted by mikelomI think we posted at the same time, I edited my post before yours. Maybe you can read it later. Thanks for the help BTW.
Forget what the MWB wants to do.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore.
If a "DisableSR" value doesn't exist, go to the Edit menu, select New, DWORD value, and create the value.
Set the value to 1 to disable System Restore or 0 to enable System Restore.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro know,,,,,, but I'm off to bed soon...... that should kill off the virus... IMHO.
I went to regedit and found sr to already set to 4 so it really is turned off.
08 Sep 10
Originally posted by jimslyp69If I had as many computer problems as sonhouse I would forsake technology for life and try and find a penpal instead.
Is this another thread where Sonhouse asks an IT related question in the GF, gets flamed and then has a hissy fit?
De ja vu!
I would hazard a guess that you would reboot back into normal mode. But I know fa. It all depends on what AV you're running and a lot of other things.
Or maybe marry a Chinese broad who knows what she's doing?
THERE'S OPTIONS
08 Sep 10
http://www.pendrivelinux.com/run-linux-mint-9-from-a-usb-flash-drive/
Run Linux Mint 9 from a USB Flash Drive by using Windows to create the Linux Mint 9 Live USB. In the following tutorial, we cover one way to use our third party Universal USB Installer to create your own Portable Linux Mint 9 USB Flash Drive from Windows. Headed by Clement Lefebvre, Linux Mint 9 "Isadorais" is based on Ubuntu 10.04. Key features include; new software manager, new backup tool, streamlined look and feel, quicker boot times and much more.
08 Sep 10
1 edit
Originally posted by zeeblebotthe pen drive instructions say to use torrent to download Linux Mint but you don't have to. just use the link below to download via http or ftp.
http://www.pendrivelinux.com/run-linux-mint-9-from-a-usb-flash-drive/
Run Linux Mint 9 from a USB Flash Drive by using Windows to create the Linux Mint 9 Live USB. In the following tutorial, we cover one way to use our third party Universal USB Installer to create your own Portable Linux Mint 9 USB Flash Drive from Windows. Headed by Clement Lefebvre, L oftware manager, new backup tool, streamlined look and feel, quicker boot times and much more.
if you install Mint to a USB stick, you can use it to run your computer until such time as you get your Windows fixed. and no need to install to hard drive. even booting from the USB stick, it'll probably run faster than your Windows running from hard drive. and it won't have viruses lined up to glom onto it like Windows does.
this assumes the BIOS on your computer is modern enough to permit you to boot from a USB stick. it'll have USB in the boot drive options list if so. go to the BIOS menu on startup to set that.
http://www.linuxmint.com/download.php
08 Sep 10
http://en.wikipedia.org/wiki/Koobface
Koobface, an anagram of Facebook, is a computer worm that targets the Microsoft Windows users of the social networking websites Facebook, MySpace,[1] hi5, Bebo, Friendster and Twitter[2]. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. It was first detected in December 2008 and a more potent version appeared in March 2009.[3]