Sign in with
Sign up | Sign in
Your question

Malware infection

Tags:
Last response: in Windows 95/98/ME
Share
May 11, 2005 12:01:07 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

I never thought it would happen to me but somehow several adware programs
have infiltrated my ME machine. Too many to recite here, but they came from
running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal
build 6.181 and Spybot. Both have been updated to their limits and did what
they could. A Panda Titanium 2005 scan removed 4 viruses but could not
remove the adware because it was an online scan. All that is left is the
stubborn adware. (I removed my Norton AV based on the bad reports here and
was 'tween AV's when this happened) Panda suggested the following:

How to eliminate viruses and other threats completely from the restore
folder.
Click Start.
Select Settings.
Select Control Panel.
Double-click on System.
Select the Performance tab.
Click File System.
Click the Troubleshooting tab.
Enable the Disable System Restore checkbox.
Click Apply.
Disable the Disable System Restore checkbox.
Click Apply.
Save the changes by clicking OK.
The computer will ask you if you want to restart. Do it and when you start
it again, the viruses and other threats detected will disappeared from
_restore folder .
Carry out a full scan of your computer using the antivirus program in order
to ensure that it correctly disinfected.

(I've seen this recommended in this NG before)

Is this what I should do, or 2) a system restore or 3) just get an
AV/malware program and run that? If so, is there a preferred way to install
the AV in the presence of the malware?

I hate being a bozo and realize I was carelessly unsafely browsing. Now
just to get back to where I belong...
Thanks to all.

Bart

More about : malware infection

Anonymous
May 11, 2005 2:13:56 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

From: "Bart" <bsmart@nospamnet.invalid>

| I never thought it would happen to me but somehow several adware programs
| have infiltrated my ME machine. Too many to recite here, but they came from
| running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal
| build 6.181 and Spybot. Both have been updated to their limits and did what
| they could. A Panda Titanium 2005 scan removed 4 viruses but could not
| remove the adware because it was an online scan. All that is left is the
| stubborn adware. (I removed my Norton AV based on the bad reports here and
| was 'tween AV's when this happened) Panda suggested the following:
|
| How to eliminate viruses and other threats completely from the restore
| folder.
| Click Start.
| Select Settings.
| Select Control Panel.
| Double-click on System.
| Select the Performance tab.
| Click File System.
| Click the Troubleshooting tab.
| Enable the Disable System Restore checkbox.
| Click Apply.
| Disable the Disable System Restore checkbox.
| Click Apply.
| Save the changes by clicking OK.
| The computer will ask you if you want to restart. Do it and when you start
| it again, the viruses and other threats detected will disappeared from
| _restore folder .
| Carry out a full scan of your computer using the antivirus program in order
| to ensure that it correctly disinfected.
|
| (I've seen this recommended in this NG before)
|
| Is this what I should do, or 2) a system restore or 3) just get an
| AV/malware program and run that? If so, is there a preferred way to install
| the AV in the presence of the malware?
|
| I hate being a bozo and realize I was carelessly unsafely browsing. Now
| just to get back to where I belong...
| Thanks to all.
|
| Bart
|

Ad-aware6 is no longer supported nor updated !
You need Ad-aware SE v1.05.

Please follow the below instructions set...

Download and install Ad-aware SE
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

Execute Ad-aware SE and perform a full system scan and have the software clean/delete all
parasites found.

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
May 11, 2005 2:15:07 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

In order of preference:

(1) A comprehensive cleaning process, like the one at
http://rgharper.mvps.org/cleanit.htm should be tried first.

(2) If you have a reasonable idea of when the infection started AND it is
not too far in the past (days would be reasonable, weeks would be pushing
it, months would definitely be too far out) you could try a System Restore.

Under no circumstances should you flush the System Restore cache before
cleaning! Never!! Ever!!! If you succeed in cleaning something and your
system winds up trashed because the malware screwed up essential system
files you can at least restore back to your infected-but-working state as
long as you haven't flushed the SR cache. But if you flush it first and
then try cleaning ... you're probably up the creek without a paddle at that
point if the cleaning process goes pear-shaped.

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Bart" <bsmart@nospamnet.invalid> wrote in message
news:1182porduf9m428@corp.supernews.com...
>I never thought it would happen to me but somehow several adware programs
> have infiltrated my ME machine. Too many to recite here, but they came
> from
> running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal
> build 6.181 and Spybot. Both have been updated to their limits and did
> what
> they could. A Panda Titanium 2005 scan removed 4 viruses but could not
> remove the adware because it was an online scan. All that is left is the
> stubborn adware. (I removed my Norton AV based on the bad reports here
> and
> was 'tween AV's when this happened) Panda suggested the following:
>
> How to eliminate viruses and other threats completely from the restore
> folder.
> Click Start.
> Select Settings.
> Select Control Panel.
> Double-click on System.
> Select the Performance tab.
> Click File System.
> Click the Troubleshooting tab.
> Enable the Disable System Restore checkbox.
> Click Apply.
> Disable the Disable System Restore checkbox.
> Click Apply.
> Save the changes by clicking OK.
> The computer will ask you if you want to restart. Do it and when you start
> it again, the viruses and other threats detected will disappeared from
> _restore folder .
> Carry out a full scan of your computer using the antivirus program in
> order
> to ensure that it correctly disinfected.
>
> (I've seen this recommended in this NG before)
>
> Is this what I should do, or 2) a system restore or 3) just get an
> AV/malware program and run that? If so, is there a preferred way to
> install
> the AV in the presence of the malware?
>
> I hate being a bozo and realize I was carelessly unsafely browsing. Now
> just to get back to where I belong...
> Thanks to all.
>
> Bart
>
>
Related resources
May 13, 2005 12:59:34 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Thanks for the procedure. I did perform the scans as you directed. I did,
however, install Panda's Titanium 2005 AV and Spyware/Adware program and
scanned. It reported several infections and fixed all. However on
subsequent scans with Panda and with at least 3 online scan tools, the
reports were all similar to what your programs scan told me: the various
Trojans and adware infections were in the C:\restore\archive\FS2947 folder,
in the C:\Windows\Temp\cfin folder and in the C:\program files\Spybot-Search
and Destroy\recovery folders. The McAfee report follows.

05/12/2005 19:57:25

Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /MIME /HTML "C:\MCAFEE\SCANREPORT.HTML"

Scanning C: [MICRONPC]
Scanning C:\*.*
C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077167.CPY ... Found potentially unwanted
program Adware-Websearch.
C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077173.CPY ... Found potentially unwanted
program Adware-Websearch.
C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077197.CPY ... Found potentially unwanted
program Adware-Websearch.
C:\_RESTORE\ARCHIVE\FS2955.CAB\W0110929.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077043.CPY ... Found potentially unwanted
program Adware-Websearch.
C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077121.CPY\00025d40.EXE ... Found
potentially unwanted program Adware-abetterintrnt.
C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077128.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077130.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077133.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2953.CAB\A0077270.CPY\00025d40.EXE ... Found
potentially unwanted program Adware-abetterintrnt.
C:\_RESTORE\ARCHIVE\FS2954.CAB\A0077405.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2963.CAB\W0111843.CPY\W0111843.CPY ... Found the
Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077533.CPY ... Found potentially unwanted
program Adware-abetterintrnt.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077539.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077541.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077542.CPY ... Found potentially unwanted
program Downloader-KL.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077547.CPY ... Found potentially unwanted
program Adware-DFC.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077548.CPY\A0077548.CPY\0000b470.EXE\0000b4
70.EXE ... Found the Downloader-LG.dll Trojan !!!
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077578.CPY\A0077578.CPY ... Found
potentially unwanted program Adware-EliteBar.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077581.CPY ... Found potentially unwanted
program Adware-Apropos.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077590.CPY ... Found potentially unwanted
program Adware-Apropos.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077597.CPY ... Found potentially unwanted
program Adware-DealHelper.
C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077613.CPY\A0077613.CPY ... Found the
Downloader-LG Trojan !!!
C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077456.CPY\A0077456.CPY ... Found the
Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077458.CPY\A0077458.CPY ... Found the
Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077459.CPY\A0077459.CPY\0000b660.EXE\0000b6
60.EXE ... Found potentially unwanted program Adware-EliteBar.
C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077463.CPY\A0077463.CPY ... Found the
Downloader-LG Trojan !!!
C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077465.CPY\A0077465.CPY ... Found the
Downloader-XA Trojan !!!
C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077466.CPY\A0077466.CPY ... Found the
Downloader-LG.dll Trojan !!!
C:\_RESTORE\ARCHIVE\FS2948.CAB\W0110393.CPY ... Found potentially unwanted
program Adware-SAHAgent.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0075636.CPY ... Found the AdClicker-BA
Trojan !!!
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0075923.CPY\A0075923.CPY ... Found the
Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076233.CPY\00011968.EXE\00011968.EXE ...
Found the Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076240.CPY\A0076240.CPY ... Found the
Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076242.CPY\A0076242.CPY ... Found the
Generic StartPage.c Trojan !!!
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076243.CPY\A0076243.CPY\0000b660.EXE\0000b6
60.EXE ... Found potentially unwanted program Adware-EliteBar.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076255.CPY ... Found potentially unwanted
program Adware-abetterintrnt.dldr.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076368.CPY\00025d40.EXE ... Found
potentially unwanted program Adware-abetterintrnt.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076376.CPY ... Found potentially unwanted
program Adware-Apropos.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076379.CPY ... Found potentially unwanted
program Adware-DFC.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076385.CPY ... Found potentially unwanted
program Adware-Websearch.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076402.CPY ... Found potentially unwanted
program Adware-Apropos.
C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076420.CPY ... Found potentially unwanted
program Adware-Websearch.
C:\WINDOWS\TEMP\cfin\cfin ... Found potentially unwanted program Adware-DFC.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 77331
Clean: ................. 77206
Possibly Infected: ..... 13
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0

I understand that Ad-Aware SE is very popular, but will it do more than what
Panda did? Since I already owned the program but did not have it installed
before the infection, I thought I would try it. My guess now is that the
infections found by all scans are either residing in the restore folder or
in a "quarantine" folder in Spybot and unable to cause problems unless I
were to restore to that restore date. Now, Mr. Harper has also responded
to my dilemma and prescribed a mode of action which I intend to follow
tomorrow.

Please review and give me your opinion on my status and what any possible
next step should be. I should say that my machine "seem" to be OK now with
no recurring symptoms so far.

Thank you, Mr. Lipman, for your concern and help.

Bart



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:umkwX8cVFHA.3808@TK2MSFTNGP14.phx.gbl...
> From: "Bart" <bsmart@nospamnet.invalid>
>
> | I never thought it would happen to me but somehow several adware
programs
> | have infiltrated my ME machine. Too many to recite here, but they came
from
> | running a Yahoo music program, I believe. I have run Ad-Aware 6
Personal
> | build 6.181 and Spybot. Both have been updated to their limits and did
what
> | they could. A Panda Titanium 2005 scan removed 4 viruses but could not
> | remove the adware because it was an online scan. All that is left is
the
> | stubborn adware. (I removed my Norton AV based on the bad reports here
and
> | was 'tween AV's when this happened) Panda suggested the following:
> |
> | How to eliminate viruses and other threats completely from the restore
> | folder.
> | Click Start.
> | Select Settings.
> | Select Control Panel.
> | Double-click on System.
> | Select the Performance tab.
> | Click File System.
> | Click the Troubleshooting tab.
> | Enable the Disable System Restore checkbox.
> | Click Apply.
> | Disable the Disable System Restore checkbox.
> | Click Apply.
> | Save the changes by clicking OK.
> | The computer will ask you if you want to restart. Do it and when you
start
> | it again, the viruses and other threats detected will disappeared from
> | _restore folder .
> | Carry out a full scan of your computer using the antivirus program in
order
> | to ensure that it correctly disinfected.
> |
> | (I've seen this recommended in this NG before)
> |
> | Is this what I should do, or 2) a system restore or 3) just get an
> | AV/malware program and run that? If so, is there a preferred way to
install
> | the AV in the presence of the malware?
> |
> | I hate being a bozo and realize I was carelessly unsafely browsing. Now
> | just to get back to where I belong...
> | Thanks to all.
> |
> | Bart
> |
>
> Ad-aware6 is no longer supported nor updated !
> You need Ad-aware SE v1.05.
>
> Please follow the below instructions set...
>
> Download and install Ad-aware SE
> http://www.lavasoftusa.com/
> Update Ad-aware with the latest definitions and then exit the software.
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
> Start --> Settings --> Control Panel --> Internet Options --> Delete Files
>
> Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
>
> Download CLEAN.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/clean.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script
Interpreter
> { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart
scripts, two Link
> (.lnk) files and a PDF instruction file.
>
> GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee
Command Line
> Scanner. If you are using Windows XP, you may have to disable the Windows
XP FireWall to
> allow the FTP utility to download the needed files
>
> CLEAN.BAT -- For running within Windows after running
c:\mcafee\GetFiles.BAT. If you choose
> to scan again at a future date, run this batch file. It will
automatically check the date
> of the McAfee DAT files and if it is a couple of days old, it will
download (FTP) the latest
> signature files and install them before performing the scan.
>
> DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is
using FAT32 after
> you have booted from an Emergency Boot Disk or DOS disk and have already
executed;
> c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be
obtained from;
> http://www.bootdisk.com/bootdisk.htm
>
> I need you to perform the following...
>
> Execute; CLEAN.EXE
> Choose; Unzip
> Choose; Close
>
> Execute; c:\mcafee\GetFiles.BAT
> { or Double-click on 'GetFiles Link' in c:\mcafee }
>
> Reboot the PC into Safe Mode [F8 key during boot]
>
> Shutdown as many applications as possible !
>
> Execute; c:\mcafee\CLEAN.BAT
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> Execute Ad-aware SE and perform a full system scan and have the software
clean/delete all
> parasites found.
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or
Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before
performing another scan.
> It would be a good idea to scan in Safe Mode and in Normal Mode and save a
copy of the HTML
> report for each session.
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
May 15, 2005 11:19:47 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

First of all, I apologize for being tardy in replying. It has been a zoo
here.

I went to your site and followed the procedure as you outline it. I can say
to all interested that the procedure is concise and filled with common
sense. I had used Dave's program earlier and with yours I was able to
confirm that the infection has been taken care of. A/V is installed and
updated, Ad-Aware SE is up and running, Spybot has been executed twice and
no trace of any malware is evident. I did purge the System Restore cache
once I was sure my machine was clean. In addition, a firewall was installed
as well.

Thank you for responding to my dilemma and offering great advice. Dumping
the restore would have been disastrous as I was advised from outside this
NG. I can trust you folks to the n-th degree!

Bart

"Richard G. Harper" <rgharper@email.com> wrote in message
news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
> In order of preference:
>
> (1) A comprehensive cleaning process, like the one at
> http://rgharper.mvps.org/cleanit.htm should be tried first.
>
> (2) If you have a reasonable idea of when the infection started AND it is
> not too far in the past (days would be reasonable, weeks would be pushing
> it, months would definitely be too far out) you could try a System
Restore.
>
> Under no circumstances should you flush the System Restore cache before
> cleaning! Never!! Ever!!! If you succeed in cleaning something and your
> system winds up trashed because the malware screwed up essential system
> files you can at least restore back to your infected-but-working state as
> long as you haven't flushed the SR cache. But if you flush it first and
> then try cleaning ... you're probably up the creek without a paddle at
that
> point if the cleaning process goes pear-shaped.
>
> --
> Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> * PLEASE post all messages and replies in the newsgroups
> * for the benefit of all. Private mail is usually not replied to.
> * My website, such as it is ... http://rgharper.mvps.org/
> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
>
>
> "Bart" <bsmart@nospamnet.invalid> wrote in message
> news:1182porduf9m428@corp.supernews.com...
> >I never thought it would happen to me but somehow several adware programs
> > have infiltrated my ME machine. Too many to recite here, but they came
> > from
> > running a Yahoo music program, I believe. I have run Ad-Aware 6
Personal
> > build 6.181 and Spybot. Both have been updated to their limits and did
> > what
> > they could. A Panda Titanium 2005 scan removed 4 viruses but could not
> > remove the adware because it was an online scan. All that is left is
the
> > stubborn adware. (I removed my Norton AV based on the bad reports here
> > and
> > was 'tween AV's when this happened) Panda suggested the following:
> >
> > How to eliminate viruses and other threats completely from the restore
> > folder.
> > Click Start.
> > Select Settings.
> > Select Control Panel.
> > Double-click on System.
> > Select the Performance tab.
> > Click File System.
> > Click the Troubleshooting tab.
> > Enable the Disable System Restore checkbox.
> > Click Apply.
> > Disable the Disable System Restore checkbox.
> > Click Apply.
> > Save the changes by clicking OK.
> > The computer will ask you if you want to restart. Do it and when you
start
> > it again, the viruses and other threats detected will disappeared from
> > _restore folder .
> > Carry out a full scan of your computer using the antivirus program in
> > order
> > to ensure that it correctly disinfected.
> >
> > (I've seen this recommended in this NG before)
> >
> > Is this what I should do, or 2) a system restore or 3) just get an
> > AV/malware program and run that? If so, is there a preferred way to
> > install
> > the AV in the presence of the malware?
> >
> > I hate being a bozo and realize I was carelessly unsafely browsing. Now
> > just to get back to where I belong...
> > Thanks to all.
> >
> > Bart
> >
> >
>
>
Anonymous
May 16, 2005 2:29:05 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

I'm glad I was able to help you get your problems cleared up.

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Bart" <bsmart@nospamnet.invalid> wrote in message
news:118ft7c5vavl3be@corp.supernews.com...
> First of all, I apologize for being tardy in replying. It has been a zoo
> here.
>
> I went to your site and followed the procedure as you outline it. I can
> say
> to all interested that the procedure is concise and filled with common
> sense. I had used Dave's program earlier and with yours I was able to
> confirm that the infection has been taken care of. A/V is installed and
> updated, Ad-Aware SE is up and running, Spybot has been executed twice and
> no trace of any malware is evident. I did purge the System Restore cache
> once I was sure my machine was clean. In addition, a firewall was
> installed
> as well.
>
> Thank you for responding to my dilemma and offering great advice.
> Dumping
> the restore would have been disastrous as I was advised from outside this
> NG. I can trust you folks to the n-th degree!
>
> Bart
>
> "Richard G. Harper" <rgharper@email.com> wrote in message
> news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
>> In order of preference:
>>
>> (1) A comprehensive cleaning process, like the one at
>> http://rgharper.mvps.org/cleanit.htm should be tried first.
>>
>> (2) If you have a reasonable idea of when the infection started AND it is
>> not too far in the past (days would be reasonable, weeks would be pushing
>> it, months would definitely be too far out) you could try a System
> Restore.
>>
>> Under no circumstances should you flush the System Restore cache before
>> cleaning! Never!! Ever!!! If you succeed in cleaning something and
>> your
>> system winds up trashed because the malware screwed up essential system
>> files you can at least restore back to your infected-but-working state as
>> long as you haven't flushed the SR cache. But if you flush it first and
>> then try cleaning ... you're probably up the creek without a paddle at
> that
>> point if the cleaning process goes pear-shaped.
>>
>> --
>> Richard G. Harper [MVP Shell/User] rgharper@gmail.com
>> * PLEASE post all messages and replies in the newsgroups
>> * for the benefit of all. Private mail is usually not replied to.
>> * My website, such as it is ... http://rgharper.mvps.org/
>> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
>>
>>
>> "Bart" <bsmart@nospamnet.invalid> wrote in message
>> news:1182porduf9m428@corp.supernews.com...
>> >I never thought it would happen to me but somehow several adware
>> >programs
>> > have infiltrated my ME machine. Too many to recite here, but they came
>> > from
>> > running a Yahoo music program, I believe. I have run Ad-Aware 6
> Personal
>> > build 6.181 and Spybot. Both have been updated to their limits and did
>> > what
>> > they could. A Panda Titanium 2005 scan removed 4 viruses but could not
>> > remove the adware because it was an online scan. All that is left is
> the
>> > stubborn adware. (I removed my Norton AV based on the bad reports here
>> > and
>> > was 'tween AV's when this happened) Panda suggested the following:
>> >
>> > How to eliminate viruses and other threats completely from the restore
>> > folder.
>> > Click Start.
>> > Select Settings.
>> > Select Control Panel.
>> > Double-click on System.
>> > Select the Performance tab.
>> > Click File System.
>> > Click the Troubleshooting tab.
>> > Enable the Disable System Restore checkbox.
>> > Click Apply.
>> > Disable the Disable System Restore checkbox.
>> > Click Apply.
>> > Save the changes by clicking OK.
>> > The computer will ask you if you want to restart. Do it and when you
> start
>> > it again, the viruses and other threats detected will disappeared from
>> > _restore folder .
>> > Carry out a full scan of your computer using the antivirus program in
>> > order
>> > to ensure that it correctly disinfected.
>> >
>> > (I've seen this recommended in this NG before)
>> >
>> > Is this what I should do, or 2) a system restore or 3) just get an
>> > AV/malware program and run that? If so, is there a preferred way to
>> > install
>> > the AV in the presence of the malware?
>> >
>> > I hate being a bozo and realize I was carelessly unsafely browsing.
>> > Now
>> > just to get back to where I belong...
>> > Thanks to all.
>> >
>> > Bart
>> >
>> >
>>
>>
>
>
>
Anonymous
May 16, 2005 12:20:39 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

I congratulate you for having the exceptional good sense to follow Messrs.
Lipman and Harpers' good advice.

Symantec's advice, and that from others, to purge the WinME System Restore
cache, PRIOR to ensuring that the system is running well, amounts to
criminal negligence, IMO.
As Mike M has repeatedly pointed out, SR maybe all that is left with which
to recover, in some particularly bad situations. Throwing out the parachute
before one is on the ground is a sure recipe for disaster.

So, kudos to you, for doing the right thing here, Bart.
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm
In Memorium: Alex Nichol
http://www.microsoft.com/windowsxp/expertzone/meetexper...
Your cooperation is very appreciated.
------
"Bart" <bsmart@nospamnet.invalid> wrote in message
news:118ft7c5vavl3be@corp.supernews.com...
> First of all, I apologize for being tardy in replying. It has been a zoo
> here.
>
> I went to your site and followed the procedure as you outline it. I can
say
> to all interested that the procedure is concise and filled with common
> sense. I had used Dave's program earlier and with yours I was able to
> confirm that the infection has been taken care of. A/V is installed and
> updated, Ad-Aware SE is up and running, Spybot has been executed twice and
> no trace of any malware is evident. I did purge the System Restore cache
> once I was sure my machine was clean. In addition, a firewall was
installed
> as well.
>
> Thank you for responding to my dilemma and offering great advice.
Dumping
> the restore would have been disastrous as I was advised from outside this
> NG. I can trust you folks to the n-th degree!
>
> Bart
>
> "Richard G. Harper" <rgharper@email.com> wrote in message
> news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
> > In order of preference:
> >
> > (1) A comprehensive cleaning process, like the one at
> > http://rgharper.mvps.org/cleanit.htm should be tried first.
> >
> > (2) If you have a reasonable idea of when the infection started AND it
is
> > not too far in the past (days would be reasonable, weeks would be
pushing
> > it, months would definitely be too far out) you could try a System
> Restore.
> >
> > Under no circumstances should you flush the System Restore cache before
> > cleaning! Never!! Ever!!! If you succeed in cleaning something and
your
> > system winds up trashed because the malware screwed up essential system
> > files you can at least restore back to your infected-but-working state
as
> > long as you haven't flushed the SR cache. But if you flush it first and
> > then try cleaning ... you're probably up the creek without a paddle at
> that
> > point if the cleaning process goes pear-shaped.
> >
> > --
> > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> > * PLEASE post all messages and replies in the newsgroups
> > * for the benefit of all. Private mail is usually not replied to.
> > * My website, such as it is ... http://rgharper.mvps.org/
> > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
> >
> >
> > "Bart" <bsmart@nospamnet.invalid> wrote in message
> > news:1182porduf9m428@corp.supernews.com...
> > >I never thought it would happen to me but somehow several adware
programs
> > > have infiltrated my ME machine. Too many to recite here, but they
came
> > > from
> > > running a Yahoo music program, I believe. I have run Ad-Aware 6
> Personal
> > > build 6.181 and Spybot. Both have been updated to their limits and
did
> > > what
> > > they could. A Panda Titanium 2005 scan removed 4 viruses but could
not
> > > remove the adware because it was an online scan. All that is left is
> the
> > > stubborn adware. (I removed my Norton AV based on the bad reports
here
> > > and
> > > was 'tween AV's when this happened) Panda suggested the following:
> > >
> > > How to eliminate viruses and other threats completely from the restore
> > > folder.
> > > Click Start.
> > > Select Settings.
> > > Select Control Panel.
> > > Double-click on System.
> > > Select the Performance tab.
> > > Click File System.
> > > Click the Troubleshooting tab.
> > > Enable the Disable System Restore checkbox.
> > > Click Apply.
> > > Disable the Disable System Restore checkbox.
> > > Click Apply.
> > > Save the changes by clicking OK.
> > > The computer will ask you if you want to restart. Do it and when you
> start
> > > it again, the viruses and other threats detected will disappeared from
> > > _restore folder .
> > > Carry out a full scan of your computer using the antivirus program in
> > > order
> > > to ensure that it correctly disinfected.
> > >
> > > (I've seen this recommended in this NG before)
> > >
> > > Is this what I should do, or 2) a system restore or 3) just get an
> > > AV/malware program and run that? If so, is there a preferred way to
> > > install
> > > the AV in the presence of the malware?
> > >
> > > I hate being a bozo and realize I was carelessly unsafely browsing.
Now
> > > just to get back to where I belong...
> > > Thanks to all.
> > >
> > > Bart
> > >
> > >
> >
> >
>
>
>
May 16, 2005 12:20:40 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Jack, it was definitely a 'no-brainer' to follow the advice of these two
gentlemen. I have reading this newsgroup for some time and I have come to
feel that I know the good people here and I trust them implicitly. More
over, what was most appealing was the common sense approach. I WOULD like
to know when it is really best to just throw in the towel and reformat
rather than to poke and dig and clean the bugs out. ME gets kludgy and slow
sometimes and a reformat does take care of that.

Thank you for following the thread.

Bart

"Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
news:%23WsroGhWFHA.2448@TK2MSFTNGP12.phx.gbl...
> I congratulate you for having the exceptional good sense to follow Messrs.
> Lipman and Harpers' good advice.
>
> Symantec's advice, and that from others, to purge the WinME System Restore
> cache, PRIOR to ensuring that the system is running well, amounts to
> criminal negligence, IMO.
> As Mike M has repeatedly pointed out, SR maybe all that is left with which
> to recover, in some particularly bad situations. Throwing out the
parachute
> before one is on the ground is a sure recipe for disaster.
>
> So, kudos to you, for doing the right thing here, Bart.
> --
> Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
> Help us help you: http://www.dts-L.org/goodpost.htm
> In Memorium: Alex Nichol
> http://www.microsoft.com/windowsxp/expertzone/meetexper...
> Your cooperation is very appreciated.
> ------
> "Bart" <bsmart@nospamnet.invalid> wrote in message
> news:118ft7c5vavl3be@corp.supernews.com...
> > First of all, I apologize for being tardy in replying. It has been a
zoo
> > here.
> >
> > I went to your site and followed the procedure as you outline it. I can
> say
> > to all interested that the procedure is concise and filled with common
> > sense. I had used Dave's program earlier and with yours I was able to
> > confirm that the infection has been taken care of. A/V is installed and
> > updated, Ad-Aware SE is up and running, Spybot has been executed twice
and
> > no trace of any malware is evident. I did purge the System Restore
cache
> > once I was sure my machine was clean. In addition, a firewall was
> installed
> > as well.
> >
> > Thank you for responding to my dilemma and offering great advice.
> Dumping
> > the restore would have been disastrous as I was advised from outside
this
> > NG. I can trust you folks to the n-th degree!
> >
> > Bart
> >
> > "Richard G. Harper" <rgharper@email.com> wrote in message
> > news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
> > > In order of preference:
> > >
> > > (1) A comprehensive cleaning process, like the one at
> > > http://rgharper.mvps.org/cleanit.htm should be tried first.
> > >
> > > (2) If you have a reasonable idea of when the infection started AND it
> is
> > > not too far in the past (days would be reasonable, weeks would be
> pushing
> > > it, months would definitely be too far out) you could try a System
> > Restore.
> > >
> > > Under no circumstances should you flush the System Restore cache
before
> > > cleaning! Never!! Ever!!! If you succeed in cleaning something and
> your
> > > system winds up trashed because the malware screwed up essential
system
> > > files you can at least restore back to your infected-but-working state
> as
> > > long as you haven't flushed the SR cache. But if you flush it first
and
> > > then try cleaning ... you're probably up the creek without a paddle at
> > that
> > > point if the cleaning process goes pear-shaped.
> > >
> > > --
> > > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> > > * PLEASE post all messages and replies in the newsgroups
> > > * for the benefit of all. Private mail is usually not replied to.
> > > * My website, such as it is ... http://rgharper.mvps.org/
> > > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
> > >
> > >
> > > "Bart" <bsmart@nospamnet.invalid> wrote in message
> > > news:1182porduf9m428@corp.supernews.com...
> > > >I never thought it would happen to me but somehow several adware
> programs
> > > > have infiltrated my ME machine. Too many to recite here, but they
> came
> > > > from
> > > > running a Yahoo music program, I believe. I have run Ad-Aware 6
> > Personal
> > > > build 6.181 and Spybot. Both have been updated to their limits and
> did
> > > > what
> > > > they could. A Panda Titanium 2005 scan removed 4 viruses but could
> not
> > > > remove the adware because it was an online scan. All that is left
is
> > the
> > > > stubborn adware. (I removed my Norton AV based on the bad reports
> here
> > > > and
> > > > was 'tween AV's when this happened) Panda suggested the following:
> > > >
> > > > How to eliminate viruses and other threats completely from the
restore
> > > > folder.
> > > > Click Start.
> > > > Select Settings.
> > > > Select Control Panel.
> > > > Double-click on System.
> > > > Select the Performance tab.
> > > > Click File System.
> > > > Click the Troubleshooting tab.
> > > > Enable the Disable System Restore checkbox.
> > > > Click Apply.
> > > > Disable the Disable System Restore checkbox.
> > > > Click Apply.
> > > > Save the changes by clicking OK.
> > > > The computer will ask you if you want to restart. Do it and when you
> > start
> > > > it again, the viruses and other threats detected will disappeared
from
> > > > _restore folder .
> > > > Carry out a full scan of your computer using the antivirus program
in
> > > > order
> > > > to ensure that it correctly disinfected.
> > > >
> > > > (I've seen this recommended in this NG before)
> > > >
> > > > Is this what I should do, or 2) a system restore or 3) just get
an
> > > > AV/malware program and run that? If so, is there a preferred way to
> > > > install
> > > > the AV in the presence of the malware?
> > > >
> > > > I hate being a bozo and realize I was carelessly unsafely browsing.
> Now
> > > > just to get back to where I belong...
> > > > Thanks to all.
> > > >
> > > > Bart
> > > >
> > > >
> > >
> > >
> >
> >
> >
>
>
>
May 16, 2005 5:35:57 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Hi Dave,

I see your roads are about the same quality as ours.


Shane
Anonymous
May 16, 2005 5:35:58 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

From: "Shane" <shanebeatson@gmail.com>

| Hi Dave,
|
| I see your roads are about the same quality as ours.
|
| Shane
|

Yeah...

Unfortunately my town doesn't like us middle class citizens living by the beach anymore.
They don't think we bring in enough taxes. So they have reduced their level of municipal
support and are declaring Eminent Domain on my street and two other streets behind me so
they can declare the neighbourhood as "blighted". Then they can build
sh!tty looking condos for $600,000 to sell to the bennies.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
May 16, 2005 10:47:30 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23apBGghWFHA.2420@TK2MSFTNGP12.phx.gbl...
> From: "Shane" <shanebeatson@gmail.com>
>
> | Hi Dave,
> |
> | I see your roads are about the same quality as ours.
> |
> | Shane
> |
>
> Yeah...
>
> Unfortunately my town doesn't like us middle class citizens living by the
beach anymore.
> They don't think we bring in enough taxes. So they have reduced their
level of municipal
> support and are declaring Eminent Domain on my street and two other
streets behind me so
> they can declare the neighbourhood as "blighted". Then they can build
> sh!tty looking condos for $600,000 to sell to the bennies.
>

Yeah, I know exactly what you mean!


Shane
!