Malware infection

Archived from groups: microsoft.public.windowsme.general (More info?)

I never thought it would happen to me but somehow several adware programs
have infiltrated my ME machine. Too many to recite here, but they came from
running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal
build 6.181 and Spybot. Both have been updated to their limits and did what
they could. A Panda Titanium 2005 scan removed 4 viruses but could not
remove the adware because it was an online scan. All that is left is the
stubborn adware. (I removed my Norton AV based on the bad reports here and
was 'tween AV's when this happened) Panda suggested the following:

How to eliminate viruses and other threats completely from the restore
folder.
Click Start.
Select Settings.
Select Control Panel.
Double-click on System.
Select the Performance tab.
Click File System.
Click the Troubleshooting tab.
Enable the Disable System Restore checkbox.
Click Apply.
Disable the Disable System Restore checkbox.
Click Apply.
Save the changes by clicking OK.
The computer will ask you if you want to restart. Do it and when you start
it again, the viruses and other threats detected will disappeared from
_restore folder .
Carry out a full scan of your computer using the antivirus program in order
to ensure that it correctly disinfected.

(I've seen this recommended in this NG before)

Is this what I should do, or 2) a system restore or 3) just get an
AV/malware program and run that? If so, is there a preferred way to install
the AV in the presence of the malware?

I hate being a bozo and realize I was carelessly unsafely browsing. Now
just to get back to where I belong...
Thanks to all.

Bart
10 answers Last reply
More about malware infection
  1. Archived from groups: microsoft.public.windowsme.general (More info?)

    From: "Bart" <bsmart@nospamnet.invalid>

    | I never thought it would happen to me but somehow several adware programs
    | have infiltrated my ME machine. Too many to recite here, but they came from
    | running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal
    | build 6.181 and Spybot. Both have been updated to their limits and did what
    | they could. A Panda Titanium 2005 scan removed 4 viruses but could not
    | remove the adware because it was an online scan. All that is left is the
    | stubborn adware. (I removed my Norton AV based on the bad reports here and
    | was 'tween AV's when this happened) Panda suggested the following:
    |
    | How to eliminate viruses and other threats completely from the restore
    | folder.
    | Click Start.
    | Select Settings.
    | Select Control Panel.
    | Double-click on System.
    | Select the Performance tab.
    | Click File System.
    | Click the Troubleshooting tab.
    | Enable the Disable System Restore checkbox.
    | Click Apply.
    | Disable the Disable System Restore checkbox.
    | Click Apply.
    | Save the changes by clicking OK.
    | The computer will ask you if you want to restart. Do it and when you start
    | it again, the viruses and other threats detected will disappeared from
    | _restore folder .
    | Carry out a full scan of your computer using the antivirus program in order
    | to ensure that it correctly disinfected.
    |
    | (I've seen this recommended in this NG before)
    |
    | Is this what I should do, or 2) a system restore or 3) just get an
    | AV/malware program and run that? If so, is there a preferred way to install
    | the AV in the presence of the malware?
    |
    | I hate being a bozo and realize I was carelessly unsafely browsing. Now
    | just to get back to where I belong...
    | Thanks to all.
    |
    | Bart
    |

    Ad-aware6 is no longer supported nor updated !
    You need Ad-aware SE v1.05.

    Please follow the below instructions set...

    Download and install Ad-aware SE
    http://www.lavasoftusa.com/
    Update Ad-aware with the latest definitions and then exit the software.

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear


    Download CLEAN.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/clean.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
    { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
    (.lnk) files and a PDF instruction file.

    GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
    Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
    allow the FTP utility to download the needed files

    CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
    to scan again at a future date, run this batch file. It will automatically check the date
    of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
    signature files and install them before performing the scan.

    DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
    you have booted from an Emergency Boot Disk or DOS disk and have already executed;
    c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
    http://www.bootdisk.com/bootdisk.htm

    I need you to perform the following...

    Execute; CLEAN.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\mcafee\GetFiles.BAT
    { or Double-click on 'GetFiles Link' in c:\mcafee }

    Reboot the PC into Safe Mode [F8 key during boot]

    Shutdown as many applications as possible !

    Execute; c:\mcafee\CLEAN.BAT
    { or Double-click on 'Clean Link' in c:\mcafee }

    Execute Ad-aware SE and perform a full system scan and have the software clean/delete all
    parasites found.

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsme.general (More info?)

    In order of preference:

    (1) A comprehensive cleaning process, like the one at
    http://rgharper.mvps.org/cleanit.htm should be tried first.

    (2) If you have a reasonable idea of when the infection started AND it is
    not too far in the past (days would be reasonable, weeks would be pushing
    it, months would definitely be too far out) you could try a System Restore.

    Under no circumstances should you flush the System Restore cache before
    cleaning! Never!! Ever!!! If you succeed in cleaning something and your
    system winds up trashed because the malware screwed up essential system
    files you can at least restore back to your infected-but-working state as
    long as you haven't flushed the SR cache. But if you flush it first and
    then try cleaning ... you're probably up the creek without a paddle at that
    point if the cleaning process goes pear-shaped.

    --
    Richard G. Harper [MVP Shell/User] rgharper@gmail.com
    * PLEASE post all messages and replies in the newsgroups
    * for the benefit of all. Private mail is usually not replied to.
    * My website, such as it is ... http://rgharper.mvps.org/
    * HELP us help YOU ... http://www.dts-l.org/goodpost.htm


    "Bart" <bsmart@nospamnet.invalid> wrote in message
    news:1182porduf9m428@corp.supernews.com...
    >I never thought it would happen to me but somehow several adware programs
    > have infiltrated my ME machine. Too many to recite here, but they came
    > from
    > running a Yahoo music program, I believe. I have run Ad-Aware 6 Personal
    > build 6.181 and Spybot. Both have been updated to their limits and did
    > what
    > they could. A Panda Titanium 2005 scan removed 4 viruses but could not
    > remove the adware because it was an online scan. All that is left is the
    > stubborn adware. (I removed my Norton AV based on the bad reports here
    > and
    > was 'tween AV's when this happened) Panda suggested the following:
    >
    > How to eliminate viruses and other threats completely from the restore
    > folder.
    > Click Start.
    > Select Settings.
    > Select Control Panel.
    > Double-click on System.
    > Select the Performance tab.
    > Click File System.
    > Click the Troubleshooting tab.
    > Enable the Disable System Restore checkbox.
    > Click Apply.
    > Disable the Disable System Restore checkbox.
    > Click Apply.
    > Save the changes by clicking OK.
    > The computer will ask you if you want to restart. Do it and when you start
    > it again, the viruses and other threats detected will disappeared from
    > _restore folder .
    > Carry out a full scan of your computer using the antivirus program in
    > order
    > to ensure that it correctly disinfected.
    >
    > (I've seen this recommended in this NG before)
    >
    > Is this what I should do, or 2) a system restore or 3) just get an
    > AV/malware program and run that? If so, is there a preferred way to
    > install
    > the AV in the presence of the malware?
    >
    > I hate being a bozo and realize I was carelessly unsafely browsing. Now
    > just to get back to where I belong...
    > Thanks to all.
    >
    > Bart
    >
    >
  3. Archived from groups: microsoft.public.windowsme.general (More info?)

    Thanks for the procedure. I did perform the scans as you directed. I did,
    however, install Panda's Titanium 2005 AV and Spyware/Adware program and
    scanned. It reported several infections and fixed all. However on
    subsequent scans with Panda and with at least 3 online scan tools, the
    reports were all similar to what your programs scan told me: the various
    Trojans and adware infections were in the C:\restore\archive\FS2947 folder,
    in the C:\Windows\Temp\cfin folder and in the C:\program files\Spybot-Search
    and Destroy\recovery folders. The McAfee report follows.

    05/12/2005 19:57:25

    Options:
    /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
    /PROGRAM /MIME /HTML "C:\MCAFEE\SCANREPORT.HTML"

    Scanning C: [MICRONPC]
    Scanning C:\*.*
    C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077167.CPY ... Found potentially unwanted
    program Adware-Websearch.
    C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077173.CPY ... Found potentially unwanted
    program Adware-Websearch.
    C:\_RESTORE\ARCHIVE\FS2950.CAB\A0077197.CPY ... Found potentially unwanted
    program Adware-Websearch.
    C:\_RESTORE\ARCHIVE\FS2955.CAB\W0110929.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077043.CPY ... Found potentially unwanted
    program Adware-Websearch.
    C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077121.CPY\00025d40.EXE ... Found
    potentially unwanted program Adware-abetterintrnt.
    C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077128.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077130.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2949.CAB\A0077133.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2953.CAB\A0077270.CPY\00025d40.EXE ... Found
    potentially unwanted program Adware-abetterintrnt.
    C:\_RESTORE\ARCHIVE\FS2954.CAB\A0077405.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2963.CAB\W0111843.CPY\W0111843.CPY ... Found the
    Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077533.CPY ... Found potentially unwanted
    program Adware-abetterintrnt.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077539.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077541.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077542.CPY ... Found potentially unwanted
    program Downloader-KL.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077547.CPY ... Found potentially unwanted
    program Adware-DFC.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077548.CPY\A0077548.CPY\0000b470.EXE\0000b4
    70.EXE ... Found the Downloader-LG.dll Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077578.CPY\A0077578.CPY ... Found
    potentially unwanted program Adware-EliteBar.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077581.CPY ... Found potentially unwanted
    program Adware-Apropos.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077590.CPY ... Found potentially unwanted
    program Adware-Apropos.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077597.CPY ... Found potentially unwanted
    program Adware-DealHelper.
    C:\_RESTORE\ARCHIVE\FS2960.CAB\A0077613.CPY\A0077613.CPY ... Found the
    Downloader-LG Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077456.CPY\A0077456.CPY ... Found the
    Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077458.CPY\A0077458.CPY ... Found the
    Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077459.CPY\A0077459.CPY\0000b660.EXE\0000b6
    60.EXE ... Found potentially unwanted program Adware-EliteBar.
    C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077463.CPY\A0077463.CPY ... Found the
    Downloader-LG Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077465.CPY\A0077465.CPY ... Found the
    Downloader-XA Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2956.CAB\A0077466.CPY\A0077466.CPY ... Found the
    Downloader-LG.dll Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2948.CAB\W0110393.CPY ... Found potentially unwanted
    program Adware-SAHAgent.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0075636.CPY ... Found the AdClicker-BA
    Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0075923.CPY\A0075923.CPY ... Found the
    Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076233.CPY\00011968.EXE\00011968.EXE ...
    Found the Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076240.CPY\A0076240.CPY ... Found the
    Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076242.CPY\A0076242.CPY ... Found the
    Generic StartPage.c Trojan !!!
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076243.CPY\A0076243.CPY\0000b660.EXE\0000b6
    60.EXE ... Found potentially unwanted program Adware-EliteBar.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076255.CPY ... Found potentially unwanted
    program Adware-abetterintrnt.dldr.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076368.CPY\00025d40.EXE ... Found
    potentially unwanted program Adware-abetterintrnt.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076376.CPY ... Found potentially unwanted
    program Adware-Apropos.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076379.CPY ... Found potentially unwanted
    program Adware-DFC.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076385.CPY ... Found potentially unwanted
    program Adware-Websearch.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076402.CPY ... Found potentially unwanted
    program Adware-Apropos.
    C:\_RESTORE\ARCHIVE\FS2947.CAB\A0076420.CPY ... Found potentially unwanted
    program Adware-Websearch.
    C:\WINDOWS\TEMP\cfin\cfin ... Found potentially unwanted program Adware-DFC.
    The file or process has been deleted.

    Summary report on C:\*.*
    File(s)
    Total files: ........... 77331
    Clean: ................. 77206
    Possibly Infected: ..... 13
    Cleaned: ............... 0
    Deleted: ............... 1
    Non-critical Error(s): 2
    Master Boot Record(s): ......... 1
    Possibly Infected: ..... 0
    Boot Sector(s): ................ 1
    Possibly Infected: ..... 0

    I understand that Ad-Aware SE is very popular, but will it do more than what
    Panda did? Since I already owned the program but did not have it installed
    before the infection, I thought I would try it. My guess now is that the
    infections found by all scans are either residing in the restore folder or
    in a "quarantine" folder in Spybot and unable to cause problems unless I
    were to restore to that restore date. Now, Mr. Harper has also responded
    to my dilemma and prescribed a mode of action which I intend to follow
    tomorrow.

    Please review and give me your opinion on my status and what any possible
    next step should be. I should say that my machine "seem" to be OK now with
    no recurring symptoms so far.

    Thank you, Mr. Lipman, for your concern and help.

    Bart


    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:umkwX8cVFHA.3808@TK2MSFTNGP14.phx.gbl...
    > From: "Bart" <bsmart@nospamnet.invalid>
    >
    > | I never thought it would happen to me but somehow several adware
    programs
    > | have infiltrated my ME machine. Too many to recite here, but they came
    from
    > | running a Yahoo music program, I believe. I have run Ad-Aware 6
    Personal
    > | build 6.181 and Spybot. Both have been updated to their limits and did
    what
    > | they could. A Panda Titanium 2005 scan removed 4 viruses but could not
    > | remove the adware because it was an online scan. All that is left is
    the
    > | stubborn adware. (I removed my Norton AV based on the bad reports here
    and
    > | was 'tween AV's when this happened) Panda suggested the following:
    > |
    > | How to eliminate viruses and other threats completely from the restore
    > | folder.
    > | Click Start.
    > | Select Settings.
    > | Select Control Panel.
    > | Double-click on System.
    > | Select the Performance tab.
    > | Click File System.
    > | Click the Troubleshooting tab.
    > | Enable the Disable System Restore checkbox.
    > | Click Apply.
    > | Disable the Disable System Restore checkbox.
    > | Click Apply.
    > | Save the changes by clicking OK.
    > | The computer will ask you if you want to restart. Do it and when you
    start
    > | it again, the viruses and other threats detected will disappeared from
    > | _restore folder .
    > | Carry out a full scan of your computer using the antivirus program in
    order
    > | to ensure that it correctly disinfected.
    > |
    > | (I've seen this recommended in this NG before)
    > |
    > | Is this what I should do, or 2) a system restore or 3) just get an
    > | AV/malware program and run that? If so, is there a preferred way to
    install
    > | the AV in the presence of the malware?
    > |
    > | I hate being a bozo and realize I was carelessly unsafely browsing. Now
    > | just to get back to where I belong...
    > | Thanks to all.
    > |
    > | Bart
    > |
    >
    > Ad-aware6 is no longer supported nor updated !
    > You need Ad-aware SE v1.05.
    >
    > Please follow the below instructions set...
    >
    > Download and install Ad-aware SE
    > http://www.lavasoftusa.com/
    > Update Ad-aware with the latest definitions and then exit the software.
    >
    > Dump the contents of the IE Temporary Internet Folder cache (TIF)
    > Start --> Settings --> Control Panel --> Internet Options --> Delete Files
    >
    > Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    > Tools --> Options --> Privacy --> Cache --> Clear
    >
    >
    > Download CLEAN.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/clean.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script
    Interpreter
    > { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart
    scripts, two Link
    > (.lnk) files and a PDF instruction file.
    >
    > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee
    Command Line
    > Scanner. If you are using Windows XP, you may have to disable the Windows
    XP FireWall to
    > allow the FTP utility to download the needed files
    >
    > CLEAN.BAT -- For running within Windows after running
    c:\mcafee\GetFiles.BAT. If you choose
    > to scan again at a future date, run this batch file. It will
    automatically check the date
    > of the McAfee DAT files and if it is a couple of days old, it will
    download (FTP) the latest
    > signature files and install them before performing the scan.
    >
    > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is
    using FAT32 after
    > you have booted from an Emergency Boot Disk or DOS disk and have already
    executed;
    > c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be
    obtained from;
    > http://www.bootdisk.com/bootdisk.htm
    >
    > I need you to perform the following...
    >
    > Execute; CLEAN.EXE
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; c:\mcafee\GetFiles.BAT
    > { or Double-click on 'GetFiles Link' in c:\mcafee }
    >
    > Reboot the PC into Safe Mode [F8 key during boot]
    >
    > Shutdown as many applications as possible !
    >
    > Execute; c:\mcafee\CLEAN.BAT
    > { or Double-click on 'Clean Link' in c:\mcafee }
    >
    > Execute Ad-aware SE and perform a full system scan and have the software
    clean/delete all
    > parasites found.
    >
    > A final report in HTML format called C:\mcafee\ScanReport.HTML will be
    generated. At the
    > end of the scan, it will be displayed in your browser (Opera, FireFox or
    Internet Explorer).
    > It is suggested that you move the report out of c:\mcafee before
    performing another scan.
    > It would be a good idea to scan in Safe Mode and in Normal Mode and save a
    copy of the HTML
    > report for each session.
    >
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  4. Archived from groups: microsoft.public.windowsme.general (More info?)

    First of all, I apologize for being tardy in replying. It has been a zoo
    here.

    I went to your site and followed the procedure as you outline it. I can say
    to all interested that the procedure is concise and filled with common
    sense. I had used Dave's program earlier and with yours I was able to
    confirm that the infection has been taken care of. A/V is installed and
    updated, Ad-Aware SE is up and running, Spybot has been executed twice and
    no trace of any malware is evident. I did purge the System Restore cache
    once I was sure my machine was clean. In addition, a firewall was installed
    as well.

    Thank you for responding to my dilemma and offering great advice. Dumping
    the restore would have been disastrous as I was advised from outside this
    NG. I can trust you folks to the n-th degree!

    Bart

    "Richard G. Harper" <rgharper@email.com> wrote in message
    news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
    > In order of preference:
    >
    > (1) A comprehensive cleaning process, like the one at
    > http://rgharper.mvps.org/cleanit.htm should be tried first.
    >
    > (2) If you have a reasonable idea of when the infection started AND it is
    > not too far in the past (days would be reasonable, weeks would be pushing
    > it, months would definitely be too far out) you could try a System
    Restore.
    >
    > Under no circumstances should you flush the System Restore cache before
    > cleaning! Never!! Ever!!! If you succeed in cleaning something and your
    > system winds up trashed because the malware screwed up essential system
    > files you can at least restore back to your infected-but-working state as
    > long as you haven't flushed the SR cache. But if you flush it first and
    > then try cleaning ... you're probably up the creek without a paddle at
    that
    > point if the cleaning process goes pear-shaped.
    >
    > --
    > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
    > * PLEASE post all messages and replies in the newsgroups
    > * for the benefit of all. Private mail is usually not replied to.
    > * My website, such as it is ... http://rgharper.mvps.org/
    > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
    >
    >
    > "Bart" <bsmart@nospamnet.invalid> wrote in message
    > news:1182porduf9m428@corp.supernews.com...
    > >I never thought it would happen to me but somehow several adware programs
    > > have infiltrated my ME machine. Too many to recite here, but they came
    > > from
    > > running a Yahoo music program, I believe. I have run Ad-Aware 6
    Personal
    > > build 6.181 and Spybot. Both have been updated to their limits and did
    > > what
    > > they could. A Panda Titanium 2005 scan removed 4 viruses but could not
    > > remove the adware because it was an online scan. All that is left is
    the
    > > stubborn adware. (I removed my Norton AV based on the bad reports here
    > > and
    > > was 'tween AV's when this happened) Panda suggested the following:
    > >
    > > How to eliminate viruses and other threats completely from the restore
    > > folder.
    > > Click Start.
    > > Select Settings.
    > > Select Control Panel.
    > > Double-click on System.
    > > Select the Performance tab.
    > > Click File System.
    > > Click the Troubleshooting tab.
    > > Enable the Disable System Restore checkbox.
    > > Click Apply.
    > > Disable the Disable System Restore checkbox.
    > > Click Apply.
    > > Save the changes by clicking OK.
    > > The computer will ask you if you want to restart. Do it and when you
    start
    > > it again, the viruses and other threats detected will disappeared from
    > > _restore folder .
    > > Carry out a full scan of your computer using the antivirus program in
    > > order
    > > to ensure that it correctly disinfected.
    > >
    > > (I've seen this recommended in this NG before)
    > >
    > > Is this what I should do, or 2) a system restore or 3) just get an
    > > AV/malware program and run that? If so, is there a preferred way to
    > > install
    > > the AV in the presence of the malware?
    > >
    > > I hate being a bozo and realize I was carelessly unsafely browsing. Now
    > > just to get back to where I belong...
    > > Thanks to all.
    > >
    > > Bart
    > >
    > >
    >
    >
  5. Archived from groups: microsoft.public.windowsme.general (More info?)

    I'm glad I was able to help you get your problems cleared up.

    --
    Richard G. Harper [MVP Shell/User] rgharper@gmail.com
    * PLEASE post all messages and replies in the newsgroups
    * for the benefit of all. Private mail is usually not replied to.
    * My website, such as it is ... http://rgharper.mvps.org/
    * HELP us help YOU ... http://www.dts-l.org/goodpost.htm


    "Bart" <bsmart@nospamnet.invalid> wrote in message
    news:118ft7c5vavl3be@corp.supernews.com...
    > First of all, I apologize for being tardy in replying. It has been a zoo
    > here.
    >
    > I went to your site and followed the procedure as you outline it. I can
    > say
    > to all interested that the procedure is concise and filled with common
    > sense. I had used Dave's program earlier and with yours I was able to
    > confirm that the infection has been taken care of. A/V is installed and
    > updated, Ad-Aware SE is up and running, Spybot has been executed twice and
    > no trace of any malware is evident. I did purge the System Restore cache
    > once I was sure my machine was clean. In addition, a firewall was
    > installed
    > as well.
    >
    > Thank you for responding to my dilemma and offering great advice.
    > Dumping
    > the restore would have been disastrous as I was advised from outside this
    > NG. I can trust you folks to the n-th degree!
    >
    > Bart
    >
    > "Richard G. Harper" <rgharper@email.com> wrote in message
    > news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
    >> In order of preference:
    >>
    >> (1) A comprehensive cleaning process, like the one at
    >> http://rgharper.mvps.org/cleanit.htm should be tried first.
    >>
    >> (2) If you have a reasonable idea of when the infection started AND it is
    >> not too far in the past (days would be reasonable, weeks would be pushing
    >> it, months would definitely be too far out) you could try a System
    > Restore.
    >>
    >> Under no circumstances should you flush the System Restore cache before
    >> cleaning! Never!! Ever!!! If you succeed in cleaning something and
    >> your
    >> system winds up trashed because the malware screwed up essential system
    >> files you can at least restore back to your infected-but-working state as
    >> long as you haven't flushed the SR cache. But if you flush it first and
    >> then try cleaning ... you're probably up the creek without a paddle at
    > that
    >> point if the cleaning process goes pear-shaped.
    >>
    >> --
    >> Richard G. Harper [MVP Shell/User] rgharper@gmail.com
    >> * PLEASE post all messages and replies in the newsgroups
    >> * for the benefit of all. Private mail is usually not replied to.
    >> * My website, such as it is ... http://rgharper.mvps.org/
    >> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
    >>
    >>
    >> "Bart" <bsmart@nospamnet.invalid> wrote in message
    >> news:1182porduf9m428@corp.supernews.com...
    >> >I never thought it would happen to me but somehow several adware
    >> >programs
    >> > have infiltrated my ME machine. Too many to recite here, but they came
    >> > from
    >> > running a Yahoo music program, I believe. I have run Ad-Aware 6
    > Personal
    >> > build 6.181 and Spybot. Both have been updated to their limits and did
    >> > what
    >> > they could. A Panda Titanium 2005 scan removed 4 viruses but could not
    >> > remove the adware because it was an online scan. All that is left is
    > the
    >> > stubborn adware. (I removed my Norton AV based on the bad reports here
    >> > and
    >> > was 'tween AV's when this happened) Panda suggested the following:
    >> >
    >> > How to eliminate viruses and other threats completely from the restore
    >> > folder.
    >> > Click Start.
    >> > Select Settings.
    >> > Select Control Panel.
    >> > Double-click on System.
    >> > Select the Performance tab.
    >> > Click File System.
    >> > Click the Troubleshooting tab.
    >> > Enable the Disable System Restore checkbox.
    >> > Click Apply.
    >> > Disable the Disable System Restore checkbox.
    >> > Click Apply.
    >> > Save the changes by clicking OK.
    >> > The computer will ask you if you want to restart. Do it and when you
    > start
    >> > it again, the viruses and other threats detected will disappeared from
    >> > _restore folder .
    >> > Carry out a full scan of your computer using the antivirus program in
    >> > order
    >> > to ensure that it correctly disinfected.
    >> >
    >> > (I've seen this recommended in this NG before)
    >> >
    >> > Is this what I should do, or 2) a system restore or 3) just get an
    >> > AV/malware program and run that? If so, is there a preferred way to
    >> > install
    >> > the AV in the presence of the malware?
    >> >
    >> > I hate being a bozo and realize I was carelessly unsafely browsing.
    >> > Now
    >> > just to get back to where I belong...
    >> > Thanks to all.
    >> >
    >> > Bart
    >> >
    >> >
    >>
    >>
    >
    >
    >
  6. Archived from groups: microsoft.public.windowsme.general (More info?)

    I congratulate you for having the exceptional good sense to follow Messrs.
    Lipman and Harpers' good advice.

    Symantec's advice, and that from others, to purge the WinME System Restore
    cache, PRIOR to ensuring that the system is running well, amounts to
    criminal negligence, IMO.
    As Mike M has repeatedly pointed out, SR maybe all that is left with which
    to recover, in some particularly bad situations. Throwing out the parachute
    before one is on the ground is a sure recipe for disaster.

    So, kudos to you, for doing the right thing here, Bart.
    --
    Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
    Help us help you: http://www.dts-L.org/goodpost.htm
    In Memorium: Alex Nichol
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
    Your cooperation is very appreciated.
    ------
    "Bart" <bsmart@nospamnet.invalid> wrote in message
    news:118ft7c5vavl3be@corp.supernews.com...
    > First of all, I apologize for being tardy in replying. It has been a zoo
    > here.
    >
    > I went to your site and followed the procedure as you outline it. I can
    say
    > to all interested that the procedure is concise and filled with common
    > sense. I had used Dave's program earlier and with yours I was able to
    > confirm that the infection has been taken care of. A/V is installed and
    > updated, Ad-Aware SE is up and running, Spybot has been executed twice and
    > no trace of any malware is evident. I did purge the System Restore cache
    > once I was sure my machine was clean. In addition, a firewall was
    installed
    > as well.
    >
    > Thank you for responding to my dilemma and offering great advice.
    Dumping
    > the restore would have been disastrous as I was advised from outside this
    > NG. I can trust you folks to the n-th degree!
    >
    > Bart
    >
    > "Richard G. Harper" <rgharper@email.com> wrote in message
    > news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
    > > In order of preference:
    > >
    > > (1) A comprehensive cleaning process, like the one at
    > > http://rgharper.mvps.org/cleanit.htm should be tried first.
    > >
    > > (2) If you have a reasonable idea of when the infection started AND it
    is
    > > not too far in the past (days would be reasonable, weeks would be
    pushing
    > > it, months would definitely be too far out) you could try a System
    > Restore.
    > >
    > > Under no circumstances should you flush the System Restore cache before
    > > cleaning! Never!! Ever!!! If you succeed in cleaning something and
    your
    > > system winds up trashed because the malware screwed up essential system
    > > files you can at least restore back to your infected-but-working state
    as
    > > long as you haven't flushed the SR cache. But if you flush it first and
    > > then try cleaning ... you're probably up the creek without a paddle at
    > that
    > > point if the cleaning process goes pear-shaped.
    > >
    > > --
    > > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
    > > * PLEASE post all messages and replies in the newsgroups
    > > * for the benefit of all. Private mail is usually not replied to.
    > > * My website, such as it is ... http://rgharper.mvps.org/
    > > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
    > >
    > >
    > > "Bart" <bsmart@nospamnet.invalid> wrote in message
    > > news:1182porduf9m428@corp.supernews.com...
    > > >I never thought it would happen to me but somehow several adware
    programs
    > > > have infiltrated my ME machine. Too many to recite here, but they
    came
    > > > from
    > > > running a Yahoo music program, I believe. I have run Ad-Aware 6
    > Personal
    > > > build 6.181 and Spybot. Both have been updated to their limits and
    did
    > > > what
    > > > they could. A Panda Titanium 2005 scan removed 4 viruses but could
    not
    > > > remove the adware because it was an online scan. All that is left is
    > the
    > > > stubborn adware. (I removed my Norton AV based on the bad reports
    here
    > > > and
    > > > was 'tween AV's when this happened) Panda suggested the following:
    > > >
    > > > How to eliminate viruses and other threats completely from the restore
    > > > folder.
    > > > Click Start.
    > > > Select Settings.
    > > > Select Control Panel.
    > > > Double-click on System.
    > > > Select the Performance tab.
    > > > Click File System.
    > > > Click the Troubleshooting tab.
    > > > Enable the Disable System Restore checkbox.
    > > > Click Apply.
    > > > Disable the Disable System Restore checkbox.
    > > > Click Apply.
    > > > Save the changes by clicking OK.
    > > > The computer will ask you if you want to restart. Do it and when you
    > start
    > > > it again, the viruses and other threats detected will disappeared from
    > > > _restore folder .
    > > > Carry out a full scan of your computer using the antivirus program in
    > > > order
    > > > to ensure that it correctly disinfected.
    > > >
    > > > (I've seen this recommended in this NG before)
    > > >
    > > > Is this what I should do, or 2) a system restore or 3) just get an
    > > > AV/malware program and run that? If so, is there a preferred way to
    > > > install
    > > > the AV in the presence of the malware?
    > > >
    > > > I hate being a bozo and realize I was carelessly unsafely browsing.
    Now
    > > > just to get back to where I belong...
    > > > Thanks to all.
    > > >
    > > > Bart
    > > >
    > > >
    > >
    > >
    >
    >
    >
  7. Archived from groups: microsoft.public.windowsme.general (More info?)

    Jack, it was definitely a 'no-brainer' to follow the advice of these two
    gentlemen. I have reading this newsgroup for some time and I have come to
    feel that I know the good people here and I trust them implicitly. More
    over, what was most appealing was the common sense approach. I WOULD like
    to know when it is really best to just throw in the towel and reformat
    rather than to poke and dig and clean the bugs out. ME gets kludgy and slow
    sometimes and a reformat does take care of that.

    Thank you for following the thread.

    Bart

    "Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
    news:%23WsroGhWFHA.2448@TK2MSFTNGP12.phx.gbl...
    > I congratulate you for having the exceptional good sense to follow Messrs.
    > Lipman and Harpers' good advice.
    >
    > Symantec's advice, and that from others, to purge the WinME System Restore
    > cache, PRIOR to ensuring that the system is running well, amounts to
    > criminal negligence, IMO.
    > As Mike M has repeatedly pointed out, SR maybe all that is left with which
    > to recover, in some particularly bad situations. Throwing out the
    parachute
    > before one is on the ground is a sure recipe for disaster.
    >
    > So, kudos to you, for doing the right thing here, Bart.
    > --
    > Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
    > Help us help you: http://www.dts-L.org/goodpost.htm
    > In Memorium: Alex Nichol
    > http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
    > Your cooperation is very appreciated.
    > ------
    > "Bart" <bsmart@nospamnet.invalid> wrote in message
    > news:118ft7c5vavl3be@corp.supernews.com...
    > > First of all, I apologize for being tardy in replying. It has been a
    zoo
    > > here.
    > >
    > > I went to your site and followed the procedure as you outline it. I can
    > say
    > > to all interested that the procedure is concise and filled with common
    > > sense. I had used Dave's program earlier and with yours I was able to
    > > confirm that the infection has been taken care of. A/V is installed and
    > > updated, Ad-Aware SE is up and running, Spybot has been executed twice
    and
    > > no trace of any malware is evident. I did purge the System Restore
    cache
    > > once I was sure my machine was clean. In addition, a firewall was
    > installed
    > > as well.
    > >
    > > Thank you for responding to my dilemma and offering great advice.
    > Dumping
    > > the restore would have been disastrous as I was advised from outside
    this
    > > NG. I can trust you folks to the n-th degree!
    > >
    > > Bart
    > >
    > > "Richard G. Harper" <rgharper@email.com> wrote in message
    > > news:%23VIc$8cVFHA.3760@TK2MSFTNGP15.phx.gbl...
    > > > In order of preference:
    > > >
    > > > (1) A comprehensive cleaning process, like the one at
    > > > http://rgharper.mvps.org/cleanit.htm should be tried first.
    > > >
    > > > (2) If you have a reasonable idea of when the infection started AND it
    > is
    > > > not too far in the past (days would be reasonable, weeks would be
    > pushing
    > > > it, months would definitely be too far out) you could try a System
    > > Restore.
    > > >
    > > > Under no circumstances should you flush the System Restore cache
    before
    > > > cleaning! Never!! Ever!!! If you succeed in cleaning something and
    > your
    > > > system winds up trashed because the malware screwed up essential
    system
    > > > files you can at least restore back to your infected-but-working state
    > as
    > > > long as you haven't flushed the SR cache. But if you flush it first
    and
    > > > then try cleaning ... you're probably up the creek without a paddle at
    > > that
    > > > point if the cleaning process goes pear-shaped.
    > > >
    > > > --
    > > > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
    > > > * PLEASE post all messages and replies in the newsgroups
    > > > * for the benefit of all. Private mail is usually not replied to.
    > > > * My website, such as it is ... http://rgharper.mvps.org/
    > > > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
    > > >
    > > >
    > > > "Bart" <bsmart@nospamnet.invalid> wrote in message
    > > > news:1182porduf9m428@corp.supernews.com...
    > > > >I never thought it would happen to me but somehow several adware
    > programs
    > > > > have infiltrated my ME machine. Too many to recite here, but they
    > came
    > > > > from
    > > > > running a Yahoo music program, I believe. I have run Ad-Aware 6
    > > Personal
    > > > > build 6.181 and Spybot. Both have been updated to their limits and
    > did
    > > > > what
    > > > > they could. A Panda Titanium 2005 scan removed 4 viruses but could
    > not
    > > > > remove the adware because it was an online scan. All that is left
    is
    > > the
    > > > > stubborn adware. (I removed my Norton AV based on the bad reports
    > here
    > > > > and
    > > > > was 'tween AV's when this happened) Panda suggested the following:
    > > > >
    > > > > How to eliminate viruses and other threats completely from the
    restore
    > > > > folder.
    > > > > Click Start.
    > > > > Select Settings.
    > > > > Select Control Panel.
    > > > > Double-click on System.
    > > > > Select the Performance tab.
    > > > > Click File System.
    > > > > Click the Troubleshooting tab.
    > > > > Enable the Disable System Restore checkbox.
    > > > > Click Apply.
    > > > > Disable the Disable System Restore checkbox.
    > > > > Click Apply.
    > > > > Save the changes by clicking OK.
    > > > > The computer will ask you if you want to restart. Do it and when you
    > > start
    > > > > it again, the viruses and other threats detected will disappeared
    from
    > > > > _restore folder .
    > > > > Carry out a full scan of your computer using the antivirus program
    in
    > > > > order
    > > > > to ensure that it correctly disinfected.
    > > > >
    > > > > (I've seen this recommended in this NG before)
    > > > >
    > > > > Is this what I should do, or 2) a system restore or 3) just get
    an
    > > > > AV/malware program and run that? If so, is there a preferred way to
    > > > > install
    > > > > the AV in the presence of the malware?
    > > > >
    > > > > I hate being a bozo and realize I was carelessly unsafely browsing.
    > Now
    > > > > just to get back to where I belong...
    > > > > Thanks to all.
    > > > >
    > > > > Bart
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    > >
    >
    >
    >
  8. Archived from groups: microsoft.public.windowsme.general (More info?)

    Hi Dave,

    I see your roads are about the same quality as ours.


    Shane
  9. Archived from groups: microsoft.public.windowsme.general (More info?)

    From: "Shane" <shanebeatson@gmail.com>

    | Hi Dave,
    |
    | I see your roads are about the same quality as ours.
    |
    | Shane
    |

    Yeah...

    Unfortunately my town doesn't like us middle class citizens living by the beach anymore.
    They don't think we bring in enough taxes. So they have reduced their level of municipal
    support and are declaring Eminent Domain on my street and two other streets behind me so
    they can declare the neighbourhood as "blighted". Then they can build
    sh!tty looking condos for $600,000 to sell to the bennies.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  10. Archived from groups: microsoft.public.windowsme.general (More info?)

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:%23apBGghWFHA.2420@TK2MSFTNGP12.phx.gbl...
    > From: "Shane" <shanebeatson@gmail.com>
    >
    > | Hi Dave,
    > |
    > | I see your roads are about the same quality as ours.
    > |
    > | Shane
    > |
    >
    > Yeah...
    >
    > Unfortunately my town doesn't like us middle class citizens living by the
    beach anymore.
    > They don't think we bring in enough taxes. So they have reduced their
    level of municipal
    > support and are declaring Eminent Domain on my street and two other
    streets behind me so
    > they can declare the neighbourhood as "blighted". Then they can build
    > sh!tty looking condos for $600,000 to sell to the bennies.
    >

    Yeah, I know exactly what you mean!


    Shane
Ask a new question

Read More

Windows