HELP ! My PC has been compromised !!

  • Thread starter Thread starter penang@freemail.c3.hu
  • Start date Start date
On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>Straight Talk <b__nice@hotmail.com> wrote:

>> Trial and error against malware is a common but very stupid approach.
>
>Nonsense.

Not really.

>It depends entirely on the severity of the infestation.

Precisely. A severity you cannot determine without having a baseline.

>I won't spend hours and hours on a troubled workstation, but if I can pretty easily
>remove a not-very-invasive piece of malware or two, I simply do so.

And how exactly do you verify that the machine is now back in a
reliable state?
 
Straight Talk <b__nice@hotmail.com> wrote:
> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:
>
>> Straight Talk <b__nice@hotmail.com> wrote:
>
>>> Trial and error against malware is a common but very stupid
>>> approach.
>>
>> Nonsense.
>
> Not really.
>
>> It depends entirely on the severity of the infestation.
>
> Precisely. A severity you cannot determine without having a baseline.
>
>> I won't spend hours and hours on a troubled workstation, but if I
>> can pretty easily remove a not-very-invasive piece of malware or
>> two, I simply do so.
>
> And how exactly do you verify that the machine is now back in a
> reliable state?

Because it works and has no further symptoms when I run thorough scans.
That's generally good enough for a home user. Sorry, I'm bored now - done
with this thread. Have fun storming the castle.
 
On Tue, 11 Mar 2008 12:13:12 -0400, "Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>Straight Talk <b__nice@hotmail.com> wrote:
>> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:
>>
>>> Straight Talk <b__nice@hotmail.com> wrote:
>>
>>>> Trial and error against malware is a common but very stupid
>>>> approach.
>>>
>>> Nonsense.
>>
>> Not really.
>>
>>> It depends entirely on the severity of the infestation.
>>
>> Precisely. A severity you cannot determine without having a baseline.
>>
>>> I won't spend hours and hours on a troubled workstation, but if I
>>> can pretty easily remove a not-very-invasive piece of malware or
>>> two, I simply do so.
>>
>> And how exactly do you verify that the machine is now back in a
>> reliable state?
>
>Because it works and has no further symptoms when I run thorough scans.

This coming from someone bragging to be an MVP. Very sad.

>That's generally good enough for a home user.

That's very good news for malware writers.

>Sorry, I'm bored now - done
>with this thread. Have fun storming the castle.

Oh, yes. Go back to sleep, MVP bragger.
 
"Straight Talk" <b__nice@hotmail.com> wrote in message
news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...
> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:
>
>>Straight Talk <b__nice@hotmail.com> wrote:
>
>>> Trial and error against malware is a common but very stupid approach.
>>
>>Nonsense.
>
> Not really.
>
>>It depends entirely on the severity of the infestation.
>
> Precisely. A severity you cannot determine without having a baseline.
>
>>I won't spend hours and hours on a troubled workstation, but if I can
>>pretty easily
>>remove a not-very-invasive piece of malware or two, I simply do so.
>
> And how exactly do you verify that the machine is now back in a
> reliable state?

If you know what changes a malware made, you
can often reverse those changes and get the system
back to as reliable as it was before the malware hit.

Yes...it is that 'if' that is the bugger. Many malwares
allow communication outside the system so you no
longer know exactly what changes were made and
it is time to flatten and rebuild if you desire any sense
of confidence in its integrity.
 
On Tue, 11 Mar 2008 17:35:35 -0400, "FromTheRafters"
<Erratic@ne.rr.com> wrote:

>
>"Straight Talk" <b__nice@hotmail.com> wrote in message
>news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...
>> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:
>>
>>>Straight Talk <b__nice@hotmail.com> wrote:
>>
>>>> Trial and error against malware is a common but very stupid approach.
>>>
>>>Nonsense.
>>
>> Not really.
>>
>>>It depends entirely on the severity of the infestation.
>>
>> Precisely. A severity you cannot determine without having a baseline.
>>
>>>I won't spend hours and hours on a troubled workstation, but if I can
>>>pretty easily
>>>remove a not-very-invasive piece of malware or two, I simply do so.
>>
>> And how exactly do you verify that the machine is now back in a
>> reliable state?
>
>If you know what changes a malware made, you
>can often reverse those changes and get the system
>back to as reliable as it was before the malware hit.

That's true. Which, as I said, requires a baseline and a thorough
understanding. Most users don't have that.

>Yes...it is that 'if' that is the bugger. Many malwares
>allow communication outside the system so you no
>longer know exactly what changes were made and
>it is time to flatten and rebuild if you desire any sense
>of confidence in its integrity.

Yup.
 
Ok, you are victim of a internet worm, that seem to spread by mail.
a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like
"explroer.exe".
best would be making a hijackthis log and sending it to some people, known
to handle them (or here).
 
"Delta" <bla@bla.net> wrote in message
news:93B6E4D1-7E61-4E53-A4C3-6EC502809B7D@microsoft.com...
> Ok, you are victim of a internet worm, that seem to spread by mail.
> a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names
> like "explroer.exe".
> best would be making a hijackthis log and sending it to some people, known
> to handle them (or here).
>

I assume that Delta meant "(NOT here)"

from a old post by Frank Saunders:

***************************************
First eliminate any scumware. See Dealing with Unwanted
Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm especially
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch


Note that AdAware and SpyBot S & D will each catch some
things the other won't. Also, each needs to be updated
with the program's update function before every use, even
when just downloaded. There's also a lot more to do than
just those two programs. CWShredder is also available
here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot,
HijackThis and CWShredder may be found on this page:
http://aumha.org/a/parasite.htm.


If nothing there helps, please post back to this thread.


********************************************


--
HTH

Sandy
 
From: "Delta" <bla@bla.net>

| Ok, you are victim of a internet worm, that seem to spread by mail.
| a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like
| "explroer.exe".
| best would be making a hijackthis log and sending it to some people, known
| to handle them (or here).

No HJT logs posted in any Microsoft news group or posted to Usenet at large.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Back
Top