CanopyFlyer

I prefer to boot from USB so that keeping the AV definitions are up to date a bit easier. As far as my trouble shooting CD's go, I make a new one every time I work on a system if necessary.

As far as autoplay/autorun, I disable that function on any computer that I use for troubleshooting. Plus, I've never had an infected O/S drive launch anything when I plugged it in, even with AP/AR on. Doesn't mean it won't happen though, so you're right you do need to be careful when plugging in a known infected drive.

As far as what I boot into, generally Linux. DSL has always been trustworthy and tiny. Windows based CD's take forever and a day, as previously mentioned.

doopstr

Microsoft Warns of MHTML Bug in Windows

http://support.microsoft.com/kb/2501696

https://threatpost.com/en_us/blogs/m...windows-012811

#1 STUNNA

MHTML only?

Scottman111

Yeah, usually. We have the same setup at work - a dedicated P.O.S that we fix all viruses on via slave.

I have a set amount of time I will work on a PC before I just say F it and write the drive to zero and re-image. If I can recover the data great, if not I say sorry you're out of luck. If they say but it's really important stuff I tell them they can have it back and bring it somewhere else

Oh and I like booting Knoppix from a DVD to do all my writing/wiping/imaging/etc.

Jonesi

As far as re-installing after wiping a computer clean does anybody use any of the following?
http://blog.zeusoft.net/zeuapp/
http://www.freenew.net/
http://allmyapps.com/easy-setup
http://ninite.com/ <-- My preference

I found them extremely effective and time saving after clean installs.


And lastly. What I've been installing for the people who "think" they're ready for the transition to Office 07 or 10.. puts the classic menus with the new 07/10 menus
http://www.addintools.com/index.html

#1 STUNNA

I've mentioned ninite many times. I use that shit all the time

stogie1020

OH MY GOD I LOVE YOU.... Is it easy to uninstall if necessary?

Jonesi

Yep. Saves everyone. Sick of people converting then bitch or call 24/7.

stogie1020

Been using ribbons for months and months and still cant find half the stuff I need...

stogie1020

Awwwww Pygmies...

I have Office 2007 and the free one only works on 2010...

Jonesi

"Free Download Classic Menu for Office 2007 v6.01"
http://www.addintools.com/english/me...e/download.htm


works for me

stogie1020

I suck.

Thanks.

Scottman111

^ Stupid noob!



Ninite was all we would use until we started manually making images of drives. But for any other stuff this is what we use.

And thanks for the classic menu link for Office! I figured they had to be out there somewhere but I never took the time to look

underdog

Jonesi - I take back *many* of the horrible things I've thought about you!
You are a great human being.

I've been swearing at the ribbon for months .. thanks!!!

rza49311

iTrader: (1)

I have started using a little program called Desktop Restore as of late when reloading winxp machines. You can save the position of all desktop icons then restore them.

http://www.midiox.com/index.htm?http...toprestore.htm

thelastaspec

Just a heads up that twice now in the past month ive run into a Java based trojan downloader.
Remember to keep java up to date and set the cache to clear itself & use a program such as ccleaner to wipe JRE files as well.

First a realitives computer i had to disinfect and ultimately restore, now just tonight, i was reading on google news linked site about the iPhone 4 Version launch when my "spidey senses tingled."
Haven't had a virus run in for a good 5-6 years.

I got the notification as soon as that site loaded - got suspicious as my java icon appeared in my taskbar - quickly jumped to my JRE log, then cahce, deleted cache, then MSE chirped in. Keeping JRE uninstalled until i need it next.

Whiskers

Don't download AVG 2011, its evil...

stogie1020

MSE should catch those prior to any trouble.

thelastaspec

MSE didn't for my aunt...
Before this, i understood that it had Advanced + rating from av comp. and could face threats already running prcss.
I guess the hureticus isnt the best ether? - no av is perfect
I had it set to automatically delete any "level" of threat.
It failed to detect the threat witch was a java based trojan downloader.
the downloaded virus removed MSE, SB S&D and comodo firewall
Because of business use, i switched her to Norton 360 (v5 is due soon).
I was over at the exact minute when she started it up, and the virus started to work.
It was on xmas day, and i noticed that "regedit.exe" wanted to connect to the net.
uh oh, denied it, went to delete it - as it was in the temp fldr, but too late.




Right now for extra protection i installed malware bytes anti malware and N360v5beta.
No horiffic loss in speed & @ boot up.

I was on a Goog news linked site too... wtf?

At lest i got java tuned off right away and cleared the cache.
at least MSE this time detected it - who knows, could have been a false p too.

#1 STUNNA

LOL and I just replaced Norton yesterday with MSE cause Norton sucked....

thelastaspec

Its a cycle you go through.
You go back to sub. because the free one did something to piss you off.

#1 STUNNA

I never go back to sub......

thelastaspec

F eh, i said that like 4 years ago, but maybe for someone who isn't comp literate, N360 is good as it forces you to take action and back stuff up.

#1 STUNNA

How does it FORCE you to backup?

stogie1020

Sorry bud, PEBKAC.

thelastaspec

lol i know this is the typical response, but "it wasnt my fault"
haven't had a virus infection ever on my comps, and this was just a detection and MSE '11 stoped it.

on my last comp that a bit more HP, i ran 3 scanners and it would check anything coming into the network and check packets.

Im super ffing paranoid about infections on my fam's network.
I have my mom and sis on Ubuntu and only me and dad have windows for prog's that wont run on wine.

Im just confused as i had my cache turned off with jre disabled in ff (im assuming it re-enabled with an update).
I keep addons and extensions off on firefox, except for qtime alternative, flash, adblock and wot.

For my aunt, im still on the fence if it was her or if it was out of her control.
it was a nice xmas dday virus.
the comp difinativley does not get used for any purpose other than business (aka accounting ect.)use.

Keep JRE updated.




If you've got fam you dont see often and dont know sh*t about computers, N360 (or just take away the power cable) is a pre good way to go as it ensures scans and backups + "ccleaner" get taken care of.
On sale, you get 25gigs of backup online with symantec too witch is nice if you've got sensitive files and dont quite trust dropbox.
sure no media, but buisness stuff, outlook, archives ect. enough space.

#1 STUNNA

There's so much wrong with your post I don't even want to bother.....

thelastaspec

How big is the hole ive dug for myself?

stogie1020

Gfaze

^ :shakehead

Jonesi

recently had a guy at work that kept getting viruses. Fixed it the last time and left a note with free non malicious pr0n sites and he's been good ever since...

stogie1020

We have a winner!!! I spend a lot of time in the bowels of the internet, and MSE has not failed to catch anything from these "less reputable" sites hosted in non-friendly countries... I am impressed.

Thelastaspec, grandma ignored a warning...

thelastaspec

hahahaahahhah

Jonesi

What he's trying to say nicely is your grandma watches a Lot of pr0n. like mizouse amounts of pr0n.

stogie1020

@Jonesi

If Grandpa is stil alive, see if he is going through prescriptions for Viagra unusually fast. (Road Trip movie grandpa)


Thelastaspec, what is the update schedule like on her MSE?

thelastaspec

Win updt was set to run when she used it every day,
and mse was setup to remove everything and monitor real time.
Believe it or not, its not used for personal stuff
I'm guessing this came through an email, probs clicked the link and that's what happened.

The weird thing is once i got the comp home and started to work on it (correction, the vir did not remove mse, i remember now) even with mse fully updated in safe mode, it could not find the infection.
Combo fix found it and got rid of it right away.
It was also a virus that kaspersky made a tool for.
malware bytes found remnants in the registry and other places.

I dont know if she would cancel s'hed scans going on or something like that.
I took her off N360 to save some coin, but it didnt work out this time - luckily this infection didn't tamper with any of her documents.

N360 will do the tasks in the background for the lazy/clueless person.

#1 STUNNA

Great story on Ars about the CEO of a computer security firm trying to troll Anonymous and find out their real identities and what happened when Anon found out.....

http://arstechnica.com/tech-policy/n...avy-price.ars/

CanopyFlyer

^^ I read that earlier today. No two ways about it, Bar is an arrogant, yet clueless, dipsh#t who is going to pay a heavy price.

#1 STUNNA

Ok this is a fantastic tip and should work very well. I've known to rename files when malware blocks you from running them but this one makes the most sense.

Also you can often rename .exe files to .com files and they'll run fine. I do that with regedit.exe often, if it's blocked then i rename it regedit.com and it opens fine. .com is from back in the day when com used to mean command and not commercial like in websites.

http://gizmodo.com/#!5757977/trick-v...to-explorerexe

#1 STUNNA

OMG this is just fantastic! Follow up to the other article posted above (which is a great read)

This article details everything Anonymous did to gain control of that guys website and database. It involves awesome social engineering and just an overall lack of security best practices across the board by a security consultant firm that "specializes" in vulnerability assessment.

This part made me laugh the most



Read the rest here, lots more good stuff!

http://arstechnica.com/tech-policy/n...bgary-hack.ars