[ale] XP Malware - XP Security Center

Jim Kinney jim.kinney at gmail.com
Thu Jul 3 16:14:14 EDT 2008


2008/7/3 Jeff Lightner <jlightner at water.com>:

>   Uh…
>
>
>
> Doesn't the dd you suggest erase the hard drive completely?
>

Yep. Gets _RID_ of the problem. :)

Happily, I know Daniel knew I was joking (only slightly).

>
>
> If so didn't you leave out some steps like needing to reload XP and the
> applications?
>

WHAT?!?!? And _REINSTALL_ the original virus payload?

Serious note: As Daniel discovered the very first thing to do in any virus
extraction is to  turn off hibernate and  system restore.  Without those
steps the system will just reinfect itself nearly forever.

>
>  ------------------------------
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Jim
> Kinney
> *Sent:* Thursday, July 03, 2008 12:59 AM
> *To:* dhhoward at comcast.net; ale at ale.org
> *Subject:* Re: [ale] XP Malware - XP Security Center
>
>
>
>
>
> On Thu, Jul 3, 2008 at 12:35 AM, Daniel Howard <dhhoward at comcast.net>
> wrote:
>
> Short question: do you have a win XP malware removal tool you recommend?
>
>
> dd if=/dev/zero of=/dev/hda using  toms root boot disk
> http://www.toms.net/rb/
>
> I have used this malware removel with 100% success for the past 10 years.
> Removes ALL virii included boot sector nasties that call ntloader and
> others.Run! Don't walk to http://www.toms.net/rb/ and download your copy
> today!
>
> dban is another tool that will also thoughly cleanse the drive of virii and
> spyware: http://dban.sourceforge.net/
>
> I was able to manually pound someof those off by killing of many running
> bugs and deleting them manulally. But I did finally use the BartsPE disk I
> carry. Live windows CD.
>
>
>
> Long version:
>
> I've googled myself to death on this one.  I've tried everything so far
> except purchasing a new Windows antimalware program (currently use
> ClamAV and Spybot SD).  I've somehow picked up a malware program that
> puts a red circle with a white X in it in the task tray that keeps
> trying to get me to buy some rogue antispyware program called XP
> Security Center.  I researched it, sure enough it's malware (rogue
> antispyware), found the names of the files used (winivstr.exe and
> braviax.exe) and couldn't delete them due to being in use, so I booted
> my XP install disk in recovery mode, and deleted the files from all
> locations found from searching (in the WINDOWS and SYSTEM32
> directories), and dang if they still don't get replaced on reboot.
>
> So, I probably need to purchase a better tool for removal, but there's
> so much crap out there that poses as malware removal that is likely yet
> another malware package.  Is there a good malware removal package that
> would work on beasties like this one?
>
> Thanks, Daniel
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
>
>
> --
> --
> James P. Kinney III
>   ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>


-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080703/6b5a8376/attachment.html 


More information about the Ale mailing list