[SGVLUG] Need help with clearing popups from windows system

Ken Lin indigo451 at yahoo.com
Tue Sep 5 17:48:55 PDT 2006


Sorry, what was the website the adware is referring to maybe the specific cleaning tool is listed in secunia or symantec

http://www.symantec.com/enterprise/security_response/removaltools.jsp

also spybot search and destroy is pretty good at blocking bad websites. they call it innoculating IE by filling in the blocked website list for you

http://www.safer-networking.org/

"Emerson, Tom" <Tom.Emerson at wbconsultant.com> wrote: > -----Original Message----- Of Claude Felizardo
> On 9/5/06, Alex Roston  wrote:
> > [...] I haven't fooled with it 
> > lately, but at one point it was possible to do a "hot" reinstall of 
> > Windows, and this didn't work very well for replacing files 
> which had 
> > been deliberately buggered.
> 
> Hang on, are you saying it is possible to reinstall windoze 
> on top of an existing system and not have to reinstall all of 
> your apps?  I mean I thought one of the problems with windoze 
> is that it's still difficult to determine if your data files 
> are stored in a subdirectory of the App or in one of the "My 
> blah" folder.  Can you repair in place?

Well, I can see two (or more) problems with this approach: as I
understand it, every application "registers" itself in the registry
during installation, if you re-install, wouldn't it re-write the
registry from scratch?  (meaning you'll have the executables "in place"
for your userland apps, but windows wouldn't be "aware" of them)  If it
doesn't rewrite the registry, anything "hidden" in the registry that
triggers an infection will still be there (i.e., anything defined to
"run at boot time")

Secondly, if a non-microsoft application has been contaminated, and that
in turn contaminates system files (so as to hide itself from scans), you
haven't actually eliminated the problem (the trojan is still out
there...)  I suppose, though, the system would be "innoculated" in a
sense in that some viruses will check before infecting, so the system
*may* appear infected and the virus doesn't re-infect the system.  Of
course, the virus writer might take the easy route and ALWAYS infects
every time it runs, but that's another matter entirely...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20060905/c05a4572/attachment-0001.html


More information about the SGVLUG mailing list