Posted by: CrackersMcCheese
I can't get rid of this! - 29/11/2005 16:57
I don't know where this came from but I've ran all kinds of removal tools and nothing is found. Anyone know what it is?
Quote:
When i place the cursor over each block a pop-up appears to take me to a new website.
Quote:
Nothing on active desktop either. Good suggestion though.
Quote:
Newcastle Brown? For when I get so hacked off with it that I need a drink?
Quote:
I was hoping for a more elegant solution though.
Quote:
My Winlogin cleaning notes are not on hand, but here's a start. Since you know the malicious DLL and EXE names, find and delete them. You may need to access the Services portion of the registry (I think it's triplicated, so check each one). Remove references to the bad files and, possibly, recreate good references to the real files by retyping the info from a known good computer.
Quote:
Hmmm... Does knoppix support ntfs? If so I'll d/l it first thing tomorrow.
Quote:Quote:
Hmmm... Does knoppix support ntfs? If so I'll d/l it first thing tomorrow.
It should.
Quote:
Kick Bootie... Thanks.
As far as nuking the machine, if it were mine, I would have long ago. Unfortunately, it's a local judge who has no compunction paying me $65 per hour to grind the spyware away and leave his data as intact as can be. I'm happy to oblige.
This morning I thought about command prompt mode, since the adware attaches itself to the logon script. Command mode requires no login - unless you run explore. I figured that was the next step but have't been back to his house to try it.
Quote:
There must be MILLIONS of infected computers out there that people just deal with.
Quote:
In the registry, deny every user and system account write/modify permissions to the typical startup keys and spyware hiding places (even services?).
Deny every user and system account write/modify permissions to startup folders.
Write protect the host file and maybe even the local DNS cache....?
Quote:
This leads back to my "trusted sites" idea. Just like the pre-search-engine days when people posted link directories, there should be directories of trusted sites. Maybe a web of trust, tightly controlled by the members of the web (not infinitely expanding like the PGP key model). Display only known legitimate sites, accept link requests from the outside, post those links after through review, swiftly remove sites turned bad.
Think of how easy it would be to find trustworthy product reviews, legitimate online retailers, non-popup'ed lyrics sites, REAL information. Yes, it's labor intensive, but that's how I do things. Maybe there's a way to make this work.