very nasty variant on old theme

[David H. Lipman]

From: "Gaz" <gazter@msn.com>


>> Not really an issue if you scan outside the host os.


| Do you do that on a regular basis? Is it not a bit messy 'on site' to do
| that?

| Gaz

Not so messy when you have a surrogate PC such as a notebook and a USB to IDE or USB to
SATA hard disk interface.

The advantage is files can be scanned and removed because the affected OS is not running
and thus the files are not protected.

The disadvantage is the anti malware scanners will see and try to clean the Registry of
the surrogate PC and not the affected hard disk's Registry.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Dustin Cook]

"Gaz" <gazter@msn.com> wrote in news:6g12q3Fdge60U1@mid.individual.net:

> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
> news:Xns9AF2D91E2366HHI2948AJD832@69.16.185.247...
>> "Gaz" <gazter@msn.com> wrote in
>> news:6fttadFd3knnU1@mid.individual.net:
>>
>>> "John Doe" <johndoe@microsoft.com> wrote in message
>>> news:Skgmk.4269$Lb6.1309@fe99.usenetserver.com...
>>>> combofix also does a great job of eradicating this infector . . .
>>>>
>>>
>>> Shocked, as it is the first time i have seen a piece of spyware
>>> completely evade hijackthis... The cheeky ******* even had a block
>>> on loading the exe file... (of course a name change sorted that, but
>>> what if a variant is set to automatically delete files on its watch
>>> list instead of just closing them? what a ******* that would be).
>>>
>>> Gaz
>>>
>>>
>>>
>>
>> Not really an issue if you scan outside the host os.
>>
>
> Do you do that on a regular basis? Is it not a bit messy 'on site' to
> do that?

Messy in what way? I have a custom BartPE disc I use to run outside the
host, if and when that's necessary. Short of mainboard work that
requires t's removal from the case, I can do most things onsite with the
cds I carry with me.


--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility
For Windows users, I highly recommend:
http://www.malwarebytes.org - MalwareBytes AntiMalware

[Dustin Cook]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:JcadnaqKv_syxgbVnZ2dnUVZ_iydnZ2d@giganews.com :

> From: "Gaz" <gazter@msn.com>
>
>
>>> Not really an issue if you scan outside the host os.
>
>
>| Do you do that on a regular basis? Is it not a bit messy 'on site' to
>| do that?
>
>| Gaz
>
> Not so messy when you have a surrogate PC such as a notebook and a USB
> to IDE or USB to SATA hard disk interface.
>
> The advantage is files can be scanned and removed because the affected
> OS is not running and thus the files are not protected.
>
> The disadvantage is the anti malware scanners will see and try to
> clean the Registry of the surrogate PC and not the affected hard
> disk's Registry.
>
>

yes, the pros and cons of doing it that way. Apologies for not including
the disadvantages as well in my initial post.


--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility
For Windows users, I highly recommend:
http://www.malwarebytes.org - MalwareBytes AntiMalware

[Gaz]

Dustin Cook wrote:
> "Gaz" <gazter@msn.com> wrote in
> news:6g12q3Fdge60U1@mid.individual.net:
>
>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>> news:Xns9AF2D91E2366HHI2948AJD832@69.16.185.247...
>>> "Gaz" <gazter@msn.com> wrote in
>>> news:6fttadFd3knnU1@mid.individual.net:
>>>
>>>> "John Doe" <johndoe@microsoft.com> wrote in message
>>>> news:Skgmk.4269$Lb6.1309@fe99.usenetserver.com...
>>>>> combofix also does a great job of eradicating this infector . . .
>>>>>
>>>>
>>>> Shocked, as it is the first time i have seen a piece of spyware
>>>> completely evade hijackthis... The cheeky ******* even had a block
>>>> on loading the exe file... (of course a name change sorted that,
>>>> but what if a variant is set to automatically delete files on its
>>>> watch list instead of just closing them? what a ******* that would
>>>> be).
>>>>
>>>> Gaz
>>>>
>>>>
>>>>
>>>
>>> Not really an issue if you scan outside the host os.
>>>
>>
>> Do you do that on a regular basis? Is it not a bit messy 'on site' to
>> do that?
>
> Messy in what way? I have a custom BartPE disc I use to run outside
> the host, if and when that's necessary. Short of mainboard work that
> requires t's removal from the case, I can do most things onsite with
> the cds I carry with me.

I find that i tend to use bartpe/minipe for carrying out common chkdsk
repairs, and for repairing corrupt registrys (registry restorer is a great
little programme which automates the transfer of the snapshot registry files
to the config folder on a bust windows.
For everything else, i run the software either in safe mode or regular
windows.

Gaz