very nasty variant on old theme

[Dustin Cook]

"Gaz" <gazter@msn.com> wrote in news:6g12q3Fdge60U1@mid.individual.net:

> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
> news:Xns9AF2D91E2366HHI2948AJD832@69.16.185.247...
>> "Gaz" <gazter@msn.com> wrote in
>> news:6fttadFd3knnU1@mid.individual.net:
>>
>>> "John Doe" <johndoe@microsoft.com> wrote in message
>>> news:Skgmk.4269$Lb6.1309@fe99.usenetserver.com...
>>>> combofix also does a great job of eradicating this infector . . .
>>>>
>>>
>>> Shocked, as it is the first time i have seen a piece of spyware
>>> completely evade hijackthis... The cheeky ******* even had a block
>>> on loading the exe file... (of course a name change sorted that, but
>>> what if a variant is set to automatically delete files on its watch
>>> list instead of just closing them? what a ******* that would be).
>>>
>>> Gaz
>>>
>>>
>>>
>>
>> Not really an issue if you scan outside the host os.
>>
>
> Do you do that on a regular basis? Is it not a bit messy 'on site' to
> do that?

Messy in what way? I have a custom BartPE disc I use to run outside the
host, if and when that's necessary. Short of mainboard work that
requires t's removal from the case, I can do most things onsite with the
cds I carry with me.


--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility
For Windows users, I highly recommend:
http://www.malwarebytes.org - MalwareBytes AntiMalware

[Gaz]

Dustin Cook wrote:
> "Gaz" <gazter@msn.com> wrote in
> news:6g12q3Fdge60U1@mid.individual.net:
>
>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>> news:Xns9AF2D91E2366HHI2948AJD832@69.16.185.247...
>>> "Gaz" <gazter@msn.com> wrote in
>>> news:6fttadFd3knnU1@mid.individual.net:
>>>
>>>> "John Doe" <johndoe@microsoft.com> wrote in message
>>>> news:Skgmk.4269$Lb6.1309@fe99.usenetserver.com...
>>>>> combofix also does a great job of eradicating this infector . . .
>>>>>
>>>>
>>>> Shocked, as it is the first time i have seen a piece of spyware
>>>> completely evade hijackthis... The cheeky ******* even had a block
>>>> on loading the exe file... (of course a name change sorted that,
>>>> but what if a variant is set to automatically delete files on its
>>>> watch list instead of just closing them? what a ******* that would
>>>> be).
>>>>
>>>> Gaz
>>>>
>>>>
>>>>
>>>
>>> Not really an issue if you scan outside the host os.
>>>
>>
>> Do you do that on a regular basis? Is it not a bit messy 'on site' to
>> do that?
>
> Messy in what way? I have a custom BartPE disc I use to run outside
> the host, if and when that's necessary. Short of mainboard work that
> requires t's removal from the case, I can do most things onsite with
> the cds I carry with me.

I find that i tend to use bartpe/minipe for carrying out common chkdsk
repairs, and for repairing corrupt registrys (registry restorer is a great
little programme which automates the transfer of the snapshot registry files
to the config folder on a bust windows.
For everything else, i run the software either in safe mode or regular
windows.

Gaz