george, the way to clean system restore files is simply to turn it off. Then do a scan, & the antivirus software can disinfect the files contained therein. Don't forget to re-enable it again once that process is complete, of course. On 4/20/12, George Bell <george@techno-vision.co.uk> wrote:
Hi David,
I'd hazard a guess that the System Restore files still contain this muck, but how you get rid of the System Restore in these circumstances is the $64,000 question. They normally cannot usually be cleaned by anti-virus software.
I'm afraid I'd be an absolute so and so here, and simply reformat the drive. While getting rid of the problem, hopefully, it might just also serve as a sharp, short lesson to the user to be more careful.
George.
-----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of David Mehler Sent: 19 April 2012 19:37 To: blind-sysadmins Subject: [Blind-sysadmins] Malware and File Permissions and attributes
Hello,
Has anyone dealt specifically with any of the following malware:
1. Exploit:Java/CVE-2012-0507.R 2. backdoor:Win32/Kelihos.F 3. Exploit:Java/CVE-2010-0840.QI 4. exploit:Java/CVE-2012-0507.R!ldr 5. TrojanDownloader:Win32/Waledac.C 6. trojan:Win32/Tibs.IT 7. Trojan:Win64/Alureon.gen!F 8. Trojan:Win64/Alureon.gen!J 9. trojan:Win32/Alureon.gen!AD 10. Trojan:Win32/Orsam!rts 11. trojan:Win32/Alureon.FK 12. Trojan:DOS/Alureon.I 13. trojan:Win32/Dynamer!dtc 14. Trojan:Win32/Dynamer!dtc
on a win7 64 bit machine?
This one is going to be convoluted. An individual who gives me more computer headaches than anyone else but he also happens to be extended family, called me about two weeks back claiming his box had a worm. I think he was running Norton 360. I do not know the name of the worm or if it was a worm. He didn't give me the box until four days ago when problems had eskelated to a backdoor/rootkit, trojan, and a virus his words. His cleaning efforts did not take the box off the internet so I wouldn't be surprised. The thing that got the box finally to me was a black screen, my guess is a very corrupted windows given some of the above malware I've googled as well as a report that his user profile, documents, background, pictures, etc was gone. The drive in question is very full only having 20 GB left of space.
Here's the problem, I put that drive in an external enclosure hooked it up to a test box and cleaned it, took two passes of Security Essentials and Malware bites to do it, found the above listing of stuff this is after his "cleaning efforts" I can only have nightmares about what this looked like before. Two problems, the black screen (corrupted windows or registry my guess), and file permission changes.
He reported to me that certain files were "hidden" I have since discovered that they are operating system protected, but his profile is not accessible, it's showing up as a folder with no files or folders in it.
These reports are still from this drive being in the external enclosure, I have not rehooked it up to it's motherboard, I believe my next step is to blow it away, it sounds like it is really bad, but I've got to get the profiles, documents, pictures, etc. Suggestions welcome, none of my googling on the above indicated they did anything with regards changing file attributes to hidden or setting files "protected" by the operating system.
Thanks. Dave.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Blame the computer--why not? It can't defend itself & occasionally might even be the culprit Jackie McBride Ask Me Computer Questions at: www.pcinquirer.com Jaws Scripting training materials: www.screenreaderscripting.com homePage: www.abletec.serverheaven.net