|
Posted by =?Utf-8?B?ZGF2ZXJvYmxpdA==?= on December 14, 2005, 8:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options
My client's laptop was infected with multiple viruses and spyware. I noticed
there was a user account named "systemx". I deleted it, and when I restarted,
it was back. Finally used virus tools inc. Hijack This to remove suspicious
items, and it did not reappear. Didn't know this could happen and couldn't
find anything on Google about it.
Dave
|
|
Posted by Leythos on December 15, 2005, 6:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
daveroblit@discussions.microsoft.com says...
> My client's laptop was infected with multiple viruses and spyware. I noticed
> there was a user account named "systemx". I deleted it, and when I restarted,
> it was back. Finally used virus tools inc. Hijack This to remove suspicious
> items, and it did not reappear. Didn't know this could happen and couldn't
> find anything on Google about it.
The only way to be sure to remove a infection from a compromised machine
is to wipe it and start over. While you can reasonably clean a machine,
the tools are reactionary - meaning that they only clean what they know
about.
If this is something you are being paid to do, something you have to
declare as "Clean", then you should wipe/reinstall and then restore
their documents.
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by =?Utf-8?B?ZGF2ZXJvYmxpdA==?= on December 16, 2005, 11:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
"reasonably clean" of viruses and malware. Webroot Spysweeper succeeded where
Ad-Aware, Spybot S&D, Hijack This and Counterspy failed.
I considered wiping it and starting over, but the client (a college kid)
lost the factory CD's for the laptop and was about to leave on vacation,
needing her beloved laptop.
Dave
"Leythos" wrote:
>
> The only way to be sure to remove a infection from a compromised machine
> is to wipe it and start over. While you can reasonably clean a machine,
> the tools are reactionary - meaning that they only clean what they know
> about.
>
> If this is something you are being paid to do, something you have to
> declare as "Clean", then you should wipe/reinstall and then restore
> their documents.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
>
|
|
Posted by Leythos on December 16, 2005, 12:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Long story, but the machine (which was infected thru AIM) is finally
> "reasonably clean" of viruses and malware. Webroot Spysweeper succeeded where
> Ad-Aware, Spybot S&D, Hijack This and Counterspy failed.
>
> I considered wiping it and starting over, but the client (a college kid)
> lost the factory CD's for the laptop and was about to leave on vacation,
> needing her beloved laptop.
I did the same for a few machines at a local Sorority, but two of them
required a wipe/reinstall - after spending more than an hour trying to
clean it, which they are billed for, it was quicker to wipe/reinstall
and then restore their documents - these two users had already known to
backup their files to CD-RW or CD-R disks and had already done it before
I got there. It's true, they actually did a backup of important files -
and people thinks kids in school can't learn :)
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by optikl on December 16, 2005, 3:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I considered wiping it and starting over, but the client (a college kid)
Yes, college students and malware; I've seen it before.
|
| Similar Threads | Posted | | Email containing virus in my account!!! | April 2, 2006, 4:49 am |
| msnews.microsoft.com account is Gone | October 1, 2006, 6:47 pm |
| Add money to your Paypal account with OPRAH Y-n@\ | August 15, 2006, 6:52 pm |
| paranoid user needs new security software | September 28, 2007, 12:22 pm |
| Antigent agent deployment using wrong account | November 17, 2006, 11:35 am |
| Invitaion to The Trend Micro User Group | June 20, 2006, 10:53 am |
| Spyware and Adware affect every internet user | November 24, 2006, 5:25 am |
| Why does Spyware and Adware affect every internet user | May 23, 2007, 9:45 am |
| Re: Virtumonde, Registry Keys, User Accounts, Microsoft | August 29, 2008, 7:54 pm |
| Virus create an unknown user, service, enccrypted files | August 9, 2006, 5:42 am |
|
XML site map