[In Progress] Bobbye! Yes! That unremoveable RootKit is NO MORE  :-)

By stevow
Jan 18, 2011
  1. Didn't wanna add to that other long drawn out headache of a's history and good ridence!!

    I just wiped that hard drive clean and had my good buddy grab an XP PRO Full Installation from his company tech and I'm all set up now. I just had to download the net driver from another PC and transfer...... 30 quick minutes :)

    I have all your recommended downloads from that other thread taken care of.

    When I downloaded Adobe Reader and then went ahead with Adobe Flash Player as well, but it automatically downloaded McAfee Security Scan Plus along with it. Does McAfee SSP conflict with any downloads on your list? the downloads were: Upgraded to Internet 8, Avira, Comodo and Comodo GeekBuddy, Spywareblaster, Zoned Out, TFC, Java, Adobe Reader and WOT. Or Windows Firewall?

    Does Spywareblaster do the job for not loading Malwarebytes?

    Man this feels great to have my PC back! Thanks for your assistance. I really learned alot through all that. Interesting that I found from the tech 101 site that many clean out their computers every year and some heavy users every month.
    I can do that with ease now.
  2. crunchie

    crunchie Malware Helper Posts: 728

    You might want to get yourself a program like Macrium Reflect and do a back-up of your hard drive on a regular basis.
    Next time something hits you, install the backup :).
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That is very good news and I appreciate the update! I'm glad to see you have incorporated most of the tips I left.

    Regarding "Does Spywareblaster do the job for not loading Malwarebytes?"
    The answer is no. they are 2 completely different types of programs. Spywareblaster should be downloaded, updating occasionally. It will run on the system all the time. As I mentioned in my tips:
    Malwarebytes, on the other hand, is a scan that can find and remove adware, Trojans, spyware and other undesirable malware. You do not need to run it all the time- just if you suspect malware or whenever you do your regular maintenance. Note that the Mbam scan we use is a limited free version. If you want full features for the program, you will need to purchase. Since it's not a 'preventative' program like Spywareblaster, I would just download and run the free version when or if you need it.kept on the system and used later.

    Uninstall McAfee: McAfee Removal You cannot run that with Avira. I'll put a note in my tips to always check the download site for any pre-checked apps before you download. You will also find that if there is a choice of download type, choose Custom which will give you more control over the content.

    I don't recommend keeping the Comodo GeekBuddy.
    I am, very conservative about getting remote help- I'd rather have you come here.

    Regarding Comodo firewall and Windows firewall: don't use both. Comodo is a bi-directional FW and listens to outgoing as well as incoming ports. This will give you more protection that the Windows firewall, so disable it.

    I'm please that you found some good information on Tech-101. There are some very good tutorials that can guide you on "how to..." If you didn't already, please join us there- it's free.

    Something I always try to remind people of: You, the user, are the first line of security. No matter how much security you have, if you do foolish things, you will get malware!
  4. stevow

    stevow TS Rookie Topic Starter Posts: 55

    McAfee and Geekbuddy uninstalled and Windows firewall disbled. Thanks.
    I'll load up Malwarebytes. Does Spywareblaster take care of the SAS program too?

    I believe I fouled up the XP download: I was downloading all the Sony Vaio drivers this morning and they downloaded on drive D..... I found this out when I was almost done when the pop up "Low Disk Space on D:" showed. You didn't think I'd do all this without a hickup did you? lol

    I've found about 30 of the same folders in Windows C and D. Is there an easy way to transfer folders and programs over to C? OR, since I have the time, just erase the hard drive and start over? That's no big deal to do....I'm not far into this and I've got the time, the Full XP CD and I burned the network driver for instant net access and your download recommendations here.
  5. stevow

    stevow TS Rookie Topic Starter Posts: 55

    LOL......... Bobbye, I deleted both drives reloaded XP Pro on C drive. I think what happened was I had first deleted the hard drive completely and then gave the upgrade a shot. I figured it wouldn't work from scratch, but I did it anyway. When I called my buddy to get the Full Install CD it prompted to load on C drive and I said OK, but it said another operating system is on there and it might not work correctly, so I put it on D. Doh! Didn't put the puzzle together until after I wrote the above reply.
    All's good and I'll reload all the programs and drivers.

    I'll also head over to the other thread soon since my Infected PC is fixed. Whew! What a journey, but I sure learned the basics of how to quickly clean up reload up a hard drive.

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No! Spywareblaster doesn't take the place of any other security program. It works in it's own unique way. SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed- once on the system, run quietly in the background, doing it's job. Look up Active X and learn what the dangers of these objects can be.

    Superantispyware on the other hand:
    So you will have Spywareblaster running all the time. Depending on the versions you have, you would use SAS and Mbam to either help prevent or find and fix.

    Sorry Steve- you can't legally do that. It's called piracy.
  7. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Noooo! No copies! According to the IT guy it was just one of many in a stack of XP's he ordered that have never been used or opened from the shipment envelope. Apparently they have unused laptops stacked up that were supposed to be used for sales until the economy went south, hence the extra XP CD's. He doesn't want it back either, so I would assume he's aware and considerate of piracy laws. I don't need any more PC troubles.

    btw....some Sony Vaio downloads were corrupt and I ended up with a Drop Trojan this morning while loading through Sony's Download Taxi. I wasn't paying attention when Comodo found this, but I hit the download button without fully reading. (Yes, I am the last line of defense) After a MalwareScan removed it, I went back and sure enough that program was defined as a way Malware sneaks in according to Comodo. I like that updated Comodo...Great defense. I then ran a full Avira scan and it found 14 Crypt XPack Gen infections. It said they were removed and that area infected was repaired. Hmmmmm?
    I may go ahead and erase the C drive again and reload. Getting good at it. About 1 hour. I was going with Sony's original driver recommendations. I think any download where Comodo opens up and says, "It's a safe application, but the file # is not recognized (something like that) and the parent program(?) with have sole access" is where I will skip that download. You'd think Sony would have their driver info straight.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, he must have gotten a license that allowed multi-users. As for Sony getting things straight- wasn't is Sony who sent out some software with spyware on it a few years ago?
  9. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Hey Bobbye,
    All is going perfect. Running the 3 scans roughly every other day or more. Occassionally SAS will get a few spywares and that's all I see. Keeping all the program updates current and couldn't ask for more. Thanks!!

    And yes a multi-user license.

    Question about Phishing. I'm on a harmonica chat-like site where all questions etc are carbon copied to thousands and thousands of folks all over N & S America, Europe etc and apparently there was a Phishing scam where some well known harmonica player was on vacation and was robbed in London "and needed money" because everything he had was stolen. I delete 99% of the emails because it doesn't apply to me, but I guess a few folks were phished. To what extent I don't know.

    Now is there any program that may detect phishing?
    Or is it 'entirely up to us" being the last line of defense when it comes to phishing?

  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    First line of defense is always the user!

    Careful email handling comes next:
    Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

    Then use Site Advisor. I really like WOT> Web of Trust>
    The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

    Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

    If you want to link to another site from the page you're on o another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

    Give it a try- it does exactly what you want:

    And always keep in mind> if it sounds too good, it isn't!

    If your security is good, you shouldn't be seeing any spyware! SAS also show the Tracking Cookies. These can be prevented as follows:

    Reset Cookies
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)

    Glad to hear things are going better.
  11. stevow

    stevow TS Rookie Topic Starter Posts: 55

    your reply: If your security is good, you shouldn't be seeing any spyware! SAS also show the Tracking Cookies. These can be prevented as follows:

    Funny you should mention that because it wasn't until yesterday that I "blocked 3rd party cookies". After that guy's phish scam I came back to your tutorial to read up and was drawn to the privacy tab and saw that I had not taken care of it.
    I ran a scan this morning and SAS found zero tracking :) Now I know why. Thanks!

    I will try the WOT. I believe I have everything else downloaded, however, I haven't put into play Zoned Out yet.

    Re: Comodo
    Yesterday and today when I turned on my PC Comodo tells me that another computer is trying to gain access. My son picked up one of those ipad touch 4g's and he connects to the net anywhere free. I'm not hip how, but can something like that cause Comodo to recognize this?

  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I can't advise you on the Comodo alert without having some idea of what is attempting to access. If the iPad connects to the computer for a legitimate reason, you will need to give it access. Copy the IP that Comodo shows and paste it in- I'll check it out.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...