Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode.
Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577 Office (707) 935-9387 Fax (707) 766-4185 Cell [email protected] www.abideinternational.com -----Original Message----- From: Carl Houseman [mailto:[email protected]] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from "search.pro" Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -----Original Message----- From: Steven Peck [mailto:[email protected]] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from "search.pro" Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberry<[email protected]> wrote: > Or run the free VIPRE tools: > > http://live.sunbeltsoftware.com/ > Or > http://www.vipreantivirus.com/ > > All free. > > > > Also check your host file to see if it's been modified as well as your local > DNS settings... > > > > Alex > > > From: John Aldrich [mailto:[email protected]] > Sent: Tuesday, July 21, 2009 10:26 AM > To: NT System Admin Issues > Subject: RE: Searches being hijacked to show results from "search.pro" > > > > I would also recommend scanning with a copy of MalwareBytes from > www.malwarebytes.com. It's a free anti-malware app that has found stuff that > our antivirus/anti-spyware app overlooked. > > > From: James Rankin [mailto:[email protected]] > Sent: Tuesday, July 21, 2009 10:03 AM > To: NT System Admin Issues > Subject: Re: Searches being hijacked to show results from "search.pro" > > > > Try HijackThis or similar. Looks like something has sneaked right under your > radar > > 2009/7/21 Bill Monicher <[email protected]> > > Has anyone seen this before? > > When I do a search using Google or Yahoo, I'm presented with the usual > list of links matching the search terms. > > When I click on one, I am very briefly presented with a page with a > beige rectangle in the centre and an arrow. > The legends says "Skip this page" and "Your request is loading" > When it completes I am at www.search.pro, not the seach choice I wanted. > > I'm using Firefox. > AVG w/ all of the latest updates > > I looked in the usual places -- add-ons, extensions etc but to no avail. > The URL on the "redirect" page seems to change several time before it > shows the list of choices. > shopica.com is often there, tho I've seen others. > the URL of the destination is www.search.pro > > Has anyone seen this? > It appears new -- there is little on google about it, but then > searching on "search" or "pro" is hardly going to narrow the field > much. > > My surfing habits make this sort of thing very rare, so I've no idea > how I got it. It has only shown up over the past week or so. > > --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
