Tried those, failed. Pulled data and rebuilt. It was some nasty stuff. If she would have had to go to a tech and paid for it, it would have been ugly. :)
On Tue, Jul 21, 2009 at 12:20 PM, Gene Giannamore<gene.giannam...@abideinternational.com> wrote: > Sometimes, a tech cannot wipe (even though we always should be able to). > Because of that, we had to clean in 2 steps; > 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner > and 1 antivirus, plus manually checked the usual startup locations in the > registry > 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times > change, not sure which current ones can be installed in safe mode. > > Sometimes the bootcd cleaners will remove an infection that hooked into the > registry (win32 subsystem usually), and we would need to manually repair that > section of the registry (just use the clean computer to find the correct text > in the registry, or export and import). > Worst part was having to tell customer windows install completely broken, > even after a repair install. Some things cannot be fixed. We would do about > 10 computer cleanings a day, between 3 techs (only had 7 locations we could > work at). > > > > Gene Giannamore > Abide International Inc. > Technical Support > 561 1st Street West > Sonoma,Ca.95476 > (707) 935-1577 Office > (707) 935-9387 Fax > (707) 766-4185 Cell > gene.giannam...@abideinternational.com > www.abideinternational.com > > > > -----Original Message----- > From: Carl Houseman [mailto:c.house...@gmail.com] > Sent: Tuesday, July 21, 2009 9:48 AM > To: NT System Admin Issues > Subject: RE: Searches being hijacked to show results from "search.pro" > > Nuke and pave is the way to go if you want full confidence that your > personal info is secure. No cleaning tool is 100% guaranteed to get > everything, every time. > > Carl > > -----Original Message----- > From: Steven Peck [mailto:sep...@gmail.com] > Sent: Tuesday, July 21, 2009 12:35 PM > To: NT System Admin Issues > Subject: Re: Searches being hijacked to show results from "search.pro" > > Oh I wish I'd known about that link before I gave up and wiped a > laptop (good friend of wife, I didn't have plans of course I'd be > happy to help her out dear) Sunday. > > Nasty little piece of work would disable AV and lock me out of the > file system path. So I eventually just nuked the system and built it > properly, probably for the best. > > Steven > > On Tue, Jul 21, 2009 at 8:31 AM, Alex > Eckelberry<al...@sunbelt-software.com> wrote: >> Or run the free VIPRE tools: >> >> http://live.sunbeltsoftware.com/ >> Or >> http://www.vipreantivirus.com/ >> >> All free. >> >> >> >> Also check your host file to see if it's been modified as well as your > local >> DNS settings... >> >> >> >> Alex >> >> >> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] >> Sent: Tuesday, July 21, 2009 10:26 AM >> To: NT System Admin Issues >> Subject: RE: Searches being hijacked to show results from "search.pro" >> >> >> >> I would also recommend scanning with a copy of MalwareBytes from >> www.malwarebytes.com. It's a free anti-malware app that has found stuff > that >> our antivirus/anti-spyware app overlooked. >> >> >> From: James Rankin [mailto:kz2...@googlemail.com] >> Sent: Tuesday, July 21, 2009 10:03 AM >> To: NT System Admin Issues >> Subject: Re: Searches being hijacked to show results from "search.pro" >> >> >> >> Try HijackThis or similar. Looks like something has sneaked right under > your >> radar >> >> 2009/7/21 Bill Monicher <bmacd5...@gmail.com> >> >> Has anyone seen this before? >> >> When I do a search using Google or Yahoo, I'm presented with the usual >> list of links matching the search terms. >> >> When I click on one, I am very briefly presented with a page with a >> beige rectangle in the centre and an arrow. >> The legends says "Skip this page" and "Your request is loading" >> When it completes I am at www.search.pro, not the seach choice I wanted. >> >> I'm using Firefox. >> AVG w/ all of the latest updates >> >> I looked in the usual places -- add-ons, extensions etc but to no avail. >> The URL on the "redirect" page seems to change several time before it >> shows the list of choices. >> shopica.com is often there, tho I've seen others. >> the URL of the destination is www.search.pro >> >> Has anyone seen this? >> It appears new -- there is little on google about it, but then >> searching on "search" or "pro" is hardly going to narrow the field >> much. >> >> My surfing habits make this sort of thing very rare, so I've no idea >> how I got it. It has only shown up over the past week or so. >> >> --BM > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~