You know, I wanted to go back to this. Tonight I spent about 4 hours dicking with a box before saying "eh, screw it". Outside of the normal spyware (some 1,434 objects in Ad-Aware SE from safe mode) and some 32 VIRII (mostly pop-up java-downloader Trojan crap) it just dawned on me: this is bullocks. Even if I did clean the box up completely (which seemed like a waste) there was nothing there of any merit that would warrant doing it.
So my advice: formatting, etc. isn't a cop-out. It's a viable option. Hell, starting with a fresh format, all the hotfixes first, etc. etc. is a better position then you can be in if you do manage to "clean everything up". CW -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hayes Elkins Sent: Tuesday, May 10, 2005 10:51 AM To: [email protected] Subject: Re: [H] Spyware Woes I've never met a system infected that could not be fixed. CWS slaying has been my specialty. Eliminating it has gone from over 4 hours (my own first infection) to a matter of minutes. Reformatting is always a cop out. >From: joeuser <[EMAIL PROTECTED]> >Reply-To: The Hardware List <[email protected]> >To: The Hardware List <[email protected]> >Subject: Re: [H] Spyware Woes >Date: Tue, 10 May 2005 07:24:56 -0500 > >A lot of professionals agree on this point - it can help answer a lot of >questions also - when you format nothing is left to chance... I agree with >you also though and I have not "let the terrorists win" often but sometimes >it is the best solution and one that makes me certain the terrorists don't >Pwn the system. > >Hayes Elkins wrote: > > >>Rubbish!!! Never seen a reason to ever reformat because of a nuisance. >>That's "letting the terrorists win" :) >> >>I would try about:buster as this very well could be a CoolWebSearch >>variant. The CWS affiliate authors are absolutely the most ruthless and >>cunning of all spyware programmers and are always two steps ahead of the >>AV/AS game. Check to see if there is a dynamically named service or >>startup file being referenced as well. > > >-- >Cheers, >joeuser (still looking for the 'any' key)
