Or just create a shortcut to %windir%\system32\drives\etc\hosts, and save it with your anti-malware toolkit files.
Sincerely, Jeffrey and Mary Jane Harris VIPCS _____ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 2:34 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware I would recommend other tools for startup scanning. I mean this with all sincerity, compared to other tools you can scan your system with, SBS&D is a waste of scanning time. Its not top of the food chain anymore. Also, Tea-Timer (if utilized) is a major performance drag on your system, and its not even a system service. Ultimately, the "security" you get from SBS&D should not be trusted. I think that autoruns would be a better tool for startup inspection - Its fast and well organized. A simple script can quickly open the hosts file for you on any system. Scripts could also automate basic inspecting of the hosts file contents being altered. -- ME2 On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich <jaldr...@blueridgecarpet.com> wrote: Well, SpyBot has a couple things going for it that the others don't - the ability to see what's in the startup and the "hosts" file. Sure there are other apps that'll install a hosts file for you, but it's really easy to do with SpyBot, plus it's easy to see what's in the startup that *doesn't* show up with MSCONFIG or simply looking at the "startup" folder in the start menu. I could tell that something was auto-starting, but I couldn't see what it was without loading up SpyBot. :-) I'll grant you that other things may do a better job of cleaning, but I think it's still a useful tool. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 15, 2010 1:37 PM To: NT System Admin Issues Subject: Re: System Tool 2011 malware SAFE MODE, SAFE MODE, SAFE MODE... Forget SBS&D, it sucks these days. Malwarebytes, ESET, and Kasperky. Use those. You'll get *everything*. Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. -- ME2 On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens <stevey...@gmail.com> wrote: Hey John Are you asking how to fix it, or why Vipre didn't catch it? If you're trying to fix it, then logon as the administrator (or something other than what the infected profile) and then run the tools...full scans. Steve On Tuesday, December 14, 2010, John Aldrich <jaldr...@blueridgecarpet.com> wrote: > I had a home user who called me to come work on his computer because it > kept coming up with the "system tool 2011" malware (very similar to the > fake antivirus malware.) > The system is Windows XP Media Edition, and had Vipre Home installed. I ran > Vipre Rescue yesterday and it supposedly cleaned some of it up, but as soon > as the user rebooted into normal mode, it was back. Today, I went back and > ran MalwareBytes and SpyBot S&D. Neither apparently caught it, but looking > at the startup entries in SpyBot, I saw a random jumble of letters under c: > \documents and settings\all users\application data\ which, when I entered > the directory in Windows Explorer, showed the icon for the System Tool 2011 > malware. > Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I > tried to submit a zip of it to the CW Sandbox, but got a response that it > couldn't be analyzed... > -- > Thanks, > John Aldrich > Blueridge Industries > IT Manager > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin