Autoruns. Terrible name, great utility.
live.sysinternals.com On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich <jaldr...@blueridgecarpet.com>wrote: > I wasn't even using SpyBot to "scan" so much as to see what, in registry, > etc was set to start. What do you recommend that's got the nice, easy to > use > interface listing what's set to start up automagically and allow you to > enable/disable with a simple click? That way you don't have to *delete* it, > just disable it from starting. > > > > From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] > Sent: Wednesday, December 15, 2010 2:34 PM > To: NT System Admin Issues > Subject: Re: System Tool 2011 malware > > I would recommend other tools for startup scanning. I mean this with all > sincerity, compared to other tools you can scan your system with, SBS&D is > a > waste of scanning time. Its not top of the food chain anymore. Also, > Tea-Timer (if utilized) is a major performance drag on your system, and its > not even a system service. Ultimately, the "security" you get from SBS&D > should not be trusted. > > I think that autoruns would be a better tool for startup inspection - Its > fast and well organized. A simple script can quickly open the hosts file > for you on any system. Scripts could also automate basic inspecting of the > hosts file contents being altered. > > -- > ME2 > > > > > On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich > <jaldr...@blueridgecarpet.com> wrote: > Well, SpyBot has a couple things going for it that the others don’t – the > ability to see what’s in the startup and the “hosts” file. Sure there are > other apps that’ll install a hosts file for you, but it’s really easy to do > with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* > show > up with MSCONFIG or simply looking at the "startup" folder in the start > menu. I could tell that something was auto-starting, but I couldn’t see > what > it was without loading up SpyBot. :-) > > I'll grant you that other things may do a better job of cleaning, but I > think it's still a useful tool. > > > > From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] > Sent: Wednesday, December 15, 2010 1:37 PM > To: NT System Admin Issues > Subject: Re: System Tool 2011 malware > SAFE MODE, SAFE MODE, SAFE MODE... > > Forget SBS&D, it sucks these days. Malwarebytes, ESET, and Kasperky. Use > those. You'll get *everything*. > > Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. > > -- > ME2 > > > > > On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens <stevey...@gmail.com> wrote: > Hey John > Are you asking how to fix it, or why Vipre didn't catch it? If you're > trying to fix it, then logon as the administrator (or something other > than what the infected profile) and then run the tools...full scans. > Steve > > On Tuesday, December 14, 2010, John Aldrich > <jaldr...@blueridgecarpet.com> wrote: > > I had a home user who called me to come work on his computer because it > > kept coming up with the "system tool 2011" malware (very similar to the > > fake antivirus malware.) > > The system is Windows XP Media Edition, and had Vipre Home installed. I > ran > > Vipre Rescue yesterday and it supposedly cleaned some of it up, but as > soon > > as the user rebooted into normal mode, it was back. Today, I went back > and > > ran MalwareBytes and SpyBot S&D. Neither apparently caught it, but > looking > > at the startup entries in SpyBot, I saw a random jumble of letters under > c: > > \documents and settings\all users\application data\ which, when I entered > > the directory in Windows Explorer, showed the icon for the System Tool > 2011 > > malware. > > Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I > > tried to submit a zip of it to the CW Sandbox, but got a response that it > > couldn't be analyzed... > > -- > > Thanks, > > John Aldrich > > Blueridge Industries > > IT Manager > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin