+*∞* On Wed, Dec 15, 2010 at 3:20 PM, Richard Stovall <rich...@gmail.com> wrote:
> Autoruns. > > Terrible name, great utility. > > live.sysinternals.com > > > On Wed, Dec 15, 2010 at 3:18 PM, John Aldrich < > jaldr...@blueridgecarpet.com> wrote: > >> I wasn't even using SpyBot to "scan" so much as to see what, in registry, >> etc was set to start. What do you recommend that's got the nice, easy to >> use >> interface listing what's set to start up automagically and allow you to >> enable/disable with a simple click? That way you don't have to *delete* >> it, >> just disable it from starting. >> >> >> >> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] >> Sent: Wednesday, December 15, 2010 2:34 PM >> To: NT System Admin Issues >> Subject: Re: System Tool 2011 malware >> >> I would recommend other tools for startup scanning. I mean this with all >> sincerity, compared to other tools you can scan your system with, SBS&D is >> a >> waste of scanning time. Its not top of the food chain anymore. Also, >> Tea-Timer (if utilized) is a major performance drag on your system, and >> its >> not even a system service. Ultimately, the "security" you get from SBS&D >> should not be trusted. >> >> I think that autoruns would be a better tool for startup inspection - Its >> fast and well organized. A simple script can quickly open the hosts file >> for you on any system. Scripts could also automate basic inspecting of the >> hosts file contents being altered. >> >> -- >> ME2 >> >> >> >> >> On Wed, Dec 15, 2010 at 11:21 AM, John Aldrich >> <jaldr...@blueridgecarpet.com> wrote: >> Well, SpyBot has a couple things going for it that the others don’t – the >> ability to see what’s in the startup and the “hosts” file. Sure there are >> other apps that’ll install a hosts file for you, but it’s really easy to >> do >> with SpyBot, plus it’s easy to see what’s in the startup that *doesn't* >> show >> up with MSCONFIG or simply looking at the "startup" folder in the start >> menu. I could tell that something was auto-starting, but I couldn’t see >> what >> it was without loading up SpyBot. :-) >> >> I'll grant you that other things may do a better job of cleaning, but I >> think it's still a useful tool. >> >> >> >> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] >> Sent: Wednesday, December 15, 2010 1:37 PM >> To: NT System Admin Issues >> Subject: Re: System Tool 2011 malware >> SAFE MODE, SAFE MODE, SAFE MODE... >> >> Forget SBS&D, it sucks these days. Malwarebytes, ESET, and Kasperky. Use >> those. You'll get *everything*. >> >> Use Live CD's if at all possible. But, if you do, be aware of NTFS perms. >> >> -- >> ME2 >> >> >> >> >> On Tue, Dec 14, 2010 at 7:47 PM, Steve Ens <stevey...@gmail.com> wrote: >> Hey John >> Are you asking how to fix it, or why Vipre didn't catch it? If you're >> trying to fix it, then logon as the administrator (or something other >> than what the infected profile) and then run the tools...full scans. >> Steve >> >> On Tuesday, December 14, 2010, John Aldrich >> <jaldr...@blueridgecarpet.com> wrote: >> > I had a home user who called me to come work on his computer because it >> > kept coming up with the "system tool 2011" malware (very similar to the >> > fake antivirus malware.) >> > The system is Windows XP Media Edition, and had Vipre Home installed. I >> ran >> > Vipre Rescue yesterday and it supposedly cleaned some of it up, but as >> soon >> > as the user rebooted into normal mode, it was back. Today, I went back >> and >> > ran MalwareBytes and SpyBot S&D. Neither apparently caught it, but >> looking >> > at the startup entries in SpyBot, I saw a random jumble of letters under >> c: >> > \documents and settings\all users\application data\ which, when I >> entered >> > the directory in Windows Explorer, showed the icon for the System Tool >> 2011 >> > malware. >> > Anyone got any clue why Vipre Rescue and Vipre Home didn't catch it? I >> > tried to submit a zip of it to the CW Sandbox, but got a response that >> it >> > couldn't be analyzed... >> > -- >> > Thanks, >> > John Aldrich >> > Blueridge Industries >> > IT Manager >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > --- >> > To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> > or send an email to listmana...@lyris.sunbeltsoftware.com >> > with the body: unsubscribe ntsysadmin >> > >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin