[H] Google Desktop warning
http://www.theregister.co.uk/2006/02/10/google_desktop_privacy_kerfuffle/ I'm pretty sure someone on the list mentioned that Google Desktop was a privacy danger. Now we know it. T
RE: [H] Google Desktop warning
Don't be evil * * unless a well paying communist country mandates it. From: Thane Sherrington (S) [EMAIL PROTECTED] Reply-To: The Hardware List hardware@hardwaregroup.com To: hardware@hardwaregroup.com Subject: [H] Google Desktop warning Date: Fri, 10 Feb 2006 12:56:43 -0400 http://www.theregister.co.uk/2006/02/10/google_desktop_privacy_kerfuffle/ I'm pretty sure someone on the list mentioned that Google Desktop was a privacy danger. Now we know it. T
RE: [H] Google Desktop warning
At 01:28 PM 10/02/2006, Hayes Elkins wrote: Don't be evil * * unless a well paying communist country mandates it. LOL! Actually, I think it's Don't Be *Really* Evil. T
[H] Suggested tools for helping a friend with bad virus infestation
A co-worker friend of my wife asked if I would be willing to look at their PC. Appearantly they have a bad virus infestation on their PC and have not been using an anti-virus program. They have spoke to tech support at Gateway and were told that they may be best off backing up their data and reformating. I have not seen the PC yet so I don't know how bad it is. I have never had to deal with a PC that has a virus and has NO anti-virus at all. I am looking for suggestions of what software tools I should bring with me when I go look at the PC. I have a bootable Norton Anti-virus disc and can let it scan the PC and try to clean it up. Is there something better that I should use? If I do have to reformat and re-install the OS, what is the best way to backup the data and not re-infect the PC when the data is restored?
Re: [H] Suggested tools for helping a friend with bad virus infestation
On Fri, 10 Feb 2006, Jerry Jones wrote: A co-worker friend of my wife asked if I would be willing to look at their PC. Appearantly they have a bad virus infestation on their PC and have not been using an anti-virus program. They have spoke to tech support at Gateway and were told that they may be best off backing up their data and reformating. I have not seen the PC yet so I don't know how bad it is. I have never had to deal with a PC that has a virus and has NO anti-virus at all. I am looking for suggestions of what software tools I should bring with me when I go look at the PC. I have a bootable Norton Anti-virus disc and can let it scan the PC and try to clean it up. Is there something better that I should use? If I do have to reformat and re-install the OS, what is the best way to backup the data and not re-infect the PC when the data is restored? From a time/value perspective, if you can get them to agree to a reformat that is generally what I prefer to do. Backup their data (Now they have a known good backup) and reinstall windows. This gives you the advantage of installing the latest bios/drivers/updates, etc while not worrying about remnants of virus infections from installations past. The amount of time you will spend cleaning the system, rebooting, etc rarely justifies doing the cleaning on a system you can just format and restore data to instead. Just make sure you backup all the data they could need. That said, if you really want to attempt to clean as opposed to formatting, you can get yourself a Bart disk and boot from that and run your antivirus, or take the drive out and put it into a USB2/Firewire and scan it from a known good machine. Christopher Fisk -- `That young girl is one of the least benightedly unintelligent organic life forms it has been my profound lack of pleasure not to be able to avoid meeting.' - Marvin's first ever compliment about anybody.
RE: [H] Google Desktop warning
At 02:30 PM 10/02/2006, Hayes Elkins wrote: That statement would still need an asterisk :) Heh heh. True. T
RE: [H] Google Desktop warning
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 8:57 AM To: hardware@hardwaregroup.com Subject: [H] Google Desktop warning http://www.theregister.co.uk/2006/02/10/google_desktop_privacy_kerfuffle/ I'm pretty sure someone on the list mentioned that Google Desktop was a privacy danger. Now we know it. T Absolutely. Forget about Google. Use Scroogle or Clusty. http://www.scroogle.org No cookies, no search-term records, access log deleted after 7 days. http://www.scroogle.org/gscrape.html Bill
[H] IP cameras
Has anyone ever connected one of these IP cameras to the net? I understand they need a dedicated IP address. If I want to connect two, can I connect them through a router, or do I have to buy two IPs from the ISP and connect them via a switch? T
Re: [H] Suggested tools for helping a friend with bad virus infestation
At 02:44 PM 10/02/2006, Jerry Jones wrote: A co-worker friend of my wife asked if I would be willing to look at their PC. Appearantly they have a bad virus infestation on their PC and have not been using an anti-virus program. They have spoke to tech support at Gateway and were told that they may be best off backing up their data and reformating. I have not seen the PC yet so I don't know how bad it is. I have never had to deal with a PC that has a virus and has NO anti-virus at all. Those are the most fun. :) I am looking for suggestions of what software tools I should bring with me when I go look at the PC. I have a bootable Norton Anti-virus disc and can let it scan the PC and try to clean it up. Is there something better that I should use? If I do have to reformat and re-install the OS, what is the best way to backup the data and not re-infect the PC when the data is restored? It would be best to scan the computer without booting the OS, as the OS is compromised and may allow proper removal. At worst, scan from Safe Mode. Better would be to move the hard drive to a known clean computer and scan with it's AV. Or you could use a BartPE CD. T
Re: [H] Suggested tools for helping a friend with bad virus infestation
I'd also second the backup reinstall, nothing else is 100% in this day age of things that cloak themselves and not-as-yet detected exploits/malware. In addition I would suggest they rotate all passwords used anywhere and consider monitoring their credit reports if they've done any online transactions. As to what to backup, everything. What to restore, non-programs (doc, pdf, txt, etc...) then carefully go through them with a up to date AV (online) scanner(s). If they are with an ISP offering name brand AV for free, install it if reputable otherwise buy one. Christopher Fisk wrote: On Fri, 10 Feb 2006, Jerry Jones wrote: I am looking for suggestions of what software tools I should bring with me when I go look at the PC. I have a bootable Norton Anti-virus disc and can let it scan the PC and try to clean it up. Is there something better that I should use? If I do have to reformat and re-install the OS, what is the best way to backup the data and not re-infect the PC when the data is restored? From a time/value perspective, if you can get them to agree to a reformat that is generally what I prefer to do. Backup their data (Now they have a known good backup) and reinstall windows. This gives you the advantage of installing the latest bios/drivers/updates, etc while not worrying about remnants of virus infections from installations past. The amount of time you will spend cleaning the system, rebooting, etc rarely justifies doing the cleaning on a system you can just format and restore data to instead. Just make sure you backup all the data they could need. That said, if you really want to attempt to clean as opposed to formatting, you can get yourself a Bart disk and boot from that and run your antivirus, or take the drive out and put it into a USB2/Firewire and scan it from a known good machine.
RE: [H] Suggested tools for helping a friend with bad virus infestation
At 03:20 PM 10/02/2006, Mesdaq, Ali wrote: Honestly just reformat. If you were to try to clean it you would need to be versed in rootkit detection and other kernel level skills to even be remotely able to clean out a partially sophisticated virus. Its just totally not worth it then you never have the peace of mind you got rid of all of them. Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. T
RE: [H] Google Desktop warning
At 03:19 PM 10/02/2006, Bill wrote: Absolutely. Forget about Google. Use Scroogle or Clusty. http://www.scroogle.org Very cool. I never heard of these before. T
Re: [H] IP cameras
On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: Has anyone ever connected one of these IP cameras to the net? I understand they need a dedicated IP address. If I want to connect two, can I connect them through a router, or do I have to buy two IPs from the ISP and connect them via a switch? This really depends. Generally the IP based cameras have a build in web interface, so connecting with a router and port forwarding would work fine. Forward port 8080 to cameraA:80 and port 8081 to cameraB:80 and that is how you access. I've recently setup a couple of webcams for the local Ski resort, one at the top of the mountain and one at the bottom. We've given them private addresses and just uploaded the pictures so the camera's aren't available directly on the internet, but if you want them on the internet without any extra IP addresses you can just do port forwarding with a router that supports port forwarding. Christopher Fisk -- Peter Griffin: Nothing else has worked this far / So I wish upon a star / Wonderous shining speck of light / I need a Jew / Lois makes me take the rap / Cause our checkbook looks like crap / Since I can't give her a slap / I need a Jew / Where to find / A Baum or Steen or Stein / To teach me how to whine and do my taxesss... / Though by many they're abhored / Hebrew people I've adored / Even though they killed my Lord / I need a Jew
RE: [H] Suggested tools for helping a friend with bad virusinfestation
Well part of my job duties is to collect and research malware. I would always highly recommend to reinstall. When a virus is installed on your system and its ran as administrator you have just as much control over your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in these cases yes its possible to clean your system but is it worth the several days of research you need to do before your totally sure its removed? I would say no to most people but if your in the field or you're a researcher like Mark Russonovich from sysinternals then yes its worth it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 11:46 AM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation At 03:20 PM 10/02/2006, Mesdaq, Ali wrote: Honestly just reformat. If you were to try to clean it you would need to be versed in rootkit detection and other kernel level skills to even be remotely able to clean out a partially sophisticated virus. Its just totally not worth it then you never have the peace of mind you got rid of all of them. Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. T
Re: [H] IP cameras
At 03:41 PM 10/02/2006, Christopher Fisk wrote: This really depends. Generally the IP based cameras have a build in web interface, so connecting with a router and port forwarding would work fine. Forward port 8080 to cameraA:80 and port 8081 to cameraB:80 and that is how you access. Ok, thanks. I'll try that. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
It takes more time, but because I see sport in this I NEVER, EVER format and reinstall in any situation like this. I have never been defeated, ever, either :) It's a new learning experience each time and the best way to keep up with filthware and their removal procedures. From: Thane Sherrington (S) [EMAIL PROTECTED] Reply-To: The Hardware List hardware@hardwaregroup.com To: The Hardware List hardware@hardwaregroup.com Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation Date: Fri, 10 Feb 2006 15:46:19 -0400 At 03:20 PM 10/02/2006, Mesdaq, Ali wrote: Honestly just reformat. If you were to try to clean it you would need to be versed in rootkit detection and other kernel level skills to even be remotely able to clean out a partially sophisticated virus. Its just totally not worth it then you never have the peace of mind you got rid of all of them. Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
RE: [H] Suggested tools for helping a friend with bad virus infestation
On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. I gave the suggestion on how to do it without the reinstall, I'm just saying from the standpoint of someone who does this for family: You're going to run into something that you have to research, that research time takes away from time that could be spent socializing/hanging out. In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. Christopher Fisk -- Hmmm, look at those eyes. He's trying to hypnotize me, but not in the good Las Vegas way. -- Homer Simpson, Mountain of Madness
RE: [H] Suggested tools for helping a friend with bad virusinfestation
On Fri, 10 Feb 2006, Hayes Elkins wrote: It takes more time, but because I see sport in this I NEVER, EVER format and reinstall in any situation like this. I have never been defeated, ever, either :) It's a new learning experience each time and the best way to keep up with filthware and their removal procedures. Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? You may think it's giving up, I think it's smart business. Christopher Fisk -- I can't remember any specific books. George W. Bush, August 26, 1999 The candidate's answer when asked by an elementary school student to name his favorite book as a child. Reported by the Associated Press.
Re: [H] Suggested tools for helping a friend with bad virus infestation
This is not surrender, it's the current state of things. Why go through a process that you can't guaranty? At least if you backup everything, reformat/reinstall then restore only what is assumed to be data you're narrowing down the field quite a bit and also removing the potential for a cloaked active or unknown virus. If viruses can hide in apparent data files then using your method there is even more untrusted files to scan miss plus the potential for active infection cloaking itself. One way is now a hit-or-miss hack job, the other the proper solution. It's not a academic exercise, it's a job, there is no reason to spend time and still not be certain you've done the job right. Thane Sherrington (S) wrote: At 03:20 PM 10/02/2006, Mesdaq, Ali wrote: Honestly just reformat. If you were to try to clean it you would need to be versed in rootkit detection and other kernel level skills to even be remotely able to clean out a partially sophisticated virus. Its just totally not worth it then you never have the peace of mind you got rid of all of them. Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
Overconfidence will be your Achilles heel T, mark my words. Thane Sherrington (S) wrote: At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
RE: [H] Suggested tools for helping a friend with bad virus infestation
At 04:00 PM 10/02/2006, Christopher Fisk wrote: In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. But if you agree that the removal route isn't safe, then how can you guarantee the data? T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 03:56 PM 10/02/2006, Hayes Elkins wrote: It takes more time, but because I see sport in this I NEVER, EVER format and reinstall in any situation like this. I have never been defeated, ever, either :) It's a new learning experience each time and the best way to keep up with filthware and their removal procedures. I'm glad there are some who refuse to bow down to those who prey on computer users. T
RE: [H] Suggested tools for helping a friend with bad virus infestation
On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:00 PM 10/02/2006, Christopher Fisk wrote: In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. But if you agree that the removal route isn't safe, then how can you guarantee the data? Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Christopher Fisk -- Pop a Poppler in your mouth When you come to Fishy Joe's What they're made of is a mystery Where they come from no one knows You can pick 'em you can lick 'em you can chew 'em you can stick 'em If you promise not to sue us you can shove one up your nose.
Re: [H] Suggested tools for helping a friend with bad virus infestation
You have better odds on cleaning the data files then you do cleaning an entire system. Data alone, unaccessed by the programs that facilitate virus delivery makes he data easier to clean. If you can't see that, time to step back and see the forest through the trees. This is not about making statement by not giving up and not bowing down to some malware assholes will, it's about getting the job done right. Thane Sherrington (S) wrote: At 04:00 PM 10/02/2006, Christopher Fisk wrote: In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. But if you agree that the removal route isn't safe, then how can you guarantee the data? T
Re: [H] Suggested tools for helping a friend with bad virus infestation
At 04:07 PM 10/02/2006, warpmedia wrote: One way is now a hit-or-miss hack job, the other the proper solution. It's not a academic exercise, it's a job, there is no reason to spend time and still not be certain you've done the job right. I am doing the job right. Just because you can't get the time down to a reasonable level to clean a system doesn't mean it's impossible. It just means you haven't figured it out yet. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
At 04:10 PM 10/02/2006, warpmedia wrote: Overconfidence will be your Achilles heel T, mark my words. It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the friends/brother in laws and teenagers handle virus repair. And it ain't overconfidence when you do a thorough job. T
Re: [H] Suggested tools for helping a friend with bad virus infestation
You've got half of the answer. But even if it had a payload, having not been opened with the exploitable program or delivered through a series steps would mean it's payload is not executed and MAY be detectable. In some cases the simple act of how the file 1st delivered to the PC is the starting domino and that goes away when remove the resulting infection by reformatting, restore only the data scan it. Remember people it's not just the payloads that are an issue here, it's the chain of events from delivery to infection. That chain can be broken making opening the file the only way to restart the chain of events. Christopher Fisk wrote: On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:00 PM 10/02/2006, Christopher Fisk wrote: In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. But if you agree that the removal route isn't safe, then how can you guarantee the data? Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Christopher Fisk
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 04:04 PM 10/02/2006, Christopher Fisk wrote: Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. T
Re: [H] Suggested tools for helping a friend with bad virus infestation
At 04:30 PM 10/02/2006, warpmedia wrote: This is not about making statement by not giving up and not bowing down to some malware assholes will, it's about getting the job done right. I am doing the job right. I'm glad that you find reinstallation the best route, but it's not the only route, and I find it isn't the best. If the machine is clean at the end, and the customer has a functional Windows and programs and all their data, it doesn't matter which route you take. I just hate the idea of reinstalling all those apps, creating all the users, and making sure the data is in the right place. T
RE: [H] Suggested tools for helping a friend with bad virus infestation
At 04:27 PM 10/02/2006, Christopher Fisk wrote: Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? What about Word Macros, WMF infections, movie files with embedded code, etc? T
[H] The Great Reformating Debate of '06
I apologize if I insulted anyone when I said people were surrendering by reformatting. I went back and read my emails, and I realize they were offensive to those who use the reformatting route, and I'm sorry. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
- Original Message - From: Christopher Fisk [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:27 PM Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Now with external hard drives handy here is how I do it. I back up the data to my external hard drive. I then hook my external hard drive to my shop computer and scan the data for viruses while I am installing Windows on the freshly formatted hard drive on my customer's computer. Then when I copy the data back, I know it is clean. As far as I am concerned, doing major repairs on Windows went out the door along with the solder gun that was used to repair circuit boards. Even in million dollar electronic machines, it is more preferred to spend ten thousand dollars on a new circuit board than to have somebody use a solder iron on trying to fix a circuit board. Chuck
Re: [H] Suggested tools for helping a friend with bad virusinfestation
- Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:47 PM Subject: Re: [H] Suggested tools for helping a friend with bad virusinfestation It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the True, the guy down the street who knows all about computers can reinstall Windows. Not only do I do a clean install, (I have the media and I do not run the name brand restore process) I install the proper drivers, also. Then I do the full update along with many tweaks. Overall the job takes about 4 hours when you figure in intake time etc. and the time it takes to do the job right. The many tweaks I keep as my secret. Chuck
Re: [H] Suggested tools for helping a friend with bad virus infestation
warpmedia wrote: This is not surrender, it's the current state of things. Why go through a process that you can't guaranty? At least if you backup everything, reformat/reinstall then restore only what is assumed to be data you're narrowing down the field quite a bit and also removing the potential for a cloaked active or unknown virus. If viruses can hide in apparent data files then using your method there is even more untrusted files to scan miss plus the potential for active infection cloaking itself. One way is now a hit-or-miss hack job, the other the proper solution. It's not a academic exercise, it's a job, there is no reason to spend time and still not be certain you've done the job right. Aren't you liable to carry the virus with you into the backup? Sam
Re: [H] Suggested tools for helping a friend with bad virusinfestation
- Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:48 PM Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. I wonder how many will agree that after a year or two a format and reinstall job is needed anyway to get rid of the crud. In most situations that crud is the name brand install process. I do a clean install. I know it runs far better after I finish than it did when it came out of the box. That makes the format job worthwhile. I wish somebody would benchmark my work. Take any computer out of its box and benchmark it. Let me to my thing and then benchmark it again. It will yield far better results. Chuck
Re: [H] Suggested tools for helping a friend with badvirus infestation
- Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:49 PM Subject: Re: [H] Suggested tools for helping a friend with badvirus infestation which route you take. I just hate the idea of reinstalling all those apps, creating all the users, and making sure the data is in the right place. I consider reinstalling apps and creating users the customer's responsibility. I guarantee you that Dell did not create any users. This is a personal thing, so only the users know what they want. They did it the first time. Let them do it again. Over half of the junk the name brand manufacturer installed is junk anyway. Who says that? My customers! Chuck
Re: [H] The Great Reformating Debate of '06
- Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: hardware@hardwaregroup.com Sent: Friday, February 10, 2006 4:01 PM Subject: [H] The Great Reformating Debate of '06 I apologize if I insulted anyone when I said people were surrendering by reformatting. I went back and read my emails, and I realize they were offensive to those who use the reformatting route, and I'm sorry. We do not apologize for our method of doctoring, so why should you have to apologize for speaking your opinion? You have to face your customers and we have to face ours. If you were to miss you would have to correct things or blame it on something your customer did after they got their computer back. I took what you said in good humor, not flame. I consider what happens to me on this list light in comparison to how my methods have been slammed openly and in personal letters on another list. I am still here, doing my thing and have not did the redneck Hatfields and McCoy thing and came after anybody. I realize I am on the sidelines in this and the statements were aimed at the other fellow, not me. Many of us wish that our decision to format and reinstall was an option. Not all of us know how to do those detailed repairs like you do. Chuck
Re: [H] Suggested tools for helping a friend with bad virus infestation
No it means you are assuming because you find nothing more no one has complained yet. Kind of like an AIDS test, just because it's negative doesn't mean a whole lot since it tests for the presence of something. Granted that applied both surgical cleaning and data only cleanings, but data only is less risky. Honestly speaking neither method is the true solution. The true solution is to dump everything including data for fear of unknown infections but that's just not acceptable since most people don't have one much less many backups. Along the same lines, no web server that's been exploited can be trusted until wiped, reinstalled and data restored from backups made before the exploit. Difference is they tend to have the backups and are not trying to pick though an infected store of data. The worst way to do this is trying to disinfected the whole system. You gonna do what you want to do, but it is certainly more risky than the other two options. Thane Sherrington (S) wrote: At 04:07 PM 10/02/2006, warpmedia wrote: One way is now a hit-or-miss hack job, the other the proper solution. It's not a academic exercise, it's a job, there is no reason to spend time and still not be certain you've done the job right. I am doing the job right. Just because you can't get the time down to a reasonable level to clean a system doesn't mean it's impossible. It just means you haven't figured it out yet. T
Re: [H] Suggested tools for helping a friend with bad virus infestation
I've not said it's the only, just that it's better. You can't be SURE it's clean since the executables have been surgically fixed, period. I'm not trying to be an ass T, it's just that you have no way of BEING SURE so limiting what you need to disinfect IS the better way because you are assuming on a smaller base of files. It's seems that the reinstallers are arguing from a less risk posture and you are arguing from your ego. Thane Sherrington (S) wrote: At 04:30 PM 10/02/2006, warpmedia wrote: This is not about making statement by not giving up and not bowing down to some malware assholes will, it's about getting the job done right. I am doing the job right. I'm glad that you find reinstallation the best route, but it's not the only route, and I find it isn't the best. If the machine is clean at the end, and the customer has a functional Windows and programs and all their data, it doesn't matter which route you take. I just hate the idea of reinstalling all those apps, creating all the users, and making sure the data is in the right place. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
I have had several that wound up being a reinstall after many hours of *trying* to fix. The key is to have the wisdom to know the difference, sometimes I am just stubborn. fp At 02:12 PM 2/10/2006, [EMAIL PROTECTED] Poked the stick with: - Original Message - From: Christopher Fisk [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:27 PM Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Now with external hard drives handy here is how I do it. I back up the data to my external hard drive. I then hook my external hard drive to my shop computer and scan the data for viruses while I am installing Windows on the freshly formatted hard drive on my customer's computer. Then when I copy the data back, I know it is clean. As far as I am concerned, doing major repairs on Windows went out the door along with the solder gun that was used to repair circuit boards. Even in million dollar electronic machines, it is more preferred to spend ten thousand dollars on a new circuit board than to have somebody use a solder iron on trying to fix a circuit board. Chuck -- Tallyho ! ]:8) Taglines below ! -- Why don't dogs get boogers ?
Re: [H] Suggested tools for helping a friend with bad virus infestation
Yes, but if you are restoring only the data files it's not the same as doing a full restore with the executables nor is it like how the infected file got there in the 1st place. I've just posted the statement that only wiping everything including data and starting from scratch is known clean but the worse of 3 methods. Look at it this way: 1. IE is exploited to both drop execute an infected file on your system. 2. If you only restore the file on a clean system, it would stay inert until you executed it yourself. 3. If you scanned the file now unfettered by it's payload actions, you have a better chance of detecting cleaning it. Like I said a few posts back, it's the chain of events before the file more than user clicked on the file causing infections these days. Sam Franc wrote: warpmedia wrote: This is not surrender, it's the current state of things. Why go through a process that you can't guaranty? At least if you backup everything, reformat/reinstall then restore only what is assumed to be data you're narrowing down the field quite a bit and also removing the potential for a cloaked active or unknown virus. If viruses can hide in apparent data files then using your method there is even more untrusted files to scan miss plus the potential for active infection cloaking itself. One way is now a hit-or-miss hack job, the other the proper solution. It's not a academic exercise, it's a job, there is no reason to spend time and still not be certain you've done the job right. Aren't you liable to carry the virus with you into the backup? Sam
Re: [H] The Great Reformating Debate of '06
Hey, I am not offended, nor trying to be offensive esp when it comes to the guys I respect look to when I need info! That said this argument comes down to a delicate balance of convenience, security, and skill tempered by the type and detectability of infection. We've been arguing in black and white which is not getting us anywhere. Someone gets a simple malware infection that shows up, ok clean it. They get a rootkit or 2, maybe some other crap, time to wipe it and limit what can be a source of re-infection IMHO. Beyond that comfort level nuke it all because there is no absolute certainty just confidence in skill. Thane Sherrington (S) wrote: I apologize if I insulted anyone when I said people were surrendering by reformatting. I went back and read my emails, and I realize they were offensive to those who use the reformatting route, and I'm sorry. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
oh, and just a note, not everyone can install configure windows properly! =) Thane Sherrington (S) wrote: At 04:10 PM 10/02/2006, warpmedia wrote: Overconfidence will be your Achilles heel T, mark my words. It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the friends/brother in laws and teenagers handle virus repair. And it ain't overconfidence when you do a thorough job. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
Reinstalls are cake and take less time if you use unattended installs. I have a default universal XP DVD (with SP2 and all updates from microsoftupdate already integrated) that I can install from boot DVD or push off the network that is completely unattended from partitioning, key coding, domain joining, desktop settings - AND will install office 2k3 plus tons of other applications/settings and has practically every current driver for almost all current hardware. Thanks to the community at msfn.org I no longer have any need for expensive imaging software. Symantec can kiss my sweet ass with their ghost licensing fees. The unattended install is much better because it is NOT an image and will install on different hardware. For more info on how to do this shit all for FREE and ditch ghost/builder/drive image check out these links: http://unattended.msfn.org/unattended.xp/ - Main guide http://www.ryanvm.net/msfn/ - guy who makes an up-to-date update pack to integrate in a windows XP SP2 installation image, plus pre-made switchless installers of many popular applications that will install via the RunOnceEx.cmd of your Windows XP CD http://www.ryanvm.net/forum/viewtopic.php?t=67 - guide to make your own switchless installer executable of practically any application http://www.driverpacks.net/ - guy who makes driver packs for almost all current hardware and a program to easily integrate these drivers into your XP install CD. Updated constantly with the latest drivers. That all being said - I still prefer removal of filthware rather than reformatting and enjoy learning more about these critters. I work in a corporate environment where I do not encounter critters hardly ever (due to default users inability to do any damage) as opposed to those of you who mainly work on home-user pc's - so when the opportunity arises I don't mind taking a couple of hours to work on an infected PC. I'd like to put all the hours of reading I do a week on new threats to good use. From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED],The Hardware List hardware@hardwaregroup.com To: The Hardware List hardware@hardwaregroup.com Subject: Re: [H] Suggested tools for helping a friend with bad virusinfestation Date: Fri, 10 Feb 2006 16:15:55 -0500 - Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:47 PM Subject: Re: [H] Suggested tools for helping a friend with bad virusinfestation It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the True, the guy down the street who knows all about computers can reinstall Windows. Not only do I do a clean install, (I have the media and I do not run the name brand restore process) I install the proper drivers, also. Then I do the full update along with many tweaks. Overall the job takes about 4 hours when you figure in intake time etc. and the time it takes to do the job right. The many tweaks I keep as my secret. Chuck
RE: [H] Suggested tools for helping a friend with bad virusinfestation
On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:04 PM 10/02/2006, Christopher Fisk wrote: Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. So you answered #2, how about #1? =) And you sidestepped, we already assumed that you were doing the data and software reinstalls... Christopher Fisk -- BOFH Excuse #166: /pub/lunch
RE: [H] Suggested tools for helping a friend with bad virus infestation
On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:27 PM 10/02/2006, Christopher Fisk wrote: Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? What about Word Macros, WMF infections, movie files with embedded code, etc? See many word macro's that couldn't be cleaned from a removable device that could from the machine the macro infected? We're not blindly putting the data back onto the system, we're scanning that, but not worrying about the integrety of the OS because it is known good. Christopher Fisk -- The fundamental question is: 'Will I be a successful president when it comes to foreign policy?' I will be, but until I'm the president, it's going to be hard for me to verify that I think I'll be more effective. George W. Bush, June 27, 2000 Comment made in Wayne, Michigan during the presidential campaign.
RE: [H] Suggested tools for helping a friend with bad virusinfestation
Real rootkits are not as easy as you think. There are basic ones that are user land and those are just hooks into certain dll's and do some basic injecting. Good kernel level rootkits can undo anything you try to do. I mean you need to be pretty well versed in things like softice to really really know if you got rid of all the kernel level rootkits. Just using a software and scanning isn't very proper. How do you know you removed it? Because a software tool told you there isn't one installed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 12:04 PM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
You are aware of the exploit on the GDI libraries right? Data files and what seems like datafiles are extremely common vectors of attack now. And please tell me your joking about virus scanning software actually being your testcase for success. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Fisk Sent: Friday, February 10, 2006 12:28 PM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:00 PM 10/02/2006, Christopher Fisk wrote: In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. But if you agree that the removal route isn't safe, then how can you guarantee the data? Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Christopher Fisk -- Pop a Poppler in your mouth When you come to Fishy Joe's What they're made of is a mystery Where they come from no one knows You can pick 'em you can lick 'em you can chew 'em you can stick 'em If you promise not to sue us you can shove one up your nose.
RE: [H] Suggested tools for helping a friend with badvirus infestation
I can guarantee that a infected system is unclean-able by you! Not to question your intelligence but I think you question the malware authors intelligence. I have setup honeypots as a matter of fact I operate several for my company and within 1 minute a system is so infected with unknown malware you would be astonished. And don't think I am just checking malware against one or two AV companies. Go to www.virustotal.com and see all the vendors. I collect malware that is not recognized by any of all those vendors and I have to reverse engineer it just to know that it does. That whole nothing can stop me attitude I don't buy it and I don't respect it in this context. If the issue is a system crash or a bug in configuration that's where the never quite attitude is good. But in a case where you could possibly not clean out a system and leave a password stealing Trojan on a system the payoff is not very much when the alternative is a reformat and 100% safe system. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 12:46 PM To: The Hardware List Subject: Re: [H] Suggested tools for helping a friend with badvirus infestation At 04:07 PM 10/02/2006, warpmedia wrote: One way is now a hit-or-miss hack job, the other the proper solution. It's not a academic exercise, it's a job, there is no reason to spend time and still not be certain you've done the job right. I am doing the job right. Just because you can't get the time down to a reasonable level to clean a system doesn't mean it's impossible. It just means you haven't figured it out yet. T
Re: [H] Suggested tools for helping a friend with bad virus infestation
At 03:49 PM 2/10/2006, Thane Sherrington (S) typed: I am doing the job right. I'm glad that you find reinstallation the best route, but it's not the only route, and I find it isn't the best. If the machine is clean at the end, and the customer has a functional Windows and programs and all their data, it doesn't matter which route you take. I just hate the idea of reinstalling all those apps, creating all the users, and making sure the data is in the right place. In the past 10yrs I've had only 2 machines that I couldn't clean well enough those were machines that lived in the prOn zone. I did re-installs on them at no charge. When I know that they are prOn machines I don't mind socking it to them in the wallet for the cleanup because usually it means that it's going to take a while. --+-- Wayne D. Johnson Ashland, OH, USA 44805 http://www.wavijo.com
[H] Hard drives, who says size doesn't matter?
Isn't it funny how nowadays it is time to think about getting a new drive or at least a larger one when you drop below 10 gigs remaining Mark Dodge MD Computers 360-772-2433
Re: [H] Hard drives, who says size doesn't matter?
Or you NEED several hundred gigs of space? 5 years ago that was insane for a home user. Now, my 1.5 TB RAID array is half full. -- Brian
RE: [H] Hard drives, who says size doesn't matter?
I know the exact feeling. Once I began putting DVDs loaded up into my MediaCenter (My Movies) I found that space went fast. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden Sent: Friday, February 10, 2006 9:49 PM To: The Hardware List Subject: Re: [H] Hard drives, who says size doesn't matter? Or you NEED several hundred gigs of space? 5 years ago that was insane for a home user. Now, my 1.5 TB RAID array is half full. -- Brian
[H] British TV: The IT Crowd
Anyone seen this? Its typical british over the top humor, but there are moments that kill me. Seems to me like one of those shows like The Office that could transition over here in short order.