LONG, LONG time to startup 2



Paul Drake
07-09-2005, 11:48 PM
Forgot to mention, my antivirus software is up to date.

David H. Lipman
07-09-2005, 11:48 PM
From: "Paul Drake" <pauld@archworld.net>

| Forgot to mention, my antivirus software is up to date.
|

Your anti virus could still have missed something... I suggest Trend Sysclean and Ad-Aware
SE



Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe


2) Download and install Ad-aware SE
(free personal version v1.06)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

4) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.

6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.


8) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),

9) Reboot your PC.

10) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Crouchie1998
07-09-2005, 11:48 PM
I disagree with downloading Ad Aware from Lavasoft as it is proven to
produce false negatives. Steer clear of it because you have the best one
installed already.

All you need to do is either download MSCONFIG & disable some startup items
or the best way, go into the registry editor & delete the entries manually.

All you have to do is create a backup copy of the RUN registry key & then
delete things like ADOBE, QUICKTIME, Messenger Software, RealTray, but leave
firewall & antivirus software there.

MSConfig can be downloaded here:

http://www.techadvice.com/specs/files_dl.asp?fnid=3398288

All you will have to do is remove the check marks from the RUN keys. You can
also delete the startup Programs from Spybot S & D by clicking advanced
mode/Tools/Startup or that's what its is in version 1.4 anyway.

The Registry Editor Way:

Click START/RUN type 'regedit' & press ENTER
Click the '+' signs on:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
& then click the folder (not the plus) of the RUN key. The startup programs
are in the right-hand pane

Of course Dave wants you to go to the IKS website because he has it listed
as his footer like self promoting his own software.

Post back if you get into problems

Crouchie1998
BA (HONS) MCP MCSE

David H. Lipman
07-09-2005, 11:48 PM
From: "Crouchie1998" <crouchie1998@spamcop.net>

| I disagree with downloading Ad Aware from Lavasoft as it is proven to
| produce false negatives. Steer clear of it because you have the best one
| installed already.
|
| All you need to do is either download MSCONFIG & disable some startup items
| or the best way, go into the registry editor & delete the entries manually.
|
| All you have to do is create a backup copy of the RUN registry key & then
| delete things like ADOBE, QUICKTIME, Messenger Software, RealTray, but leave
| firewall & antivirus software there.
|
| MSConfig can be downloaded here:
|
| http://www.techadvice.com/specs/files_dl.asp?fnid=3398288
|
| All you will have to do is remove the check marks from the RUN keys. You can
| also delete the startup Programs from Spybot S & D by clicking advanced
| mode/Tools/Startup or that's what its is in version 1.4 anyway.
|
| The Registry Editor Way:
|
| Click START/RUN type 'regedit' & press ENTER
| Click the '+' signs on:
| HKEY_LOCAL_MACHINE
| Software
| Microsoft
| Windows
| CurrentVersion
| & then click the folder (not the plus) of the RUN key. The startup programs
| are in the right-hand pane
|
| Of course Dave wants you to go to the IKS website because he has it listed
| as his footer like self promoting his own software.
|
| Post back if you get into problems
|
| Crouchie1998
| BA (HONS) MCP MCSE
|

All anti malware software have False Positives. In the time I have used and suggested it, I
haven't seen it to produce any more than its peers. That is non-rogue software. Rogue
utilities are known for high False Positive declarations. SpyBot S&D is NOT enough. Not
one package catches everything and that includes SpyBot S&D and talk about False Positives.
SpyBot S&D is *well known* for its DSO Exploit False Positive declaration.

You'll notice that Ad-aware SE it is NOT listed on Spyware Warrior as a rogue application --
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Indeed, it is given high marks.

You stated -- "promoting his own software". No not at all !

I have written Kixtart Scripts that wrap around the McAfee Command Line Scanner and Trend
Sysclean. Both are well respected software. McAfee and Trend are the software ! They are
both effective at removing true viruses, worms, Trojans and many other forms of non-viral
malware. My code is open source as it interpreted, not compiled.

I wrote the Front Ends to make it easier for people to use both. I used to provide
instructions on Trend Sysclean but I found that many did not know how to create a folder,
extract a file from a ZIP file and place it in the same folder as SYSCLEAN.COM. You have no
idea how often I had to respond to problems posters had. One such error was "Pattern file
"LPT$VPN is missing" Thus, I wrote the front end. It simplifies all the functions for them
and it keeps the utilities up-to-date for future use. Instead of trashing them, I suggest
you try them. Not everybody can edit or manipulate the Registry. As a matter of fact,
those who have the least capability need the utilities the most. They have a higher
propensity of getting infected. The users with the greatest knowledge have a much lower
propensity of being infected. The feedback, both posted and in email, has been positive and
the utilities are provided free of charge. I allow Ian Kenefick [well known in
alt.comp.virus ] to host the files since I can't always email them to people. The only
benefit I get from their being posted is the knowledge that they help to clean user's
computers.

I suggest you go back into "lurk" mode or to another News Groups as you are apt to confuse
posters with statements
such as...

| I disagree with downloading Ad Aware from Lavasoft as it is proven to
| produce false negatives. Steer clear of it because you have the best one
| installed already.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Fitz
07-09-2005, 11:48 PM
Amen to David. A lot of people should not try to edit the registry because
of because of their lack of knowledge of the registry. The acronym...KISS,
still applies.


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:O9i5kl9YFHA.3648@TK2MSFTNGP14.phx.gbl...
> From: "Crouchie1998" <crouchie1998@spamcop.net>
>
> | I disagree with downloading Ad Aware from Lavasoft as it is proven to
> | produce false negatives. Steer clear of it because you have the best one
> | installed already.
> |
> | All you need to do is either download MSCONFIG & disable some startup
> items
> | or the best way, go into the registry editor & delete the entries
> manually.
> |
> | All you have to do is create a backup copy of the RUN registry key &
> then
> | delete things like ADOBE, QUICKTIME, Messenger Software, RealTray, but
> leave
> | firewall & antivirus software there.
> |
> | MSConfig can be downloaded here:
> |
> | http://www.techadvice.com/specs/files_dl.asp?fnid=3398288
> |
> | All you will have to do is remove the check marks from the RUN keys. You
> can
> | also delete the startup Programs from Spybot S & D by clicking advanced
> | mode/Tools/Startup or that's what its is in version 1.4 anyway.
> |
> | The Registry Editor Way:
> |
> | Click START/RUN type 'regedit' & press ENTER
> | Click the '+' signs on:
> | HKEY_LOCAL_MACHINE
> | Software
> | Microsoft
> | Windows
> | CurrentVersion
> | & then click the folder (not the plus) of the RUN key. The startup
> programs
> | are in the right-hand pane
> |
> | Of course Dave wants you to go to the IKS website because he has it
> listed
> | as his footer like self promoting his own software.
> |
> | Post back if you get into problems
> |
> | Crouchie1998
> | BA (HONS) MCP MCSE
> |
>
> All anti malware software have False Positives. In the time I have used
> and suggested it, I
> haven't seen it to produce any more than its peers. That is non-rogue
> software. Rogue
> utilities are known for high False Positive declarations. SpyBot S&D is
> NOT enough. Not
> one package catches everything and that includes SpyBot S&D and talk about
> False Positives.
> SpyBot S&D is *well known* for its DSO Exploit False Positive declaration.
>
> You'll notice that Ad-aware SE it is NOT listed on Spyware Warrior as a
> rogue application --
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Indeed, it is given high marks.
>
> You stated -- "promoting his own software". No not at all !
>
> I have written Kixtart Scripts that wrap around the McAfee Command Line
> Scanner and Trend
> Sysclean. Both are well respected software. McAfee and Trend are the
> software ! They are
> both effective at removing true viruses, worms, Trojans and many other
> forms of non-viral
> malware. My code is open source as it interpreted, not compiled.
>
> I wrote the Front Ends to make it easier for people to use both. I used
> to provide
> instructions on Trend Sysclean but I found that many did not know how to
> create a folder,
> extract a file from a ZIP file and place it in the same folder as
> SYSCLEAN.COM. You have no
> idea how often I had to respond to problems posters had. One such error
> was "Pattern file
> "LPT$VPN is missing" Thus, I wrote the front end. It simplifies all the
> functions for them
> and it keeps the utilities up-to-date for future use. Instead of trashing
> them, I suggest
> you try them. Not everybody can edit or manipulate the Registry. As a
> matter of fact,
> those who have the least capability need the utilities the most. They
> have a higher
> propensity of getting infected. The users with the greatest knowledge
> have a much lower
> propensity of being infected. The feedback, both posted and in email, has
> been positive and
> the utilities are provided free of charge. I allow Ian Kenefick [well
> known in
> alt.comp.virus ] to host the files since I can't always email them to
> people. The only
> benefit I get from their being posted is the knowledge that they help to
> clean user's
> computers.
>
> I suggest you go back into "lurk" mode or to another News Groups as you
> are apt to confuse
> posters with statements
> such as...
>
> | I disagree with downloading Ad Aware from Lavasoft as it is proven to
> | produce false negatives. Steer clear of it because you have the best one
> | installed already.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Joan Archer
07-09-2005, 11:48 PM
Why would anyone want to download msconfig when it is part of the system.
Joan


Crouchie1998 wrote:
>
> MSConfig can be downloaded here:
>
> http://www.techadvice.com/specs/files_dl.asp?fnid=3398288
>
>snip>

David H. Lipman
07-09-2005, 11:48 PM
From: "Joan Archer" <archer_joan@NOSPAM.com>

| Why would anyone want to download msconfig when it is part of the system.
| Joan
|
| Crouchie1998 wrote:

It isn't in Win2K. Why I don't know.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Catamount
07-09-2005, 11:48 PM
Paul Drake wrote:
> Forgot to mention, my antivirus software is up to date.
>
>
Run a defrag on the computer.

Joan Archer
07-09-2005, 11:48 PM
I didn't know that David thanks for pointing it out to me <g> mind you as
you say I'm very surprised it's not.
Joan


David H. Lipman wrote:
> From: "Joan Archer" <archer_joan@NOSPAM.com>
>
>| Why would anyone want to download msconfig when it is part of the
>| system. Joan
>|
>| Crouchie1998 wrote:
>
> It isn't in Win2K. Why I don't know.

Chek
07-09-2005, 11:48 PM
Crouchie,

I'll firstly say that while possibly well intentioned, your
grasp of modern malware is at best incomplete.

Oh for the days (doesn't Blaster seem a mere innocent now?)
when you could simply disable malware in the HKLM Run
regkeys.

Things are far more sophisticated these days - imagine
guiding a newbie to (say) CLSIDS in the registry then
getting them to trash everything they don't recognise?



I have always found David Lipman's advice and
recommendations helpful, and in no way self-promoting.

I don't know him apart from his presence on this newsgroup,
but Dave is one of the people whose selfless dedication to
his area of interest and willingness no share his knowledge,
makes the internet worthwhile.

Have you any idea what the big Corporations and some
professionals currently charge for personal advice -with no
guarantee of a fix at the end of it?

Unless you call re-installing Windows a fix.

And Iím afraid I donít.

To me thatís a failure. And Dave's Cleanbat script has
worked faultlessly on every Win system I've run them. What's
to complain about?



Admittedly a lot of Dave's posts are repetitive, but only
because it's a valid procedure to follow for most posters
here with their limited knowledge. Sure, more sophisticated
tools like Process Explorer, HiJackThis and others may be
needed to actually remove the reported but undeletable files
McAfee or Trend find even in Safe Mode (Winlogon being
another current fave in the malware start-up routines), but
thereís always an invitation to report back the findings.



Also, I'd not be without AdAware as part of a malware
removal kit.

No software is perfect, and I feel that separate software
packages

will be more thorough than one team trying to handle
everything, in terms of

inclusions and updates.



I hope thatís not come over as discouragement, itís only my
opinion.

I did hear Longhorn will warn when any system changes are
about to be made Ė till a way is found round that too.

And so it goes on.

Thereís a lot to be learned here, by all of us.



Chek


"Crouchie1998" <crouchie1998@spamcop.net> wrote in message
news:ejqsbQ9YFHA.2116@TK2MSFTNGP10.phx.gbl...
>I disagree with downloading Ad Aware from Lavasoft as it is
>proven to
> produce false negatives. Steer clear of it because you
> have the best one
> installed already.
>
> All you need to do is either download MSCONFIG & disable
> some startup items
> or the best way, go into the registry editor & delete the
> entries manually.
>
> All you have to do is create a backup copy of the RUN
> registry key & then
> delete things like ADOBE, QUICKTIME, Messenger Software,
> RealTray, but leave
> firewall & antivirus software there.
>
> MSConfig can be downloaded here:
>
> http://www.techadvice.com/specs/files_dl.asp?fnid=3398288
>
> All you will have to do is remove the check marks from the
> RUN keys. You can
> also delete the startup Programs from Spybot S & D by
> clicking advanced
> mode/Tools/Startup or that's what its is in version 1.4
> anyway.
>
> The Registry Editor Way:
>
> Click START/RUN type 'regedit' & press ENTER
> Click the '+' signs on:
> HKEY_LOCAL_MACHINE
> Software
> Microsoft
> Windows
> CurrentVersion
> & then click the folder (not the plus) of the RUN key. The
> startup programs
> are in the right-hand pane
>
> Of course Dave wants you to go to the IKS website because
> he has it listed
> as his footer like self promoting his own software.
>
> Post back if you get into problems
>
> Crouchie1998
> BA (HONS) MCP MCSE
>
>

Phil Weldon
07-09-2005, 11:48 PM
Failing hard drive.

Phil Weldon

"Paul Drake" <pauld@archworld.net> wrote in message
news:yY1me.9490$M36.9373@newsread1.news.atl.earthlink.net...
> Forgot to mention, my antivirus software is up to date.
>


LONG, LONG time to startup 2