Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

XP Home infected , cannot restore

2 views
Skip to first unread message

tommy

unread,
Oct 16, 2009, 10:42:51 AM10/16/09
to

I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a normal
windows screen to. It boots to a desktop wallpaper, no icons, no taskbar, no
systray. Have to use task manager to run programs [ with the "create new
task / run" function ].

The virus has somehow modified permissions to stop AV programs [ and certain
others with error message insufficient permissions ] from running. I tricked
it by installing to alternate directories, like program files\malwarebytes2
and programfiles\HJT2, and have run these in safe mode. Mbam told me that it
found 6 trojans, and removed them, but I still cannot boot to the destop
with icons again. I see only the wallpaper when booted up. [ nothing in
safemode except the safemode stamps in the corners ]

I cannot find the gpedit.msc. I cannot open windows explorer to allow hidden
files to show.
I can open mmc.msc, but cannot find the gpedit snap-on available.

I ran the latest McAfee Stinger. Found nothing. Ran mbam full scan found no
additional viruses.

Process list is very clean: Very little cpu activity is seen . Every process
is at zero after booting. It is so clean that I suspect somebody else has
come in and cleaned the extraneous processes.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

The HJT log shows that there is lots of BHOs, other entrys etc, and I can
see nothing unusual in it, but as above, when booted, no activity is noted.

--
Tommy


CuMorrigu

unread,
Oct 16, 2009, 12:40:00 PM10/16/09
to
CuMorrigu had written this in response to
http://www.secure-gear.com/antivirus/XP-Home-infected-cannot-restore-32744-.htm
:
What I would do is boot from a jump drive into another OS and delete some
of the files off of it that way.

UBCD4Win (http://www.ubcd4win.com) has a utility in the install directory
that will let you create a USB drive that you can boot off of and run win.
I believe you can even modify it to run AV

If you like linux, Fedora has a new tool out that will do the same thing,
expect with linux. (https://fedorahosted.org/liveusb-creator/)

I would reccomend ClamAV for the Linux distro, it's free and it's good.

Once you are booted off of the jump drive run the A/V scan that comes with
it on you internal HDD and clean it up that way.

That is all if you can't get into the HDD. Once you do get into the HDD,
try running TrendMicro's Houscall (http://housecall.trendmicro.com/) and
Kaspersky's (it's down right now) online A/V tool. The reason I like
running the online programs for cleaning an infected machine is that 1)
you know it's going to be clean 2) you can run multiple programs w/o
having to worry about installing them on your machine (you can only have
one A/V program)

Once I get the online A/V scans done I install my A/V program, I usually
use either AVG Free (http://free.avg.com/us-en/homepage) or the A/V
program included in Iolo's System Mechanic Pro (http://www.iolo.com/). I
REALLY like Iolo, lots of great tools to help you out for a not too bad
price. I also know that used to (don't know if this still works) if you
downloaded the demo and then bought the product through the demo, you
could save like half of the price.

Once you get all of that done, it's time for the Malware scanners. I
usually use a cocktail, Adaware by Lavasoft, Spybot Search and Destroy and
Windows Defender. With those three you'll catch just about everything. I
then usually leave Spybot SnD on there, it's got some useful tools under
the advanced settings.

CuMo


-------------------------------------
tommy wrote:

> I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a
> normal
> windows screen to. It boots to a desktop wallpaper, no icons, no
> taskbar, no
> systray. Have to use task manager to run programs [ with the
> "create new
> task / run" function ].

> The virus has somehow modified permissions to stop AV programs [ and
> certain
> others with error message insufficient permissions ] from running. I
> tricked
> it by installing to alternate directories, like program

> filesmalwarebytes2
> and programfilesHJT2, and have run these in safe mode. Mbam told me


> that it
> found 6 trojans, and removed them, but I still cannot boot to the
> destop
> with icons again. I see only the wallpaper when booted up. [ nothing
> in
> safemode except the safemode stamps in the corners ]

> I cannot find the gpedit.msc. I cannot open windows explorer to allow
> hidden
> files to show.
> I can open mmc.msc, but cannot find the gpedit snap-on available.

> I ran the latest McAfee Stinger. Found nothing. Ran mbam full scan
> found no
> additional viruses.

> Process list is very clean: Very little cpu activity is seen . Every
> process
> is at zero after booting. It is so clean that I suspect somebody else
> has
> come in and cleaned the extraneous processes.

> Running processes:
> C:WINDOWSSystem32smss.exe
> C:WINDOWSsystem32winlogon.exe
> C:WINDOWSsystem32services.exe
> C:WINDOWSsystem32lsass.exe
> C:WINDOWSsystem32svchost.exe
> C:WINDOWSsystem32taskmgr.exe
> C:WINDOWSsystem32ctfmon.exe
> C:Program FilesTrend MicroHijackThis2HijackThis.exe

FromTheRafters

unread,
Oct 16, 2009, 1:40:46 PM10/16/09
to
...and *then* flatten and rebuild?

"CuMorrigu" <mbrast_at_g...@foo.com> wrote in message
news:7684d$4ad8a1e0$4834ce0a$12...@news.flashnewsgroups.com...

noauth

unread,
Oct 16, 2009, 2:57:19 PM10/16/09
to
On Fri, 16 Oct 2009 09:42:51 -0500, "tommy"
<tommyle...@removeyahoo.dropcom> wrote:

>
>I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a normal
>windows screen to. It boots to a desktop wallpaper, no icons, no
taskbar, no
>systray. Have to use task manager to run programs [ with the "create new
>task / run" function ].
>
>The virus has somehow modified permissions to stop AV programs [ and
certain

Snipped

When are people going to learn to get themselves a program like Acronis
True Image, or some other which backs up the entire disk, and use it
immediately after installing Windows, and then make incremental backups
as they install more software. It is such a simple solution to this
horrible problem of computers being turned into paperweights by malware.

Yes, I know it's hindsight in this case, but maybe someone will get a
hint from this and install True Image or Norton's Ghost *before* the
same happens to them. Everybody on Usenet is not an old hand. There are
such things as newbies.

Wolf K

unread,
Oct 16, 2009, 5:27:45 PM10/16/09
to
tommy wrote:
> I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a normal
> windows screen to. It boots to a desktop wallpaper, no icons, no taskbar, no
> systray. Have to use task manager to run programs [with the "create new
> task / run" function ].
>
> The virus has somehow modified permissions to stop AV programs[...]


Had the same problem, managed to cure the system 99.99% (the "Turn
computer off" button is still not visible on the welcome screen). It
took me the better part of two _long_ days. But I'll tell you, it's
better to flatten and rebuild. So that's what I recommend.

You may be able to boot off an external drive, CD/DVD, or USB stick, and
burn data to a DVD or two. If so, don't be tempted to repair.

FWIW, Stopzilla found and repaired the corrupted registry entries, after
which other anti-malware programs functioned. I would _not_ recommend
Stopzilla as a regular AV program; it's close to being malware itself.

When you do rebuild then:
a) create a data partition, and save _all_ data on it. Modify
applications default settings to save to suitable folders on that data
expeditionary, and/or do a manual copy from My Documents and the other
stoopid default data locations.

b) get a partition backup program, and create system partition images at
regular intervals.

HTH
wolf k.

Message has been deleted

tommy

unread,
Oct 16, 2009, 7:14:06 PM10/16/09
to


ASCII wrote:


> tommy wrote:
>>
>> I have an XP home pc,
>

> <~~~>


>
>> I cannot find the gpedit.msc.
>

> I didn't think the group policy editor came in the home edition,
> unless you put it in later as I did http://tinyurl.com/gpedit-msc


>
>> The HJT log shows that there is lots of BHOs, other entrys etc, and
>> I can see nothing unusual in it,
>

> Lots of BHO's aren't unusual?

9 BHOs

if you want to see it [ I know this isn't the usual place to post it ]

here it is, see if you see anything [ sending to your email addr ]


Message has been deleted

Nomen Nescio

unread,
Oct 16, 2009, 10:30:14 PM10/16/09
to

"ASCII" <m...@privacy.net> wrote in message news:4ad9032e.8988546@EBCDIC...
|
| "As many who frequent this and other fora"

Your effete use of "fora" exposes you as a posturing
arty farty pansy.

| "I employ a bogus email addy"

Your constant whining about anons in newsgroups
exposes you as a hypocrite and a 24 karat dipshit.


Message has been deleted

FromTheRafters

unread,
Oct 17, 2009, 7:13:24 AM10/17/09
to

"Nomen Nescio" <nob...@dizum.com> wrote in message
news:c74bee9e141054bb...@dizum.com...

>
> "ASCII" <m...@privacy.net> wrote in message
> news:4ad9032e.8988546@EBCDIC...
> |
> | "As many who frequent this and other fora"
>
> Your effete use of "fora" exposes you as a posturing
> arty farty pansy.

Having trouble understanding plurals?


noauth

unread,
Oct 17, 2009, 9:33:02 AM10/17/09
to

"FromTheRafters" <err...@nomail.afraid.org> wrote in message news:hbc8sn$gjb$1...@news.eternal-september.org...

"forUMS". Look it up, FromTheRafta.

Is "flora" the singular of `"florums"?

"fora" is used by faggot posers who think they know Latin.


Caesar Romano

unread,
Oct 17, 2009, 10:33:54 AM10/17/09
to
On Sat, 17 Oct 2009 07:13:24 -0400, "FromTheRafters"
<err...@nomail.afraid.org> wrote Re Re: XP Home infected , cannot
restore:

Well, the plural of "forum" is either forums or fora.

http://www.yourdictionary.com/forum

although the choice of "fora" in the original context is certainly
pretentious in that the OP is attempting to show a degree of erudition
that he obviously lacks. It's as if he stood up to say "... see how
smart I am, I know that "forum" is a singular Latin word whose plural
form is "fora"... thereby paradoxically showing his ignorance.

Generally where both Latin and English plural forms of a word exist,
the Latin is more appropriate to a scientific forum in which Latin
terms are common, whereas the English form is generally used in
non-scientific forums, such as this one. Unless of cause one wants to
be seen as pretentious.
--
I filter all messages from google groups.

Message has been deleted
Message has been deleted

FromTheRafters

unread,
Oct 17, 2009, 1:09:06 PM10/17/09
to
"Caesar Romano" <Sp...@uce.gov> wrote in message
news:nchjd5htmfoam6cdo...@4ax.com...

> On Sat, 17 Oct 2009 07:13:24 -0400, "FromTheRafters"
> <err...@nomail.afraid.org> wrote Re Re: XP Home infected , cannot
> restore:
>
>>
>>"Nomen Nescio" <nob...@dizum.com> wrote in message
>>news:c74bee9e141054bb...@dizum.com...
>>>
>>> "ASCII" <m...@privacy.net> wrote in message
>>> news:4ad9032e.8988546@EBCDIC...
>>> |
>>> | "As many who frequent this and other fora"
>>>
>>> Your effete use of "fora" exposes you as a posturing
>>> arty farty pansy.
>>
>>Having trouble understanding plurals?
>>
>
> Well, the plural of "forum" is either forums or fora.

If enough people say it wrong, it becomes added to the dictionaries due
to common usage.

- doesn't make it right.

It reminds me of some advertisements for "Rosetta Stone" language
learning software. In one guy's testimonial he states that he's used all
of the other mediums for learning new languages.

...but why go to all of those psychics just to learn French?


FromTheRafters

unread,
Oct 17, 2009, 1:39:38 PM10/17/09
to
"noauth" <an...@remailer.gabrix.ath.cx> wrote in message
news:6eb8980f8420ab2e...@remailer.gabrix.ath.cx...

>
> "FromTheRafters" <err...@nomail.afraid.org> wrote in message
> news:hbc8sn$gjb$1...@news.eternal-september.org...
>>
>> "Nomen Nescio" <nob...@dizum.com> wrote in message
>> news:c74bee9e141054bb...@dizum.com...
>>>
>>> "ASCII" <m...@privacy.net> wrote in message
>>> news:4ad9032e.8988546@EBCDIC...
>>> |
>>> | "As many who frequent this and other fora"
>>>
>>> Your effete use of "fora" exposes you as a posturing
>>> arty farty pansy.
>>
>> Having trouble understanding plurals?
>
> "forUMS". Look it up, FromTheRafta.

So.. it's "forums" if you want to appear uneducated and "fora" if not?

> Is "flora" the singular of `"florums"?

Non sequitur (more Latin - look it up). We're not attempting to show
that "fora" is the singular of "forums" so adding the "L" only makes you
appear to have lost the train of thought here (no surprise). Try to stay
on track there will ya? ;o)

> "fora" is used by faggot posers who think they know Latin.

That may be true, but it does not follow that *all* users of what is
arguably the more correct form are propping up bunches of sticks for
some photo op. You will find people doing this with stalks (cornstalks
specifically) around this time of year, hereabouts (this ones English,
but you may need to look *it* up as well).

FromTheRafters

unread,
Oct 17, 2009, 2:18:29 PM10/17/09
to
'


Beauregard T. Shagnasty

unread,
Oct 17, 2009, 2:47:50 PM10/17/09
to
Jerry wrote:

> You really are a bunch of sad bastards!

Your computer is infected with virii!

--
-bts
-Friends don't let friends drive Windows

Message has been deleted

David H. Lipman

unread,
Oct 17, 2009, 5:40:26 PM10/17/09
to
From: "FredW" <fr...@blackholespam.net>

| On Sat, 17 Oct 2009 14:47:50 -0400, "Beauregard T. Shagnasty"
| <a.non...@example.invalid> wrote:

>>Jerry wrote:

>>> You really are a bunch of sad bastards!

>>Your computer is infected with virii!

| Virii are the flora of the fora.
| ROTFL

| --
| Fred W. (NL)

Bwahahahahahahaha :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


tommy

unread,
Oct 17, 2009, 6:13:30 PM10/17/09
to

I am now running Sophos under Multi-AV. I tricked the virus again by
changing the name of Startmenu to Startmenu2 after copying the AV-CLS folder
to the target. Its been hours. I am going to try them all, but since MBAM
usually gets this stuff, I will be amazed if its cleared up the whole
problem..


tommy

unread,
Oct 18, 2009, 10:26:54 AM10/18/09
to

Sophos found nothing except some [ minor?] corrupted files. > 8 hrs scanning
Trend found 1 [ minor? ] spyware item . Still no improvement.
I am going to try searching for registry items after McAfee and KAV
MultiAV is a nice idea.

noauth

unread,
Oct 18, 2009, 11:55:01 AM10/18/09
to

"Beauregard T. Shagnasty" <a.non...@example.invalid> wrote in message news:hbd3gm$vfv$1...@news.eternal-september.org...

> Jerry wrote:
>
>> You really are a bunch of sad bastards!
>
> Your computer is infected with virii!

vira

Nomen Nescio

unread,
Oct 18, 2009, 11:44:59 AM10/18/09
to

"FromTheRafters" <err...@nomail.afraid.org> wrote in message news:hbcvgu$1ie$1...@news.eternal-september.org...

>> Is "flora" the singular of `"florums"?
>
> Non sequitur (more Latin - look it up). We're not attempting to show
> that "fora" is the singular of "forums" so adding the "L" only makes you
> appear to have lost the train of thought here (no surprise). Try to stay
> on track there will ya? ;o)

idiot (plural - idii)

Message has been deleted

Anonymous

unread,
Oct 18, 2009, 12:13:32 PM10/18/09
to

"FredW" <fr...@blackholespam.net> wrote in message news:c89kd5dmjds2hef54...@4ax.com...

> On Sat, 17 Oct 2009 14:47:50 -0400, "Beauregard T. Shagnasty"
> <a.non...@example.invalid> wrote:
>
>>Jerry wrote:
>>
>>> You really are a bunch of sad bastards!
>>
>>Your computer is infected with virii!
>
> Virii are the flora of the fora.

GOOD ONE!


Nomen Nescio

unread,
Oct 18, 2009, 12:15:25 PM10/18/09
to

"Beauregard T. Shagnasty" <a.non...@example.invalid> wrote in message news:hbd3gm$vfv$1...@news.eternal-september.org...

> Jerry wrote:
>
>> You really are a bunch of sad bastards!
>
> Your computer is infected with virii!

Did you change the spelling of your name from Latin to American
because you're Latin American or because "Shagnasti" is the plural
of "Shagnastus"?

Anonymous

unread,
Oct 18, 2009, 12:18:34 PM10/18/09
to

"Toxic" <staring@my_hd.tv> wrote in message news:pan.2009.10...@cdc.gov...
> On Sat, 17 Oct 2009 15:33:02 +0200, noauth wrote:
>
> "noauth" is used by faggot posers like Dave
> who think they know Shit
> but are full of it instead

Wassamatter Poxic? You still infected with e-colus?

Nomen Nescio

unread,
Oct 18, 2009, 12:35:24 PM10/18/09
to

"FromTheRafters" <err...@nomail.afraid.org> wrote in message news:hbcvgu$1ie$1...@news.eternal-september.org...
>
> Non sequitur (more Latin - look it up).

It means "no pruning snipper".

David H. Lipman

unread,
Oct 18, 2009, 12:47:56 PM10/18/09
to
From: "FredW" <fr...@blackholespam.net>

| On Sun, 18 Oct 2009 17:55:01 +0200 (CEST), noauth
| <an...@remailer.gabrix.ath.cx> wrote:

>>vira


| Wrong.


| Viri is multiple of virus.


No.
http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
http://linuxmafia.com/~rick/faq/plural-of-virus.html

Wolf K

unread,
Oct 18, 2009, 1:02:01 PM10/18/09
to
David H. Lipman wrote:
> From: "FredW" <fr...@blackholespam.net>
>
> | On Sun, 18 Oct 2009 17:55:01 +0200 (CEST), noauth
> | <an...@remailer.gabrix.ath.cx> wrote:
>
>
>>> "Beauregard T. Shagnasty" <a.non...@example.invalid> wrote in message
>>> news:hbd3gm$vfv$1...@news.eternal-september.org...
>>>> Jerry wrote:
>
>>>>> You really are a bunch of sad bastards!
>
>>>> Your computer is infected with virii!
>
>>> vira
>
>
> | Wrong.
>
>
> | Viri is multiple of virus.
>
>
> No.
> http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
> http://linuxmafia.com/~rick/faq/plural-of-virus.html
>

Hoc verbum spero ultimum esse.

wolf k.

George Orwell

unread,
Oct 18, 2009, 1:13:26 PM10/18/09
to

"Caesar Romano" <Sp...@uce.gov> wrote in message news:nchjd5htmfoam6cdo...@4ax.com...
>
> Well, the plural of "forum" is either forums or fora.

forii


Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

George Orwell

unread,
Oct 18, 2009, 1:13:26 PM10/18/09
to

"FredW" <fr...@blackholespam.net> wrote in message news:rpemd5tkhd5v5v4ui...@4ax.com...
>
> I do not know what a "virum" is (or was).

It was a VIRus forUM in old Rome about 70 years B.C.

Nomen Nescio

unread,
Oct 18, 2009, 1:37:22 PM10/18/09
to

"FromTheRafters" <err...@nomail.afraid.org> wrote in message news:hbctnl$j0d$1...@news.eternal-september.org...

>
> It reminds me of some advertisements for "Rosetta Stone" language
> learning software. In one guy's testimonial he states that he's used all
> of the other mediums for learning new languages.

medii

Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted

FromTheRafters

unread,
Oct 18, 2009, 5:02:11 PM10/18/09
to
"Nomen Nescio" <nob...@dizum.com> wrote in message
news:c33cf80015b8c0ac...@dizum.com...

Media is already plural - no need to change it to anything else.
A group of mediumshippers are mediums.


noauth

unread,
Oct 18, 2009, 7:11:42 PM10/18/09
to

"FromTheRafters" <err...@nomail.afraid.org> wrote:
>
> A group of mediumshippers are mediums.

"is" (alt.comp.pedantry).

A group of mediashitters are ASCII and Toxic.

noauth

unread,
Oct 18, 2009, 7:26:54 PM10/18/09
to

"Jerry" <gando...@noaddress.noname.uk> wrote:
>I suspect that Ialdabaoth created Imperfection so that on this day Sun, 18 Oct
> 2009 20:23:26 +0200, one purporting to be FredW <fr...@blackholespam.net> could
> write :
>
>>But I quite agree, we live in the present times.
>>Ancient Rome is gone (as are the emperors).
>>Talking in an old no longer "living" language does not make sense.
>
> Tell The Pope that.
> He employs a team of Latin Secretaries! (All male)

Bill Clinton employed a team of Lickin Sexretaries!
(All female)

> His Holiness communicates to the world in Latin.

His Holeingress mastubates to the word in Latin.
"I did not have sexual relations with that Cardinal,
Father Lewinsky."

FromTheRafters

unread,
Oct 18, 2009, 7:34:20 PM10/18/09
to
"noauth" <an...@remailer.gabrix.ath.cx> wrote in message
news:a9904686755543d0...@remailer.gabrix.ath.cx...

>
> "FromTheRafters" <err...@nomail.afraid.org> wrote:
>>
>> A group of mediumshippers are mediums.
>
> "is" (alt.comp.pedantry).

Absolutely! I should have said that the individuals in a group of
mediumshippers are mediums.

Q. Why did the cannibal undercook the fortune teller.
A. He liked his medium rare.


Nomen Nescio

unread,
Oct 19, 2009, 5:45:14 AM10/19/09
to
"FromTheRafters" <err...@nomail.afraid.org> wrote:
>
> Q. Why did the cannibal undercook the fortune teller.
> A. He liked his medium rare.

The cannibal studied at Eton.
The medium was.

noauth

unread,
Oct 19, 2009, 10:47:22 AM10/19/09
to

"Wolf K" <wek...@sympatico.ca> wrote in message news:4adb4a08$0$1628$9a6e...@news.newshosting.com...

>
> Hoc verbum spero ultimum esse.

Your bum receives hot sperm with ultimate ease.

m...@tadyatam.invalid

unread,
Oct 19, 2009, 10:43:10 AM10/19/09
to
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:hbfgq...@news3.newsguy.com:

> From: "FredW" <fr...@blackholespam.net>
>
>| On Sun, 18 Oct 2009 17:55:01 +0200 (CEST), noauth
>| <an...@remailer.gabrix.ath.cx> wrote:
>
>
>>>"Beauregard T. Shagnasty" <a.non...@example.invalid>
>>>wrote in message
>>>news:hbd3gm$vfv$1...@news.eternal-september.org...
>>>> Jerry wrote:
>
>>>>> You really are a bunch of sad bastards!
>
>>>> Your computer is infected with virii!
>
>>>vira
>
>
>| Wrong.
>
>
>| Viri is multiple of virus.
>
>
> No.
> http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-v
> irus.html
> http://linuxmafia.com/~rick/faq/plural-of-virus.html
>

IOW (a looong time ago, I asked):

[ quot,names "X"-d ]
Hi J,

There is no plural attested in Latin. It's an odd form, virus-
viri-neuter, (the neuter is hard to parallel, maybe analogized
to venenum-veneni-neuter [regular] = poison) which would never
give a plural virii. So viruses it is!

All best, Xxx

X.Y.Z.
Professor of Greek and Latin
Chair, Department of the Classics
Ivy L. U.
[ /quot ]

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

George Orwell

unread,
Oct 19, 2009, 11:36:36 AM10/19/09
to
<m...@tadyatam.invalid> wrote in message news:Xns9CA96D0BA280C...@feeder.eternal-september.org...

>
> Professor of Greek and Latin
> Chair, Department of the Classics

Classical Greeks take dick up the ass. So do classical Latins, but not
with such gusto.

Is that a sausage between your ass and the chair, Professor Catamite?

Anonymous

unread,
Oct 19, 2009, 11:38:20 AM10/19/09
to

"FredW" <fr...@blackholespam.net> wrote in message news:oimmd5huoplselmdd...@4ax.com...
>
> I agree that "virii", "viri" and "fora" are silly words.
> One should just "form the plural in the normal manner used for other
> English words."

When the Dutch occupied Indonesia they named a Bali district "Kuta",
which an educated Dutchman like you will know that In Hollands-Latin
sprecht means "multiple vaginas", but Is the singular "Kutum" or "Kutus"?

tommy

unread,
Oct 19, 2009, 10:21:11 PM10/19/09
to


tommy wrote:
> I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a
> normal windows screen to. It boots to a desktop wallpaper, no icons,
> no taskbar, no systray. Have to use task manager to run programs [
> with the "create new task / run" function ].
>
> The virus has somehow modified permissions to stop AV programs [ and
> certain others with error message insufficient permissions ] from
> running. I tricked it by installing to alternate directories, like
> program files\malwarebytes2 and programfiles\HJT2, and have run these
> in safe mode. Mbam told me that it found 6 trojans, and removed them,
> but I still cannot boot to the destop with icons again. I see only
> the wallpaper when booted up. [ nothing in safemode except the
> safemode stamps in the corners ]
>
> I cannot find the gpedit.msc. I cannot open windows explorer to allow
> hidden files to show.
> I can open mmc.msc, but cannot find the gpedit snap-on available.
>
> I ran the latest McAfee Stinger. Found nothing. Ran mbam full scan
> found no additional viruses.
>
> Process list is very clean: Very little cpu activity is seen . Every
> process is at zero after booting. It is so clean that I suspect
> somebody else has come in and cleaned the extraneous processes.
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\taskmgr.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe
>
> The HJT log shows that there is lots of BHOs, other entrys etc, and I
> can see nothing unusual in it, but as above, when booted, no activity
> is noted.

I ran all 4 av clients in Multi-Av, and still couldn't fix it that way.
It does have a D: recovery drive, and it does appear to work.
So, thats probably what will happen, using the recovery reinstall.


Message has been deleted
Message has been deleted
Message has been deleted

The Central Scrutinizer

unread,
Oct 21, 2009, 11:30:14 PM10/21/09
to
How are you certain this was caused by a virus?

--

"tommy" <tommyle...@removeyahoo.dropcom> wrote in message
news:hba0pd$i4f$1...@news.eternal-september.org...

> --
> Tommy
>
>


tommy

unread,
Oct 22, 2009, 9:51:13 AM10/22/09
to


The Central Scrutinizer wrote:
> How are you certain this was caused by a virus?
>
>

The guy said he had experienced re-direction dating back to 6 mos ago.
He has little pc experience.
There were viruses on there. Malwarebytes took off 6 of them.
Important programs were blocked by policy [permissions], including all
antivirus pgms. [ I had to change names for any AV client to run ]
He has a restore partition, but wants to do that himself.
I was able to install gpedit, but no policies had been set.

--
Tommy

The Central Scrutinizer

unread,
Oct 22, 2009, 11:43:44 PM10/22/09
to
sounds like the whole operation needs to be nuked! Holy crap
on all of that!!!!

--

"tommy" <tommyle...@removeyahoo.dropcom> wrote in message

news:hbpo0k$pqu$1...@news.eternal-september.org...

George Orwell

unread,
Oct 23, 2009, 1:47:55 AM10/23/09
to

"Glen" <glen...@tiscali.com> wrote:
> I like having my fudge packed.

I believe you!

Dustin Cook

unread,
Oct 23, 2009, 2:59:49 AM10/23/09
to
Toxic <staring@my_hd.tv> wrote in news:pan.2009.10...@cdc.gov:

> On Sat, 17 Oct 2009 15:33:02 +0200, noauth wrote:
>
> "noauth" is used by faggot posers like Dave
> who think they know Shit
> but are full of it instead
>

Mom and Dad are away and left the computer unlocked again eh?


--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk

Shadow

unread,
Oct 23, 2009, 7:30:15 PM10/23/09
to
On Fri, 16 Oct 2009 09:42:51 -0500, "tommy"
<tommyle...@removeyahoo.dropcom> wrote:

>
>I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a normal
>windows screen to. It boots to a desktop wallpaper, no icons, no taskbar, no
>systray. Have to use task manager to run programs [ with the "create new
>task / run" function ].

My friend, boot a nice little linux dist, move as much of your
data as you can to some other media (burn it to DVDs), then reformat,
reinstall windows. Your "executable" "open-withs" are probably all
re-directed to the bag-guy-worm/trojan.
Not much you can do, about it. Unless you don't mind weeks and
weeks of painful cleaning-up.
A linux dist with clamav or f-prot will probably clean up the
bad guy, but not the registry damage.
Format.
[]'s
Is that really 500Mb or a typo ? Or are you referring to ram ?

tommy

unread,
Oct 23, 2009, 11:40:48 PM10/23/09
to

500 mb ram
I have used TRK Trinity Rescue Kit which is similar to what you suggest.
Do you know of more like TRK?

The kit is going to reinstall. He wants to do it himself. There is a drive
D: restore partition activated by hitting F10

I have gotten lots of these cleaned by using MBAM and followup by some other
gerneral purpose AV clients. This is just an unusually difficult one.


Message has been deleted

Shadow

unread,
Oct 24, 2009, 6:24:01 AM10/24/09
to
On Fri, 23 Oct 2009 22:40:48 -0500, "tommy"
<tommyle...@removeyahoo.dropcom> wrote:

>Shadow wrote:
>> On Fri, 16 Oct 2009 09:42:51 -0500, "tommy"
>> <tommyle...@removeyahoo.dropcom> wrote:
>>
>> Format.
>> []'s
>> Is that really 500Mb or a typo ? Or are you referring to ram ?
>
>500 mb ram
>I have used TRK Trinity Rescue Kit which is similar to what you suggest.
>Do you know of more like TRK?

If you are not familiar with linux it is probably the best
choice. I had a brief look at the home page and it appears to be made
for these cases. But any live-cd bootable linux dist will do, slax,
puppy, LFS, even ubuntu.
If you have a fast connection, you can download f-prot or
Clamav and the latest databases to most of these (I'm sure you can
with ubuntu), to scan the harddisk. Not sure what TRK comes with.


>
>The kit is going to reinstall. He wants to do it himself. There is a drive
>D: restore partition activated by hitting F10

Good. I'd scan that D: drive first. It might be where the
bad-guy is. Use the "scan all file types" option.


>
>I have gotten lots of these cleaned by using MBAM and followup by some other
>gerneral purpose AV clients. This is just an unusually difficult one.

They always leave a "broken" system behind. Unless you are
keeping the data for "sentimental" purposes, I'd just reformat. I
still have DOS 6.2 on a partition, can't even boot it, it's there
because ... well, because :)
>
PS. Ignore the nasty guy. He's just a bot.

noauth

unread,
Oct 24, 2009, 6:58:57 AM10/24/09
to

"Glen" <glen...@tiscali.com> wrote:
>
> Sell your fucking PC and give us all a rest!

Suck your boyfriends dick and give your asshole a rest!


tommy

unread,
Oct 24, 2009, 9:51:10 AM10/24/09
to


Glen wrote:
> Sell your fucking PC and give us all a rest!
>
>
>

my pc is not infected. I was finished posting on this subject, and Shadow
had to ask a question. Please read the whole thread. This is repetitive.
Interesting however. I did find that some posters on comp.security.firewalls
believe in reinstalling if even one virus appears !


tommy

unread,
Oct 24, 2009, 10:09:44 AM10/24/09
to


Shadow wrote:
> On Fri, 23 Oct 2009 22:40:48 -0500, "tommy"
> <tommyle...@removeyahoo.dropcom> wrote:
>
>> Shadow wrote:
>>> On Fri, 16 Oct 2009 09:42:51 -0500, "tommy"
>>> <tommyle...@removeyahoo.dropcom> wrote:
>>>
>>> Format.
>>> []'s
>>> Is that really 500Mb or a typo ? Or are you referring to ram ?
>>
>> 500 mb ram
>> I have used TRK Trinity Rescue Kit which is similar to what you
>> suggest.
>> Do you know of more like TRK?
> If you are not familiar with linux it is probably the best
> choice. I had a brief look at the home page and it appears to be made
> for these cases. But any live-cd bootable linux dist will do, slax,
> puppy, LFS, even ubuntu.
> If you have a fast connection, you can download f-prot or
> Clamav and the latest databases to most of these (I'm sure you can
> with ubuntu), to scan the harddisk. Not sure what TRK comes with.

TRK includes ClamAV dos. and three others , you have to have the internet
connected to use the others.
I was hoping you were familiar with TRK or some others that have this
capability built in.

>>
>> The kit is going to reinstall. He wants to do it himself. There is a
>> drive D: restore partition activated by hitting F10
> Good. I'd scan that D: drive first. It might be where the
> bad-guy is. Use the "scan all file types" option.

Done [ not too long ago ]

Rick

unread,
Oct 24, 2009, 11:00:27 AM10/24/09
to
"tommy" <tommyle...@removeyahoo.dropcom> wrote in
news:hbv0oh$q4e$1...@news.eternal-september.org:
>
> repetitive. Interesting however. I did find that some posters on
> comp.security.firewalls believe in reinstalling if even one virus
> appears !


They have a point in a way. Their position is that since a lot of
malware downloads and installs other malware packages, combined with the
fact that no anti-virus/malware package finds and cleans ALL malware, you
can never be sure that your computer is truly clean. In effect, since you
cannot prove a negative (that your computer is NOT infected), your only
recourse is to wipe everything clean and reinstall from a known, clean
source.

If you follow that logic just a little further, you run into other
troubling thoughts. Since new malware vectors are being found all the
time, and new malware packages that are not yet detectable are also being
released all the time, you can never _prove_ your PC is not currently
infected by some new package via a new vector. Therefore, the only
logical thing to do is to completely wipe your PC clean and reinstall
everything from a known, clean source every single day. Of course, that
is an equally silly stance.

What it all boils down to is that you need to evaluate the situation and
decide on the apropriate action for that situation. A system that is used
for basic purposes by a home user, which has had a rogueAV installed on
it and is quickly taken off the net before it is brought to you for
cleaning is one thing. A system that handles sensitive information and/or
has multiple infections including various rootkits, policy setting
changes, etc. is another thing entirely. And then there are the available
tools issues. Those who advocate "an immediate wipe and reinstall from
backup image" are completely ignoring the fact that the vast majority of
home users never _have_ a "backup image". Hell, a lot of them don't even
have OS reinstallation disks! They bought low end machines that only have
a "recovery partition" which cannot be trusted on a badly infected
machine. On the other hand, in a corporate or educational environment
where a backup image is often immediately available, it's quicker and
easier to "cure" even a minor infection by wiping and reinstalling.

The bottom line is you need to look at the system, evaluate the
situation and available tools, then make the best cost/benefit analysis
that you can. In some cases, a wipe and reinstall are called for. In
others a thorough cleaning may be called for.

Anyway, that's my 2 cents worth.....

--
Rick Simon rsi...@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

tommy

unread,
Oct 24, 2009, 4:20:41 PM10/24/09
to

IK


0 new messages