Computer Attacked

[Ext User(Bill in Co)]

Flasherly wrote:
> On Jul 7, 9:34 pm, "Bill in Co" <surly_curmudg...@earthlink.net>
> wrote:
>>
>> I'd rather keep it all on the same partition, and just image or restore
>> the
>> whole enchilada - which still only takes me about 15 minutes. Why keep
>> data on a separate partition? That means there's two things to backup
>> (and or restore). (The only "data" I keep on separate partitions is
>> audio
>> and video, since it is so large; not really any personal stuff.)

I should have added that I pretty regularly make image backups (of the whole
enchilada). I can see the point that if you don't, you might have a point
in keeping them on separate partitions.

> Not really. And where are you guys getting off on 20 minutes ... I
> start getting hot under the collar when a C: restore imaging routine
> takes longer than 2 minutes!

I'm restoring about 25 GB in that time. Are you? (I doubt it :-)

> Keeping data on [the singular instance] separate partition(s):
> Nooo...not really. Most CVV, Common Variety Vomit, perpetuating
> itself over the Internet occurs at the C: OS level. Programs most of
> all directly associated with the Internet are integral within the OS
> laying, by means, ipso facto, therein and thereby prima facie to
> permit Internet access;-- Although, to including anything, regardless
> where it's physically located, whether attempting to "Call Home,"
> within better reason, may be FireWalled with Extreme Prejudice.

<snip>

> What a separate DATA partition does however involve, is manually
> having to keep in sync Binary Data program revisions, updates and
> omissions, in-program changes to settings and functions linked to the
> OS, or anything generally not already logged and incorporated into the
> OS images and any subsequent layering of compounded, redundant
> iterations over further OS images.

Another reason I like the whole enchilada approach (providing you do it
regularly). :-)

[Ext User(glee)]

"Loren Pechtel" <lorenpechtel@hotmail.com> wrote in message
news:8p7kv7lne86bf2u4jeehsnoatqrjs4p5dk@4ax.com...
> On Sat, 7 Jul 2012 18:45:08 -0400, "glee" <glee29@spamindspring.com>
> wrote:
>
>>finds. Reboot if prompted, then run a full scan with your anti-virus.
>>I would run a scan from a bootable rescue disc like Kaspersky Rescue
>>CD
>>from outside Windows, as a last step, if it were here.
>
> How would he burn it?

On the library computer he is posting from, at friend's computer, even
ask someone in an Internet cafe to do a favor and burn it. There's
always a way, unless you're too busy looking for ways to fail.
--
Glen Ventura
MS MVP Oct. 2002 - Sept. 2009
CompTIA A+

[Ext User(RJK)]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:Iv-dnWyYbIhPpmXSnZ2dnUVZ_gKdnZ2d@giganews.com...
> From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>
>
>> In message <cJydnYxriqJis2XSnZ2dnUVZ_r-dnZ2d@giganews.com>, David H.
>> Lipman <DLipman~nospam~@Verizon.Net> writes:
>> []
>>> LOL - YOU will be the object of Identity Theft. Prevention is better
>>> then cure and restoring an image or reinstalling the OS is reactive and
>>> not proactive and leaves you vulnerable to data and monetary theft where
>>> restoring an image or reinstalling the OS will NOT help.
>>>
>> Nor does the above post.
>
> ???
>
>
>
> --
> Dave
> Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
> http://www.pctipp.ch/downloads/dl/35905.asp

After casting my eye through this thread, and earlier in it, I was wondering
if the OP had a FULL version of AVG with real-time scanner running, or just
the free AV scanner, which I thought does not include the TSR real-time
scanner ?

....anyhoo http://www.prevx.com/blog/163/Ransom...n-the-MBR.html is
interesting,

regards, Richard

[Ext User((PeteCresswell))]

Per Bill in Co:
>Why keep
>data on a separate partition?

Another reason: to minimize the size of the System partition.

Smaller partition, faster images/restores.
--
Pete Cresswell

[Ext User((PeteCresswell))]

Per Flasherly:
>And where are you guys getting off on 20 minutes ... I
>start getting hot under the collar when a C: restore imaging routine
>takes longer than 2 minutes!

I was trying tb conservative.

But 2 minutes? That's really impressive.

Takes me 2 minutes just to fish out the restore CD and boot from
it.
--
Pete Cresswell

[Ext User(Bill in Co)]

(PeteCresswell) wrote:
> Per Bill in Co:
>> Why keep
>> data on a separate partition?
>
> Another reason: to minimize the size of the System partition.
>
> Smaller partition, faster images/restores.
> --
> Pete Cresswell

Yes, I know. :-) But for me, backing up everything together has worked
well, as I don't have to keep tracl of *separate* backups. But I do it
pretty often.

I should mention one exception - I do keep a separate (and even more up to
date copy) of my OE email on another partition just in case. I even have a
desktop icon dedicated to just that purpose. :-)

[Ext User(glee)]

"RJK" <nosuch@hotmail.com> wrote in message
news:4ffbe904$0$3860$882e7ee2@usenet-news.net...
> snip
> After casting my eye through this thread, and earlier in it, I was
> wondering if the OP had a FULL version of AVG with real-time scanner
> running, or just the free AV scanner, which I thought does not include
> the TSR real-time scanner ?

AVG's free AV has always included a real-time resident scanner.

> ...anyhoo
> http://www.prevx.com/blog/163/Ransom...n-the-MBR.html is
> interesting,

Thanks for the link.
--
Glen Ventura
MS MVP Oct. 2002 - Sept. 2009
CompTIA A+

[Ext User(Loren Pechtel)]

On Mon, 09 Jul 2012 13:23:13 -0400, Paul <nospam@needed.com> wrote:

>Loren Pechtel wrote:
>> On Sat, 7 Jul 2012 18:45:08 -0400, "glee" <glee29@spamindspring.com>
>> wrote:
>>
>>> finds. Reboot if prompted, then run a full scan with your anti-virus.
>>> I would run a scan from a bootable rescue disc like Kaspersky Rescue CD
>>>from outside Windows, as a last step, if it were here.
>>
>> How would he burn it?
>
>At the library.
>
>The staff at the library are very helpful.
>
> Paul

Libraries are set up to let you burn? I didn't realize you had that
much control of the system.

[Ext User()]

On Tuesday, July 10, 2012 7:14:04 PM UTC-4, Loren Pechtel wrote:
> On Mon, 09 Jul 2012 13:23:13 -0400, Paul <nospam@needed.com> wrote:
>
>
>
> >Loren Pechtel wrote:
>
> >> On Sat, 7 Jul 2012 18:45:08 -0400, "glee" <glee29@spamindspring.com>
>
> >> wrote:
>
> >>
>
> >>> finds. Reboot if prompted, then run a full scan with your anti-virus..
>
> >>> I would run a scan from a bootable rescue disc like Kaspersky Rescue CD
>
> >>>from outside Windows, as a last step, if it were here.
>
> >>
>
> >> How would he burn it?
>
> >
>
> >At the library.
>
> >
>
> >The staff at the library are very helpful.
>
> >
>
> > Paul
>
>
>
> Libraries are set up to let you burn? I didn't realize you had that
>
> much control of the system.

Not at the NYPL. You can't even create a text file or copy and paste anything at my neighborhood library because useful functions like this have been disabled. I was lucky to figure out how to download anything to a flash drive.

Anyway, I tired Emisoft only to find that when running in safe mode my PC'sscreen resolution changes making it impossible to to see the entire graphical user interface of the app so I could click the correct buttons.

I manged to run AVG and Malwarebytes Anti-Malware again. and the problem was corrected. (I can't really say what actually worked though).

Now yesterday my PC was attacked by "Live Security Platinum" which also tried to extort money from me. I booted into safe mode and ran Malwarebytes Anti-Malware and AVG twice and it appeared to correct the problem.

But this week a lot of pages I've opened have underlined/highlighted text that are actually pop-up ads.(Which is a pain if you move your cursor arounda lot). I'm not sure if it is still something devious on my system or if everyone decided at the same time kill the already crappy internet experience by putting commercial ads in everything at every page you go to.

Thanks.

Darren Harris
Staten Island, New York.

[Ext User(Paul)]

On 08/12/2012 10:24 PM, Searcher7@mail.con2.com wrote:
> On Tuesday, July 10, 2012 7:14:04 PM UTC-4, Loren Pechtel wrote:

>> Libraries are set up to let you burn? I didn't realize you had that
>>
>> much control of the system.
>
> Not at the NYPL. You can't even create a text file or copy and paste anything
> at my neighborhood library because useful functions like this have been disabled.
> I was lucky to figure out how to download anything to a flash drive.
>
> Anyway, I tired Emisoft only to find that when running in safe mode my PC's
> screen resolution changes making it impossible to to see the entire graphical
> user interface of the app so I could click the correct buttons.
>
> I manged to run AVG and Malwarebytes Anti-Malware again. and the problem was
> corrected. (I can't really say what actually worked though).
>
> Now yesterday my PC was attacked by "Live Security Platinum" which also tried
> to extort money from me. I booted into safe mode and ran Malwarebytes Anti-Malware
> and AVG twice and it appeared to correct the problem.
>
> But this week a lot of pages I've opened have underlined/highlighted text that
> are actually pop-up ads.(Which is a pain if you move your cursor around a lot).
> I'm not sure if it is still something devious on my system or if everyone decided
> at the same time kill the already crappy internet experience by putting commercial
> ads in everything at every page you go to.
>
> Thanks.
>
> Darren Harris
> Staten Island, New York.
>

I'd check for "Add-Ons" in the browser first. In case that's how they're underlining
things. You've probably been hijacked... somehow.

It's also possible to do stuff like that, by meddling with the DNS (so people end
up on your server, rather than going to their originally intended web site). It's possible
to inject adverts, and you can make a lot of money doing that.

In terms of anti-malware software, you need fresh definition files for them
to continue to help you. So just because you have a copy of MBAM, it still
needs to be maintained. Either you need to get a fresh copy of MBAM, before
using it the next time, or, find out how to get just the definitions file
to keep the thing up to date. (When I use the Kaspersky scanner CD, that
connects to Kaspersky and downloads megabytes of update files. So that's
one way they can do it.) Which is great, as long as your networking is
still operational.

Paul

[Ext User(Flasherly)]

On Jul 10, 9:54 am, "(PeteCresswell)" <x...@y.Invalid> wrote:
> Per Flasherly:
>
> >And where are you guys getting off on 20 minutes ... I
> >start getting hot under the collar when a C: restore imaging routine
> >takes longer than 2 minutes!
>
> I was trying tb conservative.
>
> But 2 minutes? That's really impressive.
>
> Takes me 2 minutes just to fish out the restore CD and boot from
> it.

If the DVD/CD's in: 1) 15-2-m/sec, 2) a quad-channel, Class 10 USB
flash stick for 30m/sec, 3) HD<>HD 50m/sec when excellent rates
between disparate physical drives or same-platter partitions.

The restoration image is 6-800meg if only C:\Windows and there's a
little selectivity about programs that take themselves and their
residuals somewhere else. After doing it for years, life, I guess,
becomes more bitchy when it's less impressive than redundant and taken
for granted, i.e., never owned a SSDrive, so somebody else can do the
damn math for factoring seconds on that.

[Ext User((PeteCresswell))]

Per Flasherly:
>If the DVD/CD's in: 1) 15-2-m/sec, 2) a quad-channel, Class 10 USB
>flash stick for 30m/sec, 3) HD<>HD 50m/sec when excellent rates
>between disparate physical drives or same-platter partitions.

As one who re-images as soon as I even *think* the system might
be getting goofy, I've got to get this working for myself.

Is the bottom line that you have a really-fast USB stick set up
to boot the restore environment - plus a faster-than-usual DVD
drive?
--
Pete Cresswell

[Ext User(Flasherly)]

On Aug 13, 9:44 am, "(PeteCresswell)" <x...@y.Invalid> wrote:
> Per Flasherly:
>
> >If the DVD/CD's in: 1) 15-2-m/sec, 2) a quad-channel, Class 10 USB
> >flash stick for 30m/sec, 3) HD<>HD 50m/sec when excellent rates
> >between disparate physical drives or same-platter partitions.
>
> As one who re-images as soon as I even *think* the system might
> be getting goofy, I've got to get this working for myself.
>
> Is the bottom line that you have a really-fast USB stick set up
> to boot the restore environment - plus a faster-than-usual DVD
> drive?
> --
> Pete Cresswell

When building, a bit of both -- what's needed for whatever the BIOS
supports, utilities of course on a DVD already set up for that that,
partitioning, file and boot manager -- added odds and ends later or
located elsewhere for polishing it off with a fast, quad-channel flash
drive.

Actual imaging is then limited to FAT32, although I haven't much need
for other than one smaller NTFS partition for tokens when running into
odd instances of greater than 4G files, exceeding FAT32 technological
capacity.

At least two, three images are good, consecutively dated back in
directories accompanied with a brief text file for each image to
explain to yourself changes, notably program installs and any OS
adjustments made since or between the prior imagine. Pretty much all
on a rotational scheme. I've a 6G partition for holding imagines, 4G
for the prime OS, and a subprime DOS, hardly nothing in size, to boot
to when rewriting the prime. I also defragment the imaging drive from
the inner- to outer-drive by placing images into the inner-track
portion (UltraDefrag is the only one I'm aware that will accomplish
that).

Indulgence, then, is a big benefit. Let those new programs sit
awhile, if there's in the least a question, to stew in good practice
before incorporating them into the backup structures. Though rare,
there have been a couple of instances of programs placed into the last
image I decided subsequently against, and removed by going back to
prior images of three available. As well, as you mention, a regular
regime to imaging upon a hint of instability upon internet-borne
compromises. Plenty of those where I've needed images to get my ass
out of a crack in the nick of time.

Laziness will add some toll over the long run -- the hardware support
drivers, other overlooked orphans that aren't properly removed as time
and equipment marches on and imaging overhead slowly increase their
size.

I suspect I got into this imagining stuff back around Windows 98, when
given a complimantary copy of Ghost for DOS with a 600Mhz slotted AMD
Athlon, included with Biostar MB purchase. Biostars break, but other
than watching for transfer rate issues over newer chipped MBs, the
Ghost revisions keep on ticking between. System cleaning and driver
removal utility tools have since advanced and are much more
sophisticated, but I haven't really learned them well enough to
compliment imagining or to comment and personally recommend
namesakes. I like Comodo as one, my regular firewall for constant
usage, although some do speak highly of its installation monitor and
removal tool, the same company since has released.

[Ext User(Searcher7)]

On Aug 12, 11:23*pm, Paul <nos...@needed.com> wrote:
> On 08/12/2012 10:24 PM, Search...@mail.con2.com wrote:
>
>
>
>
>
>
>
>
>
> > On Tuesday, July 10, 2012 7:14:04 PM UTC-4, Loren Pechtel wrote:
> >> Libraries are set up to let you burn? *I didn't realize you had that
>
> >> much control of the system.
>
> > Not at the NYPL. You can't even create a text file or copy and paste anything
> > at my neighborhood library because useful functions like this have beendisabled.
> > I was lucky to figure out how to download anything to a flash drive.
>
> > Anyway, I tired Emisoft only to find that when running in safe mode my PC's
> > screen resolution changes making it impossible to to see the entire graphical
> > user interface of the app so I could click the correct buttons.
>
> > I manged to run AVG and Malwarebytes Anti-Malware again. and the problem was
> > corrected. (I can't really say what actually worked though).
>
> > Now yesterday my PC was attacked by "Live Security Platinum" which alsotried
> > to extort money from me. I booted into safe mode and ran Malwarebytes Anti-Malware
> > and AVG twice and it appeared to correct the problem.
>
> > But this week a lot of pages I've opened have underlined/highlighted text that
> > are actually pop-up ads.(Which is a pain if you move your cursor arounda lot).
> > I'm not sure if it is still something devious on my system or if everyone decided
> > at the same time kill the already crappy internet experience by puttingcommercial
> > ads in everything at every page you go to.
>
> > Thanks.
>
> > Darren Harris
> > Staten Island, New York.
>
> I'd check for "Add-Ons" in the browser first. In case that's how they're underlining
> things. You've probably been hijacked... somehow.
>
> It's also possible to do stuff like that, by meddling with the DNS (so people end
> up on your server, rather than going to their originally intended web site). It's possible
> to inject adverts, and you can make a lot of money doing that.
>
> In terms of anti-malware software, you need fresh definition files for them
> to continue to help you. So just because you have a copy of MBAM, it still
> needs to be maintained. Either you need to get a fresh copy of MBAM, before
> using it the next time, or, find out how to get just the definitions file
> to keep the thing up to date. (When I use the Kaspersky scanner CD, that
> connects to Kaspersky and downloads megabytes of update files. So that's
> one way they can do it.) Which is great, as long as your networking is
> still operational.
>
> * * Paul

How do you check for "Add-ons" in the browser?

Thanks.

Darren Harris
Staten Island, New York.

[Ext User(Paul)]

Searcher7 wrote:

>
> How do you check for "Add-ons" in the browser?
>
> Thanks.
>
> Darren Harris
> Staten Island, New York.

In Firefox, Tools:Add-Ons brings up a dialog.

Click the Extensions tab, to see things that have been
added already. For example, I have "Old Location Bar"
running at the moment. That's an Add-on that changes
the URL bar, back to "classical" behavior.

The Plugins button, is for things added to help
Firefox interpret content. For example, there is
an Adobe Acrobat plugin which has the ability to
open a PDF and display the results in the browser
window. I've set mine, to not do that. You can
also go to the URL bar and enter "about:plugins"
to get the same information.

When you start Firefox, there are also two entries
in the program menu.

Firefox
Firefox (Safe Mode)

As far as I know, running in Safe Mode, disables the
added stuff. And trying that, is sometimes used as a
test case (to see whether "added crap" is doing it).
It's possible Internet Explorer has capabilities
like this as well (start with the add-ons all disabled).

Paul

[Ext User(geoff)]

There is also 'about:config' in FireFox. When I had the good fortune of
getting the 'Babylon search' malware, I could not get it out of FF. The FF
config page was riddled with 'BS' entries. I either deleted them or set
them back to their defaults.

[Ext User(Searcher7)]

On Aug 25, 2:49*pm, Paul <nos...@needed.com> wrote:
> Searcher7wrote:
>
> > How do you check for "Add-ons" in the browser?
>
> > Thanks.
>
> > Darren Harris
> > Staten Island, New York.
>
> In Firefox, Tools:Add-Ons brings up a dialog.
>
> Click the Extensions tab, to see things that have been
> added already. For example, I have "Old Location Bar"
> running at the moment. That's an Add-on that changes
> the URL bar, back to "classical" behavior.
>
> The Plugins button, is for things added to help
> Firefox interpret content. For example, there is
> an Adobe Acrobat plugin which has the ability to
> open a PDF and display the results in the browser
> window. I've set mine, to not do that. You can
> also go to the URL bar and enter "about:plugins"
> to get the same information.
>
> When you start Firefox, there are also two entries
> in the program menu.
>
> * * Firefox
> * * Firefox (Safe Mode)
>
> As far as I know, running in Safe Mode, disables the
> added stuff. And trying that, is sometimes used as a
> test case (to see whether "added crap" is doing it).
> It's possible Internet Explorer has capabilities
> like this as well (start with the add-ons all disabled).
>
> * * Paul

Thanks.

Unfortunately that didn't work, even though I removed everything
there.

Malwarebytes Anti-Malware has expired, but it didn't seem to correct
much anyway.

In fact, now I'm getting a lot of re-directs when I attempt to go to a
specific page or even click on a link brought up during a search.

So it looks like it's time to re-install XP..

Thanks.

Darren Harris
Staten Island, New York.