(***) is not a valid win32 application...

[Arianna]

I'm about to rip my hair out.

I got a pop up the other day saying something about how Windows
Security Alerts detected some virus. Like an idiot, I clicked "OK"
without thinking. Now, I have a constant pop-up from some supposed
security alert center asking me to buy it. UNlike other rogue
anti-spyware viruses I've had, though, this one won't let me do
ANYTHING.

I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
Systemcare. It won't let me open anything .exe save for Internet
Explorer. I have tried running all of these in Safe Mode. This doesn't
work either. I have surfed the web and found numerous supposed "fixes,"
but once I download them, I can't use them as the error message pops up
once again telling me that it's not a valid Win32 application. I've
tried system restore, and it tells me that system restore was shut off
by the administrator.

Please someone help me. I don't want to have to completely redo
EVERYTHING if I don't have to.

Thanks in advance.


--
Arianna
------------------------------------------------------------------------
Arianna's Profile: http://forums.techarena.in/members/133071.htm
View this thread: http://forums.techarena.in/virus-spyware/1243103.htm

http://forums.techarena.in

[tommy]

Arianna wrote:
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed
> "fixes," but once I download them, I can't use them as the error
> message pops up once again telling me that it's not a valid Win32
> application. I've tried system restore, and it tells me that system
> restore was shut off by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.

[ you may have to rename mbam.exe in Safemode to something else if its being
blocked. Change to myzap.exe for example ]
also post in alt.comp.anti-virus for more tips

--
Tommy

[Todd H.]

Arianna <Arianna.3y5fnb@DoNotSpam.com> writes:

> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed "fixes,"
> but once I download them, I can't use them as the error message pops up
> once again telling me that it's not a valid Win32 application. I've
> tried system restore, and it tells me that system restore was shut off
> by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.


Hate to be the bearer of bad news, but your machine is well beyond the
threshold of "you should redo EVERYTHING."

There is a certain liberty in being that screwed. Even if you could
get any cleanup tools to run to allow you to do something with the
machine, at best you'd have a machine that _might_ be stable, and that
you definitely shouldn't trust.

Get your data off the disk (booting into a bootable rescue cd of some
flavor), reinstall Windows from original optical media and include a
reallocation of the disk (delete the partition, recreate the
partition) and reformatting.


--
Todd H.
http://www.toddh.net/

[geoar75@gmail.com]

On Sep 7, 5:52*pm, Arianna <Arianna.3y5...@DoNotSpam.com> wrote:
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed "fixes,"
> but once I download them, I can't use them as the error message pops up
> once again telling me that it's not a valid Win32 application. I've
> tried system restore, and it tells me that system restore was shut off
> by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.
>
> --
> Arianna
> ------------------------------------------------------------------------
> Arianna's Profile:http://forums.techarena.in/members/133071.htm
> View this thread:http://forums.techarena.in/virus-spyware/1243103.htm
>
> http://forums.techarena.in

Arianna,

Although I agree with Todd, I'd give ComboFix a try, before anything
else.
You can download it from http://www.combofix.org. Don't worry,
ComboFix is not spyware or anything. I have personally tried it and it
saved me a lot of time.

Good luck!

Giorgos

--

NetPros Community
http://netpros.freeforums.org

[Lacromone Escavantes]

Arianna <Arianna.3y5fnb@DoNotSpam.com> wrote in
news:Arianna.3y5fnb@DoNotSpam.com:

>
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed
"fixes,"
> but once I download them, I can't use them as the error message pops
up
> once again telling me that it's not a valid Win32 application. I've
> tried system restore, and it tells me that system restore was shut off
> by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.
>
>

The solution to your problem can be found here:

http://technet.microsoft.com/en-us/l.../cc512587.aspx

L

[tommy]

Arianna wrote:
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed
> "fixes," but once I download them, I can't use them as the error
> message pops up once again telling me that it's not a valid Win32
> application. I've tried system restore, and it tells me that system
> restore was shut off by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.

some good information here
http://www.elephantboycomputers.com/...iruses_Malware

note: when I have problems like yours, I use safe mode, where I use Task
Manager to kill as many virus processes as possible until I can run
Malwarebytes. You have to kind of know a fair bit about which processes are
suspect. Usually ones that have a lot of nonsense consonants are suspect for
one thing.

[Ansgar -59cobalt- Wiechers]

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> some good information here
> http://www.elephantboycomputers.com/...iruses_Malware

The usual nonsense. *sigh*

http://technet.microsoft.com/en-us/l.../cc512587.aspx

Please understand that, no matter how much skill you think you have, you
still can't be certain that you got rid of all malware if you don't have
a known-good baseline to compare against.

Besides, CCleaner a powerful tool? Don't make me laugh. The tool doesn't
check even half of the locations from where Windows automatically starts
stuff.

> note: when I have problems like yours, I use safe mode, where I use
> Task Manager to kill as many virus processes as possible until I can
> run Malwarebytes. You have to kind of know a fair bit about which
> processes are suspect. Usually ones that have a lot of nonsense
> consonants are suspect for one thing.

.... whereas processes with names like "service.exe", "explore.exe",
"exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly harmless
and nothing to worry about ...

*doublesigh*

Names. Don't. Mean. Anything. At all. When will people begin to
understand this simple fact?

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

[Leythos]

In article <h8hrdn$ln0$1@news.eternal-september.org>, tommylee9_2000
@removeyahoo.dropcom says...
> note: when I have problems like yours, I use safe mode, where I use Task
> Manager to kill as many virus processes as possible until I can run
> Malwarebytes. You have to kind of know a fair bit about which processes are
> suspect. Usually ones that have a lot of nonsense consonants are suspect for
> one thing.
>

In the last month I've run into 4 computers that were infected in a
manner that would not let me run ANY known anti-malware tools and that I
could not find the malware either.

I removed the drive and checked it from another computer with working
anti-malware tools and little was detected, replace it in the machine,
it was still infected with the same anti-malware tool blocking malware.

I tried all of the tools suggested here and some not commonly suggested,
even if I could get them to install the would not run or updates.

I fell back to my standard, wiped the drive and reinstalled from scratch
in a clean environment.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

[tommy]

Ansgar -59cobalt- Wiechers wrote:
> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>> some good information here
>> http://www.elephantboycomputers.com/...iruses_Malware
>
> The usual nonsense. *sigh*
>
> http://technet.microsoft.com/en-us/l.../cc512587.aspx
>
> Please understand that, no matter how much skill you think you have,
> you still can't be certain that you got rid of all malware if you
> don't have a known-good baseline to compare against.
>
> Besides, CCleaner a powerful tool? Don't make me laugh. The tool
> doesn't check even half of the locations from where Windows
> automatically starts stuff.
>
>> note: when I have problems like yours, I use safe mode, where I use
>> Task Manager to kill as many virus processes as possible until I can
>> run Malwarebytes. You have to kind of know a fair bit about which
>> processes are suspect. Usually ones that have a lot of nonsense
>> consonants are suspect for one thing.
>
> ... whereas processes with names like "service.exe", "explore.exe",
> "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly
> harmless and nothing to worry about ...
>
> *doublesigh*
>
> Names. Don't. Mean. Anything. At all. When will people begin to
> understand this simple fact?
>
> cu
> 59cobalt

I should have included a link that would help identify suspect processes.
Here's one, there are many many more:
http://www.answersthatwork.com/Taskl...s/tasklist.htm

"No generalization is worth a damn, including this one"

Mark Twain

[tommy]

Leythos wrote:
> In article <h8hrdn$ln0$1@news.eternal-september.org>, tommylee9_2000
> @removeyahoo.dropcom says...
>> note: when I have problems like yours, I use safe mode, where I use
>> Task Manager to kill as many virus processes as possible until I can
>> run Malwarebytes. You have to kind of know a fair bit about which
>> processes are suspect. Usually ones that have a lot of nonsense
>> consonants are suspect for one thing.
>>
>
> In the last month I've run into 4 computers that were infected in a
> manner that would not let me run ANY known anti-malware tools and
> that I could not find the malware either.
>
> I removed the drive and checked it from another computer with working
> anti-malware tools and little was detected, replace it in the machine,
> it was still infected with the same anti-malware tool blocking
> malware.
>
> I tried all of the tools suggested here and some not commonly
> suggested,
> even if I could get them to install the would not run or updates.
>
> I fell back to my standard, wiped the drive and reinstalled from
> scratch
> in a clean environment.

yes, some cases call for reinstallation .
Here's a link for that: http://windowsreinstall.com/

It does sound like her case might need it. She should seek a qualified tech
in her area.

[Ansgar -59cobalt- Wiechers]

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>>> some good information here
>>> http://www.elephantboycomputers.com/...iruses_Malware
>>
>> The usual nonsense. *sigh*
>>
>> http://technet.microsoft.com/en-us/l.../cc512587.aspx
>>
>> Please understand that, no matter how much skill you think you have,
>> you still can't be certain that you got rid of all malware if you
>> don't have a known-good baseline to compare against.
>>
>> Besides, CCleaner a powerful tool? Don't make me laugh. The tool
>> doesn't check even half of the locations from where Windows
>> automatically starts stuff.
>>
>>> note: when I have problems like yours, I use safe mode, where I use
>>> Task Manager to kill as many virus processes as possible until I can
>>> run Malwarebytes. You have to kind of know a fair bit about which
>>> processes are suspect. Usually ones that have a lot of nonsense
>>> consonants are suspect for one thing.
>>
>> ... whereas processes with names like "service.exe", "explore.exe",
>> "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly
>> harmless and nothing to worry about ...
>>
>> *doublesigh*
>>
>> Names. Don't. Mean. Anything. At all. When will people begin to
>> understand this simple fact?
>
> I should have included a link that would help identify suspect
> processes. Here's one, there are many many more:
> http://www.answersthatwork.com/Taskl...s/tasklist.htm

*sigh*

Here's a little exercise for you:

1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
2. Rename it to exp1orer.exe (notice how it's written with "one" instead
of "ell").
3. Run it.

Now answer yourself some questions:

Did renaming notepad to exp1orer somehow magically turn notepad into
explorer? If not, why would you think a program's name meant anything in
the first place?

How do you identify the location of the program binary if you're using
taskmgr.exe? The Windows Task Manager does not show the paths of
executables in any Winddows version up to at least XP. And if you can't
identify the location, what makes you think you could distinguish
malware from a legit system binary?

How exactly is malware running with admin privileges prevented from
infecting/altering system binaries?


And since you seem to like quotes, I do have two of my own for you:

"Names. Don't. Mean. Anything. At all."
--me

"Please understand that, no matter how much skill you think you have,
you still can't be certain that you got rid of all malware if you don't
have a known-good baseline to compare against."
--me as well

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

[Ansgar -59cobalt- Wiechers]

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> yes, some cases call for reinstallation .
> Here's a link for that: http://windowsreinstall.com/
>
> It does sound like her case might need it. She should seek a qualified
> tech in her area.

Any qualified technician will suggest to flatten and rebuild the box,
because he's aware of the fact that he can't guarantee that he'd get rid
of all malware otherwise.

http://technet.microsoft.com/en-us/l.../cc512587.aspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

[Todd H.]

"tommy" <tommylee9_2000@removeyahoo.dropcom> writes:

> Leythos wrote:
>> In article <h8hrdn$ln0$1@news.eternal-september.org>, tommylee9_2000
>> @removeyahoo.dropcom says...
>>> note: when I have problems like yours, I use safe mode, where I use
>>> Task Manager to kill as many virus processes as possible until I can
>>> run Malwarebytes. You have to kind of know a fair bit about which
>>> processes are suspect. Usually ones that have a lot of nonsense
>>> consonants are suspect for one thing.
>>>
>>
>> In the last month I've run into 4 computers that were infected in a
>> manner that would not let me run ANY known anti-malware tools and
>> that I could not find the malware either.
>>
>> I removed the drive and checked it from another computer with working
>> anti-malware tools and little was detected, replace it in the machine,
>> it was still infected with the same anti-malware tool blocking
>> malware.
>>
>> I tried all of the tools suggested here and some not commonly
>> suggested,
>> even if I could get them to install the would not run or updates.
>>
>> I fell back to my standard, wiped the drive and reinstalled from
>> scratch
>> in a clean environment.
>
> yes, some cases call for reinstallation .
> Here's a link for that: http://windowsreinstall.com/
>
> It does sound like her case might need it. She should seek a qualified tech
> in her area.

I disagree. All cases where you've got confirmed malware on the
system call for reinstallation from original media.

You can run cleanup routines. It might actually find things, it might
even remove those things. Then again, it very well might not. Hiding
from AV is not that hard.

The time investment is a barrier, sure, but what it comes down to is:
Do you feel lucky?


--
Todd H.
http://www.toddh.net/

[tommy]

Ansgar -59cobalt- Wiechers wrote:
> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>> Ansgar -59cobalt- Wiechers wrote:
>>> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>>>> some good information here
>>>> http://www.elephantboycomputers.com/...iruses_Malware
>>>
>>> The usual nonsense. *sigh*
>>>
>>> http://technet.microsoft.com/en-us/l.../cc512587.aspx
>>>
>>> Please understand that, no matter how much skill you think you have,
>>> you still can't be certain that you got rid of all malware if you
>>> don't have a known-good baseline to compare against.
>>>
>>> Besides, CCleaner a powerful tool? Don't make me laugh. The tool
>>> doesn't check even half of the locations from where Windows
>>> automatically starts stuff.
>>>
>>>> note: when I have problems like yours, I use safe mode, where I use
>>>> Task Manager to kill as many virus processes as possible until I
>>>> can run Malwarebytes. You have to kind of know a fair bit about
>>>> which processes are suspect. Usually ones that have a lot of
>>>> nonsense consonants are suspect for one thing.
>>>
>>> ... whereas processes with names like "service.exe", "explore.exe",
>>> "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly
>>> harmless and nothing to worry about ...
>>>
>>> *doublesigh*
>>>
>>> Names. Don't. Mean. Anything. At all. When will people begin to
>>> understand this simple fact?
>>
>> I should have included a link that would help identify suspect
>> processes. Here's one, there are many many more:
>> http://www.answersthatwork.com/Taskl...s/tasklist.htm
>
> *sigh*
>
> Here's a little exercise for you:
>
> 1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
> 2. Rename it to exp1orer.exe (notice how it's written with "one"
> instead of "ell").
> 3. Run it.
>
> Now answer yourself some questions:
>
> Did renaming notepad to exp1orer somehow magically turn notepad into
> explorer? If not, why would you think a program's name meant anything
> in the first place?
>
> How do you identify the location of the program binary if you're using
> taskmgr.exe? The Windows Task Manager does not show the paths of
> executables in any Winddows version up to at least XP. And if you
> can't identify the location, what makes you think you could
> distinguish malware from a legit system binary?
>
> How exactly is malware running with admin privileges prevented from
> infecting/altering system binaries?
>
>
> And since you seem to like quotes, I do have two of my own for you:
>
> "Names. Don't. Mean. Anything. At all."
> --me
>
> "Please understand that, no matter how much skill you think you have,
> you still can't be certain that you got rid of all malware if you
> don't have a known-good baseline to compare against."
> --me as well
>
> cu
> 59cobalt

Read this : MBAM will not install or run(Fix) Maybe it will explain what I
am talking about. You have some preconceived notions about such Malwarebytes
"nonsense" : http://tinyurl.com/qdqlcl

[Ansgar -59cobalt- Wiechers]

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>>> I should have included a link that would help identify suspect
>>> processes. Here's one, there are many many more:
>>> http://www.answersthatwork.com/Taskl...s/tasklist.htm
>>
>> *sigh*
>>
>> Here's a little exercise for you:
>>
>> 1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
>> 2. Rename it to exp1orer.exe (notice how it's written with "one"
>> instead of "ell").
>> 3. Run it.
>>
>> Now answer yourself some questions:
>>
>> Did renaming notepad to exp1orer somehow magically turn notepad into
>> explorer? If not, why would you think a program's name meant anything
>> in the first place?
>>
>> How do you identify the location of the program binary if you're using
>> taskmgr.exe? The Windows Task Manager does not show the paths of
>> executables in any Winddows version up to at least XP. And if you
>> can't identify the location, what makes you think you could
>> distinguish malware from a legit system binary?
>>
>> How exactly is malware running with admin privileges prevented from
>> infecting/altering system binaries?
>
> Read this : MBAM will not install or run(Fix) Maybe it will explain
> what I am talking about. You have some preconceived notions about such
> Malwarebytes "nonsense" : http://tinyurl.com/qdqlcl

Thank you for making perfectly clear that you didn't understand a single
word of what I wrote.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

[Skywise]

Ansgar -59cobalt- Wiechers <usenet-2009@planetcobalt.net> wrote in
news:h8j6mm$33j$1@news.eternal-september.org:

> How do you identify the location of the program binary if you're using
> taskmgr.exe? The Windows Task Manager does not show the paths of
> executables in any Winddows version up to at least XP.

Just wanted to mention that System Info does show paths. This for
both Win2k and XP.

System Info > Software Environment > Running Tasks

Although, if it can be spoofed then it's still useless.

Brian
--
http://www.skywise711.com - Lasers, Seismology, Astronomy, Skepticism
Seismic FAQ: http://www.skywise711.com/SeismicFAQ/SeismicFAQ.html
Quake "predictions": http://www.skywise711.com/quakes/EQDB/index.html
Sed quis custodiet ipsos Custodes?

[cnicholls@tstate.com]

Ok, I’m new here, I ran across this thread on Google trying to fix my
father-laws pc.

You guys keep arguing about weather to fix it or not.
That up to you i guess, however i dont feel like reinstalling someone’s
junk pc!

Its probable that this is too late to help you but for the other
larkers’ this may help you.

Here is what i did.

1. on a good pc i downloaded malware bytes
2. Renamed mbam.exe to mbam.com
3. click and install
4. browse to install dir, c:\program files\malware bytes....
5. Rename mbam.exe to mbam.com then dbl click run scan '
6. remove all found issues (mine found 546!!!)
7. rename mbam.com back to mbam.exe
8. reboot.
9. install whatever else pleases you and clean away


Good luck!


--
cnicholls@tstate.com
------------------------------------------------------------------------
cnicholls@tstate.com's Profile: http://forums.techarena.in/members/146379.htm
View this thread: http://forums.techarena.in/virus-spyware/1243103.htm

http://forums.techarena.in

[Ansgar -59cobalt- Wiechers]

cnicholls@tstate.com <cnichollststate.com.40czjb@donotspam.com> wrote:
> Ok, I'm new here, I ran across this thread on Google trying to fix my
> father-laws pc.
>
> You guys keep arguing about weather to fix it or not.
> That up to you i guess, however i dont feel like reinstalling
> someone's junk pc!

Then perhaps you should leave it to someone who does.

> Its probable that this is too late to help you but for the other
> larkers? this may help you.

No it doesn't. Because once a system got compromised you can never be
sure that you found and removed all malware (unless you have a known-
good baseline to compare against).

http://technet.microsoft.com/en-us/l.../cc512587.aspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

[cnicholls@tstate.com]

Its techs like you that give others a bad name....

Ohhh got a virus? got an issue? no problem i will just erase everything
and start over.... any idiot can reinstall windows!

I dont charge anything, so my goal is to help people out if i can, as
long as it doesnt take too long.

If i can make an unusable pc work again without causing the user to
loose all the data they didnt remember to backup, my job is done.

You are right, I "cant know for sure" if malware is still there. If i
dont know its there and the pc is working normally and the owner is
happy, then does grandma really give a crap as long as she can send
email and browse the web?

So when a single mom, or whoever says hey, i get these nasty popups and
my internet is so slow can you fix it? i say sure, pop in a usb drive
full of tools and in a hour or so of playing around, the popups are gone
and everything else operates as normal. She didnt have to try to tell me
where all her files are, I didnt have to save all the emails that are
important for her, i didnt need her to bring me all the windows, office,
and other cds to put back on...

Sure reinstalling a pc may be nothing to assure your piece of mind.

But to sally public, the last thing they want to hear is sorry. I hope
you had your crap backed up
All they want to here is, here you go its just fixed...
that’s a big deal to real person....


--
cnicholls@tstate.com
------------------------------------------------------------------------
cnicholls@tstate.com's Profile: http://forums.techarena.in/members/146379.htm
View this thread: http://forums.techarena.in/virus-spyware/1243103.htm

http://forums.techarena.in

[Ansgar -59cobalt- Wiechers]

cnicholls@tstate.com <cnichollststate.com.40danb@donotspam.com> wrote:
> Its techs like you that give others a bad name....

I can live with giving people like you a bad name.

> Ohhh got a virus? got an issue? no problem i will just erase
> everything and start over.... any idiot can reinstall windows!

Yet, so very few are capable of doing it right ...

> I dont charge anything, so my goal is to help people out if i can, as
> long as it doesnt take too long.

That's probably the difference between the two of us. If I take on a job
(regardless of whether I do or don't charge anything for it), I'm doing
it right, no matter how long it takes.

> If i can make an unusable pc work again without causing the user to
> loose all the data they didnt remember to backup, my job is done.

Yeah, what do you care about the box still being abused as a spam-bot or
something, because you overlooked a piece of malware. Not your problem,
right?

Besides, someone who actually knows what he's doing (i.e. someone who is
not you) would do a backup of the user's data before proceeding to the
reinstall.

> You are right, I "cant know for sure" if malware is still there. If i
> dont know its there and the pc is working normally and the owner is
> happy, then does grandma really give a crap as long as she can send
> email and browse the web?

The people being targeted by attacks utilizing that still-compromised
box probably will. But hey, not your problem, right?

> So when a single mom, or whoever says hey, i get these nasty popups
> and my internet is so slow can you fix it? i say sure, pop in a usb
> drive full of tools and in a hour or so of playing around, the popups
> are gone and everything else operates as normal.

Yeah. Who cares that the box is still sending spam. Or hosting phishing
sites. Or child porn. Not you, apparently.

> She didnt have to try to tell me where all her files are, I didnt have
> to save all the emails that are important for her, i didnt need her to
> bring me all the windows, office, and other cds to put back on...

Yeah. How very convenient for you. After all, why should you care about
all the other people on the internet being targeted by attacks
originating from the box you "cleaned"? Not your problem, right?

> Sure reinstalling a pc may be nothing to assure your piece of mind.
>
> But to sally public, the last thing they want to hear is sorry. I hope
> you had your crap backed up
> All they want to here is, here you go its just fixed...

Guess what: what they want to hear ain't always what they need.

Besides, I'm always amazed at how people like you - who don't even
manage to reply to the posting they're obviously responding to - would
claim to be capable of cleaning an infected machine.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich