[clue-tech] Firefox hijacked

michael irons michael at beckonsmeby.com
Mon Nov 24 18:44:34 MST 2008 

Well, even though it is off topic, I feel it is a duty to tell you how I
removed the virus, as I have removed AV2009 from several computers.


There may be a better way now, check the AV sites for info on how to remove,
I haven't removed one in a month or so.

AV 2009 downloads many viruses that work in coordination and I have yet to
find a AV program that removes it well, although using a few different free
AV scanners will get a bulk of the work done for you, you will still have to
manually remove some entries. AV 2009 works by downloading several
downloaders that continually download new versions of itself and other
viruses, and make it almost impossible to stay ahead.

1) Disconnect from the internet, so it cannot download anymore viruses.
2) Kill from the Task manager any odd programs (av2009.exe,
dsafasf8924892fsaf.exe, etc) google if unsure.
3) Run AVs to get rid of bulk of viruses for you.
4) Boot in safe mode and remove any obviously misplaced registry settings
from the registry (regedit Hkey_Current_User->
Software->Microsoft->Windows->CurrentVersion->Run/RunOnce) Again google if
unsure, you can REALLY mess things up if not careful. The bad keys are
usually named a random text/numeral string.
5) Remove any programs that do not belong from all windows startup folders.

You may have to repeat this several times before you get everything. I
usually did as it tried to hide things. Be careful, the viruses like to lay
dormat for a day before "poping up again if you do not get them all, and if
you connect to the internet, you have to start all over.


... Then delete the entire OS and install something saner as this should
have convinced you. It took me 3 hours per PC usually, if I did it right the
first time.


Mike






On Mon, Nov 24, 2008 at 6:00 PM, David L. Willson <DLWillson at thegeek.nu>wrote:

> Bruce:  I'm sorry for the off-topic post and I won't do it again.  That
> said, I'm not a (or the) Windows user.  The Windows user is my customer.  I
> felt that the problem sufficiently involved Free software to justify the
> post.  I wish there were a more broadly scoped technical list.  Ah well.
>  Anyway, sorry.
>
> ----- Original Message -----
> From: "Bruce Ediger" <eballen1 at qwest.net>
> To: "CLUE tech" <clue-tech at cluedenver.org>
> Sent: Monday, November 24, 2008 1:39:53 PM GMT -07:00 US/Canada Mountain
> Subject: Re: [clue-tech] Firefox hijacked
>
> I'm not really scolding anyone,  I'm just remarking about how weird Windows
> discussions seem.  I've always (well, since 1988) had a Unix or NeXT or
> NetBSD
> or Linux box on the old kitchen table.  Until 2003, I managed to not even
> have
> a Windows box on my desk at work.  Until 2006, I never even developed under
> Windows, I just used it as a vehicle for PuTTY.
>
> On Mon, 24 Nov 2008, someone wrote:
>
> > Just my 2 cents - when I come across a windows system like this, several
> > things will also happen.  ...
>
> Are we not men?  Why are we discussing the VAST technical shortcomings of
> Windows on a linux *technical* list?
>
> It just goes to show you how magnificently lousy Windows is when the
> baroque
> malfunctions are so esoteric that Windows users come to *linux* forums for
> help.
>
> Now that I've done a little Windows development, I'm not surprised at how
> weak
> the help in Windows forums is.  People imagine themselves Mighty Software
> Engineers, when all they do is about 10 or 15 lengthy sequences of
> shortcuts,
> and they know how to get Visual Studio .NET to do drop-down method
> selection.
> They run on supersition and faulty logic.
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://www.cluedenver.org/mailman/listinfo/clue-tech
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://www.cluedenver.org/mailman/listinfo/clue-tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue-tech/attachments/20081124/8da8164f/attachment.html

More information about the clue-tech mailing list