[clue-tech] Firefox hijacked

foo7775 at comcast.net foo7775 at comcast.net
Tue Nov 25 06:56:45 MST 2008 

 -------------- Original message ----------------------
(Good info on AV 2009 snipped)
 
> 1) Disconnect from the internet, so it cannot download anymore viruses.
> 2) Kill from the Task manager any odd programs (av2009.exe,
> dsafasf8924892fsaf.exe, etc) google if unsure.
> 3) Run AVs to get rid of bulk of viruses for you.
> 4) Boot in safe mode and remove any obviously misplaced registry settings
> from the registry (regedit Hkey_Current_User->
> Software->Microsoft->Windows->CurrentVersion->Run/RunOnce) Again google if
> unsure, you can REALLY mess things up if not careful. The bad keys are
> usually named a random text/numeral string.

Just on the off-chance that there's someone who's not aware of this - if you're uncertain whether or not a change will break some program, it's possible to save the existing configuration by selecting the key on the right side of the regedit window & then selecting 'Registry' -> 'Export Registry File' from the menu bar - just remember what path & name you saved it to.

If some change *does* booger up an app, dbl-clicking on the .reg file that was created in the process above will restore the registry key as it was when it was saved.

(Adding this more for the benefit of "someone who might find this via a web search" rather than any members of this list, since I'm guessing that this is probably pretty well-known among us...)


> 5) Remove any programs that do not belong from all windows startup folders.
> 
> You may have to repeat this several times before you get everything. I
> usually did as it tried to hide things. Be careful, the viruses like to lay
> dormant for a day before "popping up again if you do not get them all, and if
> you connect to the internet, you have to start all over.
> 
> 
> ... Then delete the entire OS and install something saner as this should
> have convinced you. It took me 3 hours per PC usually, if I did it right the
> first time.
 
 Yeah, after thinking about it, I'm wishing that I would've suggested that to begin with.  I do think that the FF plug-ins suggestion was worthwhile though...  ;)

-------------- next part --------------
An embedded message was scrubbed...
From: "michael irons" <michael at beckonsmeby.com>
Subject: Re: [clue-tech] Firefox hijacked
Date: Tue, 25 Nov 2008 01:44:43 +0000
Size: 9943
Url: http://cluedenver.org/pipermail/clue-tech/attachments/20081125/e28c6aac/attachment.mht

More information about the clue-tech mailing list