Antivirus 2008/2009

Discussion in 'Virus Information' started by Gregg Hill, Aug 24, 2008.

  1. Gregg Hill

    John Guest

    Thanks for taking the time to post an update.

     
    John, Aug 26, 2008
    #21
    1. Advertisements

  2. Gregg Hill

    Gregg Hill Guest

    The last system I saw had been hit by Antivirus 2008 and was a pain to
    clean. It even ran in Safe Mode, actively combating my efforts to kill its
    processes.

    I thought this type of thing was not supposed to run in Safe Mode. Go
    figure.

    Gregg Hill
     
    Gregg Hill, Aug 26, 2008
    #22
    1. Advertisements

  3. Gregg Hill

    John Guest

    There's a lot of malware that runs in safe mode these days. Vundo/Virtumundo
    is one of them. I normally clean the infection first (if I have time). It
    doesn't matter if the infection is partially or 100% removed, I'll always
    follow it up with a nuke (format) a few days/weeks later. I feel safer
    starting from scratch (format and reinstall OS).

    Why bother cleaning it first? Well, that's just me. I like a challenge :)
     
    John, Aug 26, 2008
    #23
  4. From: "John" <a>

    | There's a lot of malware that runs in safe mode these days. Vundo/Virtumundo
    | is one of them. I normally clean the infection first (if I have time). It
    | doesn't matter if the infection is partially or 100% removed, I'll always
    | follow it up with a nuke (format) a few days/weeks later. I feel safer
    | starting from scratch (format and reinstall OS).

    | Why bother cleaning it first? Well, that's just me. I like a challenge :)

    Take it to the next level...

    Install OS, update it, install Apps., apply settings and then image the PC using
    Norton/Symantec Ghost, Acronis True Image, etc.
     
    David H. Lipman, Aug 26, 2008
    #24
  5. Gregg Hill

    John Guest

    Yeah, that would be a better solution. Unfortunately I don't have disk
    cloning/imaging software (don't have money to spend either). I only use OS,
    AV + a couple of instant messaging software. That's it. It's very easy to
    reinstall the whole system. I admit restoring an image is a lot quicker.
     
    John, Aug 26, 2008
    #25
  6. If you have a Maxtor/Seagate drive, you can use MaxBlast
    for free. Not as granular as the pay version, but whole disk
    imaging works.
     
    FromTheRafters, Aug 27, 2008
    #26
  7. I have removed this on a number of Systems already - If you know when the
    system became infected - Use System Restore and go back to a day or two
    before XP AV 09 installed itself. On a workstation - the only thing you
    might lose are a couple of MS updates to reinstall - Takes about 15 min total.
     
    Advanced Networking, Aug 27, 2008
    #27
  8. I allow only the truth dissenting or not. If you post something that is a
    flat out lie it will not get posted.


    --
    Cyberstalking is a crime. If you had one as bad as I did simply ignoring
    them is not an option.




    If that was 100% unbiased, you'd allow dissenting opinion, such as
    from me (John Eddy, former newsgroup administrator at MS), or even
    give me the chance to reply to your ridiculous claims about my time at
    Microsoft and your supposed influence on them.
     
    The Real Truth MVP, Aug 28, 2008
    #28
  9. Gregg Hill

    Gregg Hill Guest

    Please start your own thread entitled "Urinary Distance Testing" or
    something similar. This newsgroup is no place for this sort of banter.

    Gregg Hill
     
    Gregg Hill, Aug 28, 2008
    #29
  10. What the hell are you telling me for I didn't start it. You started the
    thread and continued it by replying to the trolls, who always start it up
    with me, and believing their lies. You asked a question, I gave you an
    answer that works for free. You choose not to use it and that's fine but you
    didn't have to start posting smart remarks about me continuing the flamewar.
     
    The Real Truth MVP, Aug 28, 2008
    #30
  11. Yeah, but for really really sticky malware - you can't beat
    a nice fresh disk image.
     
    FromTheRafters, Aug 28, 2008
    #31
  12. From: "FromTheRafters" <>

    | Yeah, but for really really sticky malware - you can't beat
    | a nice fresh disk image.


    Right and some malware disable or corrupt the System Restore Service (srservice) which
    makes the System Restore functionality less realiable when dealing with those kinds of
    malware infections.
     
    David H. Lipman, Aug 28, 2008
    #32
  13. Gregg Hill

    Gregg Hill Guest

    I started a thread asking about Antivirus 2009. Others brought to my
    attention that I may want to "be aware" of some things about you,
    specifically that you are not an MVP as you claim. I found in Google
    searches evidence from Microsoft employees indicating that you are not an
    MVP. You and the others have turned it into a pissing contest of your own.

    You stated in one post, "Anyone with any common sense would know that if
    everything they say were true I would not be here." I find the opposite is
    quite often true, with the real "trolls" (I love the name calling to which
    you resort) being the one jumping up and down saying that everyone is
    against you for no good reason. That is not always true, but sometimes it is
    true. If a room full of **respected people** are questioning your integrity,
    it is prudent on my part to QUESTION it as well, but not necessarily blindly
    believe "their lies" as you call them. Yes, I decided to question your
    integrity for myself, and I judge you by what I have read about you ***and
    what I have read IN YOUR OWN WORDS.*** The majority is not always right, but
    I have read enough from you in Google searches to know that I would never
    have any dealings with you, whether or not your product is any good. One
    person and a lot of smoke might indicate a disgruntled person, but I usually
    find that a whole bunch of people and a lot of smoke quite often indicates a
    fire, and that is something I choose to avoid.

    If the dissenting opinions were from a bunch of low-lifes, I would not pay
    attention. However, the majority of what I have read is from people who
    really are respected by their peers. You claim that you "allow only the
    truth dissenting or not." Without the appearance of ***any*** apparent
    dissention, I question your view of the "truth" you proclaim and censor.

    As I said, the newsgroup is not the place for it.

    You may have the rest of this newsgroup to yourself. I refuse to further
    dignify this downhill thread.

    Gregg Hill
     
    Gregg Hill, Aug 28, 2008
    #33
  14. Gregg Hill

    John Eddy Guest

    The truth is that no one in my management chain ever heard from you
    and that no one ever talked to me about you within Microsoft.

    I did not 'get in trouble for being bias and too selective'(sic).

    And yet, when I attempt to correct you on your 'unbiased' blog, I've
    never actually seen the comment go through.

    So, does that mean I'm lying?
     
    John Eddy, Aug 28, 2008
    #34
  15. You are mistaking MVP's with MS employees, they are not. So you can't even
    understand what you are reading.
     
    The Real Truth MVP, Aug 29, 2008
    #35
  16. What part of "My real name is not pcbutts1 or Christopher Butts" don't you
    understand? When I deal with MS I go straight to upper management and
    directors not phone support. My company spends a lot of money with them so I
    am allowed that courtesy.

    --
    Cyberstalking is a crime. If you had one as bad as I did simply ignoring
    them is not an option.




    The truth is that no one in my management chain ever heard from you
    and that no one ever talked to me about you within Microsoft.

    I did not 'get in trouble for being bias and too selective'(sic).

    And yet, when I attempt to correct you on your 'unbiased' blog, I've
    never actually seen the comment go through.

    So, does that mean I'm lying?
     
    The Real Truth MVP, Aug 29, 2008
    #36
  17. Gregg Hill

    ---Fitz--- Guest

    I think he understands perfectly what he's reading.
     
    ---Fitz---, Aug 29, 2008
    #37
  18. Gregg Hill

    ---Fitz--- Guest

    Right. This from the guy who said he owns the NASA website.
     
    ---Fitz---, Aug 29, 2008
    #38
  19. From: "---Fitz---" <>

    | Right. This from the guy who said he owns the NASA website.


    Dillusions of grandeur by the LMIT contracted employee to the NASA JPL Help Desk {low tier
    at that !}

    Here is Butts on TDY and using Google from Lockheed...

    08/29/08 06:30:14 IP block 192.91.171.36
    Trying 192.91.171.36 at ARIN
    Trying 192.91.171 at ARIN

    OrgName: Lockheed Martin Corporation
    OrgID: LHMC
    Address: 1401 Del Norte
    City: Denver
    StateProv: CO
    PostalCode: 80221
    Country: US

    NetRange: 192.91.146.0 - 192.91.175.255
    CIDR: 192.91.146.0/23, 192.91.148.0/22, 192.91.152.0/21, 192.91.160.0/20
    NetName: LORAL-WDL
    NetHandle: NET-192-91-146-0-1
    Parent: NET-192-0-0-0-0
    NetType: Direct Assignment
    NameServer: NS1.LMCO.COM
    NameServer: NS2.LMCO.COM
    NameServer: NS3.LMCO.COM

    ------------------
    Path:
    nwrddc02.gnilink.net!cyclone2.gnilink.net!cyclone1.gnilink.net!gnilink.net!
    news.glorb.com!postnews.google.com!u72g2000cwu.googlegroups.com!not-for-mail
    From:
    Newsgroups: alt.privacy.spyware
    Subject: Re: HTJ Log analysis?
    Date: 7 Jun 2006 14:18:05 -0700
    Organization: http://groups.google.com
    Lines: 23
    Message-ID: <>
    References: <>
    <>
    <>
    <f%Bhg.40199$>
    <>
    <>
    <YpEhg.4156$>
    NNTP-Posting-Host: 192.91.171.36
    Mime-Version: 1.0
    Content-Type: text/plain; charset="iso-8859-1"
    X-Trace: posting.google.com 1149715091 18723 127.0.0.1 (7 Jun 2006
    21:18:11 GMT)
    X-Complaints-To:
    NNTP-Posting-Date: Wed, 7 Jun 2006 21:18:11 +0000 (UTC)
    In-Reply-To: <YpEhg.4156$>
    User-Agent: G2/0.2
    X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
    SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
    Complaints-To:
    Injection-Info: u72g2000cwu.googlegroups.com; posting-host=192.91.171.36;
    posting-account=PU1q9Q0AAAALKzqYMrb_eulfbBVkgT4C
    X-Received-Date: Wed, 07 Jun 2006 17:18:08 EDT (nwrddc02.gnilink.net)

    Yea you wish it was don't you? I'm traveling at the moment, Going to
    Ohio to track down my stalker Leythos. My account is fine sorry to
    disappoint you.

    ------------------

    Here is Butts violating his contract and posting from his NASA JPL workstation...

    From: "Aquafina" <>
    References: <>
    <>
    <>
    <xr2hf.2681$>
    <#> <>
    <> <>
    Subject: Re: WinFixer 2005
    Date: Wed, 23 Nov 2005 13:57:06 -0800
    Lines: 31
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
    X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
    X-RFC2646: Format=Flowed; Original
    Message-ID: <#>
    Newsgroups: microsoft.public.security.virus
    NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
    Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
    Xref: TK2MSFTNGP08.phx.gbl microsoft.public.security.virus:71036

    You are making an As* out of yourself again David. You don't know what you
    are talking about. Why don't you send an email to and see
    how far it goes. I know max will and a few MVP's trying to strut their
    stuff. Go ahead make another attempt at tying to shut me down, I dare you.
     
    David H. Lipman, Aug 29, 2008
    #39
  20. Gregg Hill

    John Eddy Guest

    And where did I say what your name is?

    I never received any complaint from *any* customer while I was the
    Microsoft Newsgroups Administrator. I never 'got in trouble' for my
    work managing those Newsgroups.

    I could care less who you claim to have called. I am telling you, and
    everyone, that as far as I am aware, it's a 100% lie and your
    suggesting that I got in trouble for my work performance borders on
    libel.
     
    John Eddy, Aug 29, 2008
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.