OT: windows oneCare Live

Laura Brody laura at hvcomputer.com
Fri Oct 7 10:12:11 PDT 2005 

On Thu, 6 Oct 2005 23:54:13 -0400, Fairlight <fairlite at fairlite.com> wrote:

> On Thu, Oct 06, 2005 at 10:35:28PM -0400, Bob Stockler may or may not have
> proven themselves an utter git by pronouncing:
>>
> Still, careful as we are, even behind a firewall, we managed to get
> infected--a fact I find extremely galling.  If we're doing -everything-
> Office!), and we can still get infected, it's the sign of an insecure OS.
> It's not like we don't patch it immediately every time there's a patch.  We do.  Promptly.  They're fully patched systems, and it stillmanages to get holed.
>
> It's cleanable, but that's not the point.  The point is that itshouldn't have to be cleaned to start with.

	Don't feel bad. Without exception, every single Windows computer
that has been on the internet that I have worked on in the past 2 years
plus -- for any reason (dead power supply, the modem driver got deleted,
it needs more memory, etc. --- has been infected with spyware. Most
dial-up systems have a light infection. The broadband PCs without
a firewall and anti-virus have been hammered by all kinds of infections
to the point where they take 10 minutes or more to simply boot to
the desktop. The average user doesn't have a clue as to how dangerous
things are and what they should do to protect themselves. They think
that everything is ok even though they haven't gotten the patches
 from Microlimp and the copy of Norton Anti-virus expired 2 or 3
years ago....

	One of my customers had a dialer trojan which resulted in a
$400 phone bill. Another is a fraud victem (she is still sorting
things out and learning what happened). It isn't a game of "I can
infect more computers than you can" anymore. The virus and spyware
writers are in it for the money.

	As a result, I have gotten pretty good at cleaning
this crud off. Here is the Reader's Digest version of what
I do....

	Most of the time I add memory to speed up the system
while I work on it. It amazes me how many XP systems have
less than 512MB of ram.

	I have a USB drive with my cleaning programs. They are
Adaware (free), Spy Sweeper (free trial), Anti-Vir (free),
Spyware Doctor (free), Microsoft Anti-spyware Beta (free) and
a few others that I am evaluating. Install those, then reboot
into safe mode. I then run Adaware and Spy Sweeper until
they can't find anything more. Then I run the others. Lather,
rinse, repeat. I also look at what programs will run at
startup (from Spy Sweeper:Shields:Edit Startup is easiest)
then I disable anything that doesn't look legit.

	I also have software tools to remove specific
spyware or viruses. Another power tool in the fight against
spyware is Hijack This. The best place to get these programs
 from is www.majorgeeks.com.

	Once the system is cleaned off, I hook the PC to my
network and download O/S patches from Microlimp.  I get off
the internet, run Disk Clean and Disk Defrag then enable
the firewall on XP or install Zone Alarm on earlier
systems.

	I write up follow up recommendations which usually
include "get more RAM, get Norton or McAfee Anti-Virus and
buy a subscription to Spy Sweeper, then come back in 6 months
for me to check everything again". Lately, I've been
successful at getting customers to buy RAM and Spy Sweeper
 from me (I got a bunch of Spy Sweepers at a discount since
they were older versions that could be upgraded for free).

	We have learned that one anti-virus or anti-spyware
program will NOT clean off a system. You must use several
different programs because they all miss stuff. Some are
better than others, but all of them miss stuff.

	Webroot (makers of Spy Sweeper) says that there are new
"stealth" spyware in the making. They bury in the kernel and
then instruct Windows to lie to you when attempt to find
it or remove it. i.e. do a directory and it will tell Windows
to omit it from the directory list. Nice, huh? The only way
to fight this kind of spyware is to use a bootable CD with
the cleaning programs you need. Bart PE has been mentioned,
and I am taking a look at it now.

-- 
Laura Brody, Publisher of the filePro Developer's Journal
+------------- Hudson Valley Computer Associates, Inc ----------+
| PO Box 859 120 Sixth Street    http://www.hvcomputer.com      |
| Verplanck, NY 10596-0859       Voice mail: (914) 739-5004     |
+------ PC repair locally, filePro programming globally --------+

More information about the Filepro-list mailing list