OT: windows oneCare Live

Rod Caddy rcaddy at pro-set.com
Fri Oct 7 15:09:58 PDT 2005 

Laura Brody wrote:
> On Thu, 6 Oct 2005 23:54:13 -0400, Fairlight <fairlite at fairlite.com> wrote:
> 
>> On Thu, Oct 06, 2005 at 10:35:28PM -0400, Bob Stockler may or may not 
>> have
>> proven themselves an utter git by pronouncing:
>>
>>>
>> Still, careful as we are, even behind a firewall, we managed to get
>> infected--a fact I find extremely galling.  If we're doing -everything-
>> Office!), and we can still get infected, it's the sign of an insecure OS.
>> It's not like we don't patch it immediately every time there's a 
>> patch.  We do.  Promptly.  They're fully patched systems, and it 
>> stillmanages to get holed.
>>
>> It's cleanable, but that's not the point.  The point is that 
>> itshouldn't have to be cleaned to start with.
> 
> 
>     Don't feel bad. Without exception, every single Windows computer
> that has been on the internet that I have worked on in the past 2 years
> plus -- for any reason (dead power supply, the modem driver got deleted,
> it needs more memory, etc. --- has been infected with spyware. Most
> dial-up systems have a light infection. The broadband PCs without
> a firewall and anti-virus have been hammered by all kinds of infections
> to the point where they take 10 minutes or more to simply boot to
> the desktop. The average user doesn't have a clue as to how dangerous
> things are and what they should do to protect themselves. They think
> that everything is ok even though they haven't gotten the patches
> from Microlimp and the copy of Norton Anti-virus expired 2 or 3
> years ago....
> 
>     One of my customers had a dialer trojan which resulted in a
> $400 phone bill. Another is a fraud victem (she is still sorting
> things out and learning what happened). It isn't a game of "I can
> infect more computers than you can" anymore. The virus and spyware
> writers are in it for the money.
> 
>     As a result, I have gotten pretty good at cleaning
> this crud off. Here is the Reader's Digest version of what
> I do....
> 
>     Most of the time I add memory to speed up the system
> while I work on it. It amazes me how many XP systems have
> less than 512MB of ram.
> 
>     I have a USB drive with my cleaning programs. They are
> Adaware (free), Spy Sweeper (free trial), Anti-Vir (free),
> Spyware Doctor (free), Microsoft Anti-spyware Beta (free) and
> a few others that I am evaluating. Install those, then reboot
> into safe mode. I then run Adaware and Spy Sweeper until
> they can't find anything more. Then I run the others. Lather,
> rinse, repeat. I also look at what programs will run at
> startup (from Spy Sweeper:Shields:Edit Startup is easiest)
> then I disable anything that doesn't look legit.
> 
>     I also have software tools to remove specific
> spyware or viruses. Another power tool in the fight against
> spyware is Hijack This. The best place to get these programs
> from is www.majorgeeks.com.
> 
>     Once the system is cleaned off, I hook the PC to my
> network and download O/S patches from Microlimp.  I get off
> the internet, run Disk Clean and Disk Defrag then enable
> the firewall on XP or install Zone Alarm on earlier
> systems.
> 
>     I write up follow up recommendations which usually
> include "get more RAM, get Norton or McAfee Anti-Virus and
> buy a subscription to Spy Sweeper, then come back in 6 months
> for me to check everything again". Lately, I've been
> successful at getting customers to buy RAM and Spy Sweeper
> from me (I got a bunch of Spy Sweepers at a discount since
> they were older versions that could be upgraded for free).
> 
>     We have learned that one anti-virus or anti-spyware
> program will NOT clean off a system. You must use several
> different programs because they all miss stuff. Some are
> better than others, but all of them miss stuff.
> 
>     Webroot (makers of Spy Sweeper) says that there are new
> "stealth" spyware in the making. They bury in the kernel and
> then instruct Windows to lie to you when attempt to find
> it or remove it. i.e. do a directory and it will tell Windows
> to omit it from the directory list. Nice, huh? The only way
> to fight this kind of spyware is to use a bootable CD with
> the cleaning programs you need. Bart PE has been mentioned,
> and I am taking a look at it now.
> 
I have the same regiment as you only a few different programs. 
Additional programs I use are Spybot S&D (donation-ware), SpywareGuard 
and SpywareBlaster (donation-ware), Ad-Aware SE, AVG Anti-Virus Pro (we 
resell it at $39 for a 2 year license, with the firewall $59) & Zone 
Alarm.  We have run into spyware that will disable spyware removal tools 
but make you think it is doing its job.  It has become standard 
procedure to scan in the safe mode.  When all else fails we use Hijack 
This.  Bart PE works pretty well and many times we will use the Ultimate 
Boot Disk because they make it pretty easy for us to add our own 
utilities.  My 2 cents.


-- 
Rod Caddy
Pro-Set Systems
rcaddy at pro-set.com

More information about the Filepro-list mailing list