From: Robin Bignall on 7 Dec 2009 11:08 On Wed, 25 Nov 2009 19:09:56 -0500, "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: >From: "Robin Bignall" <docrobin(a)ntlworld.com> > >< snip > > >| Thanks. I should say two other things: >| I ran MRT.EXE /f:y this afternoon. Zero problems reported. >| On reboot, sometimes all of these 'infection' messages are simply not >| there. Then, on another reboot, they're back again, sometimes a few, >| sometimes screens full. Normally I hibernate overnight and only >| reboot when something, like critical updates, forces me to. > >| (alt.privacy.spyware added because this is being discussed there, >| too.) >| -- >| Robin >| (BrE) >| Herts, England > > >It is definitly a security tool set to delete the file index.dat at system Reboot and >before the Winlogon process. > >However, at this time none of my peers have pinpointed exactly what security tool is >generating the process. > >However at this point I can/will say "don't worry". We know have done numerous anti >malware scans and the system can be deemed clean so don't get frazzled over this. > >I will keep researching this and hopefully we will find what security tool is generating >the display you have seen. Just another word on this, for it's still happening. I created a text file on c: containing the word "infection" only. I then used Windows 'search within files' to check all files -- including hidden and system -- on the system disk. I found seven instances of 'infection' in various places, mostly text or pdf files, including the made-up one, but none relating in any way to the system, the virus checker or any malware. I find it baffling to know what is generating this message, and how. -- Robin (BrE) Herts, England
From: David H. Lipman on 7 Dec 2009 16:08 From: "Robin Bignall" <docrobin(a)ntlworld.com> | Just another word on this, for it's still happening. I created a text | file on c: containing the word "infection" only. I then used Windows | 'search within files' to check all files -- including hidden and | system -- on the system disk. I found seven instances of 'infection' | in various places, mostly text or pdf files, including the made-up | one, but none relating in any way to the system, the virus checker or | any malware. I find it baffling to know what is generating this | message, and how. | -- | Robin | (BrE) | Herts, England To date, NOTHING has been pin-pointed yet as the source :-( -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Beauregard T. Shagnasty on 8 Dec 2009 17:12 In alt.privacy.spyware, Robin Bignall wrote: > PCButts emailed me to make the sensible suggestion of checking > the runonce registry entries. What? Buttface is now emailing direct to posters? How cheeky is that!! Must be a new way to get around having others respond to warn about his stolen software... -- -bts -Friends don't let friends drive Windows
From: David H. Lipman on 8 Dec 2009 17:48 From: "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> | In alt.privacy.spyware, Robin Bignall wrote: >> PCButts emailed me to make the sensible suggestion of checking >> the runonce registry entries. | What? | Buttface is now emailing direct to posters? How cheeky is that!! Must | be a new way to get around having others respond to warn about his | stolen software... And it is even really a "sensible" suggestion as the RunOnce key is just that, it runs only once then the contents of that Registry key is removed. Therefore if it did run, by the time the person examined it, it would be an empty key. Plus RunOnce is interpreted AFTER the Winlogon process. Robin's problem occurs before the Winlogon process. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Leythos on 8 Dec 2009 18:04
In article <l7hth5ph28bh1a2visno3g6rlcdih8qfgu(a)4ax.com>, docrobin(a)ntlworld.com says... > PCButts emailed me to make the sensible suggestion of checking > the runonce registry entries. They're empty. The weird thing is > where the message is coming from, since no executable on my system > disk contains the string "infection". You should ALWAYS check the reputation and online history of a person before taking their advice - there are many people that would give you bad advice that could damage your system. In the case of PCBUTTS, I don't know of anyone that would consider trusting him. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address) |