From: benjammin on
I'm currently running them all in normal mode, and I'll do them in safe
later. Thanks for the help - I'll tell you if they do the job.

"David H. Lipman" wrote:

> From: "cquirke (MVP Windows shell/user)" <cquirkenews(a)nospam.mvps.org>
>
>
> |
> | I've downloaded it and read the HTML, but haven't used it yet - I'm
> | interested in seeing if it can be adapted to more formal use.
> |
> | As it is, AFAIK it starts by downloading stuff (updates etc.) from
> | within normal (infected) Windows, then is to be used from Safe Mode,
> | etc. As Safe Mode doesn't suppress all explicit integrations and will
> | be likely to run intrafile code infectors, I'd really prefer to work
> | "from orbit", e.g. from Bart CDR boot.
> |
> | At the least, I'd like to get updates etc. and prepare the scanners
> | from a clean PC, and then run them from Safe Mode on the infected PC,
> | preferably from read-only storage such as locked USB stick or CDRW.
> |
> | Also, remember to re-apply any HOSTS-mediated static protection, such
> | as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as
> | Dave's procedure appears to leave the existing HOSTS deactivated.
> |
> | I'm working on a scanning wizard for Bart PE CDR boot that will run a
> | sequence of 5 av scanners with a minimum of stop/go interaction, so I
> | was interested in how Dave's worked.
> |
> >> ------------ ----- ---- --- -- - - - -
> | The most accurate diagnostic instrument
> | in medicine is the Retrospectoscope
> >> ------------ ----- ---- --- -- - - - -
>
> Any time you'd like to discuss my tool(s), you have my email address.
>
> While you mention booting from a Bart PE, the included PDF file does provide instructions
> for creating a DOS Boot Disk or DOS Boot Disk with NTFS4DOS for outside the OS scanning.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
From: David H. Lipman on
From: "benjammin" <benjammin(a)discussions.microsoft.com>

| I'm currently running them all in normal mode, and I'll do them in safe
| later. Thanks for the help - I'll tell you if they do the job.
|


I'll be looking for your reply back.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


From: David H. Lipman on
From: "Leythos" <void(a)nowhere.lan>

| In article <drrkr1h7brmelln2ua9cfdb8silbivl8ar(a)4ax.com>,
| cquirkenews(a)nospam.mvps.org says...
>> On Tue, 03 Jan 2006 11:18:58 GMT, Leythos <void(a)nowhere.lan> wrote:
>>> benjammin(a)discussions.microsoft.com says...
>>
>>>> what does Dave Lipman's thing actually do?
>>
>>> David's product works wonders using the manual scan engines from several
>>> different vendors, and it has several fixes he's created to resolve
>>> problems caused by malware that are not fixed by virus removal.
>>
>>> You really need to follow this directions exactly, and if you do, it
>>> will leave you with a clean machine.
>>
>> I've downloaded it and read the HTML, but haven't used it yet - I'm
>> interested in seeing if it can be adapted to more formal use.
>>
>> As it is, AFAIK it starts by downloading stuff (updates etc.) from
>> within normal (infected) Windows, then is to be used from Safe Mode,
>> etc. As Safe Mode doesn't suppress all explicit integrations and will
>> be likely to run intrafile code infectors, I'd really prefer to work
>> "from orbit", e.g. from Bart CDR boot.
>>
>> At the least, I'd like to get updates etc. and prepare the scanners
>> from a clean PC, and then run them from Safe Mode on the infected PC,
>> preferably from read-only storage such as locked USB stick or CDRW.
|
| I did - I loaded it on a clean PC, then did the updates, stopped the
| scans if they started, then burned the entire folder to a CD, copied the
| folder to the infected C drive, made sure that the folder was not read-
| only, ran it without any network connection, clean, easy, works great.
|
>> Also, remember to re-apply any HOSTS-mediated static protection, such
>> as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as
>> Dave's procedure appears to leave the existing HOSTS deactivated.
>>
>> I'm working on a scanning wizard for Bart PE CDR boot that will run a
>> sequence of 5 av scanners with a minimum of stop/go interaction, so I
>> was interested in how Dave's worked.
|
| The only reason it needs to be on a drive is to expand the definitions
| and create the log files - at least it appears that way.
|

It is hard-coded to use; C:\AV-CLS as the base directory ONLY.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


From: benjammin on
I've tried them all in normal mode - no luck. At least one of them found the
exact file but couldn't open it. I'll try them in safe mode - might that
make a difference? I have also tried to manually delete the file myself, but
I can't because it is always 'in use'.

"David H. Lipman" wrote:

> From: "benjammin" <benjammin(a)discussions.microsoft.com>
>
> | These are helpful, but no spyware removal things will remove this, I need
> | something different - what does Dave Lipman's thing actually do? Preferably,
> | I'd just like to run the sfc/scannow, so does anyone know why it might not
> | work?
> |
>
> SFC is the System File Checker and is NOT a program for dealing with malware. It is a tool
> for dealing with OS corruption where a specific EXE or DLL file was accidentdetally replaced
> with an older version file. For example, you install WinXP SP2 and you installed a new
> printer but did not slipstream the installation files and a SP1 DLL replaced a SP2 DLL file.
>
> The SFC can replace the faulty DLL with a SP2 DLL from a cache.
>
> The tool that I suggested spaecifically seeks out Trojans, Viruses and other forms of
> malware and removes them.
>
> I suggest you use my tool and start with the McAfee module.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
From: David H. Lipman on
From: "benjammin" <benjammin(a)discussions.microsoft.com>

| I've tried them all in normal mode - no luck. At least one of them found the
| exact file but couldn't open it. I'll try them in safe mode - might that
| make a difference? I have also tried to manually delete the file myself, but
| I can't because it is always 'in use'.
|

You said..."At least one of them found the exact file but couldn't open it."

Please Copy and Paste the contents of the log of the AV module log file that did find this.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm