Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: S.M.A.R.T. HDD Program: Who Are These Jokers ?

03 Apr 2012   #21
FliGi7

XP / Win7 x64 Pro
 
 

Quote   Quote: Originally Posted by bbearren View Post
Quote   Quote: Originally Posted by FliGi7 View Post
As an aside, if malware appears to persistently return, even though you've removed all traces of it on the system, you need to consider that it may have copied itself to the MBR and is restoring itself upon boot. The only way to get rid of that is to re-write the MBR or do a full format (which will obviously re-write the MBR then).
I recall one persistently nasty one that would replicate itself from two innocent-looking text files over the course of 4 reboots of the PC. It's been a few years and I can't remember the name of the variant, but the two text files (once found) proved to be its Achilles heel.
It also involved a bunch of registry work, too.
Sure, there are lots of tricks like that to employ that most people are not aware of. As terrible as some of those things are, you just sometimes have to appreciate the ingenuity and cleverness of them. Often these tricks are only discovered by forensic examination of the system offline to perform analysis of the temporal locality of the malware files being executed.


My System SpecsSystem Spec
.
03 Apr 2012   #22
profdlp

Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
 
 

Thought I'd throw this out there, since it helped me:

My housemate went through a round of these kinds of extortion programs. Every few weeks she was coming up with another one. It got to the point that I was starting to lose confidence in MSE, though I'm using MSE myself and have had no problems. (We are both also using Malwarebytes.)

I got a deep discount offer on SUPERAntiSpyware which included two licenses and stuck one of them on her computer. It turned out to be the only one which caught and automatically cleaned the suckers right off the bat. There is a free version as well.
My System SpecsSystem Spec
03 Apr 2012   #23
FliGi7

XP / Win7 x64 Pro
 
 

Neither MSE nor any good AV can protect against persistent ignorance toward computer security, but the good point to take home here is layers of security. It's pretty much a necessity anymore.
My System SpecsSystem Spec
.

03 Apr 2012   #24
DeaconFrost

Windows 7 Ultimate x64 SP1
 
 

No software catches 100% of all threats either, so that's another reason to layer your protection. Many people on these boards, myself included, feel perfectly comfortable with MSE as the active scanner, and Malwarebytes as the passive scanner.
My System SpecsSystem Spec
03 Apr 2012   #25
profdlp

Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
 
 

Quote   Quote: Originally Posted by FliGi7 View Post
Neither MSE nor any good AV can protect against persistent ignorance toward computer security, but the good point to take home here is layers of security. It's pretty much a necessity anymore.
Quote   Quote: Originally Posted by DeaconFrost View Post
No software catches 100% of all threats either, so that's another reason to layer your protection. Many people on these boards, myself included, feel perfectly comfortable with MSE as the active scanner, and Malwarebytes as the passive scanner.
Absolutely agree.

The reason I posted was that I was somewhat surprised that SUPER was the one that performed best in this case. I know these rogue malware items are certainly prevalent enough these days to have caught the attention of MSE and Malwarebytes.
My System SpecsSystem Spec
03 Apr 2012   #26
bbearren

7 Ultimate x64/7 Home Premium x64
 
 

Quote   Quote: Originally Posted by DeaconFrost View Post
It's been a while since I've had to do a parallel OS install, but it usually leaves the system in a temporary state. At least that's how it used to be. A parallel install would always allow the person in to backup their data, but then they'd be doing a clean install afterwards. Doing so also wouldn't get to any boot viruses that remain and would only reinfect the new install.
Not in my experience. A parallel installation of Windows is Windows in every way, shape and form; as stable as any new installation. I didn't use a parallel installation to backup anything - whatever is in the primary installation is suspect, even in (and sometimes specifically in) the user personal folders.
The parallel installation allows complete and thorough use of any AV/AM software available for Windows, unfettered by the infection which lies dormant in the infected Windows installation which does not get booted.
Once the system is cleaned, there is no need for a clean install; it's already clean.

Quote   Quote: Originally Posted by DeaconFrost View Post
I understand your point about doing what's easiest and best for people on the forums...and that's why I am recommending the drive pull. You don't need a dock to do so. For example, given your post. If you were to head over to a friend or relative's house for the media...you could just bring your drive and pop it in their case. Anyone who would be a "go to person" for cleaning malware would be equipped for this. Most mom and pop shops would clean the virus in this method for a very small fee as well. Aside from being easier, it guarantees a clean drive...as the drive isn't running or boot any OSes.
Quote   Quote: Originally Posted by bbearren View Post
innocent-looking text files over the course of 4 reboots of the PC.
Not to sound like I am hounding on the same point...but those kinds of malware are easily removed when the drive is connected to another system. That was the point I was trying to make from the beginning. Instead of poking around with a system and trying different scans and apps...I go right to the solution.
I didn't use a parallel installation on that one. At the time, those two text files were undocumented and were in user data folders, the particular variant was not yet in anyone's virus definition files, and the removal was guided in part by various web postings of suspect registry entries from AV sites.
I removed the infection manually 3 times; it didn't show in any AV/AM tools. I tracked down the two files after the first re-infection and watched the infection propogate through several reboots. Part of its tenacity was in its ability to establish itself through filenames that were in large part randomly generated. But those two text files were the seeds, and their names were always the same.
My System SpecsSystem Spec
04 Apr 2012   #27
DeaconFrost

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by bbearren View Post
The parallel installation allows complete and thorough use of any AV/AM software available for Windows, unfettered by the infection which lies dormant in the infected Windows installation which does not get booted.
Exactly why pulling the drive is just as effective, but far easier and faster. The more you try to give claims to backing up your point, the more you seem to be confirming mine. I'm the I.T. Director for my company. I don't have time to do parallel installs to clean malware. In the time it would take for the parallel install to be completed...I'm already putting the system back on a users desk, cleaned and ready to be used. I'm not doubting both methods are effective. My point is that one is much easier and takes far less time.
Quote   Quote: Originally Posted by bbearren View Post
Once the system is cleaned, there is no need for a clean install; it's already clean.
Time being the segway, a parallel install may need drivers re-installed, Windows Updates applied, etc. When you pull the drive, none of this needs to be done. You simply run a scan, clean the infections, and put the drive back in to the system. As mentioned above, I don't like throwing titles around or anything superfluous....but when I am presented with two methods, both equally effective, but one is far and away faster and easier....I'm going that route every time.
My System SpecsSystem Spec
04 Apr 2012   #28
bbearren

7 Ultimate x64/7 Home Premium x64
 
 

I mean no disrespect; I know that you have been a big help to hundreds if not thousands of people right here on Windows Seven Forums. But let's get back to the forums, shall we?

Not many who post here have an I.T. department at their disposal, else why would they be posting here in the first place? Not a lot have a second computer at their disposal, unless it's a laptop, or the computer they upgraded from that is now "out in the shed". And even if they have a second computer, they may not have any idea of how to get the drive out of the first computer and install it in the second computer. Not a lot have drive docks; most folks who see the need for and usefulness of drive docks are usually fairly computer literate in the first place.

I'm not denying that pulling the drive may be easier and faster for someone who knows how and has the necessary facilities readily at hand, but it is not necessarily easier and seldom faster for an OP who doesn't even know how to open the case. Even fewer know how to pull the drive out of a laptop. However, nearly all of them know how to install software, update Windows, and download files from the internet.

A parallel installation may or may not need drivers re-installed. If the monitor, mouse, keyboard and NIC work, that's all that is really necessary; there's no need to re-install or upgrade any drivers. The matter of time is up to the OP; I'm willing to devote as much time as is necessary to help him/her get out of their difficulties.

For the example I linked to, the OP on that forum was a youngish grandfather, not a lot of disposable income available, who happened to still have the original 30GB HDD that he had upgraded from on his one computer, (and his computer was old enough that he had bought it back in the day when OEM's still included installation media in the box). He had some of his personal data backed up, but a lot that he didn't really want to lose was not.

In his case, two "Malware Experts", one with nearly 70,000 posts on that forum and the other with over 80,000 posts, had told him that his only recourse was a reformat/reinstall. As it turned out, even though they were by far more experienced than I, they were simply wrong.

My main point here is that I try my best to tailor my advice to the experience level of the OP, and the alternatives with which the OP can be comfortable. This OP, incidentally, seems to have left the thread after post #7.
Quote   Quote: Originally Posted by Robert11 View Post
Hi,

Any simpler way than pulling the internal HD ?

Bob
Just a guess, but evidently it didn't appear to seem simple to Robert11. Hopefully, he will post back and update us on his progress, if any.
My System SpecsSystem Spec
04 Apr 2012   #29
DeaconFrost

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by bbearren View Post
My main point here is that I try my best to tailor my advice to the experience level of the OP, and the alternatives with which the OP can be comfortable.
In all the time I've spent here and on other forums, I always live by this rule. That's the first lesson you ever learn when working in IT...know your audience. Given the content on this forum, pulling a drive is far simpler than doing a parallel install. Take a minute to read through the installation section, and you'll see how many people either don't own proper media or aren't able to complete an OS install by themselves.

Pulling a drive is very easy, especially on a laptop. Tower's can handle laptop SATA drives as well, making it even easier. All of your reasons are very sound and accurate....but they back up my point that pulling a drive is easier. My father-in-law is a great case study. He barely knows how to find the power button on his laptop. But, it is far easier for me to walk him through pulling his drive than trying to install an OS. Working a screwdriver is much easier than stepping through an OS install. It's two screws on the bottom...with a picture to explain. Most people who wouldn't know how to pull a drive would have no media or only restore media in the first place.

I completely agree with knowing your audience...so that's why I'm standing behind the easier solution. I'll use your logic in reverse. For us tech savvy people, installing an OS and updating it is something we could do in our sleep....blindfolded with one arm tied behind our backs. To soeone who isn't tech savvy...the idea of installing an OS, choosing partitions (as to not format their existing data), etc can seem like a mountainous task.

I am also not disagreeing with your comments on Malware Experts. I have seen that advice myself, to do a clean reinstall. For me, I have that down to a sub-2 hour process...but that's like buying a new car because you have a flat tire. To me, the clean install is the absolutely last resort, when all else fails.....especially for a non-tech savvy person. Some people, I assume, feel that a drastic approach is the best. Sure, it will probably resolve the issue, but so will buying a new car when your old one has a flat tire. Technically speaking, it does solve the problem.
My System SpecsSystem Spec
04 Apr 2012   #30
FliGi7

XP / Win7 x64 Pro
 
 

I don't think anyone can factually state what is or isn't easier for an individual. Person of type X isn't more or less likely to have knowledge of how to do Y or Z. Knowledge, or lack thereof, in computers comes in all shapes and sizes. It's going to be up to individual to determine what is easier for them based on their situation and level of knowledge. Both of the stated options are good ones, but no one's ever going to win an argument on which one is an absolute "better" option across the board. We're trying to make absolute decisions out of relative situations. I think it's time to sit back and let the OP digest his options.
My System SpecsSystem Spec
Reply

 S.M.A.R.T. HDD Program: Who Are These Jokers ?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Program refusing to install in standard program files folder
I have an Advent (PC World brand) Laptop that comes with its own custom On-Screen Display software. The software is made for 32 bit Windows with no 64 bit version available as far as I'm aware. I have upgraded to 64 bit Windows recently and everything seems to work great except the OSD. ...
Software
Sounds works except for one program, but that program shows activity
Sound generally works perfectly fine on my computer, I can watch movies, play games, etc.... Except, I recently installed the slingplayer desktop program. I do not hear any sound. However, the mixer is showing that it is generating audio. This works perfectly fine on a different computer. ...
Sound & Audio
Creating an Elevated Program Shortcut for Search Everything Program.
I`ve done this successfully for SpeedFan, but I`m having a problem with doing the same for the Search Everything program. I`ve been through the tutorial steps several times now, the task executes successfully,( I checked it with command prompt box) but nothing happens. /c start "SpeedFan"...
Software
Can't install program - Program Data folder permissions?
I'm trying to instal Skype on my PC and I keep getting this error message: 'An error occured while attempting to create the directory: c:\ProgramData\Microsoft\Windows\StartMenu. This is what I've done to try and remedy it: 1. Right clicked the installer file and tried to run as...
Software
Program icon pinned to taskbar not replaced by active program button
Until recently, whenever I opened a program by clicking on the program icon pinned to the taskbar, that icon was replaced by the active program button. This is the behavior I want in order to keep the taskbar uncluttered. However, I recently mistakenly unpinned an icon for Mozilla Thunderbird and...
General Discussion
What wrong with microsoft (jokers)
My Question: Whats happened to the send feedback shortcuts...? Im running the windows 7 RC 7600 (ultimate)(standard build) After fully testing hyper-V 64 / XPmode(vpc2009) I am sorely dissapointed... Both lovely products BUT, Why have microsoft Trimmed down The Virtual PC Technology... New...
Virtualization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:43.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App