Guest Klauwaart Posted May 13, 2010 Posted May 13, 2010 "MowGreen" wrote in message news:eWDH2Ov8KHA.3840@TK2MSFTNGP02.phx.gbl... > Klauwaart wrote: >>> >>> 3) Click the back *arrow* at the top left of the window or click the >>> 'Go to the main User Accounts page' link at the bottom of the window. >>> Click the 'Change User Account Control settings' link. >>> Was there a UAC prompt ? What is the UAC slider set to ? >> Again, nothing that looked like a prompt, the slider is set to "Never >> Notify". >>> >>> If your User Account has Admin privileges then it should be set to >>> the *second from the top*, which is it's Default setting. If it is set >>> lower then that or it has been turned off, move the slider to the >>> second from the top and click the OK button. >>> Malware can disable or lower the UAC setting. >> I have now set the slider to the position you recommended. >>> >>> Will await your findings before recommending further steps. >> Thank you. >> I am almost embarrassed asking for more help. > > There's no cause for embarrassment unless you set the UAC slider to Never > Notify and forgot that you did. If you did not, then I strongly suspect > that malware is in play here and if that's the case, then it's pretty well > hidden. That's not the reason for being embarrassed. I must be pushing your patience to the limits. And, indeed, I never touched the slider, so I suspect Malware too, I have now used all sorts of malware killers (Spybot, MBAN, Lavasoft Ad-Aware, Webroot), but although they cleaned up things, the problem remains. Or maybe I could make a lot of money with a new wonder treatment: how to go from blond to grey overnight. > > So, what happens when you try to open an Elevated Command Prompt now > ( Start orb > Search programs and files > type in cmd > Under Programs, right click cmd.exe and choose 'Run as admin ') > does UAC prompt you to allow it to run Elevated ? Well, what happens now is a popup saying "Do you want this program to make changes to your system?" Is that the prompt you mean? And when I looked at my slider, I got the same prompt, but asking me if I wanted Lavasoft to make changes to my system. > > If yes, then flush the DNS cache. Type in the below commands, press Enter > after each > ( After you enter the first command you should get a message stating > "Windows IP Configuration. Successfully flushed the DNS Resolver Cache." ) I did get that "successfully flushed" message. > > ipconfig /flushdns > > Leave the Elevated Command Prompt open. Type in > > netsh winhttp show proxy > > Is any proxy listed ? If there is then type in the below, pressing Enter > after *each* command It gives me "Direct Access " > > netsh winhttp reset proxy > netsh winsock reset > exit > > Restart the system and then open Windows Update in Control Panel. > Click the Check for updates link. > Can the system contact the update servers now ? That is obviously a no. > > > MowGreen > ================ > *-343-* FDNY > Never Forgotten > ================ > > banthecheck.com > "Security updates should *never* have *non-security content* prechecked
Guest Klauwaart Posted May 14, 2010 Posted May 14, 2010 Yet another update: this time it is the Windows application to control the settings which asks for permission when I go to my slider. "Klauwaart" wrote in message news:uMxaehv8KHA.5476@TK2MSFTNGP06.phx.gbl... > > > "MowGreen" wrote in message > news:eWDH2Ov8KHA.3840@TK2MSFTNGP02.phx.gbl... >> Klauwaart wrote: >>>> >>>> 3) Click the back *arrow* at the top left of the window or click the >>>> 'Go to the main User Accounts page' link at the bottom of the window. >>>> Click the 'Change User Account Control settings' link. >>>> Was there a UAC prompt ? What is the UAC slider set to ? >>> Again, nothing that looked like a prompt, the slider is set to "Never >>> Notify". >>>> >>>> If your User Account has Admin privileges then it should be set to >>>> the *second from the top*, which is it's Default setting. If it is set >>>> lower then that or it has been turned off, move the slider to the >>>> second from the top and click the OK button. >>>> Malware can disable or lower the UAC setting. >>> I have now set the slider to the position you recommended. >>>> >>>> Will await your findings before recommending further steps. >>> Thank you. >>> I am almost embarrassed asking for more help. >> >> There's no cause for embarrassment unless you set the UAC slider to Never >> Notify and forgot that you did. If you did not, then I strongly suspect >> that malware is in play here and if that's the case, then it's pretty >> well hidden. > That's not the reason for being embarrassed. > I must be pushing your patience to the limits. > And, indeed, I never touched the slider, so I suspect Malware too, I have > now used all sorts of malware killers (Spybot, MBAN, Lavasoft Ad-Aware, > Webroot), but although they cleaned up things, the problem remains. > Or maybe I could make a lot of money with a new wonder treatment: how to > go from blond to grey overnight. > >> >> So, what happens when you try to open an Elevated Command Prompt now >> ( Start orb > Search programs and files > type in cmd >> Under Programs, right click cmd.exe and choose 'Run as admin ') >> does UAC prompt you to allow it to run Elevated ? > Well, what happens now is a popup saying "Do you want this program to make > changes to your system?" > Is that the prompt you mean? > And when I looked at my slider, I got the same prompt, but asking me if I > wanted Lavasoft to make changes to my system. > >> >> If yes, then flush the DNS cache. Type in the below commands, press Enter >> after each >> ( After you enter the first command you should get a message stating >> "Windows IP Configuration. Successfully flushed the DNS Resolver >> Cache." ) > I did get that "successfully flushed" message. >> >> ipconfig /flushdns >> >> Leave the Elevated Command Prompt open. Type in >> >> netsh winhttp show proxy >> >> Is any proxy listed ? If there is then type in the below, pressing Enter >> after *each* command > It gives me "Direct Access " >> >> netsh winhttp reset proxy >> netsh winsock reset >> exit >> >> Restart the system and then open Windows Update in Control Panel. >> Click the Check for updates link. >> Can the system contact the update servers now ? > That is obviously a no. >> >> >> MowGreen >> ================ >> *-343-* FDNY >> Never Forgotten >> ================ >> >> banthecheck.com >> "Security updates should *never* have *non-security content* prechecked >
Guest MowGreen Posted May 14, 2010 Posted May 14, 2010 > >> >> So, what happens when you try to open an Elevated Command Prompt now >> ( Start orb > Search programs and files > type in cmd >> Under Programs, right click cmd.exe and choose 'Run as admin ') >> does UAC prompt you to allow it to run Elevated ? > Well, what happens now is a popup saying "Do you want this program to make changes to your system?" > Is that the prompt you mean? > And when I looked at my slider, I got the same prompt, but asking me if I wanted Lavasoft > to make changes to my system. Now that's the way UAC is supposed to function. >> Restart the system and then open Windows Update in Control Panel. >> Click the Check for updates link. >> Can the system contact the update servers now ? > That is obviously a no. Dang it. Please download and *save* the Windows Malicious Software Removal Tool ( MRT )from here: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en Once the download completes, boot the system to Safe Mode: http://windows.microsoft.com/en-us/windows7/Advanced-startup-options-including-safe-mode " The Advanced Boot Options screen lets you start Windows in advanced troubleshooting modes. You can access the menu by turning on your computer and pressing the F8 key *before* Windows starts " Repeatedly press the F8 to access the Advanced Boot Options menu. If the F8 key is not pressed prior to Windows loading you'll have to shutdown and do it all over again. Once in Safe Mode (NOT Safe Mode with Networking *just* Safe Mode) run windows-kb890830-v3.7.exe by *right* clicking it and choose 'Run as administrator' agree to the UAC prompts to allow it to run Elevated. Once the MRT has finished running it should open a window showing you a list of malware and if any of them were detected. If you want, you can view the mrt.log located in Windows\debug click All Program > *right* click Internet Explorer and choose 'Run as administrator' do the UAC prompt again. Then go here: http://www.eset.com/online-scanner Click the Eset Online Scanner button and have the system scanned by it. Please post back with what was detected/removed, if anything. MowGreen ================ *-343-* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked Klauwaart wrote: > >> >> So, what happens when you try to open an Elevated Command Prompt now >> ( Start orb > Search programs and files > type in cmd >> Under Programs, right click cmd.exe and choose 'Run as admin ') >> does UAC prompt you to allow it to run Elevated ? > Well, what happens now is a popup saying "Do you want this program to > make changes to your system?" > Is that the prompt you mean? > And when I looked at my slider, I got the same prompt, but asking me if > I wanted Lavasoft to make changes to my system.
Guest Ottmar Freudenberger Posted May 14, 2010 Posted May 14, 2010 "Klauwaart" schrieb: > And, indeed, I never touched the slider, so I suspect Malware too, I have > now used all sorts of malware killers (Spybot, MBAN, Lavasoft Ad-Aware, > Webroot), but although they cleaned up things, the problem remains. http://technet.microsoft.com/en-us/library/cc512587.aspx Rebuild your system from scratch. Bye, Freudi
Guest PA Bear [MS MVP] Posted May 14, 2010 Posted May 14, 2010 Ottmar Freudenberger wrote: >> And, indeed, I never touched the slider, so I suspect Malware too, I have >> now used all sorts of malware killers (Spybot, MBAN, Lavasoft Ad-Aware, >> Webroot), but although they cleaned up things, the problem remains. > > http://technet.microsoft.com/en-us/library/cc512587.aspx > Rebuild your system from scratch. [And they let Jesper get away!]
Guest Klauwaart Posted May 14, 2010 Posted May 14, 2010 MOW, YOU DID IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I don't know how to thank you. I REALLY owe you BIG TIME!!!!! The scan with the Malicious Software Remover took almost 7 hours, and it turned out 2 files on my hard drive were infected with the Alureon.H virus, which apparentlyy looks at your drivers, and, as I experienced, sends users to sites of the hacker's choice (hence the redirection from Google to advert sites). Also, after the reboot, I saw that orange shield with an exclamation mark on my "Shut Down" button, which indicated to me that the updates were up and running again, and yes, when I opened Windows Update, there it came, telling me there were updates waiting for me. Like I said before, I really don't know how to thank you, all the patience you have shown, and all the detailed explanations. If there is ever anything I can do for you, I'll be only too glad to do so. Thanks a thousand times again. Klauwaart. (You saved my blond hair from going grey). "MowGreen" wrote in message news:eslgF0v8KHA.3880@TK2MSFTNGP04.phx.gbl... >> >>> >>> So, what happens when you try to open an Elevated Command Prompt now >>> ( Start orb > Search programs and files > type in cmd >>> Under Programs, right click cmd.exe and choose 'Run as admin ') >>> does UAC prompt you to allow it to run Elevated ? >> Well, what happens now is a popup saying "Do you want this program to >> make changes to your system?" >> Is that the prompt you mean? >> And when I looked at my slider, I got the same prompt, but asking me if I >> wanted Lavasoft >> to make changes to my system. > > Now that's the way UAC is supposed to function. > >>> Restart the system and then open Windows Update in Control Panel. >>> Click the Check for updates link. >>> Can the system contact the update servers now ? >> That is obviously a no. > > Dang it. Please download and *save* the Windows Malicious Software Removal > Tool ( MRT )from here: > http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en > > Once the download completes, boot the system to Safe Mode: > http://windows.microsoft.com/en-us/windows7/Advanced-startup-options-including-safe-mode > > " The Advanced Boot Options screen lets you start Windows in advanced > troubleshooting modes. You can access the menu by turning on your computer > and pressing the F8 key *before* Windows starts " > > Repeatedly press the F8 to access the Advanced Boot Options menu. If the > F8 key is not pressed prior to Windows loading you'll have to shutdown and > do it all over again. > Once in Safe Mode (NOT Safe Mode with Networking *just* Safe Mode) > run windows-kb890830-v3.7.exe by *right* clicking it and choose 'Run as > administrator' agree to the UAC prompts to allow it to run Elevated. > Once the MRT has finished running it should open a window showing you a > list of malware and if any of them were detected. > > If you want, you can view the mrt.log located in > Windows\debug > > Restart the system to normal Windows mode and please let us know if > anything was detected and if it was removed. > If nothing was detected, suggest you open Internet Explorer by clicking > the Start orb > click All Program > *right* click Internet Explorer and > choose 'Run as administrator' do the UAC prompt again. > Then go here: http://www.eset.com/online-scanner > > Click the Eset Online Scanner button and have the system scanned by it. > Please post back with what was detected/removed, if anything. > > MowGreen > ================ > *-343-* FDNY > Never Forgotten > ================ > > banthecheck.com > "Security updates should *never* have *non-security content* prechecked > > > > Klauwaart wrote: >> >>> >>> So, what happens when you try to open an Elevated Command Prompt now >>> ( Start orb > Search programs and files > type in cmd >>> Under Programs, right click cmd.exe and choose 'Run as admin ') >>> does UAC prompt you to allow it to run Elevated ? >> Well, what happens now is a popup saying "Do you want this program to >> make changes to your system?" >> Is that the prompt you mean? >> And when I looked at my slider, I got the same prompt, but asking me if >> I wanted Lavasoft to make changes to my system.
Guest PA Bear [MS MVP] Posted May 14, 2010 Posted May 14, 2010 [You may not be totally "out of the woods" just yet.] Klauwaart wrote: > MOW, YOU DID IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > I don't know how to thank you. > I REALLY owe you BIG TIME!!!!! > > The scan with the Malicious Software Remover took almost 7 hours, and it > turned out 2 files on my hard drive were infected with the Alureon.H > virus, > which apparentlyy looks at your drivers, and, as I experienced, sends > users > to sites of the hacker's choice (hence the redirection from Google to > advert > sites). > > Also, after the reboot, I saw that orange shield with an exclamation mark > on > my "Shut Down" button, which indicated to me that the updates were up and > running again, and yes, when I opened Windows Update, there it came, > telling > me there were updates waiting for me. > > Like I said before, I really don't know how to thank you, all the patience > you have shown, and all the detailed explanations. > If there is ever anything I can do for you, I'll be only too glad to do > so. > > Thanks a thousand times again. > Klauwaart. > (You saved my blond hair from going grey). > > > "MowGreen" wrote in message > news:eslgF0v8KHA.3880@TK2MSFTNGP04.phx.gbl... >>> >>>> >>>> So, what happens when you try to open an Elevated Command Prompt now >>>> ( Start orb > Search programs and files > type in cmd >>>> Under Programs, right click cmd.exe and choose 'Run as admin ') >>>> does UAC prompt you to allow it to run Elevated ? >>> Well, what happens now is a popup saying "Do you want this program to >>> make changes to your system?" >>> Is that the prompt you mean? >>> And when I looked at my slider, I got the same prompt, but asking me if >>> I >>> wanted Lavasoft >>> to make changes to my system. >> >> Now that's the way UAC is supposed to function. >> >>>> Restart the system and then open Windows Update in Control Panel. >>>> Click the Check for updates link. >>>> Can the system contact the update servers now ? >>> That is obviously a no. >> >> Dang it. Please download and *save* the Windows Malicious Software >> Removal >> Tool ( MRT )from here: >> http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en >> >> Once the download completes, boot the system to Safe Mode: >> http://windows.microsoft.com/en-us/windows7/Advanced-startup-options-including-safe-mode >> >> " The Advanced Boot Options screen lets you start Windows in advanced >> troubleshooting modes. You can access the menu by turning on your >> computer >> and pressing the F8 key *before* Windows starts " >> >> Repeatedly press the F8 to access the Advanced Boot Options menu. If the >> F8 key is not pressed prior to Windows loading you'll have to shutdown >> and >> do it all over again. >> Once in Safe Mode (NOT Safe Mode with Networking *just* Safe Mode) >> run windows-kb890830-v3.7.exe by *right* clicking it and choose 'Run as >> administrator' agree to the UAC prompts to allow it to run Elevated. >> Once the MRT has finished running it should open a window showing you a >> list of malware and if any of them were detected. >> >> If you want, you can view the mrt.log located in >> Windows\debug > >> >> Restart the system to normal Windows mode and please let us know if >> anything was detected and if it was removed. >> If nothing was detected, suggest you open Internet Explorer by clicking >> the Start orb > click All Program > *right* click Internet Explorer and >> choose 'Run as administrator' do the UAC prompt again. >> Then go here: http://www.eset.com/online-scanner >> >> Click the Eset Online Scanner button and have the system scanned by it. >> Please post back with what was detected/removed, if anything. >> >> MowGreen >> ================ >> *-343-* FDNY >> Never Forgotten >> ================ >> >> banthecheck.com >> "Security updates should *never* have *non-security content* prechecked >> >> >> >> Klauwaart wrote: >>> >>>> >>>> So, what happens when you try to open an Elevated Command Prompt now >>>> ( Start orb > Search programs and files > type in cmd >>>> Under Programs, right click cmd.exe and choose 'Run as admin ') >>>> does UAC prompt you to allow it to run Elevated ? >>> Well, what happens now is a popup saying "Do you want this program to >>> make changes to your system?" >>> Is that the prompt you mean? >>> And when I looked at my slider, I got the same prompt, but asking me if >>> I wanted Lavasoft to make changes to my system.
Guest Klauwaart Posted May 14, 2010 Posted May 14, 2010 True, PA Bear, but at least the main problems have gone, ie. the updates refusing to do anything, and the redirecting and blocking of sites during surfing. I have even strengthened my security now. "PA Bear [MS MVP]" wrote in message news:OEQVGQ48KHA.4600@TK2MSFTNGP02.phx.gbl... > [You may not be totally "out of the woods" just yet.] > > Klauwaart wrote: >> MOW, YOU DID IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >> I don't know how to thank you. >> I REALLY owe you BIG TIME!!!!! >> >> The scan with the Malicious Software Remover took almost 7 hours, and it >> turned out 2 files on my hard drive were infected with the Alureon.H >> virus, >> which apparentlyy looks at your drivers, and, as I experienced, sends >> users >> to sites of the hacker's choice (hence the redirection from Google to >> advert >> sites). >> >> Also, after the reboot, I saw that orange shield with an exclamation mark >> on >> my "Shut Down" button, which indicated to me that the updates were up and >> running again, and yes, when I opened Windows Update, there it came, >> telling >> me there were updates waiting for me. >> >> Like I said before, I really don't know how to thank you, all the >> patience >> you have shown, and all the detailed explanations. >> If there is ever anything I can do for you, I'll be only too glad to do >> so. >> >> Thanks a thousand times again. >> Klauwaart. >> (You saved my blond hair from going grey). >> >> >> "MowGreen" wrote in message >> news:eslgF0v8KHA.3880@TK2MSFTNGP04.phx.gbl... >>>> >>>>> >>>>> So, what happens when you try to open an Elevated Command Prompt now >>>>> ( Start orb > Search programs and files > type in cmd >>>>> Under Programs, right click cmd.exe and choose 'Run as admin ') >>>>> does UAC prompt you to allow it to run Elevated ? >>>> Well, what happens now is a popup saying "Do you want this program to >>>> make changes to your system?" >>>> Is that the prompt you mean? >>>> And when I looked at my slider, I got the same prompt, but asking me if >>>> I >>>> wanted Lavasoft >>>> to make changes to my system. >>> >>> Now that's the way UAC is supposed to function. >>> >>>>> Restart the system and then open Windows Update in Control Panel. >>>>> Click the Check for updates link. >>>>> Can the system contact the update servers now ? >>>> That is obviously a no. >>> >>> Dang it. Please download and *save* the Windows Malicious Software >>> Removal >>> Tool ( MRT )from here: >>> http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en >>> >>> Once the download completes, boot the system to Safe Mode: >>> http://windows.microsoft.com/en-us/windows7/Advanced-startup-options-including-safe-mode >>> >>> " The Advanced Boot Options screen lets you start Windows in advanced >>> troubleshooting modes. You can access the menu by turning on your >>> computer >>> and pressing the F8 key *before* Windows starts " >>> >>> Repeatedly press the F8 to access the Advanced Boot Options menu. If the >>> F8 key is not pressed prior to Windows loading you'll have to shutdown >>> and >>> do it all over again. >>> Once in Safe Mode (NOT Safe Mode with Networking *just* Safe Mode) >>> run windows-kb890830-v3.7.exe by *right* clicking it and choose 'Run as >>> administrator' agree to the UAC prompts to allow it to run Elevated. >>> Once the MRT has finished running it should open a window showing you a >>> list of malware and if any of them were detected. >>> >>> If you want, you can view the mrt.log located in >>> Windows\debug >> >>> >>> Restart the system to normal Windows mode and please let us know if >>> anything was detected and if it was removed. >>> If nothing was detected, suggest you open Internet Explorer by clicking >>> the Start orb > click All Program > *right* click Internet Explorer and >>> choose 'Run as administrator' do the UAC prompt again. >>> Then go here: http://www.eset.com/online-scanner >>> >>> Click the Eset Online Scanner button and have the system scanned by it. >>> Please post back with what was detected/removed, if anything. >>> >>> MowGreen >>> ================ >>> *-343-* FDNY >>> Never Forgotten >>> ================ >>> >>> banthecheck.com >>> "Security updates should *never* have *non-security content* prechecked >>> >>> >>> >>> Klauwaart wrote: >>>> >>>>> >>>>> So, what happens when you try to open an Elevated Command Prompt now >>>>> ( Start orb > Search programs and files > type in cmd >>>>> Under Programs, right click cmd.exe and choose 'Run as admin ') >>>>> does UAC prompt you to allow it to run Elevated ? >>>> Well, what happens now is a popup saying "Do you want this program to >>>> make changes to your system?" >>>> Is that the prompt you mean? >>>> And when I looked at my slider, I got the same prompt, but asking me if >>>> I wanted Lavasoft to make changes to my system. >
Guest Ottmar Freudenberger Posted May 14, 2010 Posted May 14, 2010 "Klauwaart" schrieb: > I have even strengthened my security now. Not really until you've rebuilded your compormised system from scratch. Bye, Freudi
Guest Klauwaart Posted May 15, 2010 Posted May 15, 2010 Sure, will give that a go too Don't really want to go through all that misery again. Thanks. "Ottmar Freudenberger" wrote in message news:855i82FgddU1@mid.individual.net... > "Klauwaart" schrieb: > >> I have even strengthened my security now. > > Not really until you've rebuilded your compormised system from scratch. > > Bye, > Freudi
Guest PA Bear [MS MVP] Posted May 15, 2010 Posted May 15, 2010 Then don't let your anti-virus application subscription expire again. Klauwaart wrote: > Sure, > will give that a go too > Don't really want to go through all that misery again. > Thanks. > > > "Ottmar Freudenberger" wrote in message > news:855i82FgddU1@mid.individual.net... >> "Klauwaart" schrieb: >> >>> I have even strengthened my security now. >> >> Not really until you've rebuilded your compormised system from scratch. >> >> Bye, >> Freudi
Guest MowGreen Posted May 15, 2010 Posted May 15, 2010 Klauwaart wrote: > MOW, YOU DID IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > I don't know how to thank you. > I REALLY owe you BIG TIME!!!!! > > The scan with the Malicious Software Remover took almost 7 hours, and it > turned out 2 files on my hard drive were infected with the Alureon.H > virus, which apparentlyy looks at your drivers, and, as I experienced, > sends users to sites of the hacker's choice (hence the redirection from > Google to advert sites). > > Also, after the reboot, I saw that orange shield with an exclamation > mark on my "Shut Down" button, which indicated to me that the updates > were up and running again, and yes, when I opened Windows Update, there > it came, telling me there were updates waiting for me. > > Like I said before, I really don't know how to thank you, all the > patience you have shown, and all the detailed explanations. > If there is ever anything I can do for you, I'll be only too glad to do so. > > Thanks a thousand times again. > Klauwaart. > (You saved my blond hair from going grey). At least you still have hair. The only hair on me that is grey is my " Stanley Cup Playoff beard ". And I'm not even playing in the Stanley Cup ! You're mowst welcome but please *heed the advice* from Ottmar and PABear. There's no way this system should ever engender Trust until it's flattened and rebuilt. At least now you have some control over it and can back up, and SCAN, the personal data that you want preserved. The * only * way that you can clean the infected drive is by booting from an antivirus rescue CD and cleaning it while it is not active. One must usually create the rescue CD and it's usually Linux based. Some AVs include this rescue CD capability if one purchases the AV and a CD is included instead of just downloading and installing it via the internet. Here's a review on some of the AV rescue CDs: Analyst's View: Antivirus Rescue CDs http://www.pcmag.com/article2/0,2817,2363533,00.asp I've heard good things about the BitDefender and F-Secure CDs and, they're *free*. Whether you attempt to clean the system from an AV rescue CD or you simply flatten and rebuild is your choice. I'd recommend flattening and rebuilding. When you get Win 7 reinstalled I *** strongly suggest *** that you do day to computing from within a *Standard User* account as opposed to a User Account that has Admin privileges. When you need to install software/hardware or do some configuring of the OS you can log off and log on with the User Account that has the Admin privileges: Configuring Windows 7 for a Limited User Account http://unixwiz.net/techtips/win7-limited-user.html You can install updates without issue from within a Standard User account in Vista and Win 7 by enabling that option in Control Panel > Windows Update > click the Change settings link in the left frame > Under " Who can install updates " put a check mark next to " Allow all users to install updates on this computer ". Click OK. You can send me a virtual bottle of Jack Daniels and we can consider this thread done. Take care and 'Safe Standard User Surfing' to you ! Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts http://blogs.zdnet.com/security/?p=5964 " According to a newly released report, 64% of all the reported Microsoft vulnerabilities for 2009 could have been mitigated by using the principle of the least privileged accounts. By collecting data from Microsoft’s Security Bulletins published throughout the year, and identifying the vulnerabilities who would have been mitigated by users whose accounts are configured to have fewer user rights on the system, BeyondTrust’s quantitative report message is simple - get back to the basics. Key summary points on the percentage of flaws mitigated: ---> **** 90% of Critical Windows 7 operating system vulnerabilities are mitigated by having users log in as standard users ******
Recommended Posts