Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quietman7, Thanks


  • Please log in to reply
1 reply to this topic

#1 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:14 AM

Posted 18 October 2007 - 04:25 AM

For almost 2 years I have been fighting a losing battle with a mission critical computer that should never be on the internet, it does the books and payroll for a company and unfortunately is used by the bookkeeper and a few others for internet access.

It's had all the usual malware and then some, any other computer would have been reloaded by now, but that won't be done until a critical hardware failure.

Windows xp has been run as a repair disk several times, after seeing this particular post

http://www.bleepingcomputer.com/forums/ind...st&p=634701

I decided to give that a try, it found innumerable leftover "bits and pieces" of past cleanups by other programs, many run in safe mode.

Previously I had lost the battle to get My Space declared off limits, now I find they are wanting to use My Space Instant Messenger and spybot S & D is showing a special windows firewall exception, it's a hopeless battle.

Edited by DaChew, 18 October 2007 - 04:26 AM.

Chewy

No. Try not. Do... or do not. There is no try.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 18 October 2007 - 07:10 AM

You are quite welcome.

If these were the entries found by Spybot:

Microsoft.Windows.AppFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

Microsoft.Windows.AppFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

Read the Spybot discussion in regards to Microsoft.Windows.AppFirewallBypass

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"The Ten Most Dangerous Things Users Do Online".
"The 10 Biggest Security Risks".
"Seven ways to keep your search history private".

As for MySpace, I certainly agree with you.
QuickSpace: MySpace Tracker Launch by QuickTime
New MySpace Nasty
MySpace Pushing Ads for malware: WinAntiVirus, Drive Cleaner
New MySpace Phish using CSS
Myspace Users Hit By Hacker Virus
Myspace Ad Served Spyware To A Million Computers
Phishing Attack Targets Myspace Users
Myspace Xss Quicktime Worm
Myspace Phishing Alert
Zango Adware Found On MySpace
180solutions Jumps In Bed With Myspace

Edited by quietman7, 18 October 2007 - 07:14 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users