On Tue, 03 Jan 2006 11:18:58 GMT, Leythos <void@nowhere.lan> wrote:
>benjammin@discussions.microsoft.com says...

>> what does Dave Lipman's thing actually do?

>David's product works wonders using the manual scan engines from several
>different vendors, and it has several fixes he's created to resolve
>problems caused by malware that are not fixed by virus removal.

>You really need to follow this directions exactly, and if you do, it
>will leave you with a clean machine.

I've downloaded it and read the HTML, but haven't used it yet - I'm
interested in seeing if it can be adapted to more formal use.

As it is, AFAIK it starts by downloading stuff (updates etc.) from
within normal (infected) Windows, then is to be used from Safe Mode,
etc. As Safe Mode doesn't suppress all explicit integrations and will
be likely to run intrafile code infectors, I'd really prefer to work
"from orbit", e.g. from Bart CDR boot.

At the least, I'd like to get updates etc. and prepare the scanners
from a clean PC, and then run them from Safe Mode on the infected PC,
preferably from read-only storage such as locked USB stick or CDRW.

Also, remember to re-apply any HOSTS-mediated static protection, such
as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as
Dave's procedure appears to leave the existing HOSTS deactivated.

I'm working on a scanning wizard for Bart PE CDR boot that will run a
sequence of 5 av scanners with a minimum of stop/go interaction, so I
was interested in how Dave's worked.



>------------ ----- ---- --- -- - - - -
The most accurate diagnostic instrument
in medicine is the Retrospectoscope
>------------ ----- ---- --- -- - - - -