Thread: Trojan/Browsela/Looksky
View Single Post
  #15  
Old 01-05-2006, 05:43 AM
David H. Lipman
 
Posts: n/a
Default Re: Trojan/Browsela/Looksky
From: "Leythos" <void@nowhere.lan>

| In article <drrkr1h7brmelln2ua9cfdb8silbivl8ar@4ax.com>,
| cquirkenews@nospam.mvps.org says...
>> On Tue, 03 Jan 2006 11:18:58 GMT, Leythos <void@nowhere.lan> wrote:
>>> benjammin@discussions.microsoft.com says...
>>
>>>> what does Dave Lipman's thing actually do?
>>
>>> David's product works wonders using the manual scan engines from several
>>> different vendors, and it has several fixes he's created to resolve
>>> problems caused by malware that are not fixed by virus removal.
>>
>>> You really need to follow this directions exactly, and if you do, it
>>> will leave you with a clean machine.
>>
>> I've downloaded it and read the HTML, but haven't used it yet - I'm
>> interested in seeing if it can be adapted to more formal use.
>>
>> As it is, AFAIK it starts by downloading stuff (updates etc.) from
>> within normal (infected) Windows, then is to be used from Safe Mode,
>> etc. As Safe Mode doesn't suppress all explicit integrations and will
>> be likely to run intrafile code infectors, I'd really prefer to work
>> "from orbit", e.g. from Bart CDR boot.
>>
>> At the least, I'd like to get updates etc. and prepare the scanners
>> from a clean PC, and then run them from Safe Mode on the infected PC,
>> preferably from read-only storage such as locked USB stick or CDRW.
|
| I did - I loaded it on a clean PC, then did the updates, stopped the
| scans if they started, then burned the entire folder to a CD, copied the
| folder to the infected C drive, made sure that the folder was not read-
| only, ran it without any network connection, clean, easy, works great.
|
>> Also, remember to re-apply any HOSTS-mediated static protection, such
>> as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as
>> Dave's procedure appears to leave the existing HOSTS deactivated.
>>
>> I'm working on a scanning wizard for Bart PE CDR boot that will run a
>> sequence of 5 av scanners with a minimum of stop/go interaction, so I
>> was interested in how Dave's worked.
|
| The only reason it needs to be on a drive is to expand the definitions
| and create the log files - at least it appears that way.
|

It is hard-coded to use; C:\AV-CLS as the base directory ONLY.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Reply With Quote