Most of us the worked on computers for a living have run across many
compromised computers with many different types of malware.

As people post with compromised machines we direct them to all of the
tools that we know about in an effort to help them regain use of their
machines in a malware free mode, or at least enough access to backup
their documents and files to restore later.

What is really at question is the ability of the current tools we have
to clean 100% of the malware 100% of the time in the current and future
environment for a givem machine at a given instant.

This thread is not personal, about anyone's skills, about any
individual, it's only about cleaning malware off machines to the point
that we could state that 100% of all malware, known and unknown, is
removed from the machine at the moment you finish cleaning it.

Do you feel 100% certain that your tools and skills can clean a
compromised machine, 100% of the time, without any malware, known or
unknow, remaining on the machine - 100% of the time?

Since I don't believe that any one can actually say "YES" without
limitations, then how do we help all of these clueless users ensure
their machines are clean?

We all know that you can wipe/reboot/install from clean disks, in a
clean environment, and the machine will be clean at that moment.

We all know that it takes between 30~90 minutes to restore a machine
from scratch (depending on the method, quicker for ghost images), and
that it's time consuming to get everything back to normal for customers.

We all know that no one wants to wipe/reinstall as it means lots of
extra work.

Now, we also know that removing the malware can take hours in some
cases, most takes less. For some malware you have to boot to the
recovery console and manually remove it.

So, it comes down to this - clean their system enough to save files to
CD/DVD, then wipe it to ensure that the malware is 100% removed and the
system is clean enough to be certified as clean.

While most of us will just clean a machine and reboot it several times,
check the registry, tasks, netstat, etc.... then run the malware removal
tools several times, etc... It just means that we're willing to take the
level of risk for not having to put the time in to ensure that the
system is 100% certified clean, which means we don't really want to
reinstall everything again

I know that some will claim they can perfectly clean a machine, but, if
you're really that sure you can clean 100% of malware, 100% of the time,
now and in the future, of known and unknown malware, without a
wipe/reinstall, then I think you're just fooling yourself.

Again, are we assuming that by providing "reactionary" tools and methods
that don't wipe/reinstall, that we're doing visitors to this group (and
others) justice and actually providing them with a 100% clean platform
to continue with?

--

spam999free@rrohio.com
remove 999 in order to email me

I don't believe there is a "Hard-&-Fast" rule about clean-up. Lot's
of times I encounter a setup that was originally an OEM, upgraded
to XP. Because the user doesn't have the source media or want to
restore the Factory state - I have to clean it up.
The key is to tighten up the Security enough to protect the customer
from themselves (usually Teenage children). If customers agree I'll
take an image of the Clean (or Cleanest) state and teach them how
to recover. This means that I migrate data stores to their own disk
partition, to facilitate recovery without data loss.
Many times a fresh install is warranted, because the customer has
tried to resolve it themselves. A big percentage of the problems will
likely be due to Registry cleanup.
The key point to make to customers is that Cleanup isn't sufficient,
they have to have real-time protection and learn things about EULAs
and that Free software isn't always a good bargain.
I never "Certify" a machine is 100% free of Malware. What I do
state to them is that based on current tools/knowledge it is as free
of those things as can be reasonably done without incurring too much
cost or my time.
PC Cleanup is a good income generator. However, re-visiting the
same machine time and time again doesn't reflect well on my business
practices.

"Leythos" <void@nowhere.lan> wrote in message
news:jG3ef.210629$lI5.68069@tornado.ohiordc.rr.com ...
> Most of us the worked on computers for a living have run across many
> compromised computers with many different types of malware.
>
> As people post with compromised machines we direct them to all of the
> tools that we know about in an effort to help them regain use of their
> machines in a malware free mode, or at least enough access to backup
> their documents and files to restore later.
>
> What is really at question is the ability of the current tools we have
> to clean 100% of the malware 100% of the time in the current and future
> environment for a givem machine at a given instant.
>
> This thread is not personal, about anyone's skills, about any
> individual, it's only about cleaning malware off machines to the point
> that we could state that 100% of all malware, known and unknown, is
> removed from the machine at the moment you finish cleaning it.
>
> Do you feel 100% certain that your tools and skills can clean a
> compromised machine, 100% of the time, without any malware, known or
> unknow, remaining on the machine - 100% of the time?
>
> Since I don't believe that any one can actually say "YES" without
> limitations, then how do we help all of these clueless users ensure
> their machines are clean?
>
> We all know that you can wipe/reboot/install from clean disks, in a
> clean environment, and the machine will be clean at that moment.
>
> We all know that it takes between 30~90 minutes to restore a machine
> from scratch (depending on the method, quicker for ghost images), and
> that it's time consuming to get everything back to normal for customers.
>
> We all know that no one wants to wipe/reinstall as it means lots of
> extra work.
>
> Now, we also know that removing the malware can take hours in some
> cases, most takes less. For some malware you have to boot to the
> recovery console and manually remove it.
>
> So, it comes down to this - clean their system enough to save files to
> CD/DVD, then wipe it to ensure that the malware is 100% removed and the
> system is clean enough to be certified as clean.
>
> While most of us will just clean a machine and reboot it several times,
> check the registry, tasks, netstat, etc.... then run the malware removal
> tools several times, etc... It just means that we're willing to take the
> level of risk for not having to put the time in to ensure that the
> system is 100% certified clean, which means we don't really want to
> reinstall everything again
>
> I know that some will claim they can perfectly clean a machine, but, if
> you're really that sure you can clean 100% of malware, 100% of the time,
> now and in the future, of known and unknown malware, without a
> wipe/reinstall, then I think you're just fooling yourself.
>
> Again, are we assuming that by providing "reactionary" tools and methods
> that don't wipe/reinstall, that we're doing visitors to this group (and
> others) justice and actually providing them with a 100% clean platform
> to continue with?
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me

All detection tools are all "reactionary" if that's even a word. Most of
the malware that can be found are probably the same pieces that are in wide
distribution and can be removed. The problem lies in that one or two pieces
of malware you didn't know you had for a month or two because there's wasn't
anything watching for them yet. In my opinion, you have to take a step back
and ask yourself the difference between what you know and what you don't, and
what risk you are willing to mitigate as a result of the unknown. To me, the
risk of the unknown is too great and therefore I put the system back to a
known-good state: reimage.

All malware and viri will always be one step ahead of the detection and
removal systems because the detection systems are "effect" while successful
infection is "cause". Then you have to wonder if the tools that are out
there have properly taken into account all of the things that a piece of
malware does - after all it's still possible to miss something performing a
diff of a clean system vs infected. The only people that know exactly how a
piece of software runs are the people that wrote the software. Mix that up
with the view that "there's no such thing as perfect software, but there is
such a thing as software with the bugs that no one has found" and you really
can't guarantee anything past a successfully applied image/reinstallation in
an isolated environment.

I consider myself fairly adept at removing malware using a handful of tools
in concert but if I have been working on a system for more than 15 minutes, I
just refresh it.

"Leythos" wrote:

> Most of us the worked on computers for a living have run across many
> compromised computers with many different types of malware.
>
> As people post with compromised machines we direct them to all of the
> tools that we know about in an effort to help them regain use of their
> machines in a malware free mode, or at least enough access to backup
> their documents and files to restore later.
>
> What is really at question is the ability of the current tools we have
> to clean 100% of the malware 100% of the time in the current and future
> environment for a givem machine at a given instant.
>
> This thread is not personal, about anyone's skills, about any
> individual, it's only about cleaning malware off machines to the point
> that we could state that 100% of all malware, known and unknown, is
> removed from the machine at the moment you finish cleaning it.
>
> Do you feel 100% certain that your tools and skills can clean a
> compromised machine, 100% of the time, without any malware, known or
> unknow, remaining on the machine - 100% of the time?
>
> Since I don't believe that any one can actually say "YES" without
> limitations, then how do we help all of these clueless users ensure
> their machines are clean?
>
> We all know that you can wipe/reboot/install from clean disks, in a
> clean environment, and the machine will be clean at that moment.
>
> We all know that it takes between 30~90 minutes to restore a machine
> from scratch (depending on the method, quicker for ghost images), and
> that it's time consuming to get everything back to normal for customers.
>
> We all know that no one wants to wipe/reinstall as it means lots of
> extra work.
>
> Now, we also know that removing the malware can take hours in some
> cases, most takes less. For some malware you have to boot to the
> recovery console and manually remove it.
>
> So, it comes down to this - clean their system enough to save files to
> CD/DVD, then wipe it to ensure that the malware is 100% removed and the
> system is clean enough to be certified as clean.
>
> While most of us will just clean a machine and reboot it several times,
> check the registry, tasks, netstat, etc.... then run the malware removal
> tools several times, etc... It just means that we're willing to take the
> level of risk for not having to put the time in to ensure that the
> system is 100% certified clean, which means we don't really want to
> reinstall everything again
>
> I know that some will claim they can perfectly clean a machine, but, if
> you're really that sure you can clean 100% of malware, 100% of the time,
> now and in the future, of known and unknown malware, without a
> wipe/reinstall, then I think you're just fooling yourself.
>
> Again, are we assuming that by providing "reactionary" tools and methods
> that don't wipe/reinstall, that we're doing visitors to this group (and
> others) justice and actually providing them with a 100% clean platform
> to continue with?
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
>

From: "Steven Bendis" <StevenBendis@discussions.microsoft.com>

| All detection tools are all "reactionary" if that's even a word. Most of
| the malware that can be found are probably the same pieces that are in wide
| distribution and can be removed. The problem lies in that one or two pieces
| of malware you didn't know you had for a month or two because there's wasn't
| anything watching for them yet. In my opinion, you have to take a step back
| and ask yourself the difference between what you know and what you don't, and
| what risk you are willing to mitigate as a result of the unknown. To me, the
| risk of the unknown is too great and therefore I put the system back to a
| known-good state: reimage.
|
| All malware and viri will always be one step ahead of the detection and
| removal systems because the detection systems are "effect" while successful
| infection is "cause". Then you have to wonder if the tools that are out
| there have properly taken into account all of the things that a piece of
| malware does - after all it's still possible to miss something performing a
| diff of a clean system vs infected. The only people that know exactly how a
| piece of software runs are the people that wrote the software. Mix that up
| with the view that "there's no such thing as perfect software, but there is
| such a thing as software with the bugs that no one has found" and you really
| can't guarantee anything past a successfully applied image/reinstallation in
| an isolated environment.
|
| I consider myself fairly adept at removing malware using a handful of tools
| in concert but if I have been working on a system for more than 15 minutes, I
| just refresh it.
|

Steven:

There is no such terminology as 'viri' or 'virii'. The plural of virus is viruses.
http://spl.haxial.net/viruses.html
http://homepages.tesco.net/~J.deBoyn...-of-virus.html

Additionally viruses are malware but not all malware are viruses. There are viral malware
such as true viruses and Internet worms and non-viral malware such as; adware, spyware,
browser hijackers, browser helper objects, trojans, etc.

BTW: It takes more than fifteens minutes to run a full anti virus scan or anti malware scan
on the vast majority of platforms therefore your decision time is way too short.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Mon, 14 Nov 2005 17:19:11 GMT, Leythos wrote:

> What is really at question is the ability of the current tools we have
> to clean 100% of the malware 100% of the time in the current and future
> environment for a givem machine at a given instant.

My feelings: flatten and rebuild.

Since many users don't have regular backups, interim repairs may be needed
to grab those "important files" first. Then flatten and rebuild. Why?

Sophistication levels of malware have risen to a point that a "100%" clean
rating is challenging to achieve. Viruses, trojans, worms, ADS
exploitations, rootkits - and many capable of morphing when removal is
attempted. A behavior which in turn causes removal tactics to become more
sophisticated than "run this and run that." Booting with Bart's PE or
Knoppix or similar is needed to do cleaning from "outside" of the infected
space.

There's also the issues of "hands on" vs "long distance" cleanup. If we had
the system right in front of us, we might easily see more that needed to be
cleaned than what is reported in the "long distance" newsgroup situation.
Nowadays, how can truly accurate advice be given without a hands on viewing
of the system?

I guess that's the point you're getting at and if that's the case, I agree.

Also as you point out -- if on our own systems, we probably approach the
situation differently. I know that if I had the time, I would enjoy
spending some hours on the forensics. If no time, would seriously consider
creating an image of the muckup and "playing" with it later. But in either
case would still "restore" my everyday working setup from an image known to
be "good." My choice and certainly the choice of anyone posting here for
help with their malware problems? Which leads me to...

I also do not want to take anything away from the truly gifted folks in
these newsgroups who tackle some of these issues. If the user has reported
their problems early and accurately - chances of recovery are reasonably
good. Even if they end with "I gave up and reinstalled everything," the
threads are an *excellent* education and I always hope that the original
poster learns why all possible steps to avoid malware to begin with should
be implemented.

--
Sharon F
MS-MVP ~ Windows Shell/User

In news:jG3ef.210629$lI5.68069@tornado.ohiordc.rr.com ,
Leythos <void@nowhere.lan> had this to say:

My reply is at the bottom of your sent message:

> I know that some will claim they can perfectly clean a machine, but,
> if you're really that sure you can clean 100% of malware, 100% of the
> time, now and in the future, of known and unknown malware, without a
> wipe/reinstall, then I think you're just fooling yourself.

I snipped a lot to respond just to this portion. There's no such thing, in
my opinion, as being 100% certain that your system is clean if it's ever
been online or out of your sight. When I speak to people, or respond in
newsgroups or forums, I tend to say "if you're 99.9% certain your system is
free from malware _____" or something akin to that. It makes me laugh almost
every time I see someone post saying, "I know I don't have any viruses or
spyware." That just makes me smile because, well, it tells me that they have
too much false confidence and it reminds me of why I post as often as I do.
The truth is that there's no such thing as being completely secure and, as
you touch on, prevention is key to maintaining a clean system and even then
it's not enough. That being said, security is a process and not an
application; It's a fine line between knowing what the security implications
are and deciding if the actions you take are worth the dangers or deciding
if the ends justify the means. "Does the objective warrant the risk?"

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/

Please note that if you're reading this in a browser and the domain is
not owned by Microsoft then this work is being used without permission.

Access MS Newsgroups :
http://kgiii.info/windows/all/general/msnewsgroups.html

Of course you can not be sure any computer is 100 percent clean,
particularly with the advent of root kits. We also can not guarantee that a
computer that is 100 percent clean will remain clean once the user connects
to the internet or access new media on their computer such as cdrom/DVD, USB
drive etc. So it all boils down to managing risk meaning what expense is a
computer user willing to spend in time or funds to clean their computer and
to what degree that makes them comfortable and almost always the easy and
cheap way prevails as long as computer performance becomes acceptable. Of
course many users do not even realize their computer is infected with
malware and may not even care that much until performance is affected
noticeably. For the vast majority of users antivirus programs and spyware
removal and detection programs seem to be adequate to clean their computer
to a level that is OK with them particularly since no one can guarantee they
won't have a problem in the future again possibly in short order. Anyone who
uses such tools would be advised to inform owner that a best effort has been
done to clean the computer and not tell them that their computer is 100
percent clean/secure. I also advise users to make sure their SS# and other
sensitive information is not stored on any documents on their computer as I
consider identity theft to be a huge concern and if someone has your SS#
they can find out just about anything about you.

While you are correct that the time it takes to install the operating system
is not that long but it can take a lot longer install and configure the
latest service pack, numerous security updates, possibly do some routine
hardening, and all the applications a user had on their computer. I have
advised more that a few people to do a pristine install on a very messed up
computer but they are extremely hesitant which is why the detection and
removal programs are so popular and the preferred method as far as the user
is concerned. I am not sure of the reasons they resist a pristine install
but my guess is that some of the reasons are they fear loss of data, they
lost or do not have the operating install disk, they lost or do not have the
application install disks, they have downloaded and installed so much stuff
from the internet they fear they would not remember all they have done to
get their computer back to the way they like it, or they fear their
personalized settings, which can be a lot of settings, will not be
stored. --- Steve


"Leythos" <void@nowhere.lan> wrote in message
news:jG3ef.210629$lI5.68069@tornado.ohiordc.rr.com ...
> Most of us the worked on computers for a living have run across many
> compromised computers with many different types of malware.
>
> As people post with compromised machines we direct them to all of the
> tools that we know about in an effort to help them regain use of their
> machines in a malware free mode, or at least enough access to backup
> their documents and files to restore later.
>
> What is really at question is the ability of the current tools we have
> to clean 100% of the malware 100% of the time in the current and future
> environment for a givem machine at a given instant.
>
> This thread is not personal, about anyone's skills, about any
> individual, it's only about cleaning malware off machines to the point
> that we could state that 100% of all malware, known and unknown, is
> removed from the machine at the moment you finish cleaning it.
>
> Do you feel 100% certain that your tools and skills can clean a
> compromised machine, 100% of the time, without any malware, known or
> unknow, remaining on the machine - 100% of the time?
>
> Since I don't believe that any one can actually say "YES" without
> limitations, then how do we help all of these clueless users ensure
> their machines are clean?
>
> We all know that you can wipe/reboot/install from clean disks, in a
> clean environment, and the machine will be clean at that moment.
>
> We all know that it takes between 30~90 minutes to restore a machine
> from scratch (depending on the method, quicker for ghost images), and
> that it's time consuming to get everything back to normal for customers.
>
> We all know that no one wants to wipe/reinstall as it means lots of
> extra work.
>
> Now, we also know that removing the malware can take hours in some
> cases, most takes less. For some malware you have to boot to the
> recovery console and manually remove it.
>
> So, it comes down to this - clean their system enough to save files to
> CD/DVD, then wipe it to ensure that the malware is 100% removed and the
> system is clean enough to be certified as clean.
>
> While most of us will just clean a machine and reboot it several times,
> check the registry, tasks, netstat, etc.... then run the malware removal
> tools several times, etc... It just means that we're willing to take the
> level of risk for not having to put the time in to ensure that the
> system is 100% certified clean, which means we don't really want to
> reinstall everything again
>
> I know that some will claim they can perfectly clean a machine, but, if
> you're really that sure you can clean 100% of malware, 100% of the time,
> now and in the future, of known and unknown malware, without a
> wipe/reinstall, then I think you're just fooling yourself.
>
> Again, are we assuming that by providing "reactionary" tools and methods
> that don't wipe/reinstall, that we're doing visitors to this group (and
> others) justice and actually providing them with a 100% clean platform
> to continue with?
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me

Dave,

Why you've turned this into a linguistics lesson for your superiority
complex is really unknown and unnecessary, but I thank you for your effort.
If that's what makes you feel better, so be it.

The point I was trying to make was that there's just too much out there to
say that any kind of detection and removal methods are 100%, and that
dropping back to a known-good point is a better solution (IMHO) than screwing
around with a system for an hour or two. Since that was the only thing you
didn't feel necessary to pick at in my post, either I got my point across or
you really didn't read it.

Systems that I inspect and end up having to remove malware from are usually
Windows 2000 and are already running the latest anti-virus software with
up-to-date DATs so running a sweep for viruses is usually a waste of time.
I've seen "mousebm.exe" running next to Symantec AntiVirus 9.0.3.1 with all
of its components updated and Symantec does nothing about the nasty process
until I use pskill on it. THEN Symantec catches it. That is an example of a
machine that would take less than 15 minutes to decide it has been
compromised beyond further need to troubleshoot: if the current anti-virus
DATs aren't stopping intrusion of mousebm, what other unknown things have
made their way on this system and for how long? I have a lot of
remote/dial-in systems which occasionally pick up an interesting mix of
malware and you just have to decide what's really worth your time, the user's
time and the risk.

“Mal� is the French word for “bad�. As in malformed, malnourished, etc.
Therefore malware can be used to reference any kind of software which has a
negative impact. But since you're so exacting in all things, I imagine
you've taken all of this into account anyway.

TTYL,

- S

"David H. Lipman" wrote:

> There is no such terminology as 'viri' or 'virii'. The plural of virus is viruses.
> http://spl.haxial.net/viruses.html
> http://homepages.tesco.net/~J.deBoyn...-of-virus.html
>
> Additionally viruses are malware but not all malware are viruses. There are viral malware
> such as true viruses and Internet worms and non-viral malware such as; adware, spyware,
> browser hijackers, browser helper objects, trojans, etc.
>
> BTW: It takes more than fifteens minutes to run a full anti virus scan or anti malware scan
> on the vast majority of platforms therefore your decision time is way too short.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

I always try to clean a system before resorting to a re-format.. I also try
to educate people to carry out a damage limitation program at least weekly..
that's all it will ever be is a damage limitation exercise, but surely
better that than just to rely on people waiting how long before they do
something about the state of their systems?..

Looking for 100% clean is a waste of time, as it is expecting 100% of
anything, but the aim is to get as close to 100% as possible, isn't it?

At what point do people reformat?.. 95% bad, 80% bad.. 50% even, or do we
just suggest a weekly cycle to eliminate the chances of the kids seeing porn
popups, or credit card info being sent out of the back door?..


--
Mike Hall
MVP - Windows Shell/User


"Leythos" <void@nowhere.lan> wrote in message
news:jG3ef.210629$lI5.68069@tornado.ohiordc.rr.com ...
> Most of us the worked on computers for a living have run across many
> compromised computers with many different types of malware.
>
> As people post with compromised machines we direct them to all of the
> tools that we know about in an effort to help them regain use of their
> machines in a malware free mode, or at least enough access to backup
> their documents and files to restore later.
>
> What is really at question is the ability of the current tools we have
> to clean 100% of the malware 100% of the time in the current and future
> environment for a givem machine at a given instant.
>
> This thread is not personal, about anyone's skills, about any
> individual, it's only about cleaning malware off machines to the point
> that we could state that 100% of all malware, known and unknown, is
> removed from the machine at the moment you finish cleaning it.
>
> Do you feel 100% certain that your tools and skills can clean a
> compromised machine, 100% of the time, without any malware, known or
> unknow, remaining on the machine - 100% of the time?
>
> Since I don't believe that any one can actually say "YES" without
> limitations, then how do we help all of these clueless users ensure
> their machines are clean?
>
> We all know that you can wipe/reboot/install from clean disks, in a
> clean environment, and the machine will be clean at that moment.
>
> We all know that it takes between 30~90 minutes to restore a machine
> from scratch (depending on the method, quicker for ghost images), and
> that it's time consuming to get everything back to normal for customers.
>
> We all know that no one wants to wipe/reinstall as it means lots of
> extra work.
>
> Now, we also know that removing the malware can take hours in some
> cases, most takes less. For some malware you have to boot to the
> recovery console and manually remove it.
>
> So, it comes down to this - clean their system enough to save files to
> CD/DVD, then wipe it to ensure that the malware is 100% removed and the
> system is clean enough to be certified as clean.
>
> While most of us will just clean a machine and reboot it several times,
> check the registry, tasks, netstat, etc.... then run the malware removal
> tools several times, etc... It just means that we're willing to take the
> level of risk for not having to put the time in to ensure that the
> system is 100% certified clean, which means we don't really want to
> reinstall everything again
>
> I know that some will claim they can perfectly clean a machine, but, if
> you're really that sure you can clean 100% of malware, 100% of the time,
> now and in the future, of known and unknown malware, without a
> wipe/reinstall, then I think you're just fooling yourself.
>
> Again, are we assuming that by providing "reactionary" tools and methods
> that don't wipe/reinstall, that we're doing visitors to this group (and
> others) justice and actually providing them with a 100% clean platform
> to continue with?
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me

From: "Steven Bendis" <StevenBendis@discussions.microsoft.com>

| Dave,
|
| Why you've turned this into a linguistics lesson for your superiority
| complex is really unknown and unnecessary, but I thank you for your effort.
| If that's what makes you feel better, so be it.
|
| The point I was trying to make was that there's just too much out there to
| say that any kind of detection and removal methods are 100%, and that
| dropping back to a known-good point is a better solution (IMHO) than screwing
| around with a system for an hour or two. Since that was the only thing you
| didn't feel necessary to pick at in my post, either I got my point across or
| you really didn't read it.
|
| Systems that I inspect and end up having to remove malware from are usually
| Windows 2000 and are already running the latest anti-virus software with
| up-to-date DATs so running a sweep for viruses is usually a waste of time.
| I've seen "mousebm.exe" running next to Symantec AntiVirus 9.0.3.1 with all
| of its components updated and Symantec does nothing about the nasty process
| until I use pskill on it. THEN Symantec catches it. That is an example of a
| machine that would take less than 15 minutes to decide it has been
| compromised beyond further need to troubleshoot: if the current anti-virus
| DATs aren't stopping intrusion of mousebm, what other unknown things have
| made their way on this system and for how long? I have a lot of
| remote/dial-in systems which occasionally pick up an interesting mix of
| malware and you just have to decide what's really worth your time, the user's
| time and the risk.
|
| “Mal” is the French word for “bad”. As in malformed, malnourished, etc.
| Therefore malware can be used to reference any kind of software which has a
| negative impact. But since you're so exacting in all things, I imagine
| you've taken all of this into account anyway.
|
| TTYL,
|
| - S
|

The use of the term virii is done by script kiddies and the unknowing. You aren't the first
I have corrected nor the last. It isn't about a superiority complex. It is about setting
the record straight since this terminology is so often used and this thread will be read by
many.

Mal (as in bad) is actually Latin. Like in the term malaria which was Italian for Bad Air
which was thought to be the cause of the malady due to swamp gas around Venice. Italian and
French have their roots in Latin.

Since I have been studying computer infectors for almost 2 decades I do my best to inform
and enlighten the unknowing as targeting infectors is a specialty of mine. Your statement
"...running a sweep for viruses is usually a waste of time." is a fallacy. The fact is an
infector can slip though when there are no signatures present on a computer and only a full
scan using the installed AV scanners and alternate AV scanners may detect them. This is
borne out by all the News Group postings I have read and responded to over the years by
those infected requesting assistance. Based upon that fact I have written the Multi AV
Scanning Tool which incorporates the AV scanners of; Trend Micro, Sophos, McAfee and
Kaspersky. You would be surprised what one scanner may catch what another scan may miss.
Hence the tool has four scanners that have been programmed to use Heuristic scanning and to
be very aggressive.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm