ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

In search of ... assistance with a tenacious BHO ...

<< < (2/4) > >>

TaoPhoenix:
Just to close this, nothing worked.  Wasn't really optimistic, but there's always a chance.  Yes, I did pay attention to detail, did not skip any [known] steps, got response(s) indicating success, all to no avail.  So I restored a backup that wasn't, lost a pregnancy worth of data, but did get rid of the problem.  'Course, I still don't know the cause, so still subject to reinfection.  Pretty much a worse end to a bad situation  :o :-\.
-barney (January 04, 2014, 12:07 AM)
--- End quote ---

Yikes Barney!

I've grown lazy in my old age, but this is the type of thing I used to have a special "radioactive" machine to test low level stuff on. Did you ever figure out the source so that "for next time" we can apply (as someone said) "the hive mind" at it?

tomos:
barney, if I may ask, what security software are you using that let this thing slip through?

Might be time to start looking for a replacement.
-Innuendo (January 04, 2014, 12:11 PM)
--- End quote ---

It would be interesting to hear which anti-virus programmes *are* good against this type of thing -- I wonder if any are?
The laptop I cleaned was using avira pro which has a very good reputation - used use it myself but gave up on it cause it got too many false positives and didnt make it particularly easy to report.

TaoPhoenix:
barney, if I may ask, what security software are you using that let this thing slip through?

Might be time to start looking for a replacement.
-Innuendo (January 04, 2014, 12:11 PM)
--- End quote ---

It would be interesting to hear which anti-virus programmes *are* good against this type of thing -- I wonder if any are?
The laptop I cleaned was using avira pro which has a very good reputation - used use it myself but gave up on it cause it got too many false positives and didnt make it particularly easy to report.
-tomos (January 04, 2014, 02:26 PM)
--- End quote ---

I'm finding the "Anti-Virus" programs are terrible at this kind of thing. The toolbars/BHO/etc get there as "authorized installs" because the AV programs see them as "agreed to by that byzantine EULA" and therefore OK.

The types of approaches that work for me the few times I've had to deal with this stuff are much more low level and/or left-field.

barney:
Well, since this wasn't technically a virus, not certain any AV solution would have caught it.  Using Comodo firewall and Malwarebytes (paid version).  However, I suspect this was crapware attached to another install that did not mention it was to be installed.  I watch that pretty closely, but not all install systems announce themselves.  And there is a possibility that I didn't install it, a neighbor did.  I'm doing some Web work for her and her family, but some of what they want is on Facebook, so she has logged in several times to grab some photos she wants.  I suspect she may have installed a Firefox extension to assist her  :huh:.

The thing that aroused my curiosity initially was the discovery of a recent temp directory on the root of C:\ with only two (2) files in it.  When I searched on the files, I discovered - and eradicated - part of the problem.  Just couldn't get rid of the whole famned damily, as it were.

As to the recovery aspect, one (1) of the onsite drives I was using for recovery purposes failed physically.  So the inability to recover was due, in part, to mechanical failure.  Appears that I'll have to - again! - rethink my storage/recovery scenario.  Lost my off-site storage - she got married and moved away  :'( - and don't have anything to replace that as yet.

So, a significant part of this was happenstance and timing, you might say Chance - with a capital SEE?.

Been trying out Sterjo NetStalker lately.  It provides alerts for every outbound communication attempt, but only on the first try unless you deny permission.  And it doesn't seem to work for subcommunications, e.g., once ya give Firefox outbound permission, anything under Firefox inherits that permission.  So, even it it were a standalone program, since it was communicating via browser, it was using that browser's permissions and was not detected.

IainB:
Benjamin Franklin once said that "an ounce of prevention is better than a pound of cure", but this can prevent and cure stuff as well - I've used it to clean malware (e.g., hijack trojans) off clients' hard drives: Malwarebytes FREE and PRO - Mini-Review.
It certainly works to prevent things as well, especially malware trying to sneak in down Internet links.

So, I'd love to know how it got past MBAM. Did you have it running with Realtime Protection ON?
I read that there is one malware that turns MBAM off, and there is a fix for that.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version