JP Vossen on 9 Jan 2010 14:29:51 -0800 |
A cousin has gotten "Internet Security 2010" and our initial t-shooting has failed. The malware is still resident in Safe Mode, and it will not allow a DOS prompt, regedit or even notepad to run. We tried: Start, Run, Notepad; Start, Progs, Accessories, Notepad; And browsing to C:\Windows and double-clicking notepad.exe. All failed. So I'm going to have him burn an Ubuntu LiveCD, install SSH server and I'll SSH in and delete files per http://www.2-spyware.com/remove-internet-security-2010.html. Something like (untested): mount /dev/sda1 /mnt # Assuming his Windows XP is on /dev/sda1 rm -rf /mnt/c rm -rf /mnt/Program?Files/InternetSecurity2010 find /mnt -iname 'IS2010.exe' \ -o -iname '41.exe' \ -o -iname 'winhelper86.dll' \ -o -iname 'winlogon86.exe' \ -o -iname 'winupdate86.exe' \ -o -iname 'Internet Security 2010.lnk' | xargs echo rm cd windows/system32/config/ cp -av default REG_BACKUP.default cp -av security REG_BACKUP.security cp -av software REG_BACKUP.software cp -av system REG_BACKUP.system cp -av sam REG_BACKUP.sam I'd also like to clean up the registry a bit, so any ideas how to do that from the LiveCD? Various places found via Google suggest running a Windows-based third-party RegEdit tool under Wine, and this looks promising (worked in a VM anyway, though I didn't test writing): http://www.pcregedit.com/ PCRegedit is a Linux Live CD based, easy-to-use tool to create, delete, edit the windows registry key-values without booting from Windows. Any other ideas for cleaning up the malware? (I haven't seen the PC but it's old, running XP, and he has no CDs for it, I suspect it's some old whitebox. I doubt he updates it, and he was using IE and Outlook Express. He did have Comcast's Macafee A/V on it.) Thanks, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|