Last night for some reason we synchronized our clocks at 12:29 AM and kept talking and typing. I forgot to make a note of when we closed--probably about 1 AM? We tied for third and fourth place in computer rooms last night--not bad for a once-a-week session! :clap2:

WHO WAS THERE

KH Members - Lina, Lawrence, Vivvienne, Photolady (still has computer problems, could not use new microphone Elliot graciously sent her), Elliot, rbob (kern), Dan, N3, Fred, Vince C (Spawn), Al Dom (he popped in and out, too much going on, he could not get in a word edgewise :frown: ), Pi rules (our working student arrived late), Rob Cohan, Rich M.

Visitors Who Stayed Long Enough to Chime In - Pleasureusilly (this gentleman's handle did not match his demeanor), NSETK (typed that he or she "loved" one our guys and persisted, our guy did not feel the same way, we threw him/her out of the room), smartd (friend's computer had a virus), Bayou Jazz Baby (Paltalk/music problem).

COMPUTER TOPICS DISCUSSED

*LINA'S COMPUTER HAS VIRUS (?)

- A BitDefender full scan showed: C:\Program Files\QUICKENW\QWDELUXE\DISK24\DATA24.CAB=>(IShield Module 147) Infected: Generic.XPL.Codebase.41C2DB21

- Lina has never used Quicken (personal, not business program). The "virus" Generic.XPL.Codebase.41C2DB21 did not show up on earlier Ewido scan and does not appear on BitDefender web site,
www.bitdefender.com.au/site/VirusInfo/realTimeReporting/

- Trendo-Micro, Adaware scans suggested. Postponed so Lina could concentrate on taking chatroom notes.

- Lawrence suggested:

Change the name of folder C:\Program Files\QUICKENW\QWDELUXE\DISK24\DATA24.CAB=>(IShield Module 147) by changing the suffix. This will isolate the "virus," or ,

Since Lina doesn't use Quicken, delete the program and pull the plug (yes, out of the wall, "illegal" shutdown!), so it does not go into memory.

Email or call BitDefender about discrepancy between their scan report and their web site lists.

- Other Input:

ebase.41C2DB21: it is a cam module - of course if you do a google on xpl codebase you end up at a webcam porn site. Sounds more like a spyware infection.

Virus or spyware. Generic detection for the exploits who can take advantage of the vulnerability Zero-Day detected in Microsoft Internet Explorer, which allows the execution of code.

- Rich joined us later and deduced that Generic.XPL.Codebase.41C2DB21 was a false positive, should be ignored. Good antivirus always identify java cache as virus...and financial software uses java big time. Renaming folder another way, but just ignore it.

- Lina will ignore it. But will do Ewido, Adaware, and Trend Micro scans when time permits.

*VIRUS ON FRIEND'S COMPUTER

- Visitor smartd sought advice to remove virus from friend's computer (it had an expired AV). Rich advised him to use online scanner at
www.bitdefender.com to clean out system and then install free AVG, http://free.grisoft.com/doc/2/lng/us/tpl/v5.

- We owe this visitor an apology! He wanted to help
his friend "remotely," and we failed to answer address that. It went unnoticed because too many of us were using the same color/size fonts in the text box. :nono:

*DELL 4550 HARD DRIVE ACTIVITY ALERT - on the tower's manual shutoff button, two lights, the one on the right indicates hard-drive activity. Lawrence: It just means that there is read write activity on the HD. (Lina's cataracts still trying to figure out that one.)

*HOW LONG TO KEEP A HARD DRIVE - Rich would pitch it after three years. Maxtor drive, three minutes, pitch it!

*LAPTOP VS DESKTOP - Laptop more convenient, but susceptible to heat; problem generating enough power; components not or not as easily accessible. Desktop easier to trouble-shoot. AMD and Intel do better job handling heat.

*MSN EMAIL LOCKOUT (visitor pleasureusilly) - Thinks he was hacked while in Yahoo chatroom. Advised to contact MSN, reset password.

*N3'S REFORMAT PLANS - Still a plan. N3 thinks Lawrence's suggestion, Madboot, too controversial: http://www.madboot.com/

*AVG FIREWALL WITH ANTISPYWARE - Rich likes it.

*RUNNING AV SCANNER IN SAFE MODE, BETTER?

- Rich: Not unless it won't work properly in Windows.

- Rob Cohan: Much more likely to see desired targets.

*TURNING OFF SYSTEM RESTORE - turn off after removal of infection, also kill prefetch folder.

Edit No. 1 - According to Super Moderator Kern (rbob) this should read:


**TURNING OFF SYSTEM RESTORE -
turn off system restore, and empty contents of "prefetch" folder (C:\Windows\prefetch), before removal of infection.

Edit No. 2 - Some disagree with both my and Kern's comments. Before attempting this, check further posts in this thread as well as other posts in this forum about System Restore and the prefetch folder

*MAC AND PALTALK

- N3 wants to know if there is a free download to put Paltalk on a MAC.

- Virtual PC, install window program inside the MAC?

*WEB SITES OF INTEREST?

- Storage Review (Fred)
http://www.storagereview.com/guide2000/ref/hdd/geom/errorRead.html

- Stinger (AV,Lawrence) http://www.tradebit.com/filedetail.php/31884

*DISCUSSIONS ABOVE MY HEAD - Many long, technical discussions, audio and typed, which I just could not follow. Again, the lack of different color/size fonts in text box did not help.

NON-COMPUTER DISCUSSIONS - None! Or too little to comment on. It was a busy session with some intense technical and problem-solving discussions.

Until next week, take care,:grouphug:

Lina

Lina
great job tnx

Elliott

See everybody next tweak

My connection is working right now. They fixed it today finally. I'm happier. :D

Quote from your post above about turning off system restore. This should be done before not after infection is gone because the infection/s can hide in system restore. If turned off after the infection, it can and will incorporate itself back into the system, meaning you have to start all over again.

My connection is working right now. They fixed it today finally. I'm happier. :D

Quote from your post above about turning off system restore. This should be done before not after infection is gone because the infection/s can hide in system restore. If turned off after the infection, it can and will incorporate itself back into the system, meaning you have to start all over again.

I agree with turning off System Restore before a cleaning. In fact, all the antivirus companies that I researched recommend this as well.

Photolady wrote:
Quote from your post above about turning off system restore. This should be done before not after infection is gone because the infection/s can hide in system restore. If turned off after the infection, it can and will incorporate itself back into the system, meaning you have to start all over again.

The quote from the Wednesday night summary: *TURNING OFF SYSTEM RESTORE - turn off after removal of infection, also kill prefetch folder.

Photolady, thanks for bringing that up!! I'm glad you were on your toes! I may have read my scribbled notes incorrectly! Will use different color pen/pencil to edit or cross out my notes from now on.. That's where I think I goofed.

It was a verbal conversation. I think perhaps it should have read, **TURNING OFF SYSTEM RESTORE - turn off when scanning. After removal of infection, kill prefetch folder.

Does that sound more like it? Please let me know so that I can edit
my original post.

BTW, that was the advice someone (?) gave during the chatroom session.
We have posts on this forum discussing both System Restore and the
prefetch folder at length. Opinions may vary.

Lina




.

Original statement in Wednesday chatroom summary:

**TURNING OFF SYSTEM RESTORE - turn off after removal of infection, also kill prefetch folder.

According to Super Moderator Kern (rbob) this should read:

**TURNING OFF SYSTEM RESTORE -
turn off system restore, and empty contents of "prefetch" folder (C:\Windows\prefetch), before removal of infection.

Photolady, thanks again for the alert!

Lina

P.S. I made a note of this correction in the original chatroom summary.

Actually I tend to disagree with that for one reason. if you turn off the System Restore before removing infestation, and your remover shreds the registry like Spybot and some poor Av's have a tendency to do, you may have no way back as happened to me recently. And since System Restore may harbor the problems, it really is not a problem until you try to restore with it (in other words the thought that somehting can crawl out of System restore has been pretty well put down as a possibility)...
So kill the Prefetch first, then remove then reboot to be sure you can do that. then kill the System restore and then put it back creating a new fresh rstore point.

I have again edited my original summary of Wednesday night's session to
indicate there are differing opinions about System Restore and prefetch:

"Edit No. 2 - Some disagree with both my and Kern's comments. Before attempting this, check further posts in this thread as well as other posts in this forum about System Restore and the prefetch folder."

Join us tomorrow night (Wednesday, October 11) in our KH Computer
Help Desk chatroom, and let's discuss this and anything else about which you
disagree or need clarification.:)

Lina

Thanks Lina.

If I have the time today, I'll try and find out the exact reasoning as to why the antivirus companies recommend it's turned off before the scan.

If I remember correctly, it's because an antivirus program may show a System Restore infection even though it's been removed and/or antivirus programs are prone to show false positives in the System Restore files.

The possible corruption caused by malware removal is a good point though. It's worth some more discussion.

Thanks Lina.

If I have the time today, I'll try and find out the exact reasoning as to why the antivirus companies recommend it's turned off before the scan.

If I remember correctly, it's because an antivirus program may show a System Restore infection even though it's been removed and/or antivirus programs are prone to show false positives in the System Restore files.

The possible corruption caused by malware removal is a good point though. It's worth some more discussion.

Seth it happened to me, and honestly it was something I never thought about. I had the system absolutely perfect, rebooted and then was forced to reformat. Repair did nothing, Last Known Config did nothing....and I wasted 3 hours cleaning a pc that I could not bill for. That is the last time I will ever do that again regardless of what anyone says.

Seth it happened to me, and honestly it was something I never thought about. I had the system absolutely perfect, rebooted and then was forced to reformat. Repair did nothing, Last Known Config did nothing....and I wasted 3 hours cleaning a pc that I could not bill for. That is the last time I will ever do that again regardless of what anyone says.

Although I've never had that happen, it is indeed possible as you found out the hard way.

The articles from the antivirus companies refer to the average user who may not know how to deal with System Restore infections. For us techs though, we know to ignore the infections in System Restore.

I now agree that for safety reasons, System Restore should be addressed after the disinfection.

First thing I do when a machine comes in is to plug in an ext USB hard drive, boot with a Acronis True Image CD and make a copy. I do it just in case something happens.

- tony

Most spyware detectors do not scan system restore. Any spyware/malware or Hijackthis expert will tell you to turn off system restore to clear out any viruses/spyware hiding in there. That's my story and I'm sticking to it. :D And I've never had a problem doing it this way either.

And one other suggestion is to lower the amount system restore uses of your harddrive. That system restore can sure eat a lot of your harddrive if left at the maximum. I have mine set to 400mb.

There is no question that System Restore should be cleared and re-created as part of a disinfection. The question is, "Should it be done before or after the disinfection?".

It seems most logical to clear System Restore after cleaning the system.

There is no question that System Restore should be cleared and re-created as part of a disinfection. The question is, "Should it be done before or after the disinfection?".

It seems most logical to clear System Restore after cleaning the system.
I agree as unless it is accessed, it cannot affect anything in system and once again if you delete it, it may also be your only way back from spyware or virus destructive removal.

Most spyware detectors do not scan system restore. Any spyware/malware or Hijackthis expert will tell you to turn off system restore to clear out any viruses/spyware hiding in there. That's my story and I'm sticking to it. :D And I've never had a problem doing it this way either.


I've always done it that way too, and never had a problem either.

But Rich brings up a good point- malware are "inactive" in restore files. Keeping System Restore enabled until after a malware scan cant hurt, (and allows one to recover from a malware scan gone bad), as long as one remembers to delete restore points after the malware scan.

And one other suggestion is to lower the amount system restore uses of your harddrive. That system restore can sure eat a lot of your harddrive if left at the maximum. I have mine set to 400mb.

How many restores does 400mb give you?

What percentage is 400mb? (I'd have to go to the minimum to get
that much.....unless I'm reading/doing something wrong.)

Thanks.

Lina

How many restores does 400mb give you?

What percentage is 400mb? (I'd have to go to the minimum to get
that much.....unless I'm reading/doing something wrong.)

Thanks.

Lina
Probably only 1 but possibly 2. Lina if you want to lower yours, then set it halfway.