Try Sysinternals Autoruns, it might give you insight as to what is
integrating with IE.
Good luck,
Mike
http://www.sysinternals.com/Utilities/Autoruns.html

-----Original Message-----
From: Chris Barber [mailto:cmbarber (at) gmail (dot) com [email concealed]]
Sent: Tuesday, January 03, 2006 3:01 PM
To: focus-virus@securityfoc

[ more ]  [ reply ]

Check out HijackThis. As well, enumerate anything suspicious in
HKLM/Software/Microsoft/Windows/CurrentVersion/Run, RunOnce, etc. and
boot to Safe Mode, disable System Restore and manually delete the files.
While you're in Safe Mode, look in the Services applet for anything
suspicious. Also look in

[ more ]  [ reply ]

Hi Chris,

None of the reasons (malware defense software) you state are 'solid'.

Try Bitdefender, Trend Micro, Panda ...

Indeed, this could be some yet unknown ad-ware, spyware or other malware, this software might find it for you. Did you try cleaning temp-files, cookies, history ? Did you try a

[ more ]  [ reply ]

Try doing a search for a tool called CWSHREDDER
This might do the trick.

-----Original Message-----
From: Chris Barber [mailto:cmbarber (at) gmail (dot) com [email concealed]]
Sent: Tuesday, January 03, 2006 3:01 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Hijacked Internet Explorer

I have a user on a home network that h

[ more ]  [ reply ]

I have a user on a home network that has an oddity I have not seen
before while using search engines. On the PC we have tried Yahoo,
Google, MSN, Lycos, not sure but we may have done a few other, but the
actions are all the same. We enter a search item, say ACE, and the
results come back of course

[ more ]  [ reply ]

Please excuse my addressing several individual's points in one mail.

> You can configure scheduled scans for performance: most packages will
> allow you to catalogue all of the files on a drive and cache a
checksum.

Actually, one of the products tangentially represented in this thread
does the sam

[ more ]  [ reply ]

You can configure scheduled scans for performance: most packages will
allow you to catalogue all of the files on a drive and cache a checksum.
This makes for very quick scanning in that the scanner only has to pass
a file once if the checksum has not changed. Different packages use
different names

[ more ]  [ reply ]

Question: if malware disables your scanner, how could a scheduled scan

possible\y discern the malware?

Answer: the sound of one hand clapping?

Seriously, unless you're remotely scanning all your systems (generally

impractical), a scheduled scan is not going to help you here. Auditing

softw

[ more ]  [ reply ]

Hi Robert -

We have had situations where the real-time scan was not catching malware that the scheduled scan was catching, and the files weren't large zip files. I agree with you that these malware files were not "of immediate effect", and, of course, though it's happened twice, the situation was

[ more ]  [ reply ]

We've been fortunate to have our users "trained" to log off or restart
their systems at night so nightly scans can take place. But we face the
same pain with our laptop users (including myself when on call) as when
we start up our laptops in the morning the "background" scan makes
systems painful

[ more ]  [ reply ]

> -----Original Message-----
> From: kyle.moffitt (at) sophos (dot) com [email concealed] [mailto:kyle.moffitt (at) sophos (dot) com [email concealed]]
> Sent: Thursday, December 29, 2005 10:35 AM
> To: Bruce Martins
> Cc: dfox168 (at) hotmail (dot) com [email concealed]; focus-virus (at) securityfocus (dot) com [email concealed]
> Subject: Re: Do we still need scheduled scan?
>
> This approach presumes upda

[ more ]  [ reply ]

So your telling everyone that scheduled scanning is pointless because your av products with real time scanning are perfect? That is recipe for disaster, no impact on a user that isn't there running a full scan every hour doesn't make sense either, using all of the capabilities of the products is bes

[ more ]  [ reply ]

From discussions with the anti-virus vendors during various crises over the years, I've learned that the real-time scans are optimized for speed, while the scheduled scans are focused on thoroughness. This means, disturbingly, that malware can elude the real-time scan, yet be caught by the more-tho

[ more ]  [ reply ]

You should still run a scheduled scan sometimes things are missed in between dat file updates, if you run the scan late at night there should be minimal impact.
Bruce Martins
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@ext

[ more ]  [ reply ]

I recommend it. It's possible that a workstation could be infected prior
to the release of an update that includes that virus signature. I've
noticed that the real-time scan will sometimes not detect what's present
on the file system without a full disk scan.

Some real-time scans can be throttled d

[ more ]  [ reply ]

If we have already implemented virus scan at the gateway, on the mail
server, on individual servers, and real time scan on workstations/laptops,
do we still need scheduled, e.g., weekly, scan on workstations and laptops
as well as servers?

Schdeuled scans really slow down some machines.

Any com

[ more ]  [ reply ]

BKACVRAD.RVW 20050731

"The Art of Computer Virus Research and Defense", Peter Szor, 2005,
0-321-30454-3, U$49.99/C$69.99
%A Peter Szor pszor (at) acm (dot) org [email concealed]
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2005
%G 0-321-30454-3
%I Addison-Wesley Publishing Co.
%O U$49.9

[ more ]  [ reply ]

_______ __ __ ______ _____
| |.--.--.| |_ .-----..-----..-----.| |_ |__ || | |
| - || | || _|| _ || _ ||__ --|| _|| __||__ |
|_______||_____||____|| __||_____||_____||____||______| |__|
Public Security Note |__| http://w

[ more ]  [ reply ]