[Dshield] A few strange exe's
superc at visuallink.com
Tue Jan 13 05:55:37 GMT 2004
When they have a CD RW drive that is compatible with mine, sure I bring the
CD. Note the catch 22.., "compatible with mine." One of my CD USB
rewriter drives uses it's own software which generally speaking can only be
read on a CD machine loaded with the proprietary interpreter program.
Therefore useless when I arrive at a house with a sick PC unless I bring
the drive with me. For some of the machines with no USB connection even
that wouldn't help. Even if I have the interpreter program so their own CD
could, in theory be used, first I have to deal with the virus that caused
the service call. Likewise the people who own the ill machines I see very
rarely have the newest and the latest. If they could afford that, they
would have also purchased an AV program and I don't get the call. I have
yet to be called upon to tend to one of the newer machines with no 3.5
drive. More common is for me to be visiting a machine possessing a 5" and
an added on 3.5 with an occasional external CD.
[BTW, Steve Gibson's fix CH Virus patch works. Ran it on a 3.1 machine
that wouldn't boot. Although the machine had no modem, the history
included a grandson playing games when he visited.. Norton Rescue showed
bad FAT. Had a hunch.. Tried Gibson's fix CH. Took two runs with three
(as the owner failed to follow directions and didn't write down the
displayed message resulting (Fix CH is SLOW, or maybe it was the 286,
either way I gave instructions pen and paper and left while..) before
rebooting the first time) visits over 5 weeks. Eventually the owner wrote
down the error code for me and a repair was made.]
My point is each infected/sick PC visited is different. Some are old 286s
someone was allowed to keep when they retired, some were gifts and will be
only two or three years old. The next one might be a surplus LAN unit sold
as surplus and being used as a standalone in a home, but equipped with
Ethernet cards and what not. Once I visited a home and found an infected
old SUN station filling a corner. I know someone who has an acoustic
coupler (but so far as I know their machine has never been infected). By
all means prepare a fix all CD if you want, just don't assume the next
infected PC you get a call on can read the CD. Can you say, 8 inch disk?
Ever try to get a new 2004 printer to work with Win 95 on a machine with no
USB or CD drive? Actually the biggest problem I hit a lot is the HDs in
the infected units don't have enough space to hold the full AV programs nor
enough RAM to run the firewalls. 20 megs on the HD was considered pretty
big back in 93. Can't swap them all out or add mega-RAM because the new
connectors are wrong and the old CPUs can't address the RAM or track huge
HD FATS. For this reason we come back to the tool kit on the second visit
with specific virus killers on disk to be used once the specific virus is
identified in the first visit.
I don't like Dell or Compaq machines as they are not "mechanic" friendly.
If you have ever dealt (battled) with a Compaq machine that lost it's D
(restore) drive and needed Windows reinstalled after a virus was removed
you would know why.
Subject: Re: [Dshield] A few strange exe's
From: "Doug White" <doug at clickdoug.com>
Date: Mon, 12 Jan 2004 08:31:22 -0600
To: "General DShield Discussion List" <list at dshield.org>
Those are good observations:
By having to rescue any number of Windows systems, I use the applications much
the same as you do, HOWEVER, it is a good argument for using a CD-RW which will
hold all the patches and updates (including OFFICE patches, A/V solutions,
Trojan hunters, and Symantec removal tools. for Win XP, 2k, and Win2003.
Before making the house call, I will update the CD-ROM ( prefer to use
re-writable media when possible) and have all the tools available. Many new
computers (Dell comes to mind) do not come standard with floppy drives any
and one can boot from a CDROM.
My Laptop has a CD-RW drive with which I can check for any updates I may have
missed during the preparation stage.
I have learned from experience that it is a best practice to install all the
service packs, security updates, A/V solution, as well as firewall
prior to allowing the new system a connection to the internet.
One of the features in ZoneAlarm Pro (the paid edition) is the mailsafe which
will rename executable extensions as mail attachments even before the A/V can
scan the mail, is one I recommend to everyone.
The realization that there is no one perfect bullet-proof solution to
infections, as technology becomes more sophisticated, one can only try to stay
as current as possible.
More information about the list