Full Disclosure mailing list archives
Re: tvm.exe / poll each.exe / blehdefyreal toolbar
From: petard <petard () freeshell org>
Date: Wed, 9 Jun 2004 16:12:43 +0000
On Thu, Jun 10, 2004 at 12:38:05AM +1200, Nick FitzGerald wrote:
petard <petard () freeshell org> wrote:It sounds like CWS. http://www.wired.com/news/infostructure/0,1377,63391,00.htmlBecause, as we all know, CWS is the _only_ adware (virus, or other malware) that installs "guardians" and uses multiple tricks in its attempts to baffle far from intelligent removal efforts, right?
No. Because based on the scant information in the original post (name of exe, URL, toolbar name, homepage hijack) and the frequency with which CWS is seen, some CWS variant seems like the most probable culprit. Did you interpret "sounds like CWS" as any more definite diagnosis than that?
That is purely a sign of your inadequacy to the job at hand -- curely not a qualification for you to provide "advice" to others (well, other than of that ofrm "get someone more competent than 'petard' to help").
heh. That was exactly my advice to the client in question, but they asked me to proceed as a favor anyway. But no, it's not purely a sign of "inadequacy to the job at hand". In fact, I'd claim that the only sign of inadequacy to the job at hand was that I even entertained the idea of doing something other than wipe and reinstall when I saw a machine behaving as OP describes. Let's examine this a little: 1. OP has effectively been "rooted". He doesn't know exactly how. 2. He (as I didn't) clearly doesn't have a picture of exactly what has been installed after that PC was compromised. He most likely doesn't know exactly what was installed before the PC was compromised, so it is nigh-on impossible to determine what's been changed. If OP had some other method of getting the PC back to a known state, he likely wouldn't have been asking the question here. The "wipe and reinstall" is the only *known safe* course of action when you've got a machine running unknown binaries.
Suggesting that the likely best approach to "fixing" a system of which you have _no freaking idea whatsoever_ is ailing it is to reformat and reinstall (_or_ anything lelse) is clearly a sign of incompetence, and little else.
Bullshit. It's the only safe advice, unless you know exactly how the machine was compromised and what was installed. No one on the list will be able to tell that given the level of detail in the original post. Any other course of action in the absence of this knowledge leaves some possibility of a backdoor. My *opinion* is that, for the average set of PC software, it will take someone who doesn't know exactly what's been installed less time to rebuild a box than to find out what is needed in order to become 100% certain no backdoor is left.
Presenting such inadequate "advice" with little suggestion of the possibility of doubt makes it even less helpful.
The "advice" you seem to dislike so much guarantees a clean PC. Like I said, given the level of knowledge exhibited in the original post, I'd opine that it is the fastest path to a clean PC. So what's your problem, exactly?
Next time you want to help, try S'ing TFU and letting folk who know what they are doing have a go, eh?
Have a go, "Nick"... you claim to know what you're doing. What's your faster path to a clean PC? Out of curiosity, why the venom? Did I say something to you that wasn't perfectly civil? regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- tvm.exe / poll each.exe / blehdefyreal toolbar mark (Jun 08)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar 404 (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Nick FitzGerald (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Aaron Gee-Clough (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Nick FitzGerald (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Andrew Clover (Jun 09)
- <Possible follow-ups>
- RE: tvm.exe / poll each.exe / blehdefyreal toolbar Zach Forsyth (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar mark (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Harlan Carvey (Jun 09)