Would you trust this box?

On January 5, 2009, in Security, by

Spyware Guard 2008 Analysis and Removal | Malware Help. Org:
http://www.malwarehelp.org/spyware-guard-2008-analysis-and-removal-2008.html

Helping out a friend remotely and one of the tricks for getting any sort of security scans to work on a remote system was that you had to rename the malware removal software executible file names because the software blocks known software that can kill it.  So for Malwarebytes.org, ensure you rename the file something else before launching it.  Same for SuperAntispyware.  When Malwarebytes wasn’t working I tried HowardC’s recommendation but it would Dr. Watson upon launching.  I then realized what the program was doing and protecting itself.

Personally if this were my box I’d be flattening it.

 

 

9 Responses to Would you trust this box?

  1. JamesB says:

    Touch and go there. Your a Pro yet your helping a friend so is that “commercial”? Is it “commercial” for a home user to have this installed by a Pro and ran by a Pro?

    So many of these tools which offer “free” home versions create to thin a line of what is legit and what may not be.

    Subject to the restrictions below, you may use the Malwarebytes’ Software for any legitimate purpose.

    In return, we simply require that you agree:

    1. Not to use this software for commercial use without proper licensing.

  2. indy says:

    Silly waste of time. backup, wipe, reload. Once the box is pwn3d it’s useless to attempt to get it back to safe.

    Have them pay the windows malware tax (your hourly rate,) and move on, maybe recommend a mac or linux box.

  3. bradley says:

    I bought the software, James. I didn’t take the time to flip it to the non trial.

    I also was not getting paid for this clean up job. If I had I would have flattened the box.

    No touch and go.

  4. bradley says:

    Indy the knee jerk reaction is not “run Linux”. She needs business tools.

  5. Jules @ Ginger Inc. says:

    Yeah – I got burned with the spyware guard just before Christmas –

    spent a good many hours trying to sort it out – again – not a commercial decision.

    Never thought of renaming the file to run it…

    PrevX could get it, and clean it, but not remove it… Malwarebytes would install but not run (so did the running file allow itself to be renamed?)

    But yeah – what a PITA that one…

    I ended up flattening the box in the end…

  6. JamesB says:

    The “you” is a general you as in techs which use such Freeware to clean machines, especially home units. We all know the licenses are abused and such tools end up on business machines but how many techs are using these same tools (the Free versions) on home PC’s and does that qualify for a Free license.

    aVast says it must be a “Home” user where MalwareBytes has a more generic no “Commercial” use. For aVast this tells me I can install aVast for a home user and I can, as a Pro, use it to clean the system. For MB it would appear it doesn’t matter where it’s installed as long as it’s not used commercially so as a Pro I cannot install it on a Home user if I come in and use it and then bill for services.

    Just look at the Yahoo list for the number of times such tools are suggested to quickly see the license terms are not being followed to the letter.

  7. indy says:

    She also probably needs her data secure. Windows failed her in this regard. I assume she is now changing every password that ever passed through this box?

  8. Amy B says:

    It’s all so easy to say flatten and reload. But there’s a big cost to that, that also has to be considered. The answer is often not so cut and dry. In theory we would of course flatted and reload, but in the real work this solution isn’t always to best.

    Removal tools and the skillset at removing have both improved over the years, so sometimes the answer is to fix it, educate the user and monitor.

  9. Bill says:

    Always flatten the box, how can you trust the box after an infection?

    Do you know exactly what the malware did to the machine? How can you be sure that all malware have been removed? How can you be sure that the malware did not change ACLs? How can you guarantee the client the infection is eradicated?

    Always flatten the box…period.

    Educate users about LUA and Standard Users.