Topic: Bar-Abbas learns a new anti-spyware trick!  (Read 1077 times)

0 Members and 1 Guest are viewing this topic.

Offline The Bar-Abbas Anomaly

  • Alpha Dog
  • Commander
  • *
  • Posts: 3009
  • Gender: Male
  • I may be synthetic, but I'm not stupid...
    • Alpha Dog Technical Services LLC
Bar-Abbas learns a new anti-spyware trick!
« on: June 23, 2006, 03:38:14 pm »

OK, first off, I HATE spyware and companies that develop and use this crap.  For the worst offenders, I'd put them in prison for 10 years or so and prohibit them from ever touching a computer again.

Anyway, I went out to a client's home last night to take a look at their daughter's personal computer.  Unusably slow, tons of pop-ups and constant HDD activity.  Yup.  You really gummed up the works there din'cha, honey.

OK, boot in Safe Mode.  Delete tons of random recent .exe, .dll and stuff from C:\, C:\Windows, and C:\Windows\System32.  'Couple in System32 are undeletable, even in safe mode.  Bugger.  OK, I fire up my Universal Windows Boot CD but... no dice.  She's got a RAID controller and so UBCD doesn't see her volume after booting.  I could work around this, but that would mean identifying the specific hardware controller and making a floppy driver disk and that may take longer than the direct approach.

Load Windows in normal mode, run HijackThis & Ad-Aware and clean up most of the left-overs.  Ad-Aware needs to run a scan on reboot to clean up a handful of 'in-use' files.  No prob.  But again, Shaka, when the walls fell.  I've still got sstts.dll sitting there.  Mocking me.  And causing pop-up's, to boot!  After a brief Google search, it seems that sstts.dll is part of 'WinFixer' malware.  Hey!  Great!  I've got a specific removal tool for WinFixer right here!  BZZZT.  Again, it thinks it's working, but it don't work.

KillBox and MoveOnBoot both fail to remove the offending file, and I'm getting more and more pissed at these Ratt Bastyrds who wrote this junk.  HOW can I get rid of this one?!?

Ah!  I have an idea!  I act quickly before it dies of lonelyness...  Since I can't delete the file, can I change the permissions to tell Windows that no user or service has rights to access it?  File Properties --> Security -->  Advanced --> Remove Inherited Rights to this file.  Error.  Oh, well.  It was worth a shot.  But wait!  When I go back in, all rights really have been removed!  Cool!

Reboot, re-add rights to the Administrator, and delete the file.  Success!

Take THAT!  You pea-brained, porn-watchin', French-speakin' wanna-be programmer!!!  Who's your DADDY!?!

So, there ya have it.  Remove all file access permissions and reboot.  It should work for most, if not all viruses or adware.  Somebody check to see if XP Home version has this functionality for me, would'ya?  I think it may not work on XP Home 'cause Microsoft has artificially dumbed that one down....

Alpha Dog is in the HOUSE!!!  (But he needs to go out...)

Offline Just plain old Punisher

  • Vice Admiral
  • *
  • Posts: 36927
  • Gender: Male
  • I'm not facist, I just like wearing jackboots
Re: Bar-Abbas learns a new anti-spyware trick!
« Reply #1 on: June 23, 2006, 06:18:16 pm »
Home edition has all that security stuff disabled, unfortunatly.

"Sex is a lot like pizza.  If you're not careful you can blister your tongue". -Dracho