1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus infection on a T60 ==> how best to reinstall WindowsXP? Can Isafely still use the special Win

Discussion in 'Windows XP' started by ship, Jan 19, 2010.

  1. ship

    ship Flightless Bird

    Hi


    My T60 (WindowsXP Pro) has been infected with several viruses.

    Is it safe to re-install from the WindowsXP partition?

    Or should I kill absolutely everything on the disk (eg. by running
    KillDisk off a CD)?


    And if I do the latter, how on earth to I register it with Microsoft
    because the laptop did not come with any CDs.
    (I can borrow a Windows XP Pro CD from work - but I presume that there
    will be problems with the Product Key and License number etc)

    Any thoughts?

    With thanks



    Ship
     
  2. ship

    ship Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? CanI safely still use the special Windows installation partition?

    P.S. For clarification my computer is a T60 laptop from Lenovo. (about
    3 years old)

    With thanks


    Ship
    Shiperton Henethe
     
  3. David H. Lipman

    David H. Lipman Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    From: "ship" <shiphen@gmail.com>

    | Hi
    | My T60 (WindowsXP Pro) has been infected with several viruses.
    | Is it safe to re-install from the WindowsXP partition?
    | Or should I kill absolutely everything on the disk (eg. by running
    | KillDisk off a CD)?

    | And if I do the latter, how on earth to I register it with Microsoft
    | because the laptop did not come with any CDs.
    | (I can borrow a Windows XP Pro CD from work - but I presume that there
    | will be problems with the Product Key and License number etc)

    | Any thoughts?
    | With thanks
    | Ship

    What Cross-Post to all those groups and NOT; microsoft.public.security.virus ?

    What "viruses" (assuming they were viruses and not plain old trojans) were they ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
  4. Elmo

    Elmo Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?

    ship wrote:
    > Hi
    >
    >
    > My T60 (WindowsXP Pro) has been infected with several viruses.
    >
    > Is it safe to re-install from the Windows XP partition?
    >
    > Or should I kill absolutely everything on the disk (eg. by running
    > KillDisk off a CD)?
    >
    >
    > And if I do the latter, how on earth to I register it with Microsoft
    > because the laptop did not come with any CDs.
    > (I can borrow a Windows XP Pro CD from work - but I presume that there
    > will be problems with the Product Key and License number etc)
    >
    > Any thoughts?
    >
    > With thanks
    >
    >
    >
    > Ship


    Burn BitDefender, or another program listed at the link below, to a CD
    (using a working machine) and test the infected machine with it.
    BitDefender also has a Rootkit checker on the Linux Desktop; run it if
    you think that's the problem:

    http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

    Download the executable rather than the .iso image, if one is available,
    (though no .exe is available for BitDefender).

    After the scan is run, if you elect to quarantine files, they're
    quarantined to RAM and lost after you reboot. You'll need to copy any
    quarantined files to the hard drive, a thumb drive or elsewhere before
    exiting.

    Then run these:

    Malwarebytes© Corporation
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    SuperAntispyware
    http://www.superantispyware.com/superantispywarefreevspro.html

    --
    Joe =o)
     
  5. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    HOW TO do a clean install of WinXP: See
    http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
    http://support.microsoft.com/kb/978307

    After the clean install, you'll have the equivalent of a "new computer" so
    take care of everything on the following page before otherwise connecting
    the machine to the internet or a network and before using a flash drive or
    SDCard that isn't brand-new or hasn't been freshly formatted:

    4 steps to help protect your new computer before you go online
    http://www.microsoft.com/security/pypc.aspx

    Other helpful references include:

    HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
    (after a clean install)
    http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c

    HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
    clean install)
    http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b

    Tip: After getting the computer fully-patched, download/install KB971029
    manually: http://support.microsoft.com/kb/971029

    NB: Any Norton or McAfee free-trial that came preinstalled on the computer
    when you bought it will be reinstalled (but invalid) when Windows is
    reinstalled. You MUST uninstall the free-trial and download/run the
    appropriate removal tool before installing any updates, Windows Service
    Packs or IE upgrades and before installing your new anti-virus application
    (which will require WinXP SP3 to be installed).

    Norton Removal Tool
    ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

    McAfee Consumer Products Removal Tool
    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

    Also see:

    Steps To Help Prevent Spyware
    http://www.microsoft.com/security/spyware/prevent.aspx

    Steps to Help Prevent Computer Worms
    http://www.microsoft.com/security/worms/prevent.aspx

    Avoid Rogue Security Software!
    http://www.microsoft.com/security/antivirus/rogue.aspx
    --
    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002
    www.banthecheck.com


    ship wrote:
    > Hi
    >
    >
    > My T60 (WindowsXP Pro) has been infected with several viruses.
    >
    > Is it safe to re-install from the WindowsXP partition?
    >
    > Or should I kill absolutely everything on the disk (eg. by running
    > KillDisk off a CD)?
    >
    >
    > And if I do the latter, how on earth to I register it with Microsoft
    > because the laptop did not come with any CDs.
    > (I can borrow a Windows XP Pro CD from work - but I presume that there
    > will be problems with the Product Key and License number etc)
    >
    > Any thoughts?
    >
    > With thanks
    >
    >
    >
    > Ship
     
  6. ship

    ship Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? CanI safely still use the special Windows installation partition?

    On Jan 20, 6:58 am, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
    > HOW TO do a clean install of WinXP: Seehttp://michaelstevenstech.com/cleanxpinstall.html#stepsand/or Method 1 inhttp://support.microsoft.com/kb/978307
    >
    > After the clean install, you'll have the equivalent of a "new computer" so
    > take care of everything on the following page before otherwise connecting
    > the machine to the internet or a network and before using a flash drive or
    > SDCard that isn't brand-new or hasn't been freshly formatted:
    >
    >      4 steps to help protect your new computer before you go online
    >      http://www.microsoft.com/security/pypc.aspx
    >
    > Other helpful references include:
    >
    > HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
    > (after a clean install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5...
    >
    > HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
    > clean install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg...
    >
    > Tip: After getting the computer fully-patched, download/install KB971029
    > manually:http://support.microsoft.com/kb/971029
    >
    > NB: Any Norton or McAfee free-trial that came preinstalled on the computer
    > when you bought it will be reinstalled (but invalid) when Windows is
    > reinstalled. You MUST uninstall the free-trial and download/run the
    > appropriate removal tool before installing any updates, Windows Service
    > Packs or IE upgrades and before installing your new anti-virus application
    > (which will require WinXP SP3 to be installed).
    >
    >      Norton Removal Tool
    >      ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_...
    >
    >      McAfee Consumer Products Removal Tool
    >      http://download.mcafee.com/products/licensed/cust_support_patches/MCP...
    >
    > Also see:
    >
    > Steps To Help Prevent Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx
    >
    > Steps to Help Prevent Computer Wormshttp://www.microsoft.com/security/worms/prevent.aspx
    >
    > Avoid Rogue Security Software!http://www.microsoft.com/security/antivirus/rogue.aspx
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-IE, Mail, Security, Windows Client - since 2002www.banthecheck.com
    >
    >
    >
    > ship wrote:
    > > Hi

    >
    > > My T60 (WindowsXP Pro)  has been infected with several viruses.

    >
    > > Is it safe to re-install from the WindowsXP partition?

    >
    > > Or should I kill absolutely everything on the disk (eg. by running
    > > KillDisk off a CD)?

    >
    > > And if I do the latter, how on earth to I register it with Microsoft
    > > because the laptop did not come with any CDs.
    > > (I can borrow a Windows XP Pro CD from work - but I presume that there
    > > will be problems with the Product Key and License number etc)

    >
    > > Any thoughts?

    >
    > > With thanks

    >
    > > Ship- Hide quoted text -

    >
    > - Show quoted text -


    All helpful suggestions, but nobody seems to have answered my central
    questions:
    A). Do I need to delete the special WindowXP installation partition?
    i.e. is it theoretically possible for a virus to get into it? And

    8). How am I supposed to reinstall WindowsXP correctly without it?

    With thanks


    Ship
    Shiperton Henethe
     
  7. Jose

    Jose Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? CanI safely still use the special Windows installation partition?

    On Jan 19, 6:16 pm, ship <ship...@gmail.com> wrote:
    > Hi
    >
    > My T60 (WindowsXP Pro)  has been infected with several viruses.
    >
    > Is it safe to re-install from the WindowsXP partition?
    >
    > Or should I kill absolutely everything on the disk (eg. by running
    > KillDisk off a CD)?
    >
    > And if I do the latter, how on earth to I register it with Microsoft
    > because the laptop did not come with any CDs.
    > (I can borrow a Windows XP Pro CD from work - but I presume that there
    > will be problems with the Product Key and License number etc)
    >
    > Any thoughts?
    >
    > With thanks
    >
    > Ship


    If you think it is best to start from scorched earth, I would delete
    everything - even the special Windows installation partition. You do
    not know the status/health of it with 100% certainty. Even if you
    could use it, if something goes wrong later, you will always wonder if
    it was really part of the problem or not. Eliminate the possibility
    of that question ever coming up - whack it.

    You can certainly make a copy of a genuine bootable XP installation CD
    to keep with your computer. Don't borrow it, make a copy for you. It
    is not unethical to make a copy of a Windows CD. It is unethical to
    apply the same license key to different computers. Be sure it is of
    the same version you have now (Home, Pro, etc). If you don't need it
    now, you will be glad you have it some other day.

    Before you reinstall, you should determine the currently installed
    licensing information on your current system (if it runs) and use that
    when reinstalling. It may be on a sticker on your PC that is
    unreadable, lost or missing. You need to figure out what Windows
    thinks, not what some sticker says.

    The information is already on your system of course, you just need to
    find it and write it down for later.

    You can use one of several free tools, or use them all and see which
    one you like best:

    Magic Jelly Bean:
    http://magicaljellybean.com/keyfinder/

    SIW:
    http://www.gtopala.com/

    Belarc:
    http://belarc.com/free_download.html

    It would be more fun to just fix your current unspecified problem and
    not reinstall, but you can/should certainly find out the licensing
    information and get a copy of a genuine bootable XP installation CD of
    your own and keep it in a safe place for the future - or the present...
     
  8. Carmel

    Carmel Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?

    On Wed, 20 Jan 2010 04:12:47 -0800 (PST)
    Jose <jose_ease@yahoo.com> articulated:

    > On Jan 19, 6:16 pm, ship <ship...@gmail.com> wrote:
    > > Hi
    > >
    > > My T60 (WindowsXP Pro)  has been infected with several viruses.
    > >
    > > Is it safe to re-install from the WindowsXP partition?
    > >
    > > Or should I kill absolutely everything on the disk (eg. by running
    > > KillDisk off a CD)?
    > >
    > > And if I do the latter, how on earth to I register it with Microsoft
    > > because the laptop did not come with any CDs.
    > > (I can borrow a Windows XP Pro CD from work - but I presume that
    > > there will be problems with the Product Key and License number etc)
    > >
    > > Any thoughts?
    > >
    > > With thanks
    > >
    > > Ship

    >
    > If you think it is best to start from scorched earth, I would delete
    > everything - even the special Windows installation partition. You do
    > not know the status/health of it with 100% certainty. Even if you
    > could use it, if something goes wrong later, you will always wonder if
    > it was really part of the problem or not. Eliminate the possibility
    > of that question ever coming up - whack it.
    >
    > You can certainly make a copy of a genuine bootable XP installation CD
    > to keep with your computer. Don't borrow it, make a copy for you. It
    > is not unethical to make a copy of a Windows CD. It is unethical to
    > apply the same license key to different computers. Be sure it is of
    > the same version you have now (Home, Pro, etc). If you don't need it
    > now, you will be glad you have it some other day.
    >
    > Before you reinstall, you should determine the currently installed
    > licensing information on your current system (if it runs) and use that
    > when reinstalling. It may be on a sticker on your PC that is
    > unreadable, lost or missing. You need to figure out what Windows
    > thinks, not what some sticker says.
    >
    > The information is already on your system of course, you just need to
    > find it and write it down for later.
    >
    > You can use one of several free tools, or use them all and see which
    > one you like best:
    >
    > Magic Jelly Bean:
    > http://magicaljellybean.com/keyfinder/
    >
    > SIW:
    > http://www.gtopala.com/
    >
    > Belarc:
    > http://belarc.com/free_download.html
    >
    > It would be more fun to just fix your current unspecified problem and
    > not reinstall, but you can/should certainly find out the licensing
    > information and get a copy of a genuine bootable XP installation CD of
    > your own and keep it in a safe place for the future - or the
    > present...


    A fresh Format/Installation would certainly eliminate a lot of
    potential problems that might exist on your system. Before nuking the
    drive, do insure that you have the "key" for reinstalling Windows.
    Next, visit this site:

    http://tech.icrontic.com/articles/windows_driver_collection

    It has some information that might prove useful to you. You might be
    interested in: DriverMax <http://www.innovative-sol.com/drivermax/>
    also. It could save you a lot of time. Prior to running it, do insure
    that you have the latest drivers installed.

    Finally, download a copy of FreeDOS <http://www.freedos.org/>. Create a
    bootable CD, and use it to start your system. Read the documentation
    first. If used correctly, it will remove all existing data and
    partition info from your drive. You can then use the same disk to
    reformat the drive prior to installing Windows. No entirely necessary;
    however, it does help to erase all existing data on the drive.

    Ciao

    --
    Carmel |::::=======
    |::::=======
    |===========
    |===========
    |
     
  9. Daave

    Daave Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    ship wrote:
    > Hi
    >
    >
    > My T60 (WindowsXP Pro) has been infected with several viruses.
    >
    > Is it safe to re-install from the WindowsXP partition?


    I have *never* seen or read about an instance where malware actually
    alters the hidden recovery partition. I would say the answer is yes, it
    is safe.

    > Or should I kill absolutely everything on the disk (eg. by running
    > KillDisk off a CD)?


    No, the recovery partition is something you always want to keep (IMO).
    An exception *might* be made if you have a full-fledged XP installation
    CD and it _must_ match the license you have, too. Even so, if it were
    me, I would still keep that hidden recovery partition intact.

    > And if I do the latter, how on earth to I register it with Microsoft
    > because the laptop did not come with any CDs.
    > (I can borrow a Windows XP Pro CD from work - but I presume that there
    > will be problems with the Product Key and License number etc)


    Registration is optional. I assume you are referring to activation. The
    CD you borrow (and I would recommend making a copy of it for your use)
    *must* match in all respects. So the Windows XP Pro CD *must* be a
    generic OEM version in order for the Product Key on your Certificate of
    Authenticity (COA) sticker for activation to work. Then again, if you
    simply use the hidden recovery partition, the process is much simpler
    and faster. :)

    > Any thoughts?


    Make sure you copy all your data. Be sure to include e-mails, your
    address book, Internet Explorer favorites, etc. Then follow the
    instructions Lenovo provided for the recovery. You'll be fine. (Then, of
    course, reinstall your programs and copy the data back.)

    That being said, depending on the malware, there might be a better
    solution: remove the malware. :) If the amount of damage is minimal,
    that's what I would try first. Feel free to post back with specifics,
    and many here will be happy to guide you.
     
  10. MEB

    MEB Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?

    On 01/20/2010 05:49 AM, ship wrote:
    > On Jan 20, 6:58 am, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
    >> HOW TO do a clean install of WinXP: Seehttp://michaelstevenstech.com/cleanxpinstall.html#stepsand/or Method 1 inhttp://support.microsoft.com/kb/978307
    >>
    >> After the clean install, you'll have the equivalent of a "new computer" so
    >> take care of everything on the following page before otherwise connecting
    >> the machine to the internet or a network and before using a flash drive or
    >> SDCard that isn't brand-new or hasn't been freshly formatted:
    >>
    >> 4 steps to help protect your new computer before you go online
    >> http://www.microsoft.com/security/pypc.aspx
    >>
    >> Other helpful references include:
    >>
    >> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
    >> (after a clean install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5...
    >>
    >> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
    >> clean install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg...
    >>
    >> Tip: After getting the computer fully-patched, download/install KB971029
    >> manually:http://support.microsoft.com/kb/971029
    >>
    >> NB: Any Norton or McAfee free-trial that came preinstalled on the computer
    >> when you bought it will be reinstalled (but invalid) when Windows is
    >> reinstalled. You MUST uninstall the free-trial and download/run the
    >> appropriate removal tool before installing any updates, Windows Service
    >> Packs or IE upgrades and before installing your new anti-virus application
    >> (which will require WinXP SP3 to be installed).
    >>
    >> Norton Removal Tool
    >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_...
    >>
    >> McAfee Consumer Products Removal Tool
    >> http://download.mcafee.com/products/licensed/cust_support_patches/MCP...
    >>
    >> Also see:
    >>
    >> Steps To Help Prevent Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx
    >>
    >> Steps to Help Prevent Computer Wormshttp://www.microsoft.com/security/worms/prevent.aspx
    >>
    >> Avoid Rogue Security Software!http://www.microsoft.com/security/antivirus/rogue.aspx
    >> --
    >> ~Robear Dyer (PA Bear)
    >> MS MVP-IE, Mail, Security, Windows Client - since 2002www.banthecheck.com
    >>
    >>
    >>
    >> ship wrote:
    >>> Hi

    >>
    >>> My T60 (WindowsXP Pro) has been infected with several viruses.

    >>
    >>> Is it safe to re-install from the WindowsXP partition?

    >>
    >>> Or should I kill absolutely everything on the disk (eg. by running
    >>> KillDisk off a CD)?

    >>
    >>> And if I do the latter, how on earth to I register it with Microsoft
    >>> because the laptop did not come with any CDs.
    >>> (I can borrow a Windows XP Pro CD from work - but I presume that there
    >>> will be problems with the Product Key and License number etc)

    >>
    >>> Any thoughts?

    >>
    >>> With thanks

    >>
    >>> Ship- Hide quoted text -

    >>
    >> - Show quoted text -

    >
    > All helpful suggestions, but nobody seems to have answered my central
    > questions:
    > A). Do I need to delete the special WindowXP installation partition?
    > i.e. is it theoretically possible for a virus to get into it? And
    >
    > 8). How am I supposed to reinstall WindowsXP correctly without it?
    >
    > With thanks
    >
    >
    > Ship
    > Shiperton Henethe


    Theoretically? Yes, anything is possible as it is just another
    partition on your disk regardless of "hiding" or otherwise. Same holds
    true for the Restore Point saves/partition or even encrypted devices,
    e.g., anything writable.

    Has it been? Ahhhh.....

    As for what you can do now: not much [qualified, see below ORs] except
    use it as you apparently "failed" to do what you were *supposed* to do
    when you obtained the new computer; burn your one legal copy [most
    computers come pre-configured to bug you at least once when first
    started to burn a backup copy], or the ability to backup/image the
    entire disk at some point which can be done at anytime by anyone [e.g.,
    not by the original purchaser].

    OR,

    You might be able to contact the manufacturer and plead your issue
    attempting to obtain an OEM installation disk and/or manufacturer setup
    disk(s) [like the old days of retail purchased systems].

    OR,

    Using a Live/bootable CD/DVD, either Linux or one of the PE style
    troubleshooting, you can attempt to scan and potentially clean the
    installation partition from there.

    --
    MEB
    http://peoplescounsel.org/ref/windows-main.htm
    Windows Info, Diagnostics, Security, Networking
    http://peoplescounsel.org
    The "real world" of Law, Justice, and Government
    ___---
     
  11. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    ship wrote:
    >> HOW TO do a clean install of WinXP:
    >> Seehttp://michaelstevenstech.com/cleanxpinstall.html#stepsand/or Method 1
    >> inhttp://support.microsoft.com/kb/978307
    >>
    >> After the clean install, you'll have the equivalent of a "new computer"
    >> so
    >> take care of everything on the following page before otherwise connecting
    >> the machine to the internet or a network and before using a flash drive
    >> or
    >> SDCard that isn't brand-new or hasn't been freshly formatted:
    >>
    >> 4 steps to help protect your new computer before you go online
    >> http://www.microsoft.com/security/pypc.aspx
    >>
    >> Other helpful references include:
    >>
    >> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
    >> (after a clean
    >> install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5...
    >>
    >> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
    >> clean
    >> install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg...
    >>
    >> Tip: After getting the computer fully-patched, download/install KB971029
    >> manually:http://support.microsoft.com/kb/971029
    >>
    >> NB: Any Norton or McAfee free-trial that came preinstalled on the
    >> computer
    >> when you bought it will be reinstalled (but invalid) when Windows is
    >> reinstalled. You MUST uninstall the free-trial and download/run the
    >> appropriate removal tool before installing any updates, Windows Service
    >> Packs or IE upgrades and before installing your new anti-virus
    >> application
    >> (which will require WinXP SP3 to be installed).
    >>
    >> Norton Removal Tool
    >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_...
    >>
    >> McAfee Consumer Products Removal Tool
    >> http://download.mcafee.com/products/licensed/cust_support_patches/MCP...
    >>
    >> Also see:
    >>
    >> Steps To Help Prevent
    >> Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx
    >>
    >> Steps to Help Prevent Computer
    >> Wormshttp://www.microsoft.com/security/worms/prevent.aspx
    >>
    >> Avoid Rogue Security
    >> Software!http://www.microsoft.com/security/antivirus/rogue.aspx --
    >> ~Robear Dyer (PA Bear)
    >> MS MVP-IE, Mail, Security, Windows Client - since 2002www.banthecheck.com
    >>
    >>
    >>
    >> ship wrote:
    >>> Hi

    >>
    >>> My T60 (WindowsXP Pro) has been infected with several viruses.

    >>
    >>> Is it safe to re-install from the WindowsXP partition?

    >>
    >>> Or should I kill absolutely everything on the disk (eg. by running
    >>> KillDisk off a CD)?

    >>
    >>> And if I do the latter, how on earth to I register it with Microsoft
    >>> because the laptop did not come with any CDs.
    >>> (I can borrow a Windows XP Pro CD from work - but I presume that there
    >>> will be problems with the Product Key and License number etc)

    >>

    >
    > All helpful suggestions, but nobody seems to have answered my central
    > questions:
    > A). Do I need to delete the special WindowXP installation partition?
    > i.e. is it theoretically possible for a virus to get into it?


    Assuming you're referring to the hidden Recovery partition: No & it's a
    very, very remote possibility
     
  12. ship

    ship Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? CanI safely still use the special Windows installation partition?

    Well I spoke to Lenovo and they want to sting me for GBP 40.00 for an
    installation disk.
    I refuse point blank to do this partly as a matter of principle and
    partly because it will
    proably take a while for the CD to arrive by post.

    I have dug out the number from Control Panel > System > General Tab
    which looks like this

    99999-OEM-9999999-99999

    (except with actual numbers instead of "9"s)

    I also spoke to Microsoft who were extremely insistant that using a
    different CD would
    definitely fail to work (I suspect that they are probably fibbing).

    Apparently I will to give them an "Installation ID" (9 groups of 6
    digits), and they will then need to give me
    a "Confirmation ID"

    I've not followed any of the links above yet - will they be able to
    generate a "Product Key" or
    "Confirmation ID" ?

    I am slightly hazy about what all these "IDs" and "Keys" are and where
    and when they are
    required by WindowsXP. The spare CD I have comes from my old PC. It
    is definitely a
    genuine Windows XP Professional CD, and I have the product key for
    *it* (but I presume
    that it wont work...) Wait a minute - *yes* on the back of the Lenovo
    Laptop is indeed
    a "product key", and with 5 groups of 5 characters. Looks promising :)

    Is there anything else that I need to do ?

    i.e. do I still need the likes of
    http://magicaljellybean.com/keyfinder/
    or do I now have the information that I need?

    * * *

    But as some of you imply, MAYBE there is not need to format the
    Windows installation parition.
    But just how hard can it be for a virus to write to a hidden
    partition? NOT hard I would imagine.
    If I was writing a virus that is exactly the sort of thing I would get
    it to do to ensure that it
    survived a re-formatting of the C: drive... but what do I know?

    Ship (OP)
     
  13. David H. Lipman

    David H. Lipman Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    From: "ship" <shiphen@gmail.com>

    < snip >

    | But as some of you imply, MAYBE there is not need to format the
    | Windows installation parition.
    | But just how hard can it be for a virus to write to a hidden
    | partition? NOT hard I would imagine.
    | If I was writing a virus that is exactly the sort of thing I would get
    | it to do to ensure that it
    | survived a re-formatting of the C: drive... but what do I know?

    | Ship (OP)

    There 'ya go again saying "virus" and you still haven't provided that information.

    So I now repeat...
    What "viruses" (assuming they were viruses and not plain old trojans) were they ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
  14. ship

    ship Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? CanI safely still use the special Windows installation partition?

    On Jan 20, 8:50 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
    wrote:
    > From: "ship" <ship...@gmail.com>
    >
    > < snip >
    >
    > | But as some of you imply, MAYBE there is not need to format the
    > | Windows installation parition.
    > | But just how hard can it be for a virus to write to a hidden
    > | partition? NOT hard I would imagine.
    > | If I was writing a virus that is exactly the sort of thing I would get
    > | it to do to ensure that it
    > | survived a re-formatting of the C: drive... but what do I know?
    >
    > | Ship (OP)
    >
    > There 'ya go again saying "virus" and you still haven't provided that information.
    >
    > So I now repeat...
    > What "viruses" (assuming they were viruses and not plain old trojans) were they ?
    >
    > --
    > Davehttp://www.claymania.com/removal-trojan-adware.html
    > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp


    Well here is a selection of what was reported - but the came so thick
    and fast I didnt
    take note of them all:



    AVAST:
    Win32:Tibs-AFH [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked
    German Chancellor Angela Merkel.msg
    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\The Kiss.msg
    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\The Kiss.msg
    Win32:Tibs-AGA [Wrm] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Forever in Love.msg
    Win32:Tibs-AIE [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\I Would Give you Anything.msg
    Win32:Tibs-AFH [Trj]

    MSE:
    Nuwar.N@mm!CME-711 C:/DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_
    \unp28372.tmp

    Trojan: Win32/Vxidl.gen!B File:C:/DOCUME~1\ALECST~1\LOCALS~1\Temp
    \_avast4_\unp69768409.tmp
    Trojan: Win32/Vxidl.gen!dam File:C:/DOCUME~1\ALECST~1\LOCALS~1\Temp
    \_avast4_\unp142407802.tmp

    Win32:Small-JBK [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Sadam Hussein safe and sound!.msg
    Win32:Tibs-AFA [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Happy World Religion Day!.msg
    Win32:Tibs-AFP [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\I Love Thee.msg

    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\The Kiss.msg
    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Unmatchable Beauty.msg
    Win32:Tibs-AGA [Wrm] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Forever in Love.msg

    MSE:
    Backdoor:Win32/Ryknos.BC (Alert level: *Severe")

    AVAST:
    Win32:Small-JBK [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Sadam Hussein safe and sound!.msg
    Win32:Tibs-AFA [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Happy World Religion Day!.msg
    Win32:Tibs-AFP [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\I Love Thee.msg

    MSE:
    Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:/Documents and
    Settings\XXXX\Local Settings\Temp\ARC70F.tmp
    Worm:Win32/Mtob.NP@mm (Alert level: *Severe") file:C:/Documents and
    Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This
    program is dangerous and self-propagates over a network connection.
    Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C:
    \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp
    Worm:Win32/Mtob.NP@mm file:C:/Documents and Settings\XXXX\Local
    Settings\Temp\ARC285D.tmp

    Does that help?


    Ship
     
  15. FromTheRafters

    FromTheRafters Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    "ship" <shiphen@gmail.com> wrote in message
    news:3ee6f41b-a549-4bcf-a8c9-559c2cf79d34@a32g2000yqm.googlegroups.com...

    Sheesh!

    After wiping and reinstalling from known clean media, I would even give
    the *room* it is in a good scrubbing with bleach. :eek:)

    Use the EISA partition to restore to factory specifications, then get
    all the updates installed. Scan any backup data and programs for malware
    before returning them to the freshly rejuvenated system.
     
  16. David H. Lipman

    David H. Lipman Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    From: "ship" <shiphen@gmail.com>

    | Well here is a selection of what was reported - but the came so thick
    | and fast I didnt take note of them all:



    | AVAST:
    Win32::Tibs-AFH [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked
    | German Chancellor Angela Merkel.msg
    Win32::Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\The Kiss.msg
    Win32::Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\The Kiss.msg
    Win32::Tibs-AGA [Wrm] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Forever in Love.msg
    Win32::Tibs-AIE [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\I Would Give you Anything.msg
    Win32::Tibs-AFH [Trj]


    | Nuwar.N@mm!CME-711 C:/DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_
    | \unp28372.tmp

    | Trojan: Win32/Vxidl.gen!B File:C:/DOCUME~1\ALECST~1\LOCALS~1\Temp
    | \_avast4_\unp69768409.tmp
    | Trojan: Win32/Vxidl.gen!dam File:C:/DOCUME~1\ALECST~1\LOCALS~1\Temp
    | \_avast4_\unp142407802.tmp

    Win32::Small-JBK [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Sadam Hussein safe and sound!.msg
    Win32::Tibs-AFA [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Happy World Religion Day!.msg
    Win32::Tibs-AFP [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\I Love Thee.msg

    Win32::Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\The Kiss.msg
    Win32::Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Unmatchable Beauty.msg
    Win32::Tibs-AGA [Wrm] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Forever in Love.msg


    | Backdoor:Win32/Ryknos.BC (Alert level: *Severe")

    | AVAST:
    Win32::Small-JBK [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Sadam Hussein safe and sound!.msg
    Win32::Tibs-AFA [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\Happy World Religion Day!.msg
    Win32::Tibs-AFP [Trj] C:/documents and settings\XXXX\local settings
    | \temp\X1Server\I Love Thee.msg


    | Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:/Documents and
    | Settings\XXXX\Local Settings\Temp\ARC70F.tmp
    | Worm:Win32/Mtob.NP@mm (Alert level: *Severe") file:C:/Documents and
    | Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This
    | program is dangerous and self-propagates over a network connection.
    | Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C:
    | \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp
    | Worm:Win32/Mtob.NP@mm file:C:/Documents and Settings\XXXX\Local
    | Settings\Temp\ARC285D.tmp

    | Does that help?


    | Ship


    No file infecting viruses nor MBR/Disk Sector Infectors were noted. A simple reformat of
    the HD and re-install of the OS is all that's needed IFF that's how you want to proceed.

    Interestingly, NONE in the log excerpts your provided were shown to have malware actually
    in the OS. All were in the TEMP folder.

    Also interesting was "Trojan: Win32/Vxidl.gen" and "Nuwar mass mailer" found in...
    %TEMP%\_avast4_\*.tmp files.

    Where did you get your copy of Avast ?

    What are teh .MSG file as in "Sadam Hussein safe and sound!.msg" ?
    Are they email related ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
  17. The Real Truth MVP

    The Real Truth MVP Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    The location of all of those is in a temp directory, you don't need to
    format. I did not catch the whole thread but who said to format? probably
    PaBear. From what you posted it looks like both Avast and MSE are doing
    their jobs. Those locations you gave in the logs are the first point where
    the infectors enter your computer from the internet. Use ccleaner to clean
    your temp files http://www.ccleaner.com/ then do a complete scan with both
    Avast and MSE update both before you scan.


    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




    "ship" <shiphen@gmail.com> wrote in message
    news:3ee6f41b-a549-4bcf-a8c9-559c2cf79d34@a32g2000yqm.googlegroups.com...
    On Jan 20, 8:50 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
    wrote:
    > From: "ship" <ship...@gmail.com>
    >
    > < snip >
    >
    > | But as some of you imply, MAYBE there is not need to format the
    > | Windows installation parition.
    > | But just how hard can it be for a virus to write to a hidden
    > | partition? NOT hard I would imagine.
    > | If I was writing a virus that is exactly the sort of thing I would get
    > | it to do to ensure that it
    > | survived a re-formatting of the C: drive... but what do I know?
    >
    > | Ship (OP)
    >
    > There 'ya go again saying "virus" and you still haven't provided that
    > information.
    >
    > So I now repeat...
    > What "viruses" (assuming they were viruses and not plain old trojans) were
    > they ?
    >
    > --
    > Davehttp://www.claymania.com/removal-trojan-adware.html
    > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp


    Well here is a selection of what was reported - but the came so thick
    and fast I didnt
    take note of them all:



    AVAST:
    Win32:Tibs-AFH [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked
    German Chancellor Angela Merkel.msg
    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\The Kiss.msg
    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\The Kiss.msg
    Win32:Tibs-AGA [Wrm] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Forever in Love.msg
    Win32:Tibs-AIE [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\I Would Give you Anything.msg
    Win32:Tibs-AFH [Trj]

    MSE:
    Nuwar.N@mm!CME-711 C:/DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_
    \unp28372.tmp

    Trojan: Win32/Vxidl.gen!B File:C:/DOCUME~1\ALECST~1\LOCALS~1\Temp
    \_avast4_\unp69768409.tmp
    Trojan: Win32/Vxidl.gen!dam File:C:/DOCUME~1\ALECST~1\LOCALS~1\Temp
    \_avast4_\unp142407802.tmp

    Win32:Small-JBK [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Sadam Hussein safe and sound!.msg
    Win32:Tibs-AFA [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Happy World Religion Day!.msg
    Win32:Tibs-AFP [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\I Love Thee.msg

    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\The Kiss.msg
    Win32:Tibs-AFX [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Unmatchable Beauty.msg
    Win32:Tibs-AGA [Wrm] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Forever in Love.msg

    MSE:
    Backdoor:Win32/Ryknos.BC (Alert level: *Severe")

    AVAST:
    Win32:Small-JBK [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Sadam Hussein safe and sound!.msg
    Win32:Tibs-AFA [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\Happy World Religion Day!.msg
    Win32:Tibs-AFP [Trj] C:/documents and settings\XXXX\local settings
    \temp\X1Server\I Love Thee.msg

    MSE:
    Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:/Documents and
    Settings\XXXX\Local Settings\Temp\ARC70F.tmp
    Worm:Win32/Mtob.NP@mm (Alert level: *Severe") file:C:/Documents and
    Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This
    program is dangerous and self-propagates over a network connection.
    Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C:
    \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp
    Worm:Win32/Mtob.NP@mm file:C:/Documents and Settings\XXXX\Local
    Settings\Temp\ARC285D.tmp

    Does that help?


    Ship
     
  18. Elmo

    Elmo Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?

    ship wrote:
    > Well I spoke to Lenovo and they want to sting me for GBP 40.00 for an
    > installation disk.
    > I refuse point blank to do this partly as a matter of principle and
    > partly because it will
    > proably take a while for the CD to arrive by post.
    >
    > I have dug out the number from Control Panel > System > General Tab
    > which looks like this
    >
    > 99999-OEM-9999999-99999
    >
    > (except with actual numbers instead of "9"s)
    >
    > I also spoke to Microsoft who were extremely insistent that using a
    > different CD would
    > definitely fail to work (I suspect that they are probably fibbing).
    >
    > Apparently I will to give them an "Installation ID" (9 groups of 6
    > digits), and they will then need to give me
    > a "Confirmation ID"
    >
    > I've not followed any of the links above yet - will they be able to
    > generate a "Product Key" or
    > "Confirmation ID" ?
    >
    > I am slightly hazy about what all these "IDs" and "Keys" are and where
    > and when they are
    > required by Windows XP. The spare CD I have comes from my old PC. It
    > is definitely a
    > genuine Windows XP Professional CD, and I have the product key for
    > *it* (but I presume
    > that it wont work...) Wait a minute - *yes* on the back of the Lenovo
    > Laptop is indeed
    > a "product key", and with 5 groups of 5 characters. Looks promising :)
    >
    > Is there anything else that I need to do ?
    >
    > i.e. do I still need the likes of
    > http://magicaljellybean.com/keyfinder/
    > or do I now have the information that I need?
    >
    > * * *
    >
    > But as some of you imply, MAYBE there is not need to format the
    > Windows installation partition.
    > But just how hard can it be for a virus to write to a hidden
    > partition? NOT hard I would imagine.
    > If I was writing a virus that is exactly the sort of thing I would get
    > it to do to ensure that it
    > survived a re-formatting of the C: drive... but what do I know?
    >
    > Ship (OP)


    Look at it like this.. if malware is written to the installation
    partition, what would it matter unless there were a rootkit, or Windows
    malware to address it. It could only be activated if you installed from
    that partition. Then if you were to find malware on the new
    installation, you could suspect something on the installation partition.

    So just deal with your current infections.. heck, the CD's I suggested
    probably check that partition anyway.

    --
    Joe =o)
     
  19. Daave

    Daave Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    Elmo wrote:
    > ship wrote:
    >> Well I spoke to Lenovo and they want to sting me for GBP 40.00 for an
    >> installation disk.
    >> I refuse point blank to do this partly as a matter of principle and
    >> partly because it will
    >> proably take a while for the CD to arrive by post.
    >>
    >> I have dug out the number from Control Panel > System > General Tab
    >> which looks like this
    >>
    >> 99999-OEM-9999999-99999
    >>
    >> (except with actual numbers instead of "9"s)
    >>
    >> I also spoke to Microsoft who were extremely insistent that using a
    >> different CD would
    >> definitely fail to work (I suspect that they are probably fibbing).
    >>
    >> Apparently I will to give them an "Installation ID" (9 groups of 6
    >> digits), and they will then need to give me
    >> a "Confirmation ID"
    >>
    >> I've not followed any of the links above yet - will they be able to
    >> generate a "Product Key" or
    >> "Confirmation ID" ?
    >>
    >> I am slightly hazy about what all these "IDs" and "Keys" are and
    >> where and when they are
    >> required by Windows XP. The spare CD I have comes from my old PC. It
    >> is definitely a
    >> genuine Windows XP Professional CD, and I have the product key for
    >> *it* (but I presume
    >> that it wont work...) Wait a minute - *yes* on the back of the Lenovo
    >> Laptop is indeed
    >> a "product key", and with 5 groups of 5 characters. Looks promising
    >> :)
    >>
    >> Is there anything else that I need to do ?
    >>
    >> i.e. do I still need the likes of
    >> http://magicaljellybean.com/keyfinder/
    >> or do I now have the information that I need?
    >>
    >> * * *
    >>
    >> But as some of you imply, MAYBE there is not need to format the
    >> Windows installation partition.
    >> But just how hard can it be for a virus to write to a hidden
    >> partition? NOT hard I would imagine.
    >> If I was writing a virus that is exactly the sort of thing I would
    >> get it to do to ensure that it
    >> survived a re-formatting of the C: drive... but what do I know?
    >>
    >> Ship (OP)

    >
    > Look at it like this.. if malware is written to the installation
    > partition, what would it matter unless there were a rootkit, or
    > Windows malware to address it. It could only be activated if you
    > installed from that partition.


    I'm pretty sure that that was Ship's point. A few people, including
    yours truly, suggested he simply use the hidden restore partition. I
    highly doubt that the malware writers targeted *his* particular PC
    model. I am sure the partition is just fine! Also, he made another post
    and I'm pretty sure there was no evidence his OS even had an infection;
    that is, his AV program found suspect files in the the temp directory
    and unopened e-mail attachments. I'm not convinced he has a problem at
    all. :)
     
  20. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    Re: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?

    What's the "real truth" about pcbutts1? Read on...

    .. Is he an MS MVP? No!
    cf. http://mvp.support.microsoft.com/communities/mvp.aspx

    .. If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
    link to begin with?

    .. Is he a proven thief? Yes!
    cf.
    http://groups.google.com/group/microsoft.public.security.virus/browse_frm/thread/58e6c02dbc6279ad
    cf.
    http://msmvps.com/blogs/hostsnews/a..._.-the-saga-continues-_2E00__2E00__2E00_.aspx
    cf.
    http://groups.google.com/group/microsoft.public.security.homeusers/msg/213247814fb4d61e
    cf.
    http://groups.google.com/group/microsoft.public.security.homeusers/msg/e19fce884897662f

    .. What do real experts have to say about him? It ain't pretty.

    http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)

    http://www.digg.com/security/PCButts1_Under_Attack

    http://www.siteadvisor.com/sites/pcbutts1.com

    http://bughunter.it-mate.co.uk/PCBUTTS.TXT

    http://www.mywot.com/en/scorecard/pcbutts1.com

    http://www.mywot.com/en/scorecard/www.ms-mvp.org

    .. Does he have all his marbles?
    cf. http://en.wikinews.org/wiki/NASA_van_rolls_off_California_mountain

    Ignore this MVP imposter! No one in their right mind (and Paddy isn't)
    would tell you it's OK to have 2 anti-virus apps installed & loading at
    boot.
    --
    ~Robear Dyer
    MS MVP-IE, Mail, Security, Windows Client
    https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer


    The Real Truth MVP wrote:
    > The location of all of those is in a temp directory, you don't need to
    > format...
     

Share This Page